kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
396720 commits 42 branches 80 tags 2.7 GiB
Commit graph

4313 commits

Author SHA1 Message Date
Li-Wen Hsu
5a3aed2a3d - Fix affected versions of qemu and qemu-devel 
Reviewed by:	junovitch
 2016-07-07 03:36:50 +00:00
Jason Unovitch
aa52556149 Document remote denial of service in quassel 
PR:		209218
Security:	CVE-2016-4414
Security:	https://vuxml.FreeBSD.org/freebsd/7d64d00c-43e3-11e6-ab34-002590263bf5.html
 2016-07-07 01:44:23 +00:00
Olli Hauer
b52cc06426 - document apache24 H2/X509 sec. issue. 
The sec. issue is only present if the port was built with
  non default settings (experimental H2 feature) and
  used in combination with X509 client auth!
 2016-07-05 17:59:18 +00:00
Jason Unovitch
84f4a8e508 Document Xen Security Advisories (XSAs 173, 175, 176, 178, 179, and 180). 
XSAs 171, 172, 174, and 181 are not applicable to FreeBSD.

Discussed with:	royger
Security:	CVE-2014-3672
Security:	CVE-2016-3710
Security:	CVE-2016-3712
Security:	CVE-2016-4963
Security:	CVE-2016-4480
Security:	CVE-2016-4962
Security:	CVE-2016-3960
Security:	https://vuxml.FreeBSD.org/freebsd/e800cd4b-4212-11e6-942d-bc5ff45d0f28.html
Security:	https://vuxml.FreeBSD.org/freebsd/e6ce6f50-4212-11e6-942d-bc5ff45d0f28.html
Security:	https://vuxml.FreeBSD.org/freebsd/e589ae90-4212-11e6-942d-bc5ff45d0f28.html
Security:	https://vuxml.FreeBSD.org/freebsd/e43b210a-4212-11e6-942d-bc5ff45d0f28.html
Security:	https://vuxml.FreeBSD.org/freebsd/e2fca11b-4212-11e6-942d-bc5ff45d0f28.html
Security:	https://vuxml.FreeBSD.org/freebsd/d51ced72-4212-11e6-942d-bc5ff45d0f28.html
 2016-07-04 19:02:26 +00:00
Jason Unovitch
f5904942af Update wnpa-sec-2016-12 through wnpa-sec-2016-18 with CVE assignment for 
issues fixed in Wireshark 2.0.2

While here, fix bad copy/paste on upstream URL when the entry was made.

Security:	CVE-2016-4415
Security:	CVE-2016-4416
Security:	CVE-2016-4417
Security:	CVE-2016-4418
Security:	CVE-2016-4419
Security:	CVE-2016-4420
Security:	CVE-2016-4421
Secuirty:	https://vuxml.FreeBSD.org/freebsd/45117749-df55-11e5-b2bd-002590263bf5.html
 2016-07-04 13:40:29 +00:00
Jason Unovitch
cfc4b815ba Update wnpa-sec-2016-19 through wnpa-sec-2016-27 with CVE assignment for 
issues fixed in Wireshark 2.0.3

Security:	CVE-2016-4006
Security:	CVE-2016-4076
Security:	CVE-2016-4077
Security:	CVE-2016-4078
Security:	CVE-2016-4079
Security:	CVE-2016-4080
Security:	CVE-2016-4081
Security:	CVE-2016-4082
Security:	CVE-2016-4083
Security:	CVE-2016-4084
Security:	https://vuxml.FreeBSD.org/freebsd/7e36c369-10c0-11e6-94fa-002590263bf5.html
 2016-07-04 13:32:41 +00:00
Jason Unovitch
c6c5aeb46a Document wnpa-sec-2016-29 through wnpa-sec-2016-37 for issues fixed in 
Wireshark 2.0.4

Security:	CVE-2016-5350
Security:	CVE-2016-5351
Security:	CVE-2016-5352
Security:	CVE-2016-5353
Security:	CVE-2016-5354
Security:	CVE-2016-5355
Security:	CVE-2016-5356
Security:	CVE-2016-5357
Security:	CVE-2016-5358
Security:	https://vuxml.FreeBSD.org/freebsd/313e9557-41e8-11e6-ab34-002590263bf5.html
 2016-07-04 13:25:47 +00:00
Jason Unovitch
449054770b Add fixed entries for Python 2.7, 3.4, 3.5 for urllib vulnerability. 
Reset 3.3 as unfixed.

PR:		210539
PR:		210541
Reported by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security:	CVE-2016-5699
Security:	https://vuxml.FreeBSD.org/freebsd/a61374fc-3a4d-11e6-a671-60a44ce6887b.html
 2016-07-04 01:46:35 +00:00
Jason Unovitch
75b6ff6fda Update earlier openvswitch entry with version fixed in ports 
PR:		208404
Reported by:	ohauer
Security:	CVE-2016-2074
Security:	https://vuxml.FreeBSD.org/freebsd/b53bbf58-257f-11e6-9f4d-20cf30e32f6d.html
 2016-07-03 23:13:14 +00:00
Jason Unovitch
5c119d3294 Document multiple security advisories for Moodle 
Security:	CVE-2016-3729
Security:	CVE-2016-3731
Security:	CVE-2016-3732
Security:	CVE-2016-3733
Security:	CVE-2016-3734
Security:	https://vuxml.FreeBSD.org/freebsd/8656cf5f-4170-11e6-8dfe-002590263bf5.html
 2016-07-03 22:57:24 +00:00
Mark Felder
8b1a6e9148 Document icingaweb2 vulnerability 2016-07-03 21:21:13 +00:00
Jason Unovitch
20c6e84e1e Fix date from r417994 (2016 not 2015) 2016-07-03 19:31:26 +00:00
Jason Unovitch
fe1f30ddde Document authorization logic vulnerability in Apache Hive 
PR:		207173
Security:	CVE-2015-7521
Security:	https://vuxml.FreeBSD.org/freebsd/a5c204b5-4153-11e6-8dfe-002590263bf5.html
 2016-07-03 19:30:15 +00:00
Jason Unovitch
8010633c9f Document SQLite3 tempdir selection vulnerability 
PR:		210751
Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security:	CVE-2016-6153
Security:	https://vuxml.FreeBSD.org/freebsd/546deeea-3fc6-11e6-a671-60a44ce6887b.html
 2016-07-03 18:44:39 +00:00
Bernard Spil
a3eacffbcd security/vuxml: Add Python smtplib TLS stripping vuln 
PR:		210685
Submitted by:	brnrd
Security:	CVE-2016-0772
Security:	8d5368ef-40fe-11e6-b2ec-b499baebfeaf
 2016-07-03 09:28:57 +00:00
Matthew Seaman
d10110c31a Belatedly document 12 security advisories about phpMyAdmin. 
Severities range from 'non-critical' to 'severe'
 2016-07-01 15:22:47 +00:00
Mathieu Arnold
b4155d6003 Add a test target, testing that what the port is supposed to do works. 
Sponsored by:	Absolight
 2016-07-01 12:23:44 +00:00
Mathieu Arnold
59e91aabfd Add missing dependency. 
Sponsored by:	Absolight
 2016-07-01 12:15:08 +00:00
Mark Felder
8f5c70cd7a Document haproxy vulnerability 
Security:	CVE-2016-5360
 2016-06-30 22:55:50 +00:00
Mark Felder
f763f5b10b Document libtorrent-rasterbar vulnerability 
Security:	CVE-2016-5301
 2016-06-30 22:47:25 +00:00
Mark Felder
42828f0eac Modify dnsmasq vuxml entry 
The vulnerable version range was not matching correctly for the devel
port.
 2016-06-30 22:42:05 +00:00
Mark Felder
2f37ea54e1 Document expat2 vulnerability 
Security:	CVE-2016-4472
 2016-06-30 22:32:05 +00:00
Mark Felder
613f0365fa Document dnsmasq vulnerability 
Security:	CVE-2015-8899
 2016-06-30 22:10:41 +00:00
Mark Felder
140f139903 Document python vulnerability 
PR:		210541
Security:	CVE-2016-5699
 2016-06-30 21:08:43 +00:00
Mark Felder
0a819de777 Document openssl vulnerability 
PR:		210550
Security:	CVE-2016-2177
 2016-06-30 20:52:39 +00:00
Jason Unovitch
1a2f0c90a9 Document remote denial of service via FileUpload component in Tomcat 
PR:		209669 [1]
Reported by:	Geoffroy Desvernay <dgeo@centrale-marseille.fr> [1]
Reported by:	Roger Marquis <marquis@roble.com>
Security:	CVE-2016-3092
Security:	https://vuxml.FreeBSD.org/freebsd/cbceeb49-3bc7-11e6-8e82-002590263bf5.html
 2016-06-26 18:13:40 +00:00
Jason Unovitch
1561ed7189 Document Wordpress vulnerabilities fixed in 4.5.3 
PR:             210480 [1]
PR:             210581
Reported by:	Mihail Timofeev <9267096@gmail.com> [1]
Security:	CVE-2016-5832
Security:	CVE-2016-5833
Security:	CVE-2016-5834
Security:	CVE-2016-5835
Security:	CVE-2016-5836
Security:	CVE-2016-5837
Security:	CVE-2016-5838
Security:	CVE-2016-5839
Security:	https://vuxml.FreeBSD.org/freebsd/bfcc23b6-3b27-11e6-8e82-002590263bf5.html
 2016-06-25 23:17:46 +00:00
Jason Unovitch
777e8f5f5c Docment security issues fixed in PHP 7.0.8, 5.6.23, and 5.5.37 
PR:		210491
PR:		210502
Reported by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Reported by:	Philip Jocks <freebsdbugs@filis.org>
Security:	CVE-2015-8874
Security:	CVE-2016-5766
Security:	CVE-2016-5767
Security:	CVE-2016-5768
Security:	CVE-2016-5769
Security:	CVE-2016-5770
Security:	CVE-2016-5771
Security:	CVE-2016-5772
Security:	CVE-2016-5773
Security:	https://vuxml.FreeBSD.org/freebsd/66d77c58-3b1d-11e6-8e82-002590263bf5.html
 2016-06-25 22:18:23 +00:00
Mark Felder
9a1238559a Fix vuxml 
I didn't validate after updating "foo reports:" line

Pointyhat:	me
 2016-06-23 16:55:18 +00:00
Mark Felder
ba1a8bd8c2 Document libarchive vulnerabilities 
PR:		210493
Security:	CVE-2015-8934
Security:	CVE-2016-4300
Security:	CVE-2016-4301
Security:	CVE-2016-4302
 2016-06-23 16:25:47 +00:00
Mark Felder
5439f8dea9 Add piwik XSS to vuxml 
No further information is available. No CVE has been assigned.

PR:		210458
 2016-06-23 15:52:40 +00:00
Vasil Dimov
98a80a35b5 Followup to r417190 - all versions of wget<1.18 are affected 2016-06-21 08:34:27 +00:00
Vasil Dimov
ed08cac60a Document ftp/wget's HTTP to FTP redirection file name confusion vulnerability 
PR:		210420
Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security:	CVE-2016-4971
 2016-06-21 08:16:47 +00:00
Mark Felder
aade2eccbb Update vuxml for libxslt vulnerabilities 
These vulnerabilities were previously reported by Google as they bundle
libxslt with Chrome. When we patched Chromium to address these
vulnerabilites it was overlooked that we do not bundle libxslt library
with Chromium, but instead use textproc/libxslt. Chromium users have
continued to be vulnerable to these CVEs as a result. This update fixes
the Chromium CVE entry and adds a separate one for libxslt.

PR:		210298
Security:	CVE-2016-1683
Security:	CVE-2016-1684
 2016-06-20 19:08:31 +00:00
Bernard Spil
83cd5adde3 Update security/libressl vulnerability for quarterly branch 
- Mark vulnerable from 2.3.0 up to 2.3.6
  - Mark vulnerable below 2.2.9
 2016-06-19 09:03:23 +00:00
Jason Unovitch
1ed74a507a Document Flash vulnerabilities in Adobe Security Bulletins APSB16-10, 
APSB16-15, APSB16-18

PR:		209592
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
Security:	CVE-2016-1006, CVE-2016-1011, CVE-2016-1012, CVE-2016-1013,
		CVE-2016-1014, CVE-2016-1015, CVE-2016-1016, CVE-2016-1017,
		CVE-2016-1018, CVE-2016-1019, CVE-2016-1020, CVE-2016-1021,
		CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1025,
		CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029,
		CVE-2016-1030, CVE-2016-1031, CVE-2016-1032, CVE-2016-1033,
		CVE-2016-1096, CVE-2016-1097, CVE-2016-1098, CVE-2016-1099,
		CVE-2016-1100, CVE-2016-1101, CVE-2016-1102, CVE-2016-1103,
		CVE-2016-1104, CVE-2016-1105, CVE-2016-1106, CVE-2016-1107,
		CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108,
		CVE-2016-4109, CVE-2016-4110, CVE-2016-4111, CVE-2016-4112,
		CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4116,
		CVE-2016-4117, CVE-2016-4120, CVE-2016-4121, CVE-2016-4160,
		CVE-2016-4161, CVE-2016-4162, CVE-2016-4163, CVE-2016-4122,
		CVE-2016-4123, CVE-2016-4124, CVE-2016-4125, CVE-2016-4127,
		CVE-2016-4128, CVE-2016-4129, CVE-2016-4130, CVE-2016-4131,
		CVE-2016-4132, CVE-2016-4133, CVE-2016-4134, CVE-2016-4135,
		CVE-2016-4136, CVE-2016-4137, CVE-2016-4138, CVE-2016-4139,
		CVE-2016-4140, CVE-2016-4141, CVE-2016-4142, CVE-2016-4143,
		CVE-2016-4144, CVE-2016-4145, CVE-2016-4146, CVE-2016-4147,
		CVE-2016-4148, CVE-2016-4149, CVE-2016-4150, CVE-2016-4151,
		CVE-2016-4152, CVE-2016-4153, CVE-2016-4154, CVE-2016-4155,
		CVE-2016-4156, CVE-2016-4166, CVE-2016-4171
Security:	https://vuxml.FreeBSD.org/freebsd/0e3dfdde-35c4-11e6-8e82-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/07888b49-35c4-11e6-8e82-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/0c6b008d-35c4-11e6-8e82-002590263bf5.html
 2016-06-19 02:57:04 +00:00
Mark Felder
d1395f6040 Fix vuxml <cvename> syntax for recent Chrome entry 2016-06-17 19:44:22 +00:00
Rene Ladan
6aa8f02d69 Document new vulnerabilities in www/chromium < 51.0.2704.103 
Obtained from:	https://googlechromereleases.blogspot.nl/2016/06/stable-channel-update_16.html
 2016-06-17 19:14:15 +00:00
Ruslan Makhmatkhanov
b7700753f9 Document integer overflow in python's zipimport module 
PR:		210324
Submitted by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security:	CVE-2016-5636
 2016-06-17 17:03:57 +00:00
Jason Unovitch
cd3b46b79e Document Drupal vulnerabilities 
PR:		210317
Reported by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security:	https://www.drupal.org/SA-CORE-2016-002
Security:	https://vuxml.FreeBSD.org/freebsd/7932548e-3427-11e6-8e82-002590263bf5.html
 2016-06-17 01:12:30 +00:00
Jason Unovitch
004ce24be3 Document multiple issues in Botan 
PR:		209595
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
Security:	CVE-2015-7827
Security:	CVE-2016-2849
Security:	https://vuxml.FreeBSD.org/freebsd/ac0900df-31d0-11e6-8e82-002590263bf5.html
Security:	CVE-2014-9742
Security:	https://vuxml.FreeBSD.org/freebsd/f771880c-31cf-11e6-8e82-002590263bf5.html
 2016-06-14 01:48:36 +00:00
Mark Felder
380f055ed6 Update vuxml 
A backported fix was added to security/openssl
 2016-06-13 19:21:32 +00:00
Thomas Zander
1d35949e30 Document remote code execution vulnerability in multimedia vlc before 2.2.4 2016-06-11 10:10:56 +00:00
Jan Beich
e8113ba57c Chase MFSA typo fix 2016-06-10 01:57:36 +00:00
Jason Unovitch
df40ec0db7 Document cross-site scripting CVE in Roundcube 
PR:		209841
Reported by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
Security:	CVE-2016-5103
Security:	https://vuxml.FreeBSD.org/freebsd/97e86d10-2ea7-11e6-ae88-002590263bf5.html
 2016-06-10 01:15:07 +00:00
Bernard Spil
52ca0edfb3 Add entry for CVE-2016-2178 OpenSSL vulnerability 
Security:	CVE-2016-2178
 2016-06-09 21:03:58 +00:00
Jason Unovitch
4f5b798a95 Fill in <freebsdpr> tag on last entry; I staged it prior to opening the PR 
for tracking and forgot to fill it in pre-commit.

PR:		210155
 2016-06-09 03:39:23 +00:00
Jason Unovitch
607a6c5895 Document two expat CVEs reported by upstream 
PR:		210155
Reported by:	Sebastian Pipping <sebastian@pipping.org>
Security:	CVE-2012-6702
Security:	CVE-2016-5300
Security:	https://vuxml.FreeBSD.org/freebsd/c9c252f5-2def-11e6-ae88-002590263bf5.html
 2016-06-09 03:28:07 +00:00
Bruce A. Mah
b703ba9f33 Add entry for recent iperf3 vulnerability. 
Security:	d6bbf2d8-2cfc-11e6-800b-080027468580
Sponsored by:	ESnet
 2016-06-08 20:32:00 +00:00
Tijl Coosemans
a5abef90af Document GNUTLS-SA-2016-1. 2016-06-07 16:37:58 +00:00