freebsd-ports

Author	SHA1	Message	Date
Remko Lodder	7ce5f5f5eb	Document jdk - jar directory traversal vulnerability. Approved by: simon	2005-04-16 22:35:09 +00:00
Simon L. B. Nielsen	c6463c5ae8	Document several mozilla/firefox issues.	2005-04-16 16:12:02 +00:00
Simon L. B. Nielsen	b8e8bd4784	Mark wget >= 1.10.a1 safe from the "wget -- multiple vulnerabilities" entry. Info provided by: sf	2005-04-15 21:47:10 +00:00
Simon L. B. Nielsen	c666625667	Document openoffice -- DOC document heap overflow vulnerability.	2005-04-13 23:17:14 +00:00
Simon L. B. Nielsen	2a6230f941	Fix and document insecure temporary file handling in portupgrade. Security: CAN-2005-0610 Security: http://vuxml.FreeBSD.org/22f00553-a09d-11d9-a788-0001020eed82.html Approved by: erwin (mentor), maintainer timeout OK'ed by: portmgr Reviewed by: nectar	2005-04-12 08:24:48 +00:00
Simon L. B. Nielsen	c5a9b3a376	Document three GAIM vulnerabilities.	2005-04-10 19:41:46 +00:00
Simon L. B. Nielsen	4ac987a82c	Document an old PHP issue.	2005-04-10 18:47:06 +00:00
Simon L. B. Nielsen	63de08eab1	Document squid -- DoS on failed PUT/POST requests vulnerability. Submitted by: Devon H. O'Dell <dodell@offmyserver.com> (original version)	2005-04-10 10:22:18 +00:00
Pav Lucistnik	b1c64c078b	- Fix closing tag on the entry I just touched. Pointed out by: still Chimera Blaming: too much bear earlier tonight	2005-04-09 20:42:03 +00:00
Pav Lucistnik	ecf039676f	- Add <modified> to the entry I just touched Prodded by: Chimera	2005-04-09 20:38:37 +00:00
Pav Lucistnik	e22567b87a	- CAN-2005-0133 is fixed in clamav-devel-20050408 PR: ports/79688 Submitted by: Renato Botelho <freebsd@galle.com.br>	2005-04-09 20:21:47 +00:00
Simon L. B. Nielsen	3325b65493	Bump modified date for entry modified last commit.	2005-04-05 20:57:06 +00:00
Hajimu UMEMOTO	f17f51ad0e	add CVE name to latest vuln of Cyrus IMAPd.	2005-04-05 20:03:49 +00:00
Thierry Thomas	24b5ab2bb9	Add an entry for a XSS vulnerabilty fixed in horde-3.0.4.	2005-04-05 19:57:09 +00:00
Simon L. B. Nielsen	7e369a9d2b	Document wu-ftpd -- remote globbing DoS vulnerability.	2005-04-04 20:06:01 +00:00
Simon L. B. Nielsen	08a1fddf90	Add CVE name to hashash entry.	2005-04-03 06:53:58 +00:00
Christian Weisgerber	7ce77e7525	Document hashcash format string vulnerability.	2005-04-02 23:15:17 +00:00
Simon L. B. Nielsen	3ea2a15c21	Document clamav -- zip handling DoS vulnerability. Approved by: portmgr (blanket, VuXML)	2005-03-26 20:49:39 +00:00
Jacques Vidrine	8fdf391a72	Document Wine information disclosure. Based on an entry that was Submitted by: Devon H. O'Dell <dodell@offmyserver.com> Approved by: portmgr (blanket, VuXML)	2005-03-24 14:15:05 +00:00
Jacques Vidrine	ad6be0e3c8	Document the most serious of the recently disclosed Mozilla/Firefox/Thunderbird vulnerabilities. Based on entries that were Submitted by: Devon H. O'Dell <dodell@offmyserver.com> Approved by: portmgr (blanket, VuXML)	2005-03-24 14:08:28 +00:00
Jacques Vidrine	540824d2e8	Document Sylpheed buffer overflow. Reminded by: netchild Approved by: portmgr (blanket, VuXML)	2005-03-23 18:29:15 +00:00
Simon L. B. Nielsen	5b82e7ed54	Document xv -- filename handling format string vulnerability. Approved by: portmgr (implicit, VuXML)	2005-03-21 21:19:21 +00:00
Simon L. B. Nielsen	e551c99e0a	Document kdelibs -- local DCOP denial of service vulnerability. Approved by: portmgr (implicit, VuXML)	2005-03-21 20:27:19 +00:00
Simon L. B. Nielsen	4b8ba5ca05	Mark grip port as fixed for recent vulnerability. Requested by: ahze	2005-03-18 19:16:10 +00:00
Simon L. B. Nielsen	9c13358c08	Document phpmyadmin -- increased privilege vulnerability.	2005-03-15 21:13:28 +00:00
Alexey Dokuchaev	15f66ab5b1	Note that recent Quake2-LNX is fixed.	2005-03-15 19:40:23 +00:00
Alex Dupre	2e4290eeb0	Recent mysql snapshot import fixed several vulnerabilities.	2005-03-15 14:27:01 +00:00
Simon L. B. Nielsen	566e20849d	Document ethereal -- multiple protocol dissectors vulnerabilities.	2005-03-14 21:55:46 +00:00
Simon L. B. Nielsen	29d805dd40	Document "grip -- CDDB response multiple matches buffer overflow vulnerability".	2005-03-14 20:19:29 +00:00
Simon L. B. Nielsen	f1996dbbb7	Update references for latest MySQL entry: - Use bid tag for Bugtraq ID reference. - Add CVE names.	2005-03-14 19:49:15 +00:00
Alex Dupre	09faa83406	Document multiple mysql remote vulnerabilities.	2005-03-14 15:16:35 +00:00
Thierry Thomas	c3c8132fc3	Add an entry about rxvt-unicode bufer overflow.	2005-03-13 10:31:19 +00:00
Simon L. B. Nielsen	2f4093a8ae	Document two phpMyAdmin issues.	2005-03-08 22:52:18 +00:00
Simon L. B. Nielsen	098596aedb	Document libexif -- buffer overflow vulnerability.	2005-03-08 21:26:23 +00:00
Jacques Vidrine	3b0cb09a6a	Fix invalid date. Noticed by: Kang Liu <liukang@bjut.edu.cn>	2005-03-07 15:45:13 +00:00
Jacques Vidrine	6cec90d8a0	Add <modified> date for recent commit to phpbb vulnerability. Forgotten by: delphij While here, add msgids for recent phpbb addition.	2005-03-06 17:06:32 +00:00
Xin LI	5092eea0da	Document a low risk HTML injection (configuration bypass) vulnerability [1] of phpBB. (maintainer contacted and is preparing a fix) [1] http://marc.theaimsgroup.com/?l=bugtraq&m=110987231502274	2005-03-05 15:53:41 +00:00
Xin LI	852b94cbf0	Add bugtraq bug ID for phpbb vulnerability. Submitted by: Kang LIU <liukang bjut edu cn>	2005-03-05 15:42:50 +00:00
Jacques Vidrine	3fbc94976e	Document two phpnuke vulnerabilities, and a Linux RealPlayer vulnerability. Based on entries that were Submitted by: Devon H. O'Dell <dodell@sitetronics.com>	2005-03-04 18:14:28 +00:00
Simon L. B. Nielsen	27b0023153	- Document ImageMagick -- format string vulnerability. - Fix typo on older tiff entry.	2005-03-03 22:20:45 +00:00
MANTANI Nobutaka	8a81c46428	Document the privilege escalation vulnerability in uim.	2005-03-02 13:17:24 +00:00
Jacques Vidrine	1f1453269f	Fix typo in linux-tiff version number for http://vuxml.freebsd.org/8f86d8b5-6025-11d9-a9e7-0001020eed82.html Reported by: Ian Moore <no-spam@swiftdsl.com.au>	2005-03-01 13:39:29 +00:00
Jacques Vidrine	8ec244ef06	Document lighttpd information disclosure bug. This entry is based on one that was Submitted by: Devon H. O'Dell <dodell@offmyserver.com>	2005-03-01 13:23:52 +00:00
Jacques Vidrine	b511a32842	Fix typo in linux-tiff version number for http://vuxml..freebsd.org/fc7e6a42-6012-11d9-a9e7-0001020eed82.html Reported by: Ian Moore <no-spam@swiftdsl.com.au>	2005-02-28 13:41:19 +00:00
Xin LI	ab9ba5a88f	Document latest phpBB critical security vulnerabilities. Submitted by: Kang LIU <liukang bjut edu cn>	2005-02-28 10:48:53 +00:00
Jacques Vidrine	24627424e6	Correct the linux-tiff version number for several entries. Reported by: netchild	2005-02-28 03:42:01 +00:00
Simon L. B. Nielsen	3ab3a3220e	Document curl -- authentication buffer overflow vulnerability.	2005-02-27 21:24:03 +00:00
Simon L. B. Nielsen	3ba6fcbd61	- Document cyrus-imapd -- multiple buffer overflow vulnerabilities. [1] - Use bid tag for a reference in sup entry. Advice from: ume [1]	2005-02-27 20:34:17 +00:00
Hiroki Sato	fbb0c798ac	Document format string vulnerabilities in net/sup.	2005-02-27 13:21:10 +00:00
Simon L. B. Nielsen	ce31baa966	- Just use mozilla in title for last entry for consistency. - Document mozilla -- insecure temporary directory vulnerability.	2005-02-26 21:12:12 +00:00
Simon L. B. Nielsen	c71abfe2a6	Update list of affected mozilla/firefox ports by the web browsers -- window injection vulnerabilities entry.	2005-02-26 20:36:40 +00:00
Simon L. B. Nielsen	77260025a2	Document mozilla & firefox -- arbitrary code execution vulnerability. Submitted by: Devon H. O'Dell <dodell@sitetronics.com> (original version)	2005-02-26 14:25:31 +00:00
Jacques Vidrine	5764c517d0	Improve the description of the latest phpBB information disclosure bugs. Submitted by: delphij (in part)	2005-02-25 04:55:52 +00:00
Hiroki Sato	76c4e7dbc7	Document a format string vulnerability in mkbold-mkitalic. Reviewed by: simon	2005-02-24 15:43:23 +00:00
Jacques Vidrine	353e7eb649	Add CVE names for wget.	2005-02-23 16:20:57 +00:00
Jacques Vidrine	f8f16c318e	De-confuse latest AWStats entry: rewrite description, and add relevant references. There were so many bugs, it was hard to keep them straight (^_^).	2005-02-23 15:11:02 +00:00
Jacques Vidrine	7e953178e5	Format the <topic> of the most recent entry so that it is more consistent with other entries.	2005-02-23 14:37:04 +00:00
Xin LI	10d48b910d	Document latest phpbb vulnerabilities. Discussed with: phpbb maintainer	2005-02-23 13:13:44 +00:00
Simon L. B. Nielsen	53153f2e70	Add more references to recent putty vulnerability.	2005-02-23 05:15:32 +00:00
Jacques Vidrine	b3ca842939	The mod_dosevasive port was upgraded.	2005-02-22 21:58:36 +00:00
Jacques Vidrine	a9fab6c983	Nit: - In most recent `unace' entry, replace HTML entity with the Unicode character. We do not use HTML entities so that a VuXML document may be processed without using the DTD. (We also avoid character entity references for more natural grep'ing, sed'ing, and editor searching.) Corrections: - An invalid UUID was assigned to a FreeRADIUS vulnerability, and went undetected since last October. (>_<) Correct it. - A bnc vulnerability was duplicated. Cancel the older, less informative entry and update the newer entry.	2005-02-22 19:27:32 +00:00
Christian Weisgerber	33ffd45c6e	Document unace-1.2b vulnerabilities: buffer overflows, directory traversal.	2005-02-22 15:37:51 +00:00
Simon L. B. Nielsen	5283ed8c39	For the the recent kdelibs entry; note that dcopidlng is only used at build time. Reported by: lofi	2005-02-20 20:51:37 +00:00
Simon L. B. Nielsen	c9f2f9b090	Document heap corruption vulnerabilities in putty.	2005-02-20 18:53:25 +00:00
Simon L. B. Nielsen	c965b44edc	Update affected versions of latest postgresql entry now that the ports have been fixed.	2005-02-19 12:49:38 +00:00
Simon L. B. Nielsen	28b80e83e3	Document insecure temporary file creation in kdelibs.	2005-02-18 22:37:34 +00:00
Simon L. B. Nielsen	edfb3d1fa7	Document format string vulnerability in bidwatcher.	2005-02-18 21:55:08 +00:00
Simon L. B. Nielsen	78f1ae5e94	Document a directory traversal vulnerability in gftp.	2005-02-18 20:37:19 +00:00
Simon L. B. Nielsen	8014ae1da8	- Document two Opera vulnerabilities. - Update information about fixed version for Opera with regard to "Window Injection" issues (based on release notes for Opera 7.54u2).	2005-02-18 20:14:00 +00:00
Simon L. B. Nielsen	6025141ff0	Document multiple buffer overflows in postgresql.	2005-02-17 21:45:40 +00:00
Simon L. B. Nielsen	f6928e4f62	Fix entry date for last commit.	2005-02-16 23:39:20 +00:00
Simon L. B. Nielsen	3aa53137ae	Document vulnerabilities in awstats. Note that this entry will most likely be updated soon when more information becomes available.	2005-02-16 23:25:23 +00:00
Simon L. B. Nielsen	a04da6a1a9	Add a few more references to the awstats entry.	2005-02-15 20:55:47 +00:00
MANTANI Nobutaka	b5f80f0f0c	Change affected packages version for the emacs movemail format string vulnerability since I fixed editors/emacs port by adding a patch instead of upgrading it to 21.4.	2005-02-14 15:44:07 +00:00
Simon L. B. Nielsen	f227f751ea	Document DoS in powerdns.	2005-02-14 00:10:36 +00:00
Simon L. B. Nielsen	1aa7bbb219	Document format string vulnerability in the Emacs movemail utility.	2005-02-13 23:19:00 +00:00
Alexey Dokuchaev	6b67384fe3	- Reflect fixing vulnerability in `net/opendchub' - Print project's name correctly	2005-02-13 11:28:52 +00:00
Simon L. B. Nielsen	28f8ea4ea8	- Fix a cvename that should have been a certvu. - Delete trailing white space. - Fix some nearby formatting while I'm here anyway.	2005-02-13 09:59:02 +00:00
Simon L. B. Nielsen	a702124003	Document two vulnerabilities in ngircd.	2005-02-13 09:21:00 +00:00
Simon L. B. Nielsen	248904911e	Document mod_python information leakage vulnerability.	2005-02-12 23:53:09 +00:00
Simon L. B. Nielsen	9314417b34	Document mailman directory traversal vulnerability.	2005-02-12 20:40:50 +00:00
Jacques Vidrine	c87041a2e7	Expand HTML entity reference in latest VuXML entry.	2005-02-11 23:29:30 +00:00
Christian Weisgerber	8803c37393	Document enscript-{a4,letter,letterdj} vulnerabilities.	2005-02-11 21:59:05 +00:00
Alexey Dokuchaev	2726a60efc	Vulnerability in unrtf is fixed now.	2005-02-11 13:37:26 +00:00
Simon L. B. Nielsen	98933fd487	Document privilege escalation vulnerability in postgresql.	2005-02-08 21:33:54 +00:00
Simon L. B. Nielsen	8249950b77	Document multiple protocol dissectors vulnerabilities in ethereal.	2005-02-08 18:14:44 +00:00
Jacques Vidrine	d276a4012f	Add another squid issue. PR: ports/76967 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2005-02-08 14:49:58 +00:00
Jacques Vidrine	78a22088fc	Add CERT Vulnerability Note reference for one squid issue, and correct the reference for another one [1]. Reported by: Thomas-Martin Seck <tmseck@netcologne.de> [1]	2005-02-08 14:43:50 +00:00
Jacques Vidrine	ba5679b474	Add CVE name for squid confusing empty ACL issue.	2005-02-08 13:48:12 +00:00
Jacques Vidrine	3622db4708	Add US-CERT Vulnerability Note references for recent squid issues.	2005-02-07 20:02:30 +00:00
Hye-Shik Chang	f4c32e5e59	Add missing <code> markups in a citation from PSF-2005-001.	2005-02-04 04:26:10 +00:00
Hye-Shik Chang	fd1e0e8128	Add an entry for PSF-2005-001, "SimpleXMLRPCServer.py allows unrestricted traversal"	2005-02-04 04:09:11 +00:00
Joe Marcus Clarke	8591bc9446	Update the entry for CAN-2005-0064 to indicate that gpdf 2.8.3 has a fix for this vulnerability.	2005-02-03 22:30:59 +00:00
Jacques Vidrine	6888c3c260	Note that perl does not have a suidperl by default.	2005-02-02 18:59:10 +00:00
Jacques Vidrine	827e5546c4	Note vulnerabilities in perl.	2005-02-02 17:38:44 +00:00
Jacques Vidrine	46e506df32	Add Bugtraq ID for evolution issue.	2005-02-02 15:46:17 +00:00
Jacques Vidrine	8287d6cb6d	Add CVE name for squid WCCP issue.	2005-02-01 17:03:31 +00:00
Jacques Vidrine	179467b970	Add a <modified> tag to the perl File::Path issue since the affected versions were changed. Forgotten by: tobez	2005-02-01 14:14:54 +00:00
Anton Berezin	29fce98efd	Narrow perl File::Path vulnerability version range a bit.	2005-02-01 13:38:15 +00:00
Niels Heinen	679df602c3	Documented vulnerabilities found in the newspost, newsfetch and newsgrab ports. http://people.freebsd.org/~niels/issues/newspost-20050114.txt http://people.freebsd.org/~niels/issues/newsgrab-20050114.txt http://people.freebsd.org/~niels/issues/newsfetch-20050119.txt Approved by: nectar (mentor)	2005-02-01 09:03:52 +00:00
Jacques Vidrine	f2abfeab79	The latest xpdf buffer overflow has been repaired in an update to pdftohtml. Submitted by: erwin	2005-01-31 21:44:32 +00:00
Jacques Vidrine	b6c860577d	Add CVE names for recent squid vulnerabilities.	2005-01-31 21:40:10 +00:00
Sergey Matveychuk	6137f0a08d	squid -- buffer overflow in WCCP recvfrom() call PR: ports/76827 Submitted by: squid maintainer	2005-01-29 21:43:36 +00:00
Simon L. B. Nielsen	00a8d275e8	Mark cups-base as fixed wrt. to "makeFileKey2() buffer overflow vulnerability".	2005-01-27 16:38:35 +00:00
Simon L. B. Nielsen	227998b897	Document "makeFileKey2()" buffer overflow vulnerability in xpdf (and programs embedding xpdf).	2005-01-26 20:25:46 +00:00
Jacques Vidrine	3bdccd715e	pdflib has been corrected. Noticed by: Hilko Meyer <Hilko.Meyer@gmx.de>	2005-01-26 16:20:43 +00:00
Jacques Vidrine	511b2e442a	Document a vulnerability in zhcon.	2005-01-25 13:50:43 +00:00
Simon L. B. Nielsen	af20e5ead2	Fix last YAMT entry update to actually make sense... Greater than and less than are not the same... Pointy hat to: simon	2005-01-25 10:51:09 +00:00
Simon L. B. Nielsen	3244edf676	Mark latest YAMT port version as fixed.	2005-01-25 10:46:29 +00:00
Simon L. B. Nielsen	8c59ddfff6	Document arbitrary code execution vulnerability in evolution.	2005-01-25 00:50:02 +00:00
Jacques Vidrine	49bed9c371	Correct the entry date for 4e4bd2c2-6bd5-11d9-9e1e-c296ac722cb3 ``squid -- HTTP response splitting cache pollution attack''.	2005-01-24 22:24:02 +00:00
Jacques Vidrine	ad23982e36	Document a local vulnerability in mod_dosevasive.	2005-01-24 20:12:25 +00:00
Jacques Vidrine	6a1b2ca975	Document a possible cache-poisoning issue affecting squid. Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2005-01-24 19:39:20 +00:00
Jacques Vidrine	3690d623e4	Document Bugzilla XSS issue.	2005-01-24 18:45:43 +00:00
Jacques Vidrine	3314fe9060	Oops, forgot to set <discovery> date.	2005-01-24 18:38:46 +00:00
Jacques Vidrine	58812ca6ce	Document window injection vulnerabilities affecting several web browsers.	2005-01-24 17:35:44 +00:00
Jacques Vidrine	e0578cbf24	Cancel duplicate phpbb entry e8c6ade2-6bcc-11d9-8e6f-000a95bc6fae. It was already documented as e3cf89f0-53da-11d9-92b7-ceadd4ac2edd. Useful references and descriptions were merged. Noticed by: simon	2005-01-24 15:29:18 +00:00
Simon L. B. Nielsen	4b3d64dc85	Document a vulnerability in YAMT.	2005-01-23 23:52:33 +00:00
Simon L. B. Nielsen	9fdc600f7e	Add squid security advisories for two recent squid entries. Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2005-01-22 14:37:47 +00:00
Edwin Groothuis	6f015a062f	squid bug #1200 : squid -- HTTP response splitting cache pollution attack PR: ports/76550 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2005-01-22 09:35:07 +00:00
Simon L. B. Nielsen	394b4f98df	Fix typo in last commit.	2005-01-22 01:13:36 +00:00
Simon L. B. Nielsen	a5db6cd37f	Document XSS in Horde.	2005-01-22 00:55:04 +00:00
Jacques Vidrine	2fd02c75f6	Oops, I accidently changed an <entry> date when I should have added a <modified> date.	2005-01-21 18:30:14 +00:00
Jacques Vidrine	83e6c1cfa6	Document vulnerabilities in older versions of Midnight Commander.	2005-01-21 17:48:02 +00:00
Jacques Vidrine	31b25caa87	Document a race condition in Perl's File::Path module.	2005-01-21 17:34:08 +00:00
Jacques Vidrine	b6d92f1198	Document phpBB vulnerabilities.	2005-01-21 17:01:03 +00:00
Jacques Vidrine	0d90beee7b	Document vulnerabilities in the Opera web browser's Java implementation.	2005-01-21 16:50:40 +00:00
Jacques Vidrine	5c923465f8	Document that older versions of sudo lack CDPATH environmental variable handling.	2005-01-21 16:38:02 +00:00
Jacques Vidrine	74afa39dd8	Document vulnerabilities in fcron.	2005-01-21 16:30:45 +00:00
Jacques Vidrine	73b2669a11	Document vulnerabilities in RealPlayer.	2005-01-21 16:07:31 +00:00
Jacques Vidrine	66cfca5b8c	Add CVE name and iDEFENSE advisory references to xzgv issue.	2005-01-21 15:54:14 +00:00
Jacques Vidrine	d4a196519c	Grr, get the imlib version number right!	2005-01-21 15:37:24 +00:00
Jacques Vidrine	b356746d58	Oops, imlib 1.9.15 is still affected. Adjust version number to reflect upcoming fix.	2005-01-21 15:31:52 +00:00
Jacques Vidrine	00cd9fa742	Document xpm heap overflows and integer overflows affecting imlib and imlib2.	2005-01-21 15:16:01 +00:00
Jacques Vidrine	5b916628c0	Document a vulnerability in eGroupWare.	2005-01-21 14:53:14 +00:00
Jacques Vidrine	4283c602b4	Document Quake II vulnerabilities reported by Richard Stanway.	2005-01-21 14:42:28 +00:00
Jacques Vidrine	9a857e751f	Add CVE names for konversation bugs.	2005-01-21 13:53:46 +00:00
Josef El-Rayes	ff26f95ce8	Document security issue in irc/konversation. Pointed out by: markus	2005-01-19 20:47:31 +00:00
Jacques Vidrine	924065316b	Correct several instances where the "msgid" attribute content had an extraneous trailing greater-than character ">", e.g. <mlist msgid="some-message@id>">some-url</mlist> These were probably the result of off-by-one errors during cut-and-paste.	2005-01-19 16:39:29 +00:00
Jacques Vidrine	6a7487d98c	Eliminate character entity references. They are technically fine of course, but I prefer to use the UTF-8 character directly: it makes grep'ing and the like easier.	2005-01-19 16:19:14 +00:00
Jacques Vidrine	82f5dbf866	Update entries with 12 new CVE name references.	2005-01-19 14:13:08 +00:00
Edwin Groothuis	85e001db7c	Fix date (was YYYY-MM-DD, now 2005-01-19) Thanks for Chimera@#bsdports	2005-01-19 11:52:27 +00:00
Edwin Groothuis	b7487cecbb	squid -- no sanity check of usernames in squid_ldap_auth (My first attempt to update this thing. Hope all goes fine!) PR: ports/76364 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2005-01-19 11:05:02 +00:00
Simon L. B. Nielsen	a8bfb30c11	Document remote DoS in CUPS. Heads-ups by: Hilko Meyer <hilko.meyer@gmx.de> Description by: nectar	2005-01-18 20:25:52 +00:00
Jacques Vidrine	8f0e289b8b	During last year's bumpercrop of vulnerabilities in libtiff, a 2004 CVE name was assigned to what was actually a much older (circa March 2002) denial-of-service issue. Document it, since occassionally the CVE name crops up and then I wonder why we missed it.	2005-01-18 17:47:15 +00:00
Jacques Vidrine	d0c1fddd87	Document exploitable vulnerabilities in zgv and xzgv.	2005-01-18 17:23:23 +00:00
Jacques Vidrine	410c998edc	Document bug in Mozilla-based software that may leave downloaded files or attachments world-readable.	2005-01-18 16:59:56 +00:00
Simon L. B. Nielsen	bb8192991e	Add more references to exim entry.	2005-01-18 16:02:38 +00:00
Jacques Vidrine	31c0747eb2	pdflib contains libtiff, and thus is affected by several vulnerabilities that affected libtiff.	2005-01-18 15:23:49 +00:00
Simon L. B. Nielsen	e26b4b8713	Document remote command execution vulnerability in awstats.	2005-01-18 12:29:58 +00:00
Simon L. B. Nielsen	534539b497	Document security vulnerability in ImageMagick.	2005-01-18 01:02:45 +00:00
Simon L. B. Nielsen	44af68883a	Update "cups-base -- HPGL buffer overflow vulnerability" entry to reflect the fix in the latest port version.	2005-01-17 17:44:12 +00:00
Jacques Vidrine	ee01ad1757	Spelling corrections.	2005-01-17 17:20:57 +00:00
Jacques Vidrine	1affd53e40	Regarding CUPS lppasswd entry: Add the CVE names for each issue inline with the excerpt from Bernstein's message. Note that the third issue does not effect users of FreeBSD 4.6 or later.	2005-01-17 13:42:10 +00:00
Simon L. B. Nielsen	e5f3dcd988	Document two vulnerabilities in CUPS. Heads up by: Hilko Meyer <hilko.meyer@gmx.de>	2005-01-16 23:15:54 +00:00
Simon L. B. Nielsen	358108a09d	Document mysqlaccess insecure temporary file creation.	2005-01-16 20:46:56 +00:00
Simon L. B. Nielsen	480696d0aa	Document buffer overflow vulnerability in unrtf.	2005-01-16 18:47:48 +00:00
Simon L. B. Nielsen	1f5a4a6873	Correct recent squid entry: WCCP is in fact enabled by default. Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (squid maintainer)	2005-01-16 17:18:52 +00:00
Jacques Vidrine	e8c46b8370	For mod_access_referer issue: - Correct spelling. - `null' in `null pointer' should not be all caps - Correct the secunia.com URL (it did not identify this particular bug)	2005-01-13 21:22:47 +00:00
Jacques Vidrine	1f1cc5eb48	Add references to Konqueror password disclosure bug: CVE name, CERT Vulnerability Note, and KDE security advisory.	2005-01-13 21:13:51 +00:00
Jacques Vidrine	28e2f0f2d8	Update phpBB command execution entry references: - Convert some <url>s into the appropriate <certvu> and <uscertta> elements. - Add CVE name - Add a couple of mailing list posts	2005-01-13 20:52:52 +00:00
Jacques Vidrine	cfb20a0551	For the latest three Squid issues, add references to the Squid bug tracking database. Also, rework the description of the empty ACL issue.	2005-01-13 20:42:56 +00:00
Jacques Vidrine	9432a91978	Add a better reference and description of the jabberd vulnerability.	2005-01-13 20:26:03 +00:00
Jacques Vidrine	6da0681826	Oops, add missing closing tag for Bugtraq ID which I recently added.	2005-01-13 20:04:06 +00:00
Jacques Vidrine	38b49a0040	Add CVE name for up-imapproxy issue.	2005-01-13 20:02:26 +00:00
Jacques Vidrine	519a1717d6	Add CVE names to greed buffer overflows issue. Re-indent <references> children.	2005-01-13 19:53:32 +00:00
Jacques Vidrine	6a9eefde32	For mpg123 playlist issue, add CVE name, Bugtraq ID, and X-Force references. Correct a double slash (`//') in a URL. Re-ident the <references> children.	2005-01-13 19:51:06 +00:00
Jacques Vidrine	324af71685	Add a CVE name for VIM modeline handling issue.	2005-01-13 19:46:40 +00:00
Jacques Vidrine	1ce7083c86	Cancel VID 14e8f315-600e-11d9-a9e7-0001020eed82 "tiff -- stripoffsets integer overflow vulnerability", as it was a subset of VID 3897a2f8-1d57-11d9-bc4a-000c41e2cdad "tiff -- multiple integer overflows". This is another case of iDEFENSE ``discovering'' a vulnerability months after it had already been made public and corrected. I've preserved the iDEFENSE advisory reference by moving it to the older entry, so that someone won't get misled by it again later.	2005-01-13 19:39:14 +00:00
Jacques Vidrine	48013c516f	Add CVE name for tnftp mget vulnerability. Re-indent <references> children while I'm here.	2005-01-13 19:09:13 +00:00
Jacques Vidrine	7c27423f3f	For recent squid WCCP DoS issue, correct the URL used in <blockquote> "cite" attribute and <url> content. It referenced the wrong squid patch description.	2005-01-13 18:41:58 +00:00
Jacques Vidrine	9d91c8188e	Document Mozilla NNTP handler vulnerability.	2005-01-13 18:03:57 +00:00
Simon L. B. Nielsen	c5b02bda96	- Document a vulnerability in mpg123. - Add mpg123-nas to an earlier mpg123 entry. - Make title for exim entry more accurate. - Fix invalid modification date in latest xpdf entry.	2005-01-13 16:10:46 +00:00
Simon L. B. Nielsen	8b446059f5	- Integrate vendor patches as published on <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for the following issues: + Prevent a possible denial of service attack via WCCP messages (squid bug #1190), classified as security issue by the vendor + Fix a buffer overflow in the Gopher to HTML conversion routine (squid bug #1189), classified as security issue by the vendor + Fix a null pointer access and plug memory leaks in the fake_auth NTLM helper (squid bug #1183) (this helper app is not installed by default by the port) + Stop closing open filedescriptors beyond stdin, stdout and stderr on startup (squid bug #1177) - Unbreak the port on NO_NIS systems (thanks to "Alexander <freebsd AT nagilum.de>" for reporting this) - Document the two security issues in VuXML. PR: ports/76173 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer) Approved by: erwin (mentor)	2005-01-12 22:37:29 +00:00
Jacques Vidrine	62bd6b7c6c	- Document some older security issues in libxine. - Cancel VID bef4515b-eaa9-11d8-9440-000347a4fa7d in favor of a more complete, new entry. (A xine security announcement covered the same issue and others.) - Add references to xine security announcements and iDEFENSE Security Advisories.	2005-01-12 14:39:03 +00:00
Jacques Vidrine	d9e18bd747	Document HylaFAX authentication bypass vulnerability.	2005-01-11 22:41:49 +00:00
Christian Weisgerber	d10d98ae37	Document xshisen buffer overflows.	2005-01-11 22:18:33 +00:00
Jacques Vidrine	30d2dc9579	Add CERT Vulnerability Note reference for tiff issue.	2005-01-11 16:39:18 +00:00
Jacques Vidrine	2de186c1a6	Bump copyright for 2005.	2005-01-11 14:31:39 +00:00
Simon L. B. Nielsen	a21ea1b2e3	Mark pdftohtml as vulnerable to recent xpdf vulnerability.	2005-01-11 00:33:20 +00:00
Niels Heinen	7f3b90f3b2	Documented two vulnerabilities in the helvis port	2005-01-10 22:20:50 +00:00
Jacques Vidrine	5ad7c7e107	Add CVE names for exim issue.	2005-01-09 18:34:21 +00:00
Simon L. B. Nielsen	e870db8f29	Document format string vulnerability in dillo.	2005-01-08 20:18:16 +00:00
Sergey Matveychuk	26460a693e	- Shorten exim entry Thanks to: simon	2005-01-08 17:47:59 +00:00
Simon L. B. Nielsen	3ae4987d74	Fix typo in latest tiff entry. Noticed by: bmah	2005-01-08 17:39:48 +00:00
Jacques Vidrine	c6d260351e	Change the behavior of `make newentry' so that it invokes ${EDITOR} after adding the template, since this is certainly the next required action. [1] Fix the error checking: a pipeline was masking some errors, and `set errexit' was not effective in some other places. Suggested by: delphij [1]	2005-01-08 17:13:09 +00:00
Jacques Vidrine	c510dbc5c3	Add a target, `newentry', that will insert a VuXML <vuln> template (including generated VID) to the top of the `vuln.xml' file. This will save a little time when adding new entries. Inspired by: a patch from simon	2005-01-08 15:43:23 +00:00
Simon L. B. Nielsen	08f3a5badf	- Document that two older tiff vulnerabilities also affects linux-tiff. [1] - Add an extra reference to each of the two entries while I'm here anyway. - In one of the tiff title elements do s/---/--/ for consistency. Discussed with: nectar [1] Approved by: portmgr (implicit, VuXML)	2005-01-08 00:20:23 +00:00
Jacques Vidrine	f7d666b587	The tnftp port has been updated. Approved by: portmgr (implicit, VuXML)	2005-01-07 15:34:42 +00:00
Jacques Vidrine	955c5bc874	Fix up last commit (tnftp entry): - Malformed XML - mismatched tags (<packages></package>) - invalid entity reference &content-type= (ampersand should have been replaced with &) - Replace <range> so that it matches all possible versions for now, until a fixed version is available in the ports tree - <entry> date was in the past Approved by: portmgr (implicit, VuXML) Pointy hat to: ahze (hint: make validate)	2005-01-07 13:59:15 +00:00
Michael Johnson	61b7a158a5	Document vulnerabilites in tnftp PR: ports/75782 Submitted by: Tom McLaughlin Approved by: portmgr (krion)	2005-01-07 07:09:45 +00:00
Simon L. B. Nielsen	aa893567cc	Document several vulnerabilites in tiff. Approved by: portmgr (implicit, VuXML)	2005-01-06 22:41:48 +00:00
Jacques Vidrine	d831033fcf	Fill in forgotten `cite' attribute value. Noticed by: simon Approved by: portmgr (implicit, VuXML)	2005-01-06 17:05:22 +00:00
Jacques Vidrine	8b07dc5aa8	Document a local vulnerability in VIM's modeline handling. Approved by: portmgr (implicit, VuXML)	2005-01-06 16:54:29 +00:00
Jacques Vidrine	51b0acc8c8	Add a CERT VU reference for the latest Acrobat Reader vulnerability. Add old package names (acroread4, acroread5) for an older Acrobat Reader vulnerability. Approved by: portmgr (implicit, VuXML)	2005-01-06 14:46:07 +00:00
Simon L. B. Nielsen	02ea68b4f5	Document buffer overflow vulnerabilities in pcal. Approved by: portmgr (implicit, VuXML)	2005-01-06 00:26:08 +00:00
Simon L. B. Nielsen	718307262c	Add (now deleted) exim-ldap package to latest exim entry. Approved by: portmgr (implicit, VuXML)	2005-01-05 20:41:07 +00:00
Sergey Matveychuk	0cfca5c418	s/le/lt/ on my last commit. it's "<", not "<=". Approved by: portmgr (implicitly)	2005-01-05 02:12:14 +00:00
Sergey Matveychuk	1478bf250d	exim -- two relatively minor security issues Approved by: portmgr (implicitly, VuXML)	2005-01-05 02:03:18 +00:00
Simon L. B. Nielsen	b3137d9b0e	For the "kdelibs3 -- konqueror FTP command injection vulnerability" entry: replace references to Debian and KDE bugtracking systems with a KDE advisory which basically contains the same information but is more readable. Approved by: portmgr (implicit, VuXML)	2005-01-04 20:28:26 +00:00
Josef El-Rayes	46e4a4b40b	Document security issues in golddig, greed, mpg123. Submitted by: niels Approved by: portmgr(implicit, VuXML)	2005-01-03 21:48:04 +00:00
Simon L. B. Nielsen	7a00e559d6	Mark open-motif-2.2.3_1 as fixed with regard to the "xpm -- image decoding vulnerabilities" entry. PR: misc/75726 Submitted by: Hilko Meyer <hilko.meyer@gmx.de> Approved by: portmgr (implicit, VuXML)	2005-01-02 23:54:31 +00:00
Simon L. B. Nielsen	879729f451	- Note that the port update to up-imapproxy 1.2.2 included a patch to fix the security vulnerability. - Mark pop3proxy as vulnerable to the up-imapproxy vulnerability, since pop3proxy is derived from up-imapproxy. Reported by: mbr Approved by: portmgr (implicit, VuXML)	2005-01-02 12:37:22 +00:00
Simon L. B. Nielsen	c158bf0613	Document vulnerabilities in up-imapproxy. Approved by: portmgr (implicit, VuXML)	2005-01-02 10:53:18 +00:00
Simon L. B. Nielsen	3e3b3d4466	Add two bugtraq ids to the latest a2ps entry. Approved by: portmgr (implicit, VuXML)	2005-01-02 00:59:25 +00:00
Simon L. B. Nielsen	100e2cb292	Document FTP command injection vulnerability in kdelibs3. Approved by: portmgr (implicit, VuXML)	2005-01-01 15:55:54 +00:00
Simon L. B. Nielsen	10acecfb52	Improve topic for latest phpbb vulnerability to highlight the main problem (arbitrary command execution). Prodded by: remko	2004-12-30 20:20:45 +00:00
Simon L. B. Nielsen	019c6d58f7	Document insecure temporary file creation in a2ps.	2004-12-30 17:55:08 +00:00
Simon L. B. Nielsen	be54244b47	Add more references to two older entries.	2004-12-30 14:11:23 +00:00
Josef El-Rayes	b00249d240	Add m odified date to my last commit. Spotted by: simon	2004-12-29 17:48:40 +00:00
Josef El-Rayes	c572cbb7c2	libxine is also affected by the mplayer vulnerabilities. Add cvenames.	2004-12-29 17:34:50 +00:00
Josef El-Rayes	dbe1950414	Document vulnerability in libxine.	2004-12-29 16:26:03 +00:00
Josef El-Rayes	8273b66e39	Document vulnerability in jabberd1	2004-12-26 20:51:24 +00:00
Josef El-Rayes	1b8c7389bd	s/kpdf/kdegraphics	2004-12-24 23:49:27 +00:00
Josef El-Rayes	47422bf1b3	Add ports to xpdf report that come with own xpdf in distfile. For kdegraphics: Reported by: lofi	2004-12-24 13:48:48 +00:00
Simon L. B. Nielsen	a6d79142f2	Remove duplicate word in the latest squid entry. Noticed by: josef	2004-12-23 11:03:29 +00:00
Simon L. B. Nielsen	94a1d048f6	Document potentially confusing results results on empty ACL declarations in squid. PR: ports/75403 (part of) Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2004-12-23 00:58:04 +00:00
Simon L. B. Nielsen	34acc215c8	Document multiple vulnerabilities in ethereal.	2004-12-23 00:39:08 +00:00
Simon L. B. Nielsen	109298cdf5	Document a buffer overflow vulnerability in xpdf.	2004-12-23 00:04:20 +00:00
Xin LI	26bf29cf65	Document phpBB vulnerability that exists on phpBB < 2.0.11 Submitted by: Kang LIU <liukang bjut edu cn>	2004-12-22 12:17:09 +00:00
Simon L. B. Nielsen	c96189e101	Document a vulnerability in acroread.	2004-12-21 22:37:51 +00:00
Simon L. B. Nielsen	88ebf5d9f5	Document a vulnerability in ecartis.	2004-12-21 22:10:52 +00:00
Simon L. B. Nielsen	23a19d5f6a	Document multiple vulnerabilities in mplayer.	2004-12-21 19:38:19 +00:00
Simon L. B. Nielsen	ef9cc44dab	Document a heap buffer overflow vulnerability in MIT Kerberos 5.	2004-12-21 02:09:08 +00:00
Simon L. B. Nielsen	572f21564f	Document an integer overflow vulnerability in samba.	2004-12-21 00:34:09 +00:00
Niels Heinen	a2d58b2e3e	Corrected typo (blockquote in wrong place). Approved by: nectar (implicit)	2004-12-20 09:55:15 +00:00
Simon L. B. Nielsen	f571d771b7	- Update the corrected version number for recent phpMyAdmin entry to match the actual ports version number for phpMyAdmin 2.6.1-rc1. - Bump modification date for the updated entries.	2004-12-19 12:49:20 +00:00
Simon L. B. Nielsen	7d38451068	Updates for the latest PHP entry: - Correctly match the www/mod_php4 port (it was missing PORTEPOCH). - Add a few more references. - Bump modified date.	2004-12-18 18:53:27 +00:00
Simon L. B. Nielsen	462f47f29f	Correct recent php entry, 4.3.10 and 5.0.3 are fixed.	2004-12-17 14:56:28 +00:00
Sergey Matveychuk	1087be430a	Fix VID for the last commit.	2004-12-17 10:56:20 +00:00
Sergey Matveychuk	1ca6044485	Multiple vulnerabilities in PHP. From Secunia report.	2004-12-17 09:32:44 +00:00
Niels Heinen	c4351f8170	Added 5 MySQL vulnerabilities Approved by: nectar (mentor)	2004-12-16 10:51:17 +00:00
Simon L. B. Nielsen	71a130d9e5	Document two vulnerabilities in phpMyAdmin.	2004-12-15 22:21:35 +00:00
Simon L. B. Nielsen	560c745a50	Document multiple vulnerabilities in wget.	2004-12-14 17:55:51 +00:00
Simon L. B. Nielsen	85fe47d148	- Add bugtraqid references to several entries. - Fix typo in msgid for a samba entry. - Bump modification date for updated entries.	2004-12-12 22:15:01 +00:00
Josef El-Rayes	66cfe51e76	Document security issue in Konqueror.	2004-12-12 21:14:14 +00:00
Simon L. B. Nielsen	eb8e1c132f	Document a NULL pointer dereference vulnerability in mod_access_referer. Submitted by: Niels Heinen <niels.heinen@ubizen.com>	2004-12-11 16:22:38 +00:00
Sergey Matveychuk	4c0635e2e4	Integrate the following vendor patches as published on http://www.squid-cache.org/Versions/v2/2.5/bugs/: - a malformed hostname can cause squid to return random data as error messages, possibly leaking internal information from former requests (squid bug #1143). (This is classified as a minor security issue by the squid developers, so maintainer cc'ed security-team@. See VuXML entry.) - the "httpd_accel_port 0" directive does not work on its own (squid bug #1121) - fix crashes occuring when using cachemgr's "vm_objects" operation (squid bug #1149) PR: ports/74859 Submitted by: maintainer	2004-12-08 23:16:53 +00:00
Simon L. B. Nielsen	43a63c2a9a	Document information leakage in viewcvs.	2004-12-07 23:38:31 +00:00
Simon L. B. Nielsen	f7f5caf523	Document a symlink attack vulnerability in cscope.	2004-12-07 13:35:42 +00:00
Greg Lewis	da140f5fea	. Put the topic in the same format all other recent topics have been in for the Java plugin vulnerability. . Note that the diablo-jdk and diablo-jre packages are vulnerable to the plugin issue. [1] Prodded by: simon [1]	2004-12-05 06:53:54 +00:00
Simon L. B. Nielsen	c7b95b76a8	Add cvename to bnc vulnerability.	2004-12-04 21:12:13 +00:00
Simon L. B. Nielsen	708cd4d296	Document a remote code execution vulnerability in bnc.	2004-12-04 20:47:45 +00:00
Simon L. B. Nielsen	db86a9a6b0	Fix grammar nit in ImageMagick entry. Submitted by: Daniel Seuffert <DS@praxisvermittlung24.de>	2004-12-04 18:21:14 +00:00
Simon L. B. Nielsen	c187d7750c	For the Java plugin vulnerability, also match the linux-jdk package (old name for linux-jdk-sun).	2004-12-04 18:09:43 +00:00
Greg Lewis	a76d08126f	. Note that although linux-sun-jdk13 had one plugin vulnerability fixed in 1.3.1.13, it contained another problem. This is fixed in 1.3.1.14.	2004-12-03 17:24:37 +00:00
Hideyuki KURASHINA	0ec4007514	Document vulnerability that allows arbitrary command execution in rssh and scponly. Approved & reviewed by: josef (security team)	2004-12-03 08:22:49 +00:00
Christian Weisgerber	19de9acd4d	Document buffer overflows in rockdodger.	2004-12-02 21:04:06 +00:00
Simon L. B. Nielsen	dd51751293	Add CVE to zip vulnerability.	2004-12-01 20:08:05 +00:00
Simon L. B. Nielsen	d0f583c274	Document a long path buffer overflow in zip.	2004-12-01 19:38:39 +00:00

... 3 4 5 6 7 ...

839 commits