Raphael Kubo da Costa
6af337e474
Add entries for CVE-2013-6892 and CVE-2016-2511 in devel/websvn.
...
Security: CVE-2013-6892
Security: CVE-2016-2511
2016-03-06 13:22:33 +00:00
Sunpoet Po-Chuan Hsieh
633ffbae19
- Document Ruby on Rails multiple vulnerabilities
2016-03-06 06:37:45 +00:00
Christoph Moench-Tegeder
2add4d6e9f
Document recent chromium vulnerabilities
...
Approved by: miwi (mentor), rene (mentor)
Obtained from: http://googlechromereleases.blogspot.de/2016/03/stable-channel-update.html
2016-03-05 20:39:49 +00:00
Raphael Kubo da Costa
a4bbce2615
Make 7d09b9ee-e0ba-11e5-abc4-6fb07af136d2 pass `make validate'.
2016-03-05 13:10:35 +00:00
Raphael Kubo da Costa
9519a382db
Add entry for security/libssh's CVE-2016-0739.
...
This was fixed in r409932, but the 2016Q1 branch is still vulnerable.
2016-03-05 13:09:48 +00:00
Vsevolod Stakhov
4380106b01
Document the latest exim vulnerability - local privilleges escalation via
...
insecure environment when using `perl_startup` option and setuid exim.
2016-03-02 21:17:13 +00:00
Mark Felder
627a208d19
Update graphite vuxml entry to add another relevant URL
...
PR: 207574
2016-03-02 13:53:05 +00:00
Jason Unovitch
92232aa47b
Document SQL injection and authentication bypass in Cacti
...
Note CVE-2015-8369/upstream bug 0002646: SQL injection in graph.php
was also fixed in this release but that was backported to 0.8.8f and is
covered in a prior entry.
PR: 207444
Security: CVE-2015-8377
Security: CVE-2015-8604
Security: CVE-2016-2313
Security: https://vuxml.FreeBSD.org/freebsd/db3301be-e01c-11e5-b2bd-002590263bf5.html
2016-03-02 02:28:45 +00:00
Matthew Seaman
5868371f68
Document the latest round of phpMyAdmin vulnerabilities. Lots of XSS
...
problems, and a man-in-the-middle attack on API calls to GitHub.
2016-03-01 07:30:20 +00:00
Jason Unovitch
7f1d8e21bf
Document wireshark multiple vulnerabilities
...
Security: CVE-2016-2522
Security: CVE-2016-2523
Security: CVE-2016-2524
Security: CVE-2016-2525
Security: CVE-2016-2526
Security: CVE-2016-2527
Security: CVE-2016-2528
Security: CVE-2016-2529
Security: CVE-2016-2530
Security: CVE-2016-2531
Security: CVE-2016-2532
Security: https://vuxml.FreeBSD.org/freebsd/45117749-df55-11e5-b2bd-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/42c2c422-df55-11e5-b2bd-002590263bf5.html
2016-03-01 03:00:41 +00:00
Sergey A. Osokin
d2953d7885
Update www/tomcat7 version.
2016-02-28 22:50:53 +00:00
Mark Felder
61d4dc226a
Update tomcat vuxml entry
...
CVE-2015-5346 does not affect Tomcat 6.
2016-02-28 22:10:09 +00:00
Mark Felder
23c34078e9
Document additional tomcat vulnerabilities
...
Security: CVE-2015-5346
Security: CVE-2015-5351
Security: CVE-2016-0763
2016-02-28 21:44:55 +00:00
Mark Felder
528172af9b
Update documented tomcat vulnerabiltiies
2016-02-28 21:37:30 +00:00
Mark Felder
79705af288
Document tomcat vulnerabilities
...
Security: CVE-2016-0714
2016-02-28 20:50:20 +00:00
Palle Girgensohn
c2db06e6ae
Document vulnerability i xerces-c3
...
Security: CVE-2016-0729
2016-02-28 18:15:13 +00:00
Jason Unovitch
a9d78963ca
Revise Squid entry with CVE assignment and SQUID-2016:2 advisory reference
...
PR: 207454
Reported by: Pavel Timofeev <timp87@gmail.com>
Security: CVE-2016-2569
Security: CVE-2016-2570
Security: CVE-2016-2571
Security: https://vuxml.FreeBSD.org/freebsd/660ebbf5-daeb-11e5-b2bd-002590263bf5.html
2016-02-28 00:50:12 +00:00
Mark Felder
13b83ba4dd
Document django vulnerability
...
Security: CVE-2016-2048
2016-02-28 00:48:27 +00:00
Jason Unovitch
79c6d5f9f4
Document Xen Security Advisories (XSAs 167, 168, 170)
...
Security: CVE-2016-1570
Security: CVE-2016-1571
Security: CVE-2016-2271
Security: https://vuxml.FreeBSD.org/freebsd/7ed7c36f-ddaf-11e5-b2bd-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/80adc394-ddaf-11e5-b2bd-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/81f9d6a4-ddaf-11e5-b2bd-002590263bf5.html
2016-02-28 00:29:10 +00:00
Mark Felder
1e90f8e2c2
Document moodle vulnerabilities
...
Security: CVE-2016-0724
Security: CVE-2016-0725
2016-02-28 00:25:10 +00:00
Mark Felder
fe86f9e06b
Document multimedia/pitivi vulnerability
...
Security: CVE-2015-0855
2016-02-26 16:16:21 +00:00
Mark Felder
de92a33931
Document graphics/giflib vulnerability
...
Security: CVE-2015-7555
2016-02-26 15:50:41 +00:00
Mark Felder
f5e88e1857
Document drupal vulnerabilities
...
PR: 207467
Security: https://www.drupal.org/SA-CORE-2016-001
2016-02-25 15:36:20 +00:00
Li-Wen Hsu
79918e1a85
Document Jenkins Security Advisory 2016-02-24
2016-02-25 05:25:10 +00:00
Mark Felder
4e551fb530
vuxml: Update entry for graphics/jasper
...
These vulnerabilities are resolved in 1.900.1_16
Security: http://www.vuxml.org/freebsd/006e3b7c-d7d7-11e5-b85f-0018fe623f2b.html
Security: http://www.vuxml.org/freebsd/f1692469-45ce-11e5-adde-14dae9d210b8.html
2016-02-24 20:27:40 +00:00
Jason Unovitch
90bc9b39d5
Document squid remote DoS in HTTP response processing
...
PR: 207454
Reported by: Pavel Timofeev <timp87@gmail.com>
Security: https://vuxml.FreeBSD.org/freebsd/660ebbf5-daeb-11e5-b2bd-002590263bf5.html
2016-02-24 11:46:09 +00:00
Jason Unovitch
6add66db19
Document bsh remote code execution vulnerability
...
PR: 207334
Submitted by: pfg (maintainer)
Security: CVE-2016-2510
Security: https://vuxml.FreeBSD.org/freebsd/9e5bbffc-d8ac-11e5-b2bd-002590263bf5.html
2016-02-21 15:25:57 +00:00
Jason Unovitch
8c080fd580
Document libsrtp DoS via crafted RTP header vulnerability
...
PR: 207003
Reported by: pi
Security: CVE-2015-6360
Security: https://vuxml.FreeBSD.org/freebsd/6171eb07-d8a9-11e5-b2bd-002590263bf5.html
2016-02-21 14:55:47 +00:00
Jason Unovitch
42785e7bfc
Respace entry so `make validate' passes
2016-02-21 14:54:03 +00:00
Dirk Meyer
bc45e02be0
- add jasper -- multiple vulnerabilities
...
- fix version for CVE-2015-5221
2016-02-20 14:01:59 +00:00
Mark Felder
3d9bd39ed6
Document that graphics/silgraphite is also vulnerable
...
Security: http://www.vuxml.org/freebsd/8f10fa04-cf6a-11e5-96d6-14dae9d210b8.html
2016-02-18 23:08:33 +00:00
Rene Ladan
c6919a4dd4
Document new vulnerability in www/chromium < 48.0.2564.116
...
Obtained from: http://googlechromereleases.blogspot.nl/2016/02/stable-channel-update_18.html
2016-02-18 21:23:58 +00:00
Jason Unovitch
5c2bcb3929
Document Linux glibc crash/code execution via crafted DNS responses
...
PR: 207272
Submitted by: Johannes Jost Meixner <johannes@meixner.dk>
Security: CVE-2015-7547
Security: https://vuxml.FreeBSD.org/freebsd/2dd7e97e-d5e8-11e5-bcbd-bc5ff45d0f28.html
2016-02-18 03:04:39 +00:00
Jason Unovitch
1d91359d70
Revise earlier Squid entry with official Squid SA as a reference
...
PR: 203186
Security: https://vuxml.FreeBSD.org/freebsd/d3a98c2d-5da1-11e5-9909-002590263bf5.html
2016-02-18 02:20:24 +00:00
Jason Unovitch
6f4e84f84d
Document Squid SSL/TLS processing remote DoS
...
PR: 207294
Security: CVE-2016-2390
Security: https://vuxml.FreeBSD.org/freebsd/56562efb-d5e4-11e5-b2bd-002590263bf5.html
2016-02-18 02:16:14 +00:00
Mark Felder
2c0d4e29a8
Document databases/adminer vulnerabilities
2016-02-17 17:23:24 +00:00
Jung-uk Kim
8fee180476
Correct CVE numbers for recent Flash vulnerabilities.
2016-02-16 22:48:43 +00:00
Carlos J. Puga Medina
874cf54aae
Document libgcrypt side-channel attack on ECDH
...
PR: 207107
Security: CVE-2015-7511
Security: https://vuxml.FreeBSD.org/freebsd/95b92e3b-d451-11e5-9794-e8e0b747a45a.html
2016-02-16 02:40:27 +00:00
Jason Unovitch
ef7d4b4805
Document xdelta3 buffer overflow vulnerability
...
PR: 207174
Security: CVE-2014-9765
Security: https://vuxml.FreeBSD.org/freebsd/f1bf28c5-d447-11e5-b2bd-002590263bf5.html
2016-02-16 01:00:25 +00:00
Martin Wilke
34b7e601d3
- Update Description from previous commit.
...
PR: 207207
Suggested by: Jan Beich
2016-02-15 15:31:03 +00:00
Martin Wilke
d25d6f42dc
- Document firefox -- Same-origin-policy violation using Service Workers with plugins
...
PR: 20720
Submitted by: Christoph Moench-Tegeder
2016-02-15 15:18:25 +00:00
Jason Unovitch
8b78c7a2c4
Add CVE to the OpenSSH 7.0.p1 entry and also mention CVE-2015-6565
...
Security: CVE-2015-6563
Security: CVE-2015-6564
Security: CVE-2015-6565
Security: https://vuxml.FreeBSD.org/freebsd/2920c449-4850-11e5-825f-c80aa9043978.html
2016-02-14 21:18:39 +00:00
Palle Girgensohn
04917a1bbd
Correct URL.
2016-02-14 19:11:35 +00:00
Martin Wilke
4855a7aade
- Fix formating
2016-02-14 14:46:06 +00:00
Bernard Spil
2baf23e640
security/vuxml: Add entry for www/nghttp2 < 1.7.1
...
- Out of memory error in nghttpd, nghttp, and libnghttp2_asio
applications
Reviewed by: feld (secteam, mentor)
Approved by: feld (secteam, mentor)
Depends on: D5218
Differential Revision: D5271
2016-02-14 14:39:55 +00:00
Jason Unovitch
d5cb36ef78
Document cross-site scripting vulnerabilities in Horde Groupware
...
Security: CVE-2015-8807
Security: CVE-2016-2228
Security: https://vuxml.FreeBSD.org/freebsd/3aa8b781-d2c4-11e5-b2bd-002590263bf5.html
2016-02-14 02:59:02 +00:00
Jason Unovitch
0a341f8d35
Fix dnscrypt-proxy reference URL (ihttps -> https)
2016-02-14 01:55:27 +00:00
Palle Girgensohn
5e11290bff
Document security problems in PostgreSQL
...
Security: CVE-2016-0773, CVE-2016-0766
2016-02-13 22:35:55 +00:00
Jason Unovitch
a41cc39564
Reflect QEMU DoS vulnerabilities now fixed in qemu-sbruno/qemu-user-static
...
PR: 205813
Security: CVE-2015-8345
Security: CVE-2015-8567
Security: CVE-2015-8568
Security: CVE-2015-8613
Security: CVE-2015-8619
Security: CVE-2015-8701
Security: https://vuxml.FreeBSD.org/freebsd/1384f2fd-b1be-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/62ab8707-b1bc-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/9ad8993e-b1ba-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/b3f9f8ef-b1bb-11e5-9728-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/b56fe6bb-b1b1-11e5-9728-002590263bf5.html
2016-02-13 22:28:41 +00:00
Koop Mast
67bdc6b065
Document feb 8, 2016 flash vulnerabilities.
...
Security: CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967,
CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0971,
CVE-2016-0972, CVE-2016-0973, CVE-2016-0974, CVE-2016-0975,
CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979,
CVE-2016-0980, CVE-2016-0981, CVE-2016-0982, CVE-2016-0983,
CVE-2016-0984, CVE-2016-0985
2016-02-10 13:08:13 +00:00
