kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
396720 commits 42 branches 80 tags 2.7 GiB
Commit graph

4313 commits

Author SHA1 Message Date
Jan Beich
2418486bdf Document recent Firefox vulnerabilities 2016-06-07 16:34:07 +00:00
Mark Felder
0f7a6cc3eb Fix cvename entries 2016-06-06 22:32:48 +00:00
Rene Ladan
6f39846c83 Document new vulnerabilities in www/chromium < 51.0.2704.79 
Obtained from:	http://googlechromereleases.blogspot.nl/2016/06/stable-channel-update.html
 2016-06-06 21:08:05 +00:00
Tijl Coosemans
c9e5e50f66 The Expat vulnerability also affects linux-*-expat. 2016-06-05 18:59:49 +00:00
Jason Unovitch
1cbcee3b52 Document OpenAFS vulnerabilities in 1.6.16 and 1.6.17 
PR:		209534
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
Security:	CVE-2015-8312
Security:	CVE-2016-2860
Security:	CVE-2016-4536
Security:	https://vuxml.FreeBSD.org/freebsd/2e8fe57e-2b46-11e6-ae88-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/bcbd3fe0-2b46-11e6-ae88-002590263bf5.html
 2016-06-05 18:04:11 +00:00
Jason Unovitch
ea91e6c20b Fixup invalid nginx version from r416222; it needed a PORTEPOCH to be valid. 
Add version range valid for backported commit on 1.8 and 1.9 in quarterly.

Security:	CVE-2016-4450
Security:	https://vuxml.FreeBSD.org/freebsd/36cf7670-2774-11e6-af29-f0def16c5c1b.html
 2016-06-05 17:44:15 +00:00
Jason Unovitch
ee6c612e8e Document ikiwiki XSS vulnerability 
PR:		209593
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
Security:	CVE-2016-4561
Security:	https://vuxml.FreeBSD.org/freebsd/0297b260-2b3b-11e6-ae88-002590263bf5.html
 2016-06-05 16:36:59 +00:00
Ryan Steinmetz
a8386bc310 - Document vulnerability in www/h2o 
PR:		209926
Submitted by:	Dave Cottlehuber (maintainer)
 2016-06-01 22:49:47 +00:00
Sergey A. Osokin
f3bfc2ad2e Fix latest cacti entry. 
Found by:	make validate
No cookie for:	brnrd
 2016-05-31 21:50:58 +00:00
Sergey A. Osokin
a851277a7f Add an entry about latest nginx vulnerability. 2016-05-31 21:44:52 +00:00
Bernard Spil
ae38172850 security/vuxml: Modify libressl < 2.3.4 range 
- Change existing range to >2.3.0 and <2.3.4
  - Add <2.2.7 range
  - Update modified date

This addresses pkg audit showing LibreSSL 2.2.7 as vulnerable
 2016-05-31 20:00:29 +00:00
Kurt Jaeger
e6f8ceb23f Document security issues fixed in cacti 0.8.8h 
PR:		209809
Reported by:	Daniel Austin <freebsd-ports@dan.me.uk>
Security:	CVE-2016-3659
Security:	https://vuxml.FreeBSD.org/freebsd/6167b341-250c-11e6-a6fb-003048f2e514.html
 2016-05-29 19:01:23 +00:00
Olli Hauer
33f894a13f - document openvswitch CVE-2016-2074 
PR:		208404
Submitted by:	ohauer
 2016-05-29 09:46:32 +00:00
Rene Ladan
f5524c33df Document vulnerabilities in www/chromium: 
< 50.0.2661.94
 < 50.0.2661.102
 < 51.0.2704.63

Obtained from:	http://googlechromereleases.blogspot.nl/
 2016-05-28 10:14:12 +00:00
Jason Unovitch
94f8027565 Document security issues fixed in PHP 7.0.7, 5.6.22, and 5.5.36 
PR:		209779
Reported by:	Fabiano Sidler <fabianosidler@swissonline.ch>
Security:	CVE-2013-7456
Security:	CVE-2016-4343
Security:	CVE-2016-5093
Security:	CVE-2016-5094
Security:	CVE-2016-5096
Security:	https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html
 2016-05-28 01:40:53 +00:00
Matthew Seaman
349c737413 Add CVE names for the latest phpMyAdmin advisories, not that they have 
been released.
 2016-05-26 20:01:01 +00:00
Matthew Seaman
dd4c82e2e3 fix typo. 2016-05-26 06:57:58 +00:00
Matthew Seaman
2ec3593b49 Document two more phpMyAdmin vulnerabilities: PMSA-2016-14 and 
PMSA-2016-16.

(For anyone wondering about the suspicious gap in the sequence:
PMSA-2016-15 only affected unreleased code in their git master
development branch)
 2016-05-25 21:06:54 +00:00
Baptiste Daroussin
963854440c Add a new keywork xmlcatmgr 
It simplifies the handling of the XML and SMGL catalog
It brings a big of consistency by always specifying the catalog path absolute
instead of mixing absolute and relative path.
The keyword is also written a PKG_ROOTDIR friendly to simplify cross installing

Reviewed by:	hrs
Differential Revision:	https://reviews.freebsd.org/D6539
 2016-05-24 22:32:49 +00:00
Jason Unovitch
08b4e6af85 Document security announcement from MediaWiki 1.26.3, 1.25.6, and 
1.23.14 release.
 2016-05-24 01:57:31 +00:00
Jason Unovitch
6d4931d178 Document wpa_supplicant security advisory 2016-1 
PR:		209564
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
Security:	CVE-2016-4477
Security:	CVE-2016-4476
Security:	https://vuxml.FreeBSD.org/freebsd/967b852b-1e28-11e6-8dd3-002590263bf5.html
 2016-05-20 01:22:31 +00:00
Jason Unovitch
2b5ccc39ee Document Expat XML Parser crash on malformed input 
Security:	CVE-2016-0718
Security:	https://vuxml.FreeBSD.org/freebsd/57b3aba7-1e25-11e6-8dd3-002590263bf5.html
 2016-05-20 01:07:11 +00:00
Olli Hauer
2581bec91b - document bugzilla Cross-Site Scripting issue 2016-05-17 18:32:17 +00:00
Matthias Andree
3ff31d77d6 Mark openvpn-polarssl <v2.3.11 vulnerable, too, not just openvpn. 
Security: 0dc8be9e-19af-11e6-8de0-080027ef73ec
 2016-05-14 08:46:46 +00:00
Matthias Andree
86aaef45fd Mark OpenVPN before 2.3.11 vulnerable. 
v2.3.11 fixed a buffer overrun in PAM authentication,
and a port-share bug with denial-of-service potential.
 2016-05-14 08:43:48 +00:00
Mark Felder
177b620cfc Fix vuxml 2016-05-13 12:51:44 +00:00
Koop Mast
ae096366da Add basic imagemagick entry. 2016-05-13 12:43:03 +00:00
Li-Wen Hsu
8cf4514559 Fix affected versions 2016-05-12 03:45:23 +00:00
Li-Wen Hsu
632a708341 Document Jenkins Security Advisory 2016-05-11 2016-05-12 03:44:24 +00:00
Jason Unovitch
a89044883a Document Perl taint protection bypass vulnerability 
PR:		208879
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
Security:	CVE-2016-2381
Security:	https://vuxml.FreeBSD.org/freebsd/d9f99491-1656-11e6-94fa-002590263bf5.html
 2016-05-10 03:00:13 +00:00
Jason Unovitch
9fa87774a7 Document Wordpress vulnerabilities fixed in 4.5.2 
PR:		209409
PR:		209378 [1]
Reported by:	Mihail Timofeev <9267096@gmail.com> [1]
Security:	CVE-2016-4566
Security:	CVE-2016-4567
Security:	https://vuxml.FreeBSD.org/freebsd/3686917b-164d-11e6-94fa-002590263bf5.html
 2016-05-10 01:49:25 +00:00
Jason Unovitch
15a1974ad6 Fix version range for libarchive entry. [1] 
While here, add CVE and wrap lines at <80

PR:		209404 [1]
Reported by:	dereks@lifeofadishwasher.com [1]
Security:	CVE-2016-1541
Security:	https://vuxml.FreeBSD.org/freebsd/2b4c8e1f-1609-11e6-b55e-b499baebfeaf.html
 2016-05-10 00:22:27 +00:00
Bernard Spil
b162764570 security/vuxml: Add entry for libarchive 
- Vulnerable < 2.3.0

Reviewed by:	feld (mentor)
Approved by:	feld (mentor, ports-secteam)
Security:	CVE-2016-1541
 2016-05-09 19:31:37 +00:00
Matthew Seaman
c6977bb14a Update recent squid, squid-devel entry to add CVE Numbers 2016-05-09 15:24:48 +00:00
Matthew Seaman
37549c4c9b Document three security advisories for the squid and squid-devel 
ports.  CVE numbers are not yet available.

PR:		209334
Submitted by:	timp87@gmail.com (maintainer)
 2016-05-07 11:56:27 +00:00
Koop Mast
9fc62f0d7b Add forgotten portepoch to the ImageMagick 6.x version. 
PR:		209241
Reported by:	Ben Woods, Jason Unovitch
 2016-05-07 07:30:31 +00:00
Koop Mast
d06cca2e1c Document ImageMagick vulnabilities. 
PR:		209241
Submitted by:	Ben Woods
 2016-05-06 15:27:49 +00:00
Vanilla I. Shu
cd225457e4 Add entry of devel/jansson 
PR:		209219
Submitted by:	junovitch@
 2016-05-04 06:25:52 +00:00
Jason Unovitch
251486b3a1 Fix <url> -> <cvename> tags in OpenSSL entry plus spacing fixes. 
While here, combine both entries as they both refer to the same CVEs and
we've typically done these as combined entries in the past.
 2016-05-03 23:57:03 +00:00
Bernard Spil
0e62d5880d security/vuxml: Document LibreSSL vulnerabilities 
Reviewed by:	swills
MFH:		2016Q3
 2016-05-03 17:56:24 +00:00
Bernard Spil
f7c15cbaac security/vuxml: Document OpenSSL 1.0.2g vulnerabilities 
Reviewed by:	swills
MFH:		2016Q2
 2016-05-03 17:50:20 +00:00
Jason Unovitch
698146106d Document gitlab privilege escalation via "impersonate" feature 
PR:		209225
Reported by:	Torsten Zuehlsdorff <ports@toco-domains.de>
Security:	CVE-2016-4340
Security:	https://vuxml.FreeBSD.org/freebsd/be72e773-1131-11e6-94fa-002590263bf5.html
 2016-05-03 13:27:45 +00:00
Jason Unovitch
b2b65f3cd2 Document php multiple vulnerabilities 
PR:		209145
Reported by	Christian Schwarz <me@cschwarz.com>
Security:	CVE-2016-3074
Security:	https://vuxml.FreeBSD.org/freebsd/5764c634-10d2-11e6-94fa-002590263bf5.html
 2016-05-03 03:05:31 +00:00
Jason Unovitch
46dd503088 Document libksba local denial of service vulnerabilities 
Security:	CVE-2016-4353
Security:	CVE-2016-4354
Security:	CVE-2016-4355
Security:	CVE-2016-4356
Security:	https://vuxml.FreeBSD.org/freebsd/a1134048-10c6-11e6-94fa-002590263bf5.html
 2016-05-03 00:40:04 +00:00
Jason Unovitch
df85b22260 Document denial of service advisories from Wireshark's recent release 
Security:	https://vuxml.FreeBSD.org/freebsd/7e36c369-10c0-11e6-94fa-002590263bf5.html
 2016-05-02 23:58:59 +00:00
Olivier Duchateau
37751c6817 Document arbitrary code execution vulnerability in Mercurial 
Security:	CVE-2016-3105
 2016-05-01 21:15:35 +00:00
Bernard Spil
dbfbe23221 security/vuxml: Add entry for MySQL/MariaDB/Percona April Critical Patch Update 
- Add entry for 31 security fixes for Oracle MySQL
  - Add also affected MariaDB packages
  - Add also affected Percona packages

Reviewed by:	junovitch (ports-secteam)
Approved by:	junovitch (ports-secteam)
Differential Revision:	D6159
 2016-05-01 07:33:15 +00:00
Matthew Seaman
06dd6c6dc6 Logstash password disclosure vulnerability. 2016-04-28 20:17:30 +00:00
Lev A. Serebryakov
2dcfa94faa Add two CVEs for subversion: 
http://subversion.apache.org/security/CVE-2016-2167-advisory.txt
   http://subversion.apache.org/security/CVE-2016-2168-advisory.txt
 2016-04-28 15:15:38 +00:00
Xin LI
590aa7fa02 Document NTP multiple vulnerabilities. 2016-04-27 04:43:31 +00:00
Jan Beich
4b97fe7c4f Document recent Firefox vulnerabilities 2016-04-26 20:24:35 +00:00
Florian Smeets
cdbf450860 Document phpmyfaq vulnerability 
Security:	https://vuxml.freebsd.org/freebsd/f87a9376-0943-11e6-8fc4-00a0986f28c4.html
Security:	http://www.phpmyfaq.de/security/advisory-2016-04-11
Sponsored by:	Essen Linuxhotel Hackathon 2016
 2016-04-23 11:40:45 +00:00
Jason Unovitch
8d403d568d Document libtasn1 denial of service via parsing malicious DER certificates 
Security:	CVE-2016-4008
Security:	https://vuxml.FreeBSD.org/freebsd/1b0d2938-0766-11e6-94fa-002590263bf5.html
 2016-04-21 02:16:31 +00:00
Jason Unovitch
41641f6570 Document squid -- multiple vulnerabilities 
PR:		208939
Reported by:	Pavel Timofeev <timp87@gmail.com>
Security:	CVE-2016-4054
Security:	CVE-2016-4053
Security:	CVE-2016-4052
Security:	CVE-2016-4051
Security:	https://vuxml.FreeBSD.org/freebsd/e05bfc92-0763-11e6-94fa-002590263bf5.html
 2016-04-21 02:01:29 +00:00
Matthew Seaman
40e279eadb CVE-2016-3096 -- ansible and ansible1 vulnerability due to using 
predictable temporary file names when managing LXC containers.
 2016-04-20 12:33:44 +00:00
Martin Matuska
baa871e408 Document security vulnerability in proftpd mod_tls. 
PR:		208876
Security:	CVE-2016-3125
 2016-04-20 11:46:34 +00:00
Rene Ladan
1c53ed88f9 Doument new vulnerabilities in www/chromium < 50.0.2661.75 
Obtained from:	http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_13.html
 2016-04-19 20:14:53 +00:00
Jason Unovitch
07f3f9ed8d Document wpa_supplicant security advisories 
PR:		208482
Security:	CVE-2015-5310
Security:	CVE-2015-5315
Security:	CVE-2015-5316
Security:	https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html
 2016-04-19 00:36:17 +00:00
Jason Unovitch
1c77f25690 Document earlier dhcpcd security issue that has been fixed in an earlier 
version before the security implications were reported.

PR:		208840
Submitted by:	Ben Woods <woodsb02@gmail.com>
Submitted by:	Roy Marples <roy@marples.name>
Security:	CVE-2014-7912
Security:	https://vuxml.FreeBSD.org/freebsd/092156c9-04d7-11e6-b1ce-002590263bf5.html
 2016-04-17 20:07:36 +00:00
Jason Unovitch
47ba8e2915 Document dhcpcd security remote execution/denial of service 
PR:		208840
Submitted by:	Ben Woods <woodsb02@gmail.com>
Security:	CVE-2014-7913
Security:	https://vuxml.FreeBSD.org/freebsd/6ec9f210-0404-11e6-9aee-bc5ff4fb5ea1.html
 2016-04-17 01:16:22 +00:00
Guido Falsi
2272af58cb Document Asterisk and PJsip vulnerabilities. 2016-04-15 15:12:45 +00:00
Jason Unovitch
719e1101ec Document go remote denial of service 
Security:	CVE-2016-3959
Security:	https://vuxml.FreeBSD.org/freebsd/f2217cdf-01e4-11e6-b1ce-002590263bf5.html
 2016-04-14 02:07:44 +00:00
Mark Felder
af7844bdd3 Document linux-c6-nspr which was overlooked in previous vuxml entry 2016-04-13 18:59:29 +00:00
Timur I. Bakeyev
258dae53f0 Multiple vulnerabilities in Samba. 
[CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks.
[CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags,
    especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.
[CVE-2016-2111] When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel's endpoints,
    and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic.
[CVE-2016-2112] A man in the middle is able to downgrade LDAP connections to no integrity protection.
[CVE-2016-2113] Man in the middle attacks are possible for client triggered LDAP connections (with ldaps://) and ncacn_http connections (with https://).
[CVE-2016-2114] Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured.
[CVE-2016-2115] The protection of DCERPC communication over ncacn_np (which is the default for most the file server related protocols) is inherited
    from the underlying SMB connection.
[CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any DCERPC traffic between a client and a server in order to impersonate the client
    and get the same privileges as the authenticated user account. This is most problematic against active directory domain controllers.
Security:	CVE-2015-5370
		CVE-2016-2110
		CVE-2016-2111
		CVE-2016-2112
		CVE-2016-2113
		CVE-2016-2114
		CVE-2016-2115
		CVE-2016-2118
Sponsored by:	Micro$oft
 2016-04-12 18:49:29 +00:00
Jason Unovitch
927f94f3eb Document multiple vulnerabilities from the 31 Mar 16 PHP releases 
PR:		208465
Reported by	Christian Schwarz <me@cschwarz.com>
Security:	https://vuxml.FreeBSD.org/freebsd/482d40cb-f9a3-11e5-92ce-002590263bf5.html
 2016-04-03 14:19:01 +00:00
Jason Unovitch
ccb5f4c71a Document PCRE heap overflow vulnerability 
PR:		208260
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
Security:	CVE-2016-1283
Security:	https://vuxml.FreeBSD.org/freebsd/497b82e0-f9a0-11e5-92ce-002590263bf5.html
 2016-04-03 13:43:13 +00:00
Jason Unovitch
65283680a9 Document djblets vulnerability from the 0.9.2 release notes 
Security:	https://vuxml.FreeBSD.org/freebsd/df328fac-f942-11e5-92ce-002590263bf5.html
 2016-04-03 02:27:46 +00:00
Jason Unovitch
dffec6cc8d Document multiple security advisories for Moodle 
Security:	CVE-2016-2151
Security:	CVE-2016-2152
Security:	CVE-2016-2153
Security:	CVE-2016-2154
Security:	CVE-2016-2155
Security:	CVE-2016-2156
Security:	CVE-2016-2157
Security:	CVE-2016-2158
Security:	CVE-2016-2159
Security:	CVE-2016-2190
Security:	https://vuxml.FreeBSD.org/freebsd/a430e15d-f93f-11e5-92ce-002590263bf5.html
 2016-04-03 02:11:52 +00:00
Jason Unovitch
3324d4936d Add additional reference URL for Kamailio entry from r411376 
Security:	CVE-2016-2385
Security:	https://vuxml.FreeBSD.org/freebsd/c428de09-ed69-11e5-92ce-002590263bf5.html
 2016-04-03 00:48:24 +00:00
Jason Unovitch
249e429010 Document squid multiple vulnerabilities 
PR:		208463
Security:	CVE-2016-3947
Security:	CVE-2016-3948
Security:	https://vuxml.FreeBSD.org/freebsd/297117ba-f92d-11e5-92ce-002590263bf5.html
 2016-04-03 00:00:26 +00:00
Mathieu Arnold
597afc47ba Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u. 
With hat:	portmgr
Sponsored by:	Absolight
 2016-04-01 14:25:16 +00:00
Palle Girgensohn
ae80c36049 This CVE is actually for the -contrib module: 
Security: CVE-2016-3065
 2016-03-31 14:52:39 +00:00
Palle Girgensohn
4326713408 Add vuxml entries for "Security Fixes for RLS, BRIN" 
in PostgreSQL 9.5

Security:	CVE-2016-2193
Security:	CVE-2016-3065
 2016-03-31 14:43:29 +00:00
Tijl Coosemans
978a3b1624 Document latest batch of flash plugin vulnerabilities. 2016-03-31 12:25:46 +00:00
Guido Falsi
e7123f753d Document mutiple Botan vulnerabilities. 
PR:		208393
Submitted by:	Lapo Luchini <lapo at lapo.it>
Security:	CVE-2015-5726
Security:	CVE-2015-5727
Security:	CVE-2016-2194
Security:	CVE-2016-2195
 2016-03-31 08:01:08 +00:00
Olivier Duchateau
b96386c28a Document multiple Mercurial vulnerabilities 
Security:	CVE-2016-3630
Security:	CVE-2016-3068
Security:	CVE-2016-3069
 2016-03-29 22:15:23 +00:00
Christoph Moench-Tegeder
ea48ee6cc6 Document chromium vulnerabilities 
Approved by:	miwi (mentor), rene (mentor)
 2016-03-29 20:08:03 +00:00
Jason Unovitch
e8860ac41d Document BIND security advisories 
PR:		208034
Reported by:	martin@lispworks.com
Security:	CVE-2016-1285
Security:	CVE-2016-1286
Security:	CVE-2016-2088
Security:	https://vuxml.FreeBSD.org/freebsd/c9075321-f483-11e5-92ce-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/cba246d2-f483-11e5-92ce-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/cd409df7-f483-11e5-92ce-002590263bf5.html
 2016-03-28 01:51:04 +00:00
Jason Unovitch
5421f1f694 Syntax fix, drop leading FreeBSD- in <freebsdsa> tags as it caused links with 
a FreeBSD-FreeBSD-SA starting the URL.
 2016-03-28 01:50:19 +00:00
Jason Unovitch
8294e9e470 Document Salt Insecure configuration of PAM external authentication service 
PR:		208244
Security:	CVE-2016-3176
Security:	https://vuxml.FreeBSD.org/freebsd/6d25c306-f3bb-11e5-92ce-002590263bf5.html
 2016-03-27 01:42:42 +00:00
Tom Judge
2b8690f976 Document multipule activemq vulnerabilities: 
CVE-2016-0782 - ActiveMQ Web Console - Cross-Site Scripting
	CVE-2016-0734 - ActiveMQ Web Console - Clickjacking
	CVE-2015-5254 - Unsafe deserialization in ActiveMQ

PR:		208163
PR:		208193
Security:	CVE-2015-5254
Security:	http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt
Security:	CVE-2016-0782
Security:	http://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt
Security:	CVE-2016-0734
Security:	http://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt
 2016-03-25 17:04:02 +00:00
Mark Felder
e25a9eace9 Fix version range for pcre2 vulnerability 
PR:		208167
Security:	CVE-2016-3191
 2016-03-21 02:43:56 +00:00
Mark Felder
d004c05b0c Document pcre vulnerability 
PR:		208167
Security:	CVE-2016-3191
 2016-03-21 02:32:27 +00:00
Jason Unovitch
434d941897 Document kamailio SEAS Module Heap overflow vulnerability 
Security:	CVE-2016-2385
Security:	https://vuxml.FreeBSD.org/freebsd/c428de09-ed69-11e5-92ce-002590263bf5.html
 2016-03-19 01:22:33 +00:00
Jason Unovitch
903a929f33 Document hadoop2 unauthorized disclosure of data vulnerability 
Security:	CVE-2015-1776
Security:	https://vuxml.FreeBSD.org/freebsd/5dd39f26-ed68-11e5-92ce-002590263bf5.html
 2016-03-19 00:24:55 +00:00
Renato Botelho
a622aa2cdb Update git packages and versions affected by CVE-2016-2324 
MFH:		2016Q1
Sponsored by:	Rubicon Communications (Netgate)
 2016-03-18 11:22:47 +00:00
Jason Unovitch
91463d0eb3 Document possible code execution and integer overflow issue in git 
PR:		208074
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk> (via PR)
Reported by:	Tony Tung <tonytung@merly.org> (via email)
Security:	CVE-2016-2315
Security:	CVE-2016-2324
Security:	https://vuxml.FreeBSD.org/freebsd/93ee802e-ebde-11e5-92ce-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/d2a84feb-ebe0-11e5-92ce-002590263bf5.html
 2016-03-17 02:45:34 +00:00
Mark Felder
4b80d0bea2 Document node vulnerabilities 
PR:		207832
Security:	CVE-2016-0702
Security:	CVE-2016-0705
Security:	CVE-2016-0797
 2016-03-14 16:46:11 +00:00
Mark Felder
67502df529 Document dropbear security vulnerability 
PR:		207903
Security:	CVE-2016-3116
 2016-03-14 14:03:53 +00:00
Mark Felder
558c18ebf5 Document assigned CVE for recent ssh vulnerability 
Security:	CVE-2016-3115
 2016-03-14 13:56:28 +00:00
Jan Beich
7405623db7 Document one more graphite2 vulnerability 2016-03-14 12:10:29 +00:00
Thomas Zander
d209202150 Fix copy/paste error from previous commit 2016-03-13 16:31:26 +00:00
Thomas Zander
7b2ddc89e2 Document XSS vulnerability in graphics/jpgraph2 before 3.0.7_1 
PR:		207001
Security:	CVE-2009-4422
 2016-03-13 16:28:28 +00:00
Jason Unovitch
5dbe2c5f6c Document issues in recent PHP security release 
Security:	https://vuxml.FreeBSD.org/freebsd/e991ef79-e920-11e5-92ce-002590263bf5.html
Security:	https://vuxml.FreeBSD.org/freebsd/5af511e5-e928-11e5-92ce-002590263bf5.html
 2016-03-13 14:43:31 +00:00
Jason Unovitch
9c7743c915 Expand February PHP entry with extra CVE and all security bugs on changelog 
Security:	CVE-2016-2554
Security:	https://vuxml.FreeBSD.org/freebsd/85eb4e46-cf16-11e5-840f-485d605f4717.html
 2016-03-13 14:39:50 +00:00
Bryan Drewery
6423a71442 Document OpenSSH 7.2p2 fix for X11Forwarding command injection 2016-03-11 22:50:09 +00:00
Mark Felder
0bc718d0a0 Document net/quagga vulnerability 
Security:	CVE-2016-2342
 2016-03-10 23:37:44 +00:00
Mark Felder
e714095ac5 net-im/ricochet: Document vulnerability 
PR:		207536
 2016-03-10 19:50:28 +00:00
Mark Felder
515d586b1c Document security/pidgin-otr vulnerability 
Security:	CVE-2015-8833
 2016-03-10 15:03:39 +00:00
Mark Felder
2cb1dfe780 Update libotr vulnerability information 
Correct description is "integer overflow"

libotr3 has also been added as vulnerable. It appears vulnerable as it
also has datalen defined as unsigned int and identical functions.

Security:	http://www.vuxml.org/freebsd/c2b1652c-e647-11e5-85be-14dae9d210b8.html
 2016-03-09 22:58:44 +00:00