kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
133520 commits 42 branches 80 tags 2.7 GiB
Commit graph

839 commits

Author SHA1 Message Date
Vsevolod Stakhov
2c558cfdfd Document vulnerabilities in www/phpmyfaq 2005-09-28 22:54:43 +00:00
Remko Lodder
29187277a0 Add linux_base-suse-9.3 to the zlib entry. 
Inspired by:		trevors commit.
 2005-09-24 09:22:30 +00:00
Simon L. B. Nielsen
2548c814c4 Document clamav -- arbitrary code execution and DoS vulnerabilities. 2005-09-24 08:31:46 +00:00
Simon L. B. Nielsen
30b443303c - Be consistent and call entries "firefox & mozilla", not the other way 
around.
- Mark latest linux-mozilla port as fixed for recent mozilla
  vulnerabilities.
 2005-09-23 21:44:15 +00:00
Simon L. B. Nielsen
5477df8a4d - Document mozilla & firefox -- multiple vulnerabilities. 
- Add Mozilla Foundation Security Advisory references to two other
  firefox/mozilla entries.
 2005-09-23 19:19:03 +00:00
Simon L. B. Nielsen
9caf96ed77 Add real references to urban -- stack overflow vulnerabilities. 2005-09-21 23:03:56 +00:00
Simon L. B. Nielsen
dd5c1f81f5 Document mozilla & firefox -- command line URL shell command injection. 2005-09-21 22:31:09 +00:00
Simon L. B. Nielsen
e348f65ac4 Add CVE name for tor -- diffie-hellman handshake flaw. 2005-09-21 21:59:31 +00:00
Simon L. B. Nielsen
ae68849b21 Correct package name for entry bind -- buffer overrun vulnerability. 2005-09-21 21:46:25 +00:00
Simon L. B. Nielsen
28c69d6d13 Add CVE name to an older CUPS issue. 2005-09-21 21:15:51 +00:00
Remko Lodder
7869900ab0 Fix the htdig entry, the port version and the VuXML version did not 
align.

Reported by:		Nic Bellamy <nic at bellamy dot co dot nz>
 2005-09-19 16:12:06 +00:00
Remko Lodder
e16354e3c3 Fix the squirrelmail entry since only versions prior to 1.4.5 were 
affected. Bump modification date accordingly.

Reported by:		Avinash Piare <avinash at piare dot org>
 2005-09-19 16:09:27 +00:00
Remko Lodder
2c4ab28551 Document the following items: 
o apache -- Certificate Revocation List (CRL) off-by-one vulnerability
o squirrelmail -- _$POST variable handling allows for various attacks

Reviewed by:		simon
 2005-09-17 19:08:42 +00:00
Pav Lucistnik
2e5accd757 - Add an entry on possible DOS condition regarding NTLM in squid 
PR:		ports/86179
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de>
 2005-09-15 20:14:26 +00:00
Dejan Lesjak
bf24ec6453 Document X11 server -- pixmap allocation vulnerability. 
Reviewed by:	simon
 2005-09-14 22:22:49 +00:00
Remko Lodder
b4a8bdcba3 Document unzip -- permission race vulnerability. [1] 
Update the recent htdig entry with it's corrected version.

Reviewed by:		simon [1]
 2005-09-13 20:18:44 +00:00
Simon L. B. Nielsen
02e71a56c9 Document firefox & mozilla -- buffer overflow vulnerability. 
Prodded by:	pav
 2005-09-10 20:55:35 +00:00
Sam Lawrance
79fc4d5562 Mark the latest version of cups-base fixed for "xpdf -- disk fill DoS 
vulnerability"
 2005-09-07 08:46:52 +00:00
Remko Lodder
9869f02a09 Add forgotten </package> line. 
Spotted by:		simon
 2005-09-04 15:24:56 +00:00
Remko Lodder
1f32002401 Mark b2evolution prior to 0.9.0.12_2 vulnerable to the XML_RPC remote php code injection vulnerability. 
Inspired by:		pav's commit, updating the port.
 2005-09-04 15:16:52 +00:00
Remko Lodder
8d52ed02cb Document htdig -- cross site scripting vulnerability. 
Reviewed by:	simon
 2005-09-04 09:03:05 +00:00
Sergey Matveychuk
df93a435e2 - Document two squid security related issues. 
PR:		ports/85688
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (squid maintainer)
 2005-09-04 07:54:46 +00:00
Remko Lodder
59790d976f Document bind9 -- denial of service. 
Also merge the FreeBSD-SA-05:12.bind9 advisory in the entry. [1]

Suggested by:		simon [1]
Reviewed by:		simon
 2005-09-03 19:05:00 +00:00
Remko Lodder
5d3e7f35e7 Document bind -- buffer overrun vulnerability 2005-09-03 18:06:52 +00:00
Simon L. B. Nielsen
b8fc727f1e Add a more or less bogus reference section to the last entry, to make it 
a valid entry.  The reference simply references the VuXML entry itself,
but at least it fixes the build for now.

Missed by:	simon
 2005-09-02 13:10:51 +00:00
Jean-Yves Lefort
83951565f6 Document stack overflow vulnerabilities in games/urban. 
Approved by:	simon
 2005-09-02 12:59:55 +00:00
Simon L. B. Nielsen
ab66fb30d3 Mark latest evolution port version as fixed wrt. evolution -- remote 
format string vulnerabilities.
 2005-08-29 20:47:28 +00:00
Jun Kuriyama
11ed143aa7 Add entry for fswiki's vuln. 2005-08-29 15:10:29 +00:00
Niels Heinen
14c354e28c Dante 1.1.15 is no longer affected by the fd_set bitmap index overflow. 
Updated the version in VuXML (was 0).

Approved by:	nectar (mentor)
 2005-08-29 08:11:20 +00:00
Simon L. B. Nielsen
db3d72ecbf - Fill out part of the std. VuXML template missed in the last entry. 
- Mark acroread 7.0.1 as fixed for acroread -- XML External Entity
  vulnerability. [1]

Reported by:	Sverre H. Huseby [1]
 2005-08-28 20:48:11 +00:00
Simon L. B. Nielsen
b7a42fed66 Document evolution -- remote format string vulnerabilities. 
Approved by:	portmgr (blanket, VuXML)
 2005-08-27 22:25:30 +00:00
Simon L. B. Nielsen
32797fc1e4 Document pam_ldap -- authentication bypass vulnerability. 
Approved by:	portmgr (blanket, VuXML)
 2005-08-27 21:54:42 +00:00
Simon L. B. Nielsen
8322548dab Mark phpgroupware as vulnerable to pear-XML_RPC -- remote PHP code 
injection vulnerability.

Reported by:	olgeni
Approved by:	portmgr (blanket, VuXML)
 2005-08-27 18:17:24 +00:00
Simon L. B. Nielsen
e88212ee93 Document pcre -- regular expression buffer overflow. 
Approved by:	portmgr (blanket, VuXML)
 2005-08-26 21:24:31 +00:00
Simon L. B. Nielsen
5fff46907e Mark latest awstats port as fixed for awstats -- arbitrary code 
execution vulnerability.

Approved by:	portmgr (blanket, VuXML)
 2005-08-23 20:26:38 +00:00
Sergey Matveychuk
5a393f74af Document mail/elm remote buffer overflow vulnerability. 
PR:		ports/85225
Submitted by:	Kevin Day <toasty@dragondata.com> (elm maintainer)
Approved by:	portmgr (blanket, VuXML)
 2005-08-23 19:07:08 +00:00
Remko Lodder
5dd48b46c5 Document four vulnerabilities in openvpn: 
* openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server
* openvpn -- denial of service: malicious authenticated &quot;tap&quot; client can deplete server virtual memory
* openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients
* openvpn -- denial of service: client certificate validation can disconnect unrelated clients

Approved by:	portsmgr (blanket VuXML)
Submitted by:	Matthias Andree <matthias dot andree at gmx dot de>
 2005-08-19 09:58:19 +00:00
Simon L. B. Nielsen
36ab3408aa Also mark phpAdsNew as affected by "pear-XML_RPC -- remote PHP code 
injection vulnerability".

Approved by:	portmgr (blanket, VuXML)
 2005-08-17 20:01:01 +00:00
Remko Lodder
b942a2a7c2 Add the fixed version so that people do not get a stale portaudit when the update is there. 
Also fix some indentation that i overlooked.

Noticed by:		simon (both of the items)
Approved by:		portsmgr (blanket VuXML)
 2005-08-17 19:46:39 +00:00
Remko Lodder
937ce6aba9 Document tor -- diffie-hellman handshake flaw. 
Submitted by:		Michal Bartkowiak <michal at nonspace dot net>
Approved by:		portsmgr (blanket VuXML)
 2005-08-17 19:34:44 +00:00
Simon L. B. Nielsen
b301e67e49 gpdf has been fixed for "xpdf -- disk fill DoS vulnerability", mark it 
as such.

Approved by:	portmgr (blanket, VuXML)
 2005-08-16 21:19:30 +00:00
Simon L. B. Nielsen
75172d796f Add eGroupWare to the list of packages affected by "pear-XML_RPC -- 
remote PHP code injection vulnerability".

Approved by:	portmgr (blanket, VuXML)
 2005-08-16 20:56:54 +00:00
Simon L. B. Nielsen
59a6826b92 Document acroread -- plug-in buffer overflow vulnerability. 
Approved by:	portmgr (blanket, VuXML)
 2005-08-16 18:43:41 +00:00
Simon L. B. Nielsen
2836760398 Add phpmyfaq and drupal to the "pear-XML_RPC -- remote PHP code 
injection vulnerability" entry since they contain an embedded version of
pear-XML_RPC.

Fix typo in body of the latest xpdf entry (note: no modified date bump
as this is a minor typo fix which does change <affects>).

Approved by:	portmgr (blanket, VuXML)
 2005-08-15 20:38:54 +00:00
Simon L. B. Nielsen
a098192895 Document pear-XML_RPC -- remote PHP code injection vulnerability. 
Submitted by:	hrs
Approved by:	portmgr (blanket, VuXML)
 2005-08-15 13:20:30 +00:00
Simon L. B. Nielsen
782374f5c4 Document awstats -- arbitrary code execution vulnerability. 
Approved by:	portmgr (blanket, VuXML)
 2005-08-14 21:09:10 +00:00
Simon L. B. Nielsen
c1bc774e4b After further examination it turns out that gnugadu does not include 
libgadu, at least not any in any current version, and from looking at
the gnugadu code there is no direct indication that this code should
actually be vulnerable to the other libgadu vulnerabilities. [1]

The gaim part of libgadu -- multiple vulnerabilities was fixed in
1.4.0_1. [2]

Polish translation clue:	pjd [1]
General clue by:		markus [2]
Not enough checking:		simon
Approved by:			portmgr (blanket, VuXML)
 2005-08-12 16:38:54 +00:00
Simon L. B. Nielsen
41071473f7 Remove pl-gnugadu2 and kadu from being affected by libgadu -- multiple 
vulnerabilities, since it turns out that they use libgadu from the ekg
port.

Approved by:	portmgr (blanket, VuXML)
 2005-08-12 14:45:57 +00:00
Simon L. B. Nielsen
57454f0e97 Document libgadu -- multiple vulnerabilities. 
Approved by:	portmgr (blanket, VuXML)
 2005-08-12 14:21:10 +00:00
Simon L. B. Nielsen
da8382985a Document gaim -- AIM/ICQ away message buffer overflow and gaim -- 
AIM/ICQ non-UTF-8 filename crash.

Approved by:	portmgr (blanket, VuXML)
 2005-08-12 11:26:44 +00:00