Joe Marcus Clarke
3c9b6f623e
Add an entry for the recent Freetype heap overflow vulnerability.
...
Submitted by: Nick Barkas <snb@threerings.net>
2007-05-25 00:37:57 +00:00
Remko Lodder
8003ff9706
Document FreeBSD-SA-07:04.file (heap overflow in file(1))
...
Approved by: portmgr (secteam implicit)
2007-05-23 16:29:27 +00:00
Martin Wilke
4f2588d5fc
- Document squirrelmail -- Cross site scripting in HTML filter
...
Approved by: portmgr (marcus)
2007-05-21 20:08:21 +00:00
Simon L. B. Nielsen
e82affd309
Document png -- DoS crash vulnerability.
2007-05-16 21:10:03 +00:00
Simon L. B. Nielsen
fdeb5fd7a2
Document samba -- multiple vulnerabilities.
...
Brought to you from Heathrow Airport and BSDCan 2007 Devsummit.
2007-05-16 20:22:35 +00:00
Simon L. B. Nielsen
5660505553
Backout last change.
...
Blackboard:
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
x1000
Pointy hat to: simon
2007-05-10 17:34:45 +00:00
Simon L. B. Nielsen
4e0a6f6ea4
Update PHP entry to include the vulnerable version so the entry is
...
correct for when PHP is updated in ports (yes it's being worked on),
or for people who upgrade "manually".
With hat: secteam
Requested by: several
2007-05-10 17:31:49 +00:00
Remko Lodder
947b7a739d
Document a lot of PHP vulnerabilities, mark all php4 and php5 (+cli,cgi)
...
ports as vulnerable till the ports had been upgraded.
2007-05-07 09:12:41 +00:00
Remko Lodder
1ee4a7171c
Bump modification date for the latest mod_perl entry, this was forgotten
...
by erwin, but there were "massive" changes that warrant a date bump.
2007-05-07 08:49:25 +00:00
Remko Lodder
573e3a6f58
Standarize the latest entry (qemu) a bit more and add a forgotten 'a'
...
in the p5-Imager text.
2007-05-02 16:56:22 +00:00
Juergen Lock
1c19bc62dd
Document multiple qemu vulnerabilities
...
Obtained from: debian-security-announce@lists.debian.org mailing list
Security: multiple qemu vulnerabilities
2007-05-01 22:49:39 +00:00
Lars Balker Rasmussen
77e127836a
Update to 0.57 - fixes possible overflow vulnerability regarding malformed
...
BMPs, see vuln.xml for details.
Security: VuXML ID: 632c98be-aad2-4af2-849f-41a6862afd6a
2007-04-30 17:51:53 +00:00
Remko Lodder
507f8c5208
Document FreeBSD -- IPv6 Routing Header 0 is dangerous
2007-04-28 18:34:30 +00:00
Erwin Lansing
1b24a292e8
Rework the mod_perl entry to note that Mandriva originally released
...
an advisory. Also add mod_perl2 to the vulnerable versions.
2007-04-25 19:05:44 +00:00
Erwin Lansing
e9ca1878e6
Minor wordsmithing in the last mod_perl entry.
...
Submitted by: simon
2007-04-25 17:11:17 +00:00
Erwin Lansing
b85159572e
Add entry for mod_perl -- remote DOS in PATH_INFO parsing
...
PR: 111844
Submitted by: "Philip M. Gollucci" <pgollucci@p6m7g8.com>
2007-04-25 17:04:36 +00:00
Anton Berezin
d9fddefe1b
p5-Crypt-OpenPGP 1.03_1 should not be vulnerable to CVE-2005-0366.
2007-04-23 14:12:10 +00:00
Andrew Pantyukhin
b97830622f
- Mark latest firefox and seamonkey snapshots as safe
2007-04-19 11:55:37 +00:00
Martin Wilke
c2497cc8f8
- Add entry for claws-mail - APOP vulnerability
2007-04-19 10:37:24 +00:00
Marcus Alves Grando
f6b5e52b70
lighttpd -- DOS when access files with mtime 0
...
lighttpd -- Remote DOS in CRLF parsing
2007-04-14 15:11:47 +00:00
Stanislav Sedov
fe6c10e9aa
- Add freeradius-mysql to the list of affected packages of the recent
...
freeradius entry.
Submitted by: David Wood <david@wood2.org.uk>
2007-04-13 15:46:38 +00:00
Florent Thoumie
0693e562cc
Mark Google Earth >= 4.0.2414 as safe.
2007-04-13 11:50:41 +00:00
Stanislav Sedov
c87d123fe1
- Document recent remote dos vulnerability in freeradius.
2007-04-13 08:19:58 +00:00
Simon L. B. Nielsen
771da9af81
Add an extra reference to the old "gnupg -- OpenPGP symmetric
...
encryption vulnerability" entry which explains the problem in a more
easy to read way.
Submitted by: tobez (sort of)
2007-04-10 21:10:43 +00:00
Simon Barner
3ff5f20524
Document fetchmail's "insecure APOP authentication" issue (fixed in 6.3.8).
2007-04-09 20:05:50 +00:00
Remko Lodder
61fb9e495f
Stylify the latest zope entry:
...
o Use consistent title description
o Use tabs when 8 spaces are hit
o Sort the references list (the alphabet goes from a to z)
o Bump modification date (note: please check the entry date
so that it matches the correct data of insertion).
Also stylify the latest mcweject entry.
2007-04-08 19:58:35 +00:00
Stefan Walter
88f4ad87a7
Add entry for exploitable buffer overflow in mcweject.
...
PR: 111365
Submitted by: Jeff Forsythe<tornandfilthy2006@yahoo.com>
2007-04-08 19:45:57 +00:00
Stefan Walter
43583a0ccc
Add entry for webcalendar "noSet" variable overwrite vulnerability.
...
PR: 110585
Submitted by: Greg Larkin <glarkin@sourcehosting.net>
2007-04-08 14:36:53 +00:00
Stefan Walter
88caf0dcc5
Add entry for Zope2 cross-site scripting vulnerability.
...
Inspired by: Yasushi Hayashi<yasi@yasi.to> (in PR 111119)
2007-04-08 11:16:40 +00:00
Sergey Matveychuk
949c18dd0c
Remove f951cf4a-a1fe-11db-98f9-0004aca3703d entry. It's duplicate to
...
41da2ba4-a24e-11db-bd24-000f3dcc6a5d.
2007-03-31 16:30:04 +00:00
Andrew Pantyukhin
ecd6369157
- Fix versions and dates in latest squid entry
...
Pointy hat to: miwi
2007-03-22 02:27:18 +00:00
Remko Lodder
3c59371e69
Standarise the latest Squid entry.
2007-03-21 17:07:34 +00:00
Martin Wilke
a7782e32b9
- Add entry for squid TRACE method handling denial of service
2007-03-21 13:04:08 +00:00
Simon L. B. Nielsen
acd61e2658
Fix range for sql-ledger entry which I missed in my original review.
2007-03-16 16:57:50 +00:00
Lars Thegler
0643a8e6a4
Document sql-ledger vulnerability
...
PR: ports/110350
Submitted by: Antoine Beaupre <anarcat@koumbit.org>
2007-03-16 11:48:32 +00:00
Remko Lodder
a87575e4d3
Document cacti -- remote injection exploit
...
PR: ports/107838
Submitted by: Dan Langille <dan at langille dot org>
2007-03-16 07:35:42 +00:00
Remko Lodder
d7ba0f6190
Correct two tdiary entries:
...
o correct the affected version numbers
o package name of www/tdiary-devel is "tdiary-devel", not "tdiary"
o add ja-tdiary and ja-tdiary-devel to affected packages
PR: ports/109086
Submitted by: KOMATSU Shinichiro <koma2 at lovepeers dot org>
2007-03-16 07:31:36 +00:00
Remko Lodder
68712de05d
Document two long forgotten Samba vulnerabilities.
...
PR: ports/109049
Submitted by: KOMATSU Shinichiro <koma2 at lovepeers dot org>
2007-03-16 07:28:17 +00:00
Markus Brueffer
f03a6e0dd5
ktorrent -- multiple vulnerabilities:
...
- Add CVE references
- Bump modification date
2007-03-14 23:00:41 +00:00
Remko Lodder
e4e952fbac
Spell out multiple vulnerabilities instead of specifying the exact
...
amount (we always do that). Also bump the modification date for
this entry and the PHP entry that had been touched
2007-03-12 08:39:18 +00:00
Markus Brueffer
49ad7fe1b0
Fix typo in PHP entry
2007-03-12 01:16:27 +00:00
Markus Brueffer
4fc45e848e
Document ktorrent -- two vulnerabilities
2007-03-12 01:11:44 +00:00
Jun Kuriyama
e35e03e2bf
Add ja-trac-*.
2007-03-10 02:19:12 +00:00
Martin Wilke
74c50829e9
- fix typo
2007-03-09 15:52:31 +00:00
Martin Wilke
31630be19e
- Add entry for mplayer -- DMO File Parsing Buffer Overflow Vulnerability
...
Reviewed by: simon (secteam)
2007-03-09 15:48:35 +00:00
Martin Wilke
a6486cbf1f
- Add entry for Trac "download wiki page as text" Cross-Site Scripting Vulnerability.
...
Reviewed by: simon@
2007-03-09 14:34:21 +00:00
Simon L. B. Nielsen
983a5a317d
Correct affected versions in "mod_jk -- long URL stack overflow
...
vulnerability" entry.
Noticed by: Nick Barkas
2007-03-06 07:18:07 +00:00
Simon L. B. Nielsen
e247fea80e
Document mod_jk -- long URL stack overflow vulnerability.
2007-03-05 23:17:51 +00:00
Simon L. B. Nielsen
9995667e85
For recent "mozilla -- multiple vulnerabilities" entry:
...
- Mark Seamonkey 1.1.1 as safe. While mozilla.org does not clearly
state this, it does seem to be the case. [1]
- Add another critical vulnerability which wasn't on the web site when
the vuxml entry was initially added.
Reported by: Volodymyr Kostyrko [1]
2007-03-01 18:34:05 +00:00
Remko Lodder
04101b10f2
Document bind -- Multiple Denial of Service vulnerabilities
...
Now all Security Advisories are merged again in VuXML.
2007-02-27 20:10:00 +00:00