Xin LI
f64828b3cf
Document evolution-data-server remote arbitrary code execution
...
vulnerability.
Fix at: Evolution SVN changeset 7817 (#447414 )
2007-06-25 10:57:52 +00:00
Erwin Lansing
c8d93d036e
The XMLRPC SQL Injection issue with wordpress was addressed in the
...
latest release.
2007-06-24 11:34:12 +00:00
Gabor Kovesdan
525a1c1cfb
Document xpcd buffer overflow vulnerability.
...
Revieved by: remko
2007-06-21 17:28:37 +00:00
Remko Lodder
02327974a6
Document clamav -- multiple vulnerabilities.
2007-06-19 19:47:51 +00:00
Xin LI
359efa1acf
Document SpamAssassin vulnerability CVE-2007-2873, a local
...
DoS issue.
2007-06-18 07:56:53 +00:00
Martin Wilke
a6b094a5ee
- Document cups -- Incomplete SSL Negotiation Denial of Service.
...
Reviewed by: simon@
2007-06-12 18:27:39 +00:00
Martin Wilke
807e4948e9
- Fix other duplicate entry.
...
Reviewed by: simon
2007-06-09 19:47:04 +00:00
Martin Wilke
c3ae8a8590
- Document c-ares -- DNS Cache Poisoning Vulnerability
...
Reviewed by: simon@
2007-06-09 17:46:22 +00:00
Martin Wilke
d00658d436
- Fix duplicate entry de-wordpress -> zh-wordpress.
2007-06-09 17:44:04 +00:00
Gabor Kovesdan
2e460cd831
Add zh-wordpress as affected by the last two wordpress entries.
2007-06-09 16:13:32 +00:00
Gabor Kovesdan
d929936825
wordpress -- XMLRPC SQL Injection
...
wordpress -- unmoderated comments disclosure
Reviewed by: simon
2007-06-09 15:07:22 +00:00
Martin Wilke
8fd707f9da
- Document webmin -- cross site scripting
...
Reviewed by: simon@
2007-06-09 14:07:47 +00:00
Simon L. B. Nielsen
c40c31c7cb
- The fixed mplayer version number is 0.99.10_10, mark it as such. [1]
...
- Add older mplayer package names.
- Break long lines.
Noticed by: Henrik Brix Andersen <henrik@brixandersen.dk>
2007-06-07 18:34:14 +00:00
Martin Wilke
8ec6f91e6e
- Fix mplayer portversion.
2007-06-07 08:44:24 +00:00
Martin Wilke
849c29c9fe
- Document mplayer -- cddb stack overflow.
...
Reviewed by: simon@
2007-06-07 08:42:02 +00:00
Gabor Kovesdan
10f833a8e0
- Note that plone is also affected by 34414a1e-e377-11db-b8ab-000c76189c4c
...
prior to version 2.5.3
Reviewed by: simon
2007-06-06 09:29:58 +00:00
Gabor Kovesdan
266bf60961
- gzip 1.3.12 has been patched and is not affected by
...
11a84092-8f9f-11db-ab33-000e0c2e438a any more
Reviewed by: simon
2007-06-05 16:17:06 +00:00
Erwin Lansing
d0c078c27a
Document an information disclosure vulnerability in mod_jk < 1.2.23.
...
Reviewed by: simon
2007-06-05 09:38:17 +00:00
Erwin Lansing
1da851aff6
Add an entry for an email header injection vulnerability in
...
www/typo3 from February.
Reviewed by: remko
Persuaded by: cperciva and simon by setting up the
ports-security team
2007-06-04 20:56:26 +00:00
Martin Wilke
781637120c
- Document phppgadmin - Cross Site Scripting Vulnerability.
...
Reviewed by: mnag@
Reported by: dinoex@
2007-06-04 12:42:17 +00:00
Edward Tomasz Napierala
ed2a5982f8
- Add entry for findutils -- GNU locate heap buffer overrun.
...
Revieved by: simon (secteam)
Approved by: miwi (mentor)
2007-06-01 19:36:13 +00:00
Xin LI
ed56a09fc7
Mark file < 4.21 as vulnerable to the heap overflow.
2007-05-31 08:05:11 +00:00
Joe Marcus Clarke
3c9b6f623e
Add an entry for the recent Freetype heap overflow vulnerability.
...
Submitted by: Nick Barkas <snb@threerings.net>
2007-05-25 00:37:57 +00:00
Remko Lodder
8003ff9706
Document FreeBSD-SA-07:04.file (heap overflow in file(1))
...
Approved by: portmgr (secteam implicit)
2007-05-23 16:29:27 +00:00
Martin Wilke
4f2588d5fc
- Document squirrelmail -- Cross site scripting in HTML filter
...
Approved by: portmgr (marcus)
2007-05-21 20:08:21 +00:00
Simon L. B. Nielsen
e82affd309
Document png -- DoS crash vulnerability.
2007-05-16 21:10:03 +00:00
Simon L. B. Nielsen
fdeb5fd7a2
Document samba -- multiple vulnerabilities.
...
Brought to you from Heathrow Airport and BSDCan 2007 Devsummit.
2007-05-16 20:22:35 +00:00
Simon L. B. Nielsen
5660505553
Backout last change.
...
Blackboard:
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
x1000
Pointy hat to: simon
2007-05-10 17:34:45 +00:00
Simon L. B. Nielsen
4e0a6f6ea4
Update PHP entry to include the vulnerable version so the entry is
...
correct for when PHP is updated in ports (yes it's being worked on),
or for people who upgrade "manually".
With hat: secteam
Requested by: several
2007-05-10 17:31:49 +00:00
Remko Lodder
947b7a739d
Document a lot of PHP vulnerabilities, mark all php4 and php5 (+cli,cgi)
...
ports as vulnerable till the ports had been upgraded.
2007-05-07 09:12:41 +00:00
Remko Lodder
1ee4a7171c
Bump modification date for the latest mod_perl entry, this was forgotten
...
by erwin, but there were "massive" changes that warrant a date bump.
2007-05-07 08:49:25 +00:00
Remko Lodder
573e3a6f58
Standarize the latest entry (qemu) a bit more and add a forgotten 'a'
...
in the p5-Imager text.
2007-05-02 16:56:22 +00:00
Juergen Lock
1c19bc62dd
Document multiple qemu vulnerabilities
...
Obtained from: debian-security-announce@lists.debian.org mailing list
Security: multiple qemu vulnerabilities
2007-05-01 22:49:39 +00:00
Lars Balker Rasmussen
77e127836a
Update to 0.57 - fixes possible overflow vulnerability regarding malformed
...
BMPs, see vuln.xml for details.
Security: VuXML ID: 632c98be-aad2-4af2-849f-41a6862afd6a
2007-04-30 17:51:53 +00:00
Remko Lodder
507f8c5208
Document FreeBSD -- IPv6 Routing Header 0 is dangerous
2007-04-28 18:34:30 +00:00
Erwin Lansing
1b24a292e8
Rework the mod_perl entry to note that Mandriva originally released
...
an advisory. Also add mod_perl2 to the vulnerable versions.
2007-04-25 19:05:44 +00:00
Erwin Lansing
e9ca1878e6
Minor wordsmithing in the last mod_perl entry.
...
Submitted by: simon
2007-04-25 17:11:17 +00:00
Erwin Lansing
b85159572e
Add entry for mod_perl -- remote DOS in PATH_INFO parsing
...
PR: 111844
Submitted by: "Philip M. Gollucci" <pgollucci@p6m7g8.com>
2007-04-25 17:04:36 +00:00
Anton Berezin
d9fddefe1b
p5-Crypt-OpenPGP 1.03_1 should not be vulnerable to CVE-2005-0366.
2007-04-23 14:12:10 +00:00
Andrew Pantyukhin
b97830622f
- Mark latest firefox and seamonkey snapshots as safe
2007-04-19 11:55:37 +00:00
Martin Wilke
c2497cc8f8
- Add entry for claws-mail - APOP vulnerability
2007-04-19 10:37:24 +00:00
Marcus Alves Grando
f6b5e52b70
lighttpd -- DOS when access files with mtime 0
...
lighttpd -- Remote DOS in CRLF parsing
2007-04-14 15:11:47 +00:00
Stanislav Sedov
fe6c10e9aa
- Add freeradius-mysql to the list of affected packages of the recent
...
freeradius entry.
Submitted by: David Wood <david@wood2.org.uk>
2007-04-13 15:46:38 +00:00
Florent Thoumie
0693e562cc
Mark Google Earth >= 4.0.2414 as safe.
2007-04-13 11:50:41 +00:00
Stanislav Sedov
c87d123fe1
- Document recent remote dos vulnerability in freeradius.
2007-04-13 08:19:58 +00:00
Simon L. B. Nielsen
771da9af81
Add an extra reference to the old "gnupg -- OpenPGP symmetric
...
encryption vulnerability" entry which explains the problem in a more
easy to read way.
Submitted by: tobez (sort of)
2007-04-10 21:10:43 +00:00
Simon Barner
3ff5f20524
Document fetchmail's "insecure APOP authentication" issue (fixed in 6.3.8).
2007-04-09 20:05:50 +00:00
Remko Lodder
61fb9e495f
Stylify the latest zope entry:
...
o Use consistent title description
o Use tabs when 8 spaces are hit
o Sort the references list (the alphabet goes from a to z)
o Bump modification date (note: please check the entry date
so that it matches the correct data of insertion).
Also stylify the latest mcweject entry.
2007-04-08 19:58:35 +00:00
Stefan Walter
88f4ad87a7
Add entry for exploitable buffer overflow in mcweject.
...
PR: 111365
Submitted by: Jeff Forsythe<tornandfilthy2006@yahoo.com>
2007-04-08 19:45:57 +00:00
Stefan Walter
43583a0ccc
Add entry for webcalendar "noSet" variable overwrite vulnerability.
...
PR: 110585
Submitted by: Greg Larkin <glarkin@sourcehosting.net>
2007-04-08 14:36:53 +00:00