cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
177,604 Commits 38 Branches 77 Tags 2.5 GiB
19a1a1e2e6
Commit Graph

1343 Commits

Author SHA1 Message Date
Joe Marcus Clarke
3c9b6f623e Add an entry for the recent Freetype heap overflow vulnerability. 
Submitted by:	Nick Barkas <snb@threerings.net>
 2007-05-25 00:37:57 +00:00
Remko Lodder
8003ff9706 Document FreeBSD-SA-07:04.file (heap overflow in file(1)) 
Approved by:	portmgr (secteam implicit)
 2007-05-23 16:29:27 +00:00
Martin Wilke
4f2588d5fc - Document squirrelmail -- Cross site scripting in HTML filter 
Approved by:	portmgr (marcus)
 2007-05-21 20:08:21 +00:00
Simon L. B. Nielsen
e82affd309 Document png -- DoS crash vulnerability. 2007-05-16 21:10:03 +00:00
Simon L. B. Nielsen
fdeb5fd7a2 Document samba -- multiple vulnerabilities. 
Brought to you from Heathrow Airport and BSDCan 2007 Devsummit.
 2007-05-16 20:22:35 +00:00
Simon L. B. Nielsen
5660505553 Backout last change. 
Blackboard:

- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.
- I will remember to look at which files are committed.

x1000

Pointy hat to:	simon
 2007-05-10 17:34:45 +00:00
Simon L. B. Nielsen
4e0a6f6ea4 Update PHP entry to include the vulnerable version so the entry is 
correct for when PHP is updated in ports (yes it's being worked on),
or for people who upgrade "manually".

With hat:	secteam
Requested by:   several
 2007-05-10 17:31:49 +00:00
Remko Lodder
947b7a739d Document a lot of PHP vulnerabilities, mark all php4 and php5 (+cli,cgi) 
ports as vulnerable till the ports had been upgraded.
 2007-05-07 09:12:41 +00:00
Remko Lodder
1ee4a7171c Bump modification date for the latest mod_perl entry, this was forgotten 
by erwin, but there were "massive" changes that warrant a date bump.
 2007-05-07 08:49:25 +00:00
Remko Lodder
573e3a6f58 Standarize the latest entry (qemu) a bit more and add a forgotten 'a' 
in the p5-Imager text.
 2007-05-02 16:56:22 +00:00
Juergen Lock
1c19bc62dd Document multiple qemu vulnerabilities 
Obtained from:	debian-security-announce@lists.debian.org mailing list
Security:	multiple qemu vulnerabilities
 2007-05-01 22:49:39 +00:00
Lars Balker Rasmussen
77e127836a Update to 0.57 - fixes possible overflow vulnerability regarding malformed 
BMPs, see vuln.xml for details.

Security:	VuXML ID: 632c98be-aad2-4af2-849f-41a6862afd6a
 2007-04-30 17:51:53 +00:00
Remko Lodder
507f8c5208 Document FreeBSD -- IPv6 Routing Header 0 is dangerous 2007-04-28 18:34:30 +00:00
Erwin Lansing
1b24a292e8 Rework the mod_perl entry to note that Mandriva originally released 
an advisory.  Also add mod_perl2 to the vulnerable versions.
 2007-04-25 19:05:44 +00:00
Erwin Lansing
e9ca1878e6 Minor wordsmithing in the last mod_perl entry. 
Submitted by:	simon
 2007-04-25 17:11:17 +00:00
Erwin Lansing
b85159572e Add entry for mod_perl -- remote DOS in PATH_INFO parsing 
PR:		111844
Submitted by:	"Philip M. Gollucci" <pgollucci@p6m7g8.com>
 2007-04-25 17:04:36 +00:00
Anton Berezin
d9fddefe1b p5-Crypt-OpenPGP 1.03_1 should not be vulnerable to CVE-2005-0366. 2007-04-23 14:12:10 +00:00
Andrew Pantyukhin
b97830622f - Mark latest firefox and seamonkey snapshots as safe 2007-04-19 11:55:37 +00:00
Martin Wilke
c2497cc8f8 - Add entry for claws-mail - APOP vulnerability 2007-04-19 10:37:24 +00:00
Marcus Alves Grando
f6b5e52b70 lighttpd -- DOS when access files with mtime 0 
lighttpd -- Remote DOS in CRLF parsing
 2007-04-14 15:11:47 +00:00
Stanislav Sedov
fe6c10e9aa - Add freeradius-mysql to the list of affected packages of the recent 
freeradius entry.

Submitted by:	David Wood <david@wood2.org.uk>
 2007-04-13 15:46:38 +00:00
Florent Thoumie
0693e562cc Mark Google Earth >= 4.0.2414 as safe. 2007-04-13 11:50:41 +00:00
Stanislav Sedov
c87d123fe1 - Document recent remote dos vulnerability in freeradius. 2007-04-13 08:19:58 +00:00
Simon L. B. Nielsen
771da9af81 Add an extra reference to the old "gnupg -- OpenPGP symmetric 
encryption vulnerability" entry which explains the problem in a more
easy to read way.

Submitted by:	tobez (sort of)
 2007-04-10 21:10:43 +00:00
Simon Barner
3ff5f20524 Document fetchmail's "insecure APOP authentication" issue (fixed in 6.3.8). 2007-04-09 20:05:50 +00:00
Remko Lodder
61fb9e495f Stylify the latest zope entry: 
o Use consistent title description
o Use tabs when 8 spaces are hit
o Sort the references list (the alphabet goes from a to z)
o Bump modification date (note: please check the entry date
  so that it matches the correct data of insertion).

Also stylify the latest mcweject entry.
 2007-04-08 19:58:35 +00:00
Stefan Walter
88f4ad87a7 Add entry for exploitable buffer overflow in mcweject. 
PR:		111365
Submitted by:	Jeff Forsythe<tornandfilthy2006@yahoo.com>
 2007-04-08 19:45:57 +00:00
Stefan Walter
43583a0ccc Add entry for webcalendar "noSet" variable overwrite vulnerability. 
PR:		110585
Submitted by:	Greg Larkin <glarkin@sourcehosting.net>
 2007-04-08 14:36:53 +00:00
Stefan Walter
88caf0dcc5 Add entry for Zope2 cross-site scripting vulnerability. 
Inspired by:	Yasushi Hayashi<yasi@yasi.to> (in PR 111119)
 2007-04-08 11:16:40 +00:00
Sergey Matveychuk
949c18dd0c Remove f951cf4a-a1fe-11db-98f9-0004aca3703d entry. It's duplicate to 
41da2ba4-a24e-11db-bd24-000f3dcc6a5d.
 2007-03-31 16:30:04 +00:00
Andrew Pantyukhin
ecd6369157 - Fix versions and dates in latest squid entry 
Pointy hat to:	miwi
 2007-03-22 02:27:18 +00:00
Remko Lodder
3c59371e69 Standarise the latest Squid entry. 2007-03-21 17:07:34 +00:00
Martin Wilke
a7782e32b9 - Add entry for squid TRACE method handling denial of service 2007-03-21 13:04:08 +00:00
Simon L. B. Nielsen
acd61e2658 Fix range for sql-ledger entry which I missed in my original review. 2007-03-16 16:57:50 +00:00
Lars Thegler
0643a8e6a4 Document sql-ledger vulnerability 
PR:		ports/110350
Submitted by:	Antoine Beaupre <anarcat@koumbit.org>
 2007-03-16 11:48:32 +00:00
Remko Lodder
a87575e4d3 Document cacti -- remote injection exploit 
PR:		ports/107838
Submitted by:	Dan Langille <dan at langille dot org>
 2007-03-16 07:35:42 +00:00
Remko Lodder
d7ba0f6190 Correct two tdiary entries: 
o correct the affected version numbers
o package name of www/tdiary-devel is "tdiary-devel", not "tdiary"
o add ja-tdiary and ja-tdiary-devel to affected packages

PR:		ports/109086
Submitted by:	KOMATSU Shinichiro <koma2 at lovepeers dot org>
 2007-03-16 07:31:36 +00:00
Remko Lodder
68712de05d Document two long forgotten Samba vulnerabilities. 
PR:		ports/109049
Submitted by:	KOMATSU Shinichiro <koma2 at lovepeers dot org>
 2007-03-16 07:28:17 +00:00
Markus Brueffer
f03a6e0dd5 ktorrent -- multiple vulnerabilities: 
- Add CVE references
- Bump modification date
 2007-03-14 23:00:41 +00:00
Remko Lodder
e4e952fbac Spell out multiple vulnerabilities instead of specifying the exact 
amount (we always do that). Also bump the modification date for
this entry and the PHP entry that had been touched
 2007-03-12 08:39:18 +00:00
Markus Brueffer
49ad7fe1b0 Fix typo in PHP entry 2007-03-12 01:16:27 +00:00
Markus Brueffer
4fc45e848e Document ktorrent -- two vulnerabilities 2007-03-12 01:11:44 +00:00
Jun Kuriyama
e35e03e2bf Add ja-trac-*. 2007-03-10 02:19:12 +00:00
Martin Wilke
74c50829e9 - fix typo 2007-03-09 15:52:31 +00:00
Martin Wilke
31630be19e - Add entry for mplayer -- DMO File Parsing Buffer Overflow Vulnerability 
Reviewed by:    simon (secteam)
 2007-03-09 15:48:35 +00:00
Martin Wilke
a6486cbf1f - Add entry for Trac "download wiki page as text" Cross-Site Scripting Vulnerability. 
Reviewed by:    simon@
 2007-03-09 14:34:21 +00:00
Simon L. B. Nielsen
983a5a317d Correct affected versions in "mod_jk -- long URL stack overflow 
vulnerability" entry.

Noticed by:	Nick Barkas
 2007-03-06 07:18:07 +00:00
Simon L. B. Nielsen
e247fea80e Document mod_jk -- long URL stack overflow vulnerability. 2007-03-05 23:17:51 +00:00
Simon L. B. Nielsen
9995667e85 For recent "mozilla -- multiple vulnerabilities" entry: 
- Mark Seamonkey 1.1.1 as safe.  While mozilla.org does not clearly
  state this, it does seem to be the case. [1]
- Add another critical vulnerability which wasn't on the web site when
  the vuxml entry was initially added.

Reported by:	Volodymyr Kostyrko [1]
 2007-03-01 18:34:05 +00:00
Remko Lodder
04101b10f2 Document bind -- Multiple Denial of Service vulnerabilities 
Now all Security Advisories are merged again in VuXML.
 2007-02-27 20:10:00 +00:00