freebsd-ports

mirror of https://git.FreeBSD.org/ports.git synced 2024-12-04 01:48:54 +00:00

Author	SHA1	Message	Date
Xin LI	912b45fba6	Add bid reference for libpng entry. Feature safe: yes	2010-06-28 17:38:12 +00:00
Dirk Meyer	bd168236f8	- graphics/png CVE-2010-1205 Feature safe: yes	2010-06-28 16:18:53 +00:00
Wen Heping	f4366fb235	- Document moodle -- multiple vulnerabilities Reviewed by: delphij@, miwi@ Feature safe: yes	2010-06-28 00:46:12 +00:00
Rene Ladan	e2bf83504e	Document mDNSResponder -- corrupted stack crash when parsing bad resolv.conf This only happens on a system where one has a system where resolv.conf is writable by an untrusted user or where mdnsd is setuid and can be tricked into opening an alternate resolv.conf. PR: ports/147007 Submitted by: jmallett@ Approved by: tabthorpe (mentor) Feature safe: yes	2010-06-27 21:14:28 +00:00
Shaun Amott	593c7aec32	Document opera -- Data URIs can be used to allow cross-site scripting. Assume opera-devel is vulnerable too, although snapshots aren't mentioned in the advisory, and it's months out of date. Feature safe: yes	2010-06-25 23:29:50 +00:00
Niels Heinen	705fca7d3f	- Cancelled movemail symlink vulnerability (doesnt affect our ports) - Added entry for multiple vulnerabilities in cacti 0.8.7f - Updated ziproxy entry to satisfy "make tidy" Approved by: itetcu (mentor, implicit) Feature safe: yes	2010-06-24 12:54:49 +00:00
Beat Gaetzi	f9438802fc	- Document mozilla -- multiple vulnerabilities Feature safe: yes Approved by: delphij	2010-06-23 18:01:08 +00:00
Xin LI	bff5a4ba14	vuln 4e8344a3-ca52-11de-8ee8-00215c6a37bb has been fixed with php4-gd-4.4.9_4. Requested by: Michael Gmelin <mg bindone de>	2010-06-18 00:38:36 +00:00
Erwin Lansing	e6098ab3c7	Fix typo in previous revision.	2010-06-16 12:42:09 +00:00
Martin Wilke	b7fcee9a30	- Cleanup, Formating	2010-06-16 12:13:30 +00:00
Dirk Meyer	0ea727fe00	add CVE-2009-2347 tiff	2010-06-16 09:31:34 +00:00
Juergen Lock	ba022b3d36	Document linux-flashplugin -- multiple vulnerabilities. Reviewed by: tmclaugh	2010-06-15 19:46:46 +00:00
Martin Wilke	6c25f55278	- Cleanup / Whitespace fixes	2010-06-14 03:04:21 +00:00
Erwin Lansing	b9f7cb14cd	Remove empty package in previous revision.	2010-06-12 17:22:38 +00:00
Dirk Meyer	f86c7a6e01	- report FAX3 decoder buffer overrun	2010-06-12 16:44:33 +00:00
Wesley Shields	d806ac2381	Document sudo secure path vulnerability. We are not vulnerable to this by default but a user could build sudo with SUDO_SECURE_PATH defined or turn it on in sudoers.	2010-06-03 00:10:56 +00:00
Pav Lucistnik	083caba9b4	- Update to 3.0.1 PR: ports/147195 Submitted by: Pavel Pankov <pankov_p@mail.ru> (maintainer)	2010-06-02 11:24:45 +00:00
Wen Heping	91baf4a377	- Document two mediawiki security vulnerabilities Approved by: delphij@(ports-security override)	2010-06-02 06:20:29 +00:00
Bernhard Froehlich	ad145262b2	- Document multiple redmine vulnerabilities Approved by: miwi (secteam), beat (co-mentor) Security: http://www.redmine.org/news/39	2010-05-14 18:28:43 +00:00
Niels Heinen	4157801da8	Updated tomcat entry (CVE-2010-1157) with fixed version information. This makes sure that the correct older versions are marked vulnerable Approved by: itetcu (mentor, implicit) Security: http://www.vuxml.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html	2010-05-13 09:12:02 +00:00
Niels Heinen	1a3471cffa	- Added 109 missing CVE names to 60 VuXML entries - Fixed Tomcat55 entry to mark current PORTREVISION vulnerable PR: ports/146418 Approved by: itetcu (mentor, implicit) Security: http://people.freebsd.org/~niels/vuxml/	2010-05-12 09:46:12 +00:00
Niels Heinen	49a549c833	Added wireshark (DoS) and piwik (XSS) issues Approved by: itetcu (mentor, implicit) Security: http://www.wireshark.org/security/wnpa-sec-2010-03.html Security: http://www.wireshark.org/security/wnpa-sec-2010-04.html Security: http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/	2010-05-07 19:53:26 +00:00
Niels Heinen	7aac44df75	Added spamass-milter remote command execution vulnerability Approved by: itetcu (mentor, implicit) Security: CVE-2010-1132 Security: http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html	2010-05-06 19:44:56 +00:00
Niels Heinen	d21e18711c	- Added mediawiki and lxr vulnerabilities - Fixed vlc topic format (lower case, portname first) PR: ports/146337 Approved by: itetcu (mentor, implicit) Security: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html Security: http://sourceforge.net/mailarchive/message.php?msg_name=E1NS2s4-0001PE-F2%403bkjzd1.ch3.sourceforge.com	2010-05-05 19:12:36 +00:00
Niels Heinen	b862db7acd	Added 38 missing CVE names to 24 VuXML entries (256 CVE names to go) Approved by: itetcu (mentor, implicit) Security: http://people.freebsd.org/~niels/vuxml/	2010-05-04 20:46:06 +00:00
Niels Heinen	18810baef9	Added 34 missing CVE names to 24 VuXML entries (294 CVE names to go) Approved by: miwi (secteam) Security: http://people.freebsd.org/~niels/vuxml/	2010-05-02 15:32:40 +00:00
Sylvio Cesar Teixeira	2090b054ec	- VideoLAN has released 1.0.6 to address serveral vulnerabilities they discoverd while working towards the 1.1.0 release. These vulnerabilities could potentially allow for a specially crafted file to execute code. PR: ports/146099 Submitted by: Joseph S. Atkinson <jsa@wickedmachine.net> (maintainer)	2010-05-02 00:52:40 +00:00
Dirk Meyer	264a5a1382	- fix version for apache+mod_ssl	2010-04-30 04:25:33 +00:00
Dirk Meyer	e1c76fac63	- fix info for apache+mod_ssl	2010-04-30 04:24:30 +00:00
Max Brazhnikov	656a0e705f	Mark kdebase3 as safe now.	2010-04-28 21:09:45 +00:00
Niels Heinen	e64951607a	- Documented multiple Joomla! vulnerabilities - Added new reference to the recent cacti issue Approved by: remko (secteam) Security: http://developer.joomla.org/security/	2010-04-27 05:46:00 +00:00
Niels Heinen	036c017b0a	Documented vulnerabilities in moodle, tomcat55, tomcat66 and cacti PR: ports/146021 PR: ports/146022 Approved by: remko (secteam) Security: http://seclists.org/bugtraq/2010/Apr/200 Security: http://docs.moodle.org/en/Moodle_1.9.8_release_notes Security: http://www.bonsai-sec.com/en/research/vulnerability.php	2010-04-24 21:14:57 +00:00
Niels Heinen	51db653fe0	Documented emacs movemail vulnerability and marked the seperate mail/movemail port vulnerable to an old format string vulnerability. Approved by: remko (secteam) Security: http://www.ubuntu.com/usn/USN-919-1	2010-04-23 18:16:18 +00:00
Niels Heinen	5dcd72f257	Added krb5 double free vulnerability Approved by: remko (secteam) Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt Security: CVE-2010-1320	2010-04-21 20:19:11 +00:00
Niels Heinen	3d4109bb47	Documented the following vulnerabilities: - png: libpng decompression denial of service - e107: code execution and XSS vulnerabilities - pidgin: multiple remote denial of service vulnerabilities - fetchmail: denial of service vulnerability PR: ports/145885 PR: ports/145857 Approved by: remko (secteam) Security: CVE-2010-0996 Security: CVE-2010-0997 Security: CVE-2010-1167 Security: CVE-2010-0277 Security: CVE-2010-0420 Security: CVE-2010-0423 Security: CVE-2010-0205	2010-04-20 21:03:51 +00:00
Niels Heinen	a6899bdd1c	Documented the following vulnerabilities: - curl: libcurl buffer overflow vulnerability - irssi: multiple vulnerabilities - ejabberd: queue overload denial of service vulnerability Approved by: remko (secteam) Security: http://curl.haxx.se/docs/adv_20100209.html Security: http://support.process-one.net/browse/EJAB-1173 Security: http://xforce.iss.net/xforce/xfdb/57790 Security: http://xforce.iss.net/xforce/xfdb/57791	2010-04-19 19:06:22 +00:00
Niels Heinen	f5a502da05	- Added three krb5 vulnerabilities - Fixed indent on mahara entry - Fixed title of KDM entry Approved by: remko (secteam) Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt	2010-04-19 07:13:42 +00:00
Niels Heinen	829d453ca4	Document mahara sql injection vulnerability Approved by: remko (secteam) Security: http://www.debian.org/security/2010/dsa-2030	2010-04-18 19:00:29 +00:00
Wesley Shields	bdc10870cc	Correct CVE entry. The advisory from Todd[0] says CVE 2010-0426, which is the entry assigned to the original sudoedit vulnerability[1]. The new one (CVE-2010-1163) was just assigned. I believe the one assigned by CVE folks is the proper one to use. [0]: http://sudo.ws/sudo/alerts/sudoedit_escalate2.html [1]: 018a84d0-2548-11df-b4a3-00e0815b8da8	2010-04-16 02:25:07 +00:00
Wesley Shields	a0381d77dc	- Document sudo privilege escalation bug. This is similar to 018a84d0-2548-11df-b4a3-00e0815b8da8.	2010-04-15 20:53:03 +00:00
Alberto Villa	5b805f79e0	- Do not match x11/kdebase4 in latest KDM vulnerability. Approved by: tabthorpe (mentor)	2010-04-14 21:46:52 +00:00
Alberto Villa	0e435ac5f8	- Document KDM local privilege escalation vulnerability. Approved by: tabthorpe (mentor), delphij (secteam)	2010-04-14 19:04:39 +00:00
Greg Larkin	77b0ea314a	- Document dojo - cross-site scripting and other vulnerabilities - Document ZendFramework - security issues in bundled Dojo library Approved by: secteam (remko) Security: http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ Security: http://framework.zend.com/security/advisory/ZF2010-07	2010-04-06 17:53:39 +00:00
Beat Gaetzi	f977ca1bcc	- Document firefox -- Re-use of freed object due to scope confusion Submitted by: Florian Smeets <flo AT smeets.im> Approved by: miwi	2010-04-06 07:36:30 +00:00
Beat Gaetzi	59b38507d3	- Document mozilla -- multiple vulnerabilities Approved by: delphij	2010-03-30 22:25:05 +00:00
Xin LI	deaff4938a	Document postgresql bitsubstr overflow vulnerability	2010-03-25 21:45:55 +00:00
Christian Weisgerber	25a2b64738	Document a buffer overflow in gtar's rmt client functionality.	2010-03-24 18:48:01 +00:00
Beat Gaetzi	2d396eb517	- Document firefox -- WOFF heap corruption due to integer overflow Approved by: miwi	2010-03-23 08:36:57 +00:00
Niels Heinen	3622f594f7	Updated the xzgv entry: 0.9 version (now in portstree) is not vulnerable Approved by: itetcu (mentor), miwi (secteam) Security: http://www.vuxml.org/freebsd/a813a219-d2d4-11da-a672-000e0c2e438a.html Security: http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml	2010-03-22 21:30:59 +00:00
Martin Wilke	00cd9cf629	- Fix build	2010-03-19 10:16:03 +00:00

1 2 3 4 5 ...

2189 Commits