freebsd-ports

Author	SHA1	Message	Date
Simon L. B. Nielsen	775ddef518	Document bugzilla -- multiple vulnerabilities.	2005-07-08 20:29:16 +00:00
Simon L. B. Nielsen	5bbec38d7c	Document nwclient -- multiple vulnerabilities (old issues). PR: ports/82101 Submitted by: niels Noticed by: Derik van Zuetphen <dz@426.ch>	2005-07-08 20:04:13 +00:00
Simon L. B. Nielsen	feedb4a329	Add CAN reference to recent phpbb vulnerability.	2005-07-06 22:46:02 +00:00
Simon L. B. Nielsen	a7f693e9cd	Document acroread -- insecure temporary file creation.	2005-07-06 22:25:11 +00:00
Simon L. B. Nielsen	e51ea6f83d	Document two calmav vulnerabilities.	2005-07-06 22:14:55 +00:00
Simon L. B. Nielsen	7d9bb89690	- Add FreeBSD-SA-05:16.zlib. - Fix ranges for recent security advisories, a bunch of <le> really should have been <lt>.	2005-07-06 21:34:32 +00:00
Simon L. B. Nielsen	417582572e	Document acroread -- buffer overflow vulnerability.	2005-07-06 20:45:34 +00:00
Simon L. B. Nielsen	04bda21000	Document net-snmp -- remote DoS vulnerability.	2005-07-05 21:13:38 +00:00
Simon L. B. Nielsen	3cf5b1eda5	Document cacti -- multiple vulnerabilities. Prodded by: Babak Farrokhi <babak@farrokhi.net>	2005-07-05 20:33:11 +00:00
Simon L. B. Nielsen	24dbf34258	- Add another reference to bzip2 -- denial of service and permission race vulnerabilities. - Document two cases of wordpress -- multiple vulnerabilities.	2005-07-05 19:01:15 +00:00
Hiroki Sato	0c4160ee5f	Document the following issues: - phpbb -- remote PHP code execution vulnerability - pear-XML_RPC -- arbitrary remote code execution	2005-07-03 08:40:51 +00:00
Simon L. B. Nielsen	f47912670d	Add certvu reference to kernel -- TCP connection stall denial of service vulnerability.	2005-07-03 08:12:20 +00:00
Simon L. B. Nielsen	0ced0e71fb	Add FreeBSD-SA-05:13.ipfw, FreeBSD-SA-05:14.bzip2, and FreeBSD-SA-05:15.tcp.	2005-06-29 23:00:52 +00:00
Simon L. B. Nielsen	107f041052	Document ethereal -- multiple protocol dissectors vulnerabilities.	2005-06-24 20:38:40 +00:00
Hiroki Sato	6612153b41	Document tor -- information disclosure.	2005-06-24 10:22:18 +00:00
Hiroki Sato	a3b72b8856	Document linux-realplayer -- RealText parsing heap overflow.	2005-06-24 09:09:22 +00:00
Hiroki Sato	4d8593594d	Document ruby -- arbitrary command execution on XMLRPC server.	2005-06-23 06:55:35 +00:00
Sergey Matveychuk	578582c275	- net/cacti - potential SQL injection and cross site scripting attacks	2005-06-21 09:58:39 +00:00
Simon L. B. Nielsen	6d9112c46e	Document three opera issues.	2005-06-20 22:34:16 +00:00
Simon L. B. Nielsen	087a40724b	Document sudo -- local race condition vulnerability.	2005-06-20 20:18:18 +00:00
Simon L. B. Nielsen	3114180a17	Add another reference to the latest tcpdump issue.	2005-06-20 19:17:10 +00:00
Simon L. B. Nielsen	474b753410	- Add entry for trac -- file upload/download vulnerability. - Improve the last couple of entries a bit: - Whilespace cleanup. - Use standard topic format (port name first, then description starting with lower case). - Make sure SpamAssasin entry also match other 3.0.3 port revisions.	2005-06-20 19:09:23 +00:00
Sergey Matveychuk	30348bd7b9	- razor-agents DoS vulnerabilities PR: ports/82414 Submitted by: dawnshade <h-k@mail.ru>	2005-06-20 07:30:57 +00:00
Hiroki Sato	e21fc4f2ab	Fix year in <discovery> and <entry>. Noticed by: nectar Pointy hat to: hrs	2005-06-19 04:57:35 +00:00
Hiroki Sato	c602fda13e	Document SpamAssassin -- Denial of service vulnerability.	2005-06-18 17:27:50 +00:00
Hiroki Sato	dc454f0ed2	Document squirrelmail -- Several cross site scripting vulnerabilities.	2005-06-18 17:15:37 +00:00
Hiroki Sato	22d1dafaee	Document acroread -- XML External Entity vulnerability.	2005-06-18 16:54:40 +00:00
Simon L. B. Nielsen	81889035ad	Use standard topic format for gzip vulnerability.	2005-06-18 14:49:14 +00:00
Simon L. B. Nielsen	30a5cf4a1a	Document FreeBSD-SA-05:11.gzip.	2005-06-18 14:32:18 +00:00
Simon L. B. Nielsen	89d53d3ffa	Document SA-05:10.tcpdump.	2005-06-17 23:19:34 +00:00
Simon L. B. Nielsen	377794aabe	Document two vulnerabilities in Gaim.	2005-06-17 19:12:46 +00:00
Jacques Vidrine	f9737b9ea0	Document an older, more serious gallery vulnerability.	2005-06-17 18:37:41 +00:00
Jacques Vidrine	b193fa2396	Document XSS vulnerabilities in gallery.	2005-06-17 18:30:12 +00:00
Jacques Vidrine	e4cd0f13f2	Document KDE kstars vulnerability.	2005-06-17 18:11:27 +00:00
Jacques Vidrine	82957a65f9	Document fd_set overruns reported by 3APA3A.	2005-06-17 17:00:17 +00:00
Simon L. B. Nielsen	48712a5c45	Document leafnode -- denial of service vulnerability. Submitted by: Matthias Andree <matthias.andree@gmx.de>	2005-06-09 08:44:03 +00:00
Jacques Vidrine	2c16d53af1	Document a directory traversal issue in older GForge versions.	2005-06-03 19:45:36 +00:00
Jacques Vidrine	6050e992bd	Document an authentication bypass vulnerability in imap-uw.	2005-06-03 19:29:42 +00:00
Jacques Vidrine	b25fc36098	Document squid denial-of-service vulnerabilities.	2005-06-03 19:18:39 +00:00
Jacques Vidrine	adb7bd090b	Document a remote denial-of-service vulnerability in racoon.	2005-06-03 19:08:21 +00:00
Jacques Vidrine	3bf8b576b5	Document integer overflows in xli.	2005-06-03 18:24:44 +00:00
Jacques Vidrine	332584b9f0	Document arbitrary command execution vulnerabilities in xli and xloadimage.	2005-06-03 18:19:23 +00:00
Jacques Vidrine	13baf51f61	Add new CVE names for yamt entry.	2005-06-03 18:01:04 +00:00
Jacques Vidrine	fbeb74e4ef	Correct and improve recent xli entry: * It actually affected xloadimage and xli * A slightly better topic than just "buffer overflows" * More refererences * Fix the version number for xli... it is still vulnerable as of this writing	2005-06-03 17:56:42 +00:00
Jacques Vidrine	605ddbb901	Correct recently added yamt entry: * This is not CAN-2004-1302, which was documented much earlier * Try to explain the issue * Add the only public reference to the issue I can find	2005-06-03 16:26:13 +00:00
Tom Rhodes	3bd4a605ca	Buffer overflow in xli.	2005-06-03 04:48:47 +00:00
Tom Rhodes	2409064d10	Fix breakage I caused.	2005-06-03 02:15:20 +00:00
Tom Rhodes	afa68b90b9	Note buffer overflows and directory transversal issues in audio/ymat.	2005-06-03 02:09:22 +00:00
Jacques Vidrine	d16a63702b	Update entry for FreeStyle Wiki: * <topic> style: ASCII em-dash "--" for separator * replace quoted text with more informative excerpt from a Secunia advisory * add CVE name	2005-06-01 17:16:28 +00:00
Jacques Vidrine	72e20d184e	Document vulnerabilities in XView library.	2005-06-01 17:07:58 +00:00
Jacques Vidrine	8d253084b7	document a vulnerability in xtrlock	2005-06-01 16:52:45 +00:00
Jacques Vidrine	6c9cf8ca51	Document vulnerabilities reported in the Red Hat 7.1 libraries.	2005-06-01 16:27:15 +00:00
Jacques Vidrine	e72a2d7a21	Document squirrelmail vulnerabilities.	2005-06-01 16:09:53 +00:00
Jacques Vidrine	9327563586	correct version number for mailman password generation issue	2005-06-01 15:53:40 +00:00
Jacques Vidrine	e556aa2809	Document vulnerability in set-user-ID sympa application.	2005-06-01 15:51:40 +00:00
Jacques Vidrine	41bd4d3d69	Another older mailman vulnerability, somewhat minor	2005-06-01 15:36:40 +00:00
Jacques Vidrine	8772585d06	Add year-old mailman vulnerability, that seems to not have been previously documented here.	2005-06-01 15:27:01 +00:00
Jacques Vidrine	354879700a	document Apache Jakarta Tomcat 5.x XSS issue	2005-06-01 14:48:38 +00:00
Simon L. B. Nielsen	4c6ccc52ae	Mark samba-2.2.12.j1.0beta1_2 as safe from "samba -- integer overflow vulnerability". Reminded by: NAKAJI Hiroyuki <nakaji@jp.freebsd.org>	2005-05-29 15:01:13 +00:00
Jun Kuriyama	f938b82a85	- Update to 3.5.8 (including XSS problem fix). Submitted by: Toshiya SAITOH <toshiya@saitoh.nu> PR: ports/81520	2005-05-29 03:06:34 +00:00
Remko Lodder	d926fe33ad	Remove a forgotten :. Spotted by: simon	2005-05-22 13:27:44 +00:00
Remko Lodder	855583f4c5	Document the following issues: o freeradius -- sql injection and denial of service vulnerability o ppxp -- local root exploit o oops -- format string vulnerability Approved by: simon	2005-05-22 13:18:12 +00:00
Simon L. B. Nielsen	20ce7ae978	Fix entry dates for latest squid entries.	2005-05-19 19:56:44 +00:00
Remko Lodder	78d9296cfb	Reword the cdrdao entry, this includes comments from Simon which i overlooked. Forgotten by: remko Spotted by: simon	2005-05-19 19:48:14 +00:00
Pav Lucistnik	33ad773d04	- Update Squid to 2.5.STABLE10 PR: ports/81213 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)	2005-05-19 14:17:01 +00:00
Remko Lodder	0cbfe8bb84	Document cdrdao -- unspecified privilege escalation vulnerability. Approved by: simon	2005-05-19 04:17:32 +00:00
Simon L. B. Nielsen	380d6e3f4f	Document two gaim issues.	2005-05-14 03:43:46 +00:00
Jacques Vidrine	eeff5de414	Add FreeBSD-SA-05:09.htt.	2005-05-13 16:24:43 +00:00
Jacques Vidrine	ef928928c0	$EDITOR should not be quoted. It might be "emacsclient -a vi" or something.	2005-05-13 15:34:49 +00:00
Jacques Vidrine	c4aefa7f29	MAINTAINER -> security@FreeBSD.org	2005-05-13 15:33:48 +00:00
Jacques Vidrine	d2df430c95	Update some leafnode references. Add new leafnode vulnerability. PR: ports/80724 Submitted by: Matthias Andree <matthias.andree@gmx.de>	2005-05-13 15:32:12 +00:00
Simon L. B. Nielsen	e025db3bee	Document two new vulnerabilities in mozilla/firefox.	2005-05-12 09:59:32 +00:00
Simon L. B. Nielsen	67d37ee36f	Document mozilla -- code execution via javascript: IconURL vulnerability.	2005-05-11 19:00:49 +00:00
OKAZAKI Tetsurou	1b0ba2026b	Document some vulnerabilities in groff. - pic2graph and eqn2graph are vulnerable to symlink attack through temporary files - groffer uses temporary files unsafely PR: ports/80671 Submitted by: KOMATSU Shinichiro	2005-05-09 07:04:52 +00:00
Sergey Matveychuk	71d86350f9	- gnu-radius exploitation was fixed in maintenance release 1.2.94 as reported in http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities PR: ports/80558 (follow-up) Submitted by: Vsevolod Stakhov <vsevolod@highsecure.ru>	2005-05-03 10:14:18 +00:00
Greg Lewis	f774451a8a	. Update the version for the jar(1) vulnerability so that 1.2.2p11_4 is no longer considered vulnerable. Adjust the modified date for the entry.	2005-05-02 18:57:25 +00:00
Remko Lodder	c13702b175	Document sharutils -- unshar insecure temporary file creation Approved by: simon	2005-05-01 14:33:37 +00:00
Remko Lodder	d3e3b64b15	Document rsnapshot -- local privilege escalation Approved by: simon	2005-05-01 12:25:14 +00:00
Brooks Davis	4b560ceb5b	coppermine -- IP spoofing and XSS vulnerability	2005-05-01 00:30:17 +00:00
Greg Lewis	f4f21ea49f	. Correct the range of vulnerable jdk14 ports for the jar(1) vulnerability and update the modified time for the entry.	2005-04-29 15:00:58 +00:00
Simon L. B. Nielsen	71d5e8a65b	Document ImageMagick -- ReadPNMImage() heap overflow vulnerability.	2005-04-27 21:35:57 +00:00
Simon L. B. Nielsen	f50fab0412	Bump modified date for last commit.	2005-04-27 21:24:36 +00:00
Greg Lewis	62d1ab007c	. Adjust ranges so that jdk-1.3.1p9_5 is no longer marked as vulnerable to the jar(1) vulnerability but is still marked vulnerable to the browser plugin vulnerability (although the plugin is no longer built by default).	2005-04-27 20:46:04 +00:00
Simon L. B. Nielsen	6cace676b3	Document mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities.	2005-04-25 21:53:19 +00:00
Simon L. B. Nielsen	991aff6f40	Document some older vulnerabilities in GAIM.	2005-04-25 21:10:40 +00:00
Simon L. B. Nielsen	feb5c578e2	Document kdewebdev -- kommander untrusted code execution vulnerability.	2005-04-23 11:40:18 +00:00
Remko Lodder	4de44e69c4	Fix a typo in the kdelibs - kimgio entry.	2005-04-22 21:53:43 +00:00
Remko Lodder	dfd9e7da6d	junkbuster -- heap corruption vulnerability and configuration modification vulnerability Approved by: simon	2005-04-22 21:52:07 +00:00
Simon L. B. Nielsen	882359b80a	Document kdelibs -- kimgio input validation errors.	2005-04-22 08:22:58 +00:00
Simon L. B. Nielsen	80a3080ca1	Mark latest openoffice 1.1 as fixed wrt. openoffice -- DOC document heap overflow vulnerability. Informed by: maho	2005-04-19 22:09:46 +00:00
Remko Lodder	aab5979e99	Document gld -- format string and buffer overflow vulnerabilities	2005-04-19 11:14:23 +00:00
Christian Weisgerber	e31b579a93	Document remote buffer overflow in ftp/axel.	2005-04-17 15:34:43 +00:00
Simon L. B. Nielsen	2bbbbc938d	Document firefox -- PLUGINSPAGE privileged javascript execution (also from the < 1.0.3 batch).	2005-04-16 22:52:07 +00:00
Remko Lodder	7ce5f5f5eb	Document jdk - jar directory traversal vulnerability. Approved by: simon	2005-04-16 22:35:09 +00:00
Simon L. B. Nielsen	c6463c5ae8	Document several mozilla/firefox issues.	2005-04-16 16:12:02 +00:00
Simon L. B. Nielsen	b8e8bd4784	Mark wget >= 1.10.a1 safe from the "wget -- multiple vulnerabilities" entry. Info provided by: sf	2005-04-15 21:47:10 +00:00
Simon L. B. Nielsen	c666625667	Document openoffice -- DOC document heap overflow vulnerability.	2005-04-13 23:17:14 +00:00
Simon L. B. Nielsen	2a6230f941	Fix and document insecure temporary file handling in portupgrade. Security: CAN-2005-0610 Security: http://vuxml.FreeBSD.org/22f00553-a09d-11d9-a788-0001020eed82.html Approved by: erwin (mentor), maintainer timeout OK'ed by: portmgr Reviewed by: nectar	2005-04-12 08:24:48 +00:00
Simon L. B. Nielsen	c5a9b3a376	Document three GAIM vulnerabilities.	2005-04-10 19:41:46 +00:00
Simon L. B. Nielsen	4ac987a82c	Document an old PHP issue.	2005-04-10 18:47:06 +00:00
Simon L. B. Nielsen	63de08eab1	Document squid -- DoS on failed PUT/POST requests vulnerability. Submitted by: Devon H. O'Dell <dodell@offmyserver.com> (original version)	2005-04-10 10:22:18 +00:00
Pav Lucistnik	b1c64c078b	- Fix closing tag on the entry I just touched. Pointed out by: still Chimera Blaming: too much bear earlier tonight	2005-04-09 20:42:03 +00:00
Pav Lucistnik	ecf039676f	- Add <modified> to the entry I just touched Prodded by: Chimera	2005-04-09 20:38:37 +00:00
Pav Lucistnik	e22567b87a	- CAN-2005-0133 is fixed in clamav-devel-20050408 PR: ports/79688 Submitted by: Renato Botelho <freebsd@galle.com.br>	2005-04-09 20:21:47 +00:00
Simon L. B. Nielsen	3325b65493	Bump modified date for entry modified last commit.	2005-04-05 20:57:06 +00:00
Hajimu UMEMOTO	f17f51ad0e	add CVE name to latest vuln of Cyrus IMAPd.	2005-04-05 20:03:49 +00:00
Thierry Thomas	24b5ab2bb9	Add an entry for a XSS vulnerabilty fixed in horde-3.0.4.	2005-04-05 19:57:09 +00:00
Simon L. B. Nielsen	7e369a9d2b	Document wu-ftpd -- remote globbing DoS vulnerability.	2005-04-04 20:06:01 +00:00
Simon L. B. Nielsen	08a1fddf90	Add CVE name to hashash entry.	2005-04-03 06:53:58 +00:00
Christian Weisgerber	7ce77e7525	Document hashcash format string vulnerability.	2005-04-02 23:15:17 +00:00
Simon L. B. Nielsen	3ea2a15c21	Document clamav -- zip handling DoS vulnerability. Approved by: portmgr (blanket, VuXML)	2005-03-26 20:49:39 +00:00
Jacques Vidrine	8fdf391a72	Document Wine information disclosure. Based on an entry that was Submitted by: Devon H. O'Dell <dodell@offmyserver.com> Approved by: portmgr (blanket, VuXML)	2005-03-24 14:15:05 +00:00
Jacques Vidrine	ad6be0e3c8	Document the most serious of the recently disclosed Mozilla/Firefox/Thunderbird vulnerabilities. Based on entries that were Submitted by: Devon H. O'Dell <dodell@offmyserver.com> Approved by: portmgr (blanket, VuXML)	2005-03-24 14:08:28 +00:00
Jacques Vidrine	540824d2e8	Document Sylpheed buffer overflow. Reminded by: netchild Approved by: portmgr (blanket, VuXML)	2005-03-23 18:29:15 +00:00
Simon L. B. Nielsen	5b82e7ed54	Document xv -- filename handling format string vulnerability. Approved by: portmgr (implicit, VuXML)	2005-03-21 21:19:21 +00:00
Simon L. B. Nielsen	e551c99e0a	Document kdelibs -- local DCOP denial of service vulnerability. Approved by: portmgr (implicit, VuXML)	2005-03-21 20:27:19 +00:00
Simon L. B. Nielsen	4b8ba5ca05	Mark grip port as fixed for recent vulnerability. Requested by: ahze	2005-03-18 19:16:10 +00:00
Simon L. B. Nielsen	9c13358c08	Document phpmyadmin -- increased privilege vulnerability.	2005-03-15 21:13:28 +00:00
Alexey Dokuchaev	15f66ab5b1	Note that recent Quake2-LNX is fixed.	2005-03-15 19:40:23 +00:00
Alex Dupre	2e4290eeb0	Recent mysql snapshot import fixed several vulnerabilities.	2005-03-15 14:27:01 +00:00
Simon L. B. Nielsen	566e20849d	Document ethereal -- multiple protocol dissectors vulnerabilities.	2005-03-14 21:55:46 +00:00
Simon L. B. Nielsen	29d805dd40	Document "grip -- CDDB response multiple matches buffer overflow vulnerability".	2005-03-14 20:19:29 +00:00
Simon L. B. Nielsen	f1996dbbb7	Update references for latest MySQL entry: - Use bid tag for Bugtraq ID reference. - Add CVE names.	2005-03-14 19:49:15 +00:00
Alex Dupre	09faa83406	Document multiple mysql remote vulnerabilities.	2005-03-14 15:16:35 +00:00
Thierry Thomas	c3c8132fc3	Add an entry about rxvt-unicode bufer overflow.	2005-03-13 10:31:19 +00:00
Simon L. B. Nielsen	2f4093a8ae	Document two phpMyAdmin issues.	2005-03-08 22:52:18 +00:00
Simon L. B. Nielsen	098596aedb	Document libexif -- buffer overflow vulnerability.	2005-03-08 21:26:23 +00:00
Jacques Vidrine	3b0cb09a6a	Fix invalid date. Noticed by: Kang Liu <liukang@bjut.edu.cn>	2005-03-07 15:45:13 +00:00
Jacques Vidrine	6cec90d8a0	Add <modified> date for recent commit to phpbb vulnerability. Forgotten by: delphij While here, add msgids for recent phpbb addition.	2005-03-06 17:06:32 +00:00
Xin LI	5092eea0da	Document a low risk HTML injection (configuration bypass) vulnerability [1] of phpBB. (maintainer contacted and is preparing a fix) [1] http://marc.theaimsgroup.com/?l=bugtraq&m=110987231502274	2005-03-05 15:53:41 +00:00
Xin LI	852b94cbf0	Add bugtraq bug ID for phpbb vulnerability. Submitted by: Kang LIU <liukang bjut edu cn>	2005-03-05 15:42:50 +00:00
Jacques Vidrine	3fbc94976e	Document two phpnuke vulnerabilities, and a Linux RealPlayer vulnerability. Based on entries that were Submitted by: Devon H. O'Dell <dodell@sitetronics.com>	2005-03-04 18:14:28 +00:00
Simon L. B. Nielsen	27b0023153	- Document ImageMagick -- format string vulnerability. - Fix typo on older tiff entry.	2005-03-03 22:20:45 +00:00
MANTANI Nobutaka	8a81c46428	Document the privilege escalation vulnerability in uim.	2005-03-02 13:17:24 +00:00
Jacques Vidrine	1f1453269f	Fix typo in linux-tiff version number for http://vuxml.freebsd.org/8f86d8b5-6025-11d9-a9e7-0001020eed82.html Reported by: Ian Moore <no-spam@swiftdsl.com.au>	2005-03-01 13:39:29 +00:00
Jacques Vidrine	8ec244ef06	Document lighttpd information disclosure bug. This entry is based on one that was Submitted by: Devon H. O'Dell <dodell@offmyserver.com>	2005-03-01 13:23:52 +00:00
Jacques Vidrine	b511a32842	Fix typo in linux-tiff version number for http://vuxml..freebsd.org/fc7e6a42-6012-11d9-a9e7-0001020eed82.html Reported by: Ian Moore <no-spam@swiftdsl.com.au>	2005-02-28 13:41:19 +00:00
Xin LI	ab9ba5a88f	Document latest phpBB critical security vulnerabilities. Submitted by: Kang LIU <liukang bjut edu cn>	2005-02-28 10:48:53 +00:00
Jacques Vidrine	24627424e6	Correct the linux-tiff version number for several entries. Reported by: netchild	2005-02-28 03:42:01 +00:00
Simon L. B. Nielsen	3ab3a3220e	Document curl -- authentication buffer overflow vulnerability.	2005-02-27 21:24:03 +00:00
Simon L. B. Nielsen	3ba6fcbd61	- Document cyrus-imapd -- multiple buffer overflow vulnerabilities. [1] - Use bid tag for a reference in sup entry. Advice from: ume [1]	2005-02-27 20:34:17 +00:00
Hiroki Sato	fbb0c798ac	Document format string vulnerabilities in net/sup.	2005-02-27 13:21:10 +00:00
Simon L. B. Nielsen	ce31baa966	- Just use mozilla in title for last entry for consistency. - Document mozilla -- insecure temporary directory vulnerability.	2005-02-26 21:12:12 +00:00
Simon L. B. Nielsen	c71abfe2a6	Update list of affected mozilla/firefox ports by the web browsers -- window injection vulnerabilities entry.	2005-02-26 20:36:40 +00:00
Simon L. B. Nielsen	77260025a2	Document mozilla & firefox -- arbitrary code execution vulnerability. Submitted by: Devon H. O'Dell <dodell@sitetronics.com> (original version)	2005-02-26 14:25:31 +00:00
Jacques Vidrine	5764c517d0	Improve the description of the latest phpBB information disclosure bugs. Submitted by: delphij (in part)	2005-02-25 04:55:52 +00:00
Hiroki Sato	76c4e7dbc7	Document a format string vulnerability in mkbold-mkitalic. Reviewed by: simon	2005-02-24 15:43:23 +00:00
Jacques Vidrine	353e7eb649	Add CVE names for wget.	2005-02-23 16:20:57 +00:00
Jacques Vidrine	f8f16c318e	De-confuse latest AWStats entry: rewrite description, and add relevant references. There were so many bugs, it was hard to keep them straight (^_^).	2005-02-23 15:11:02 +00:00
Jacques Vidrine	7e953178e5	Format the <topic> of the most recent entry so that it is more consistent with other entries.	2005-02-23 14:37:04 +00:00
Xin LI	10d48b910d	Document latest phpbb vulnerabilities. Discussed with: phpbb maintainer	2005-02-23 13:13:44 +00:00
Simon L. B. Nielsen	53153f2e70	Add more references to recent putty vulnerability.	2005-02-23 05:15:32 +00:00
Jacques Vidrine	b3ca842939	The mod_dosevasive port was upgraded.	2005-02-22 21:58:36 +00:00
Jacques Vidrine	a9fab6c983	Nit: - In most recent `unace' entry, replace HTML entity with the Unicode character. We do not use HTML entities so that a VuXML document may be processed without using the DTD. (We also avoid character entity references for more natural grep'ing, sed'ing, and editor searching.) Corrections: - An invalid UUID was assigned to a FreeRADIUS vulnerability, and went undetected since last October. (>_<) Correct it. - A bnc vulnerability was duplicated. Cancel the older, less informative entry and update the newer entry.	2005-02-22 19:27:32 +00:00
Christian Weisgerber	33ffd45c6e	Document unace-1.2b vulnerabilities: buffer overflows, directory traversal.	2005-02-22 15:37:51 +00:00
Simon L. B. Nielsen	5283ed8c39	For the the recent kdelibs entry; note that dcopidlng is only used at build time. Reported by: lofi	2005-02-20 20:51:37 +00:00
Simon L. B. Nielsen	c9f2f9b090	Document heap corruption vulnerabilities in putty.	2005-02-20 18:53:25 +00:00
Simon L. B. Nielsen	c965b44edc	Update affected versions of latest postgresql entry now that the ports have been fixed.	2005-02-19 12:49:38 +00:00
Simon L. B. Nielsen	28b80e83e3	Document insecure temporary file creation in kdelibs.	2005-02-18 22:37:34 +00:00
Simon L. B. Nielsen	edfb3d1fa7	Document format string vulnerability in bidwatcher.	2005-02-18 21:55:08 +00:00
Simon L. B. Nielsen	78f1ae5e94	Document a directory traversal vulnerability in gftp.	2005-02-18 20:37:19 +00:00
Simon L. B. Nielsen	8014ae1da8	- Document two Opera vulnerabilities. - Update information about fixed version for Opera with regard to "Window Injection" issues (based on release notes for Opera 7.54u2).	2005-02-18 20:14:00 +00:00
Simon L. B. Nielsen	6025141ff0	Document multiple buffer overflows in postgresql.	2005-02-17 21:45:40 +00:00
Simon L. B. Nielsen	f6928e4f62	Fix entry date for last commit.	2005-02-16 23:39:20 +00:00
Simon L. B. Nielsen	3aa53137ae	Document vulnerabilities in awstats. Note that this entry will most likely be updated soon when more information becomes available.	2005-02-16 23:25:23 +00:00
Simon L. B. Nielsen	a04da6a1a9	Add a few more references to the awstats entry.	2005-02-15 20:55:47 +00:00
MANTANI Nobutaka	b5f80f0f0c	Change affected packages version for the emacs movemail format string vulnerability since I fixed editors/emacs port by adding a patch instead of upgrading it to 21.4.	2005-02-14 15:44:07 +00:00
Simon L. B. Nielsen	f227f751ea	Document DoS in powerdns.	2005-02-14 00:10:36 +00:00
Simon L. B. Nielsen	1aa7bbb219	Document format string vulnerability in the Emacs movemail utility.	2005-02-13 23:19:00 +00:00
Alexey Dokuchaev	6b67384fe3	- Reflect fixing vulnerability in `net/opendchub' - Print project's name correctly	2005-02-13 11:28:52 +00:00
Simon L. B. Nielsen	28f8ea4ea8	- Fix a cvename that should have been a certvu. - Delete trailing white space. - Fix some nearby formatting while I'm here anyway.	2005-02-13 09:59:02 +00:00
Simon L. B. Nielsen	a702124003	Document two vulnerabilities in ngircd.	2005-02-13 09:21:00 +00:00
Simon L. B. Nielsen	248904911e	Document mod_python information leakage vulnerability.	2005-02-12 23:53:09 +00:00
Simon L. B. Nielsen	9314417b34	Document mailman directory traversal vulnerability.	2005-02-12 20:40:50 +00:00
Jacques Vidrine	c87041a2e7	Expand HTML entity reference in latest VuXML entry.	2005-02-11 23:29:30 +00:00
Christian Weisgerber	8803c37393	Document enscript-{a4,letter,letterdj} vulnerabilities.	2005-02-11 21:59:05 +00:00
Alexey Dokuchaev	2726a60efc	Vulnerability in unrtf is fixed now.	2005-02-11 13:37:26 +00:00
Simon L. B. Nielsen	98933fd487	Document privilege escalation vulnerability in postgresql.	2005-02-08 21:33:54 +00:00
Simon L. B. Nielsen	8249950b77	Document multiple protocol dissectors vulnerabilities in ethereal.	2005-02-08 18:14:44 +00:00
Jacques Vidrine	d276a4012f	Add another squid issue. PR: ports/76967 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2005-02-08 14:49:58 +00:00
Jacques Vidrine	78a22088fc	Add CERT Vulnerability Note reference for one squid issue, and correct the reference for another one [1]. Reported by: Thomas-Martin Seck <tmseck@netcologne.de> [1]	2005-02-08 14:43:50 +00:00
Jacques Vidrine	ba5679b474	Add CVE name for squid confusing empty ACL issue.	2005-02-08 13:48:12 +00:00
Jacques Vidrine	3622db4708	Add US-CERT Vulnerability Note references for recent squid issues.	2005-02-07 20:02:30 +00:00
Hye-Shik Chang	f4c32e5e59	Add missing <code> markups in a citation from PSF-2005-001.	2005-02-04 04:26:10 +00:00
Hye-Shik Chang	fd1e0e8128	Add an entry for PSF-2005-001, "SimpleXMLRPCServer.py allows unrestricted traversal"	2005-02-04 04:09:11 +00:00
Joe Marcus Clarke	8591bc9446	Update the entry for CAN-2005-0064 to indicate that gpdf 2.8.3 has a fix for this vulnerability.	2005-02-03 22:30:59 +00:00
Jacques Vidrine	6888c3c260	Note that perl does not have a suidperl by default.	2005-02-02 18:59:10 +00:00
Jacques Vidrine	827e5546c4	Note vulnerabilities in perl.	2005-02-02 17:38:44 +00:00
Jacques Vidrine	46e506df32	Add Bugtraq ID for evolution issue.	2005-02-02 15:46:17 +00:00
Jacques Vidrine	8287d6cb6d	Add CVE name for squid WCCP issue.	2005-02-01 17:03:31 +00:00
Jacques Vidrine	179467b970	Add a <modified> tag to the perl File::Path issue since the affected versions were changed. Forgotten by: tobez	2005-02-01 14:14:54 +00:00
Anton Berezin	29fce98efd	Narrow perl File::Path vulnerability version range a bit.	2005-02-01 13:38:15 +00:00
Niels Heinen	679df602c3	Documented vulnerabilities found in the newspost, newsfetch and newsgrab ports. http://people.freebsd.org/~niels/issues/newspost-20050114.txt http://people.freebsd.org/~niels/issues/newsgrab-20050114.txt http://people.freebsd.org/~niels/issues/newsfetch-20050119.txt Approved by: nectar (mentor)	2005-02-01 09:03:52 +00:00
Jacques Vidrine	f2abfeab79	The latest xpdf buffer overflow has been repaired in an update to pdftohtml. Submitted by: erwin	2005-01-31 21:44:32 +00:00
Jacques Vidrine	b6c860577d	Add CVE names for recent squid vulnerabilities.	2005-01-31 21:40:10 +00:00
Sergey Matveychuk	6137f0a08d	squid -- buffer overflow in WCCP recvfrom() call PR: ports/76827 Submitted by: squid maintainer	2005-01-29 21:43:36 +00:00
Simon L. B. Nielsen	00a8d275e8	Mark cups-base as fixed wrt. to "makeFileKey2() buffer overflow vulnerability".	2005-01-27 16:38:35 +00:00
Simon L. B. Nielsen	227998b897	Document "makeFileKey2()" buffer overflow vulnerability in xpdf (and programs embedding xpdf).	2005-01-26 20:25:46 +00:00
Jacques Vidrine	3bdccd715e	pdflib has been corrected. Noticed by: Hilko Meyer <Hilko.Meyer@gmx.de>	2005-01-26 16:20:43 +00:00
Jacques Vidrine	511b2e442a	Document a vulnerability in zhcon.	2005-01-25 13:50:43 +00:00
Simon L. B. Nielsen	af20e5ead2	Fix last YAMT entry update to actually make sense... Greater than and less than are not the same... Pointy hat to: simon	2005-01-25 10:51:09 +00:00
Simon L. B. Nielsen	3244edf676	Mark latest YAMT port version as fixed.	2005-01-25 10:46:29 +00:00
Simon L. B. Nielsen	8c59ddfff6	Document arbitrary code execution vulnerability in evolution.	2005-01-25 00:50:02 +00:00
Jacques Vidrine	49bed9c371	Correct the entry date for 4e4bd2c2-6bd5-11d9-9e1e-c296ac722cb3 ``squid -- HTTP response splitting cache pollution attack''.	2005-01-24 22:24:02 +00:00
Jacques Vidrine	ad23982e36	Document a local vulnerability in mod_dosevasive.	2005-01-24 20:12:25 +00:00
Jacques Vidrine	6a1b2ca975	Document a possible cache-poisoning issue affecting squid. Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2005-01-24 19:39:20 +00:00
Jacques Vidrine	3690d623e4	Document Bugzilla XSS issue.	2005-01-24 18:45:43 +00:00
Jacques Vidrine	3314fe9060	Oops, forgot to set <discovery> date.	2005-01-24 18:38:46 +00:00
Jacques Vidrine	58812ca6ce	Document window injection vulnerabilities affecting several web browsers.	2005-01-24 17:35:44 +00:00
Jacques Vidrine	e0578cbf24	Cancel duplicate phpbb entry e8c6ade2-6bcc-11d9-8e6f-000a95bc6fae. It was already documented as e3cf89f0-53da-11d9-92b7-ceadd4ac2edd. Useful references and descriptions were merged. Noticed by: simon	2005-01-24 15:29:18 +00:00
Simon L. B. Nielsen	4b3d64dc85	Document a vulnerability in YAMT.	2005-01-23 23:52:33 +00:00
Simon L. B. Nielsen	9fdc600f7e	Add squid security advisories for two recent squid entries. Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2005-01-22 14:37:47 +00:00
Edwin Groothuis	6f015a062f	squid bug #1200 : squid -- HTTP response splitting cache pollution attack PR: ports/76550 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2005-01-22 09:35:07 +00:00
Simon L. B. Nielsen	394b4f98df	Fix typo in last commit.	2005-01-22 01:13:36 +00:00
Simon L. B. Nielsen	a5db6cd37f	Document XSS in Horde.	2005-01-22 00:55:04 +00:00
Jacques Vidrine	2fd02c75f6	Oops, I accidently changed an <entry> date when I should have added a <modified> date.	2005-01-21 18:30:14 +00:00
Jacques Vidrine	83e6c1cfa6	Document vulnerabilities in older versions of Midnight Commander.	2005-01-21 17:48:02 +00:00
Jacques Vidrine	31b25caa87	Document a race condition in Perl's File::Path module.	2005-01-21 17:34:08 +00:00
Jacques Vidrine	b6d92f1198	Document phpBB vulnerabilities.	2005-01-21 17:01:03 +00:00
Jacques Vidrine	0d90beee7b	Document vulnerabilities in the Opera web browser's Java implementation.	2005-01-21 16:50:40 +00:00
Jacques Vidrine	5c923465f8	Document that older versions of sudo lack CDPATH environmental variable handling.	2005-01-21 16:38:02 +00:00
Jacques Vidrine	74afa39dd8	Document vulnerabilities in fcron.	2005-01-21 16:30:45 +00:00
Jacques Vidrine	73b2669a11	Document vulnerabilities in RealPlayer.	2005-01-21 16:07:31 +00:00
Jacques Vidrine	66cfca5b8c	Add CVE name and iDEFENSE advisory references to xzgv issue.	2005-01-21 15:54:14 +00:00
Jacques Vidrine	d4a196519c	Grr, get the imlib version number right!	2005-01-21 15:37:24 +00:00
Jacques Vidrine	b356746d58	Oops, imlib 1.9.15 is still affected. Adjust version number to reflect upcoming fix.	2005-01-21 15:31:52 +00:00
Jacques Vidrine	00cd9fa742	Document xpm heap overflows and integer overflows affecting imlib and imlib2.	2005-01-21 15:16:01 +00:00
Jacques Vidrine	5b916628c0	Document a vulnerability in eGroupWare.	2005-01-21 14:53:14 +00:00
Jacques Vidrine	4283c602b4	Document Quake II vulnerabilities reported by Richard Stanway.	2005-01-21 14:42:28 +00:00
Jacques Vidrine	9a857e751f	Add CVE names for konversation bugs.	2005-01-21 13:53:46 +00:00
Josef El-Rayes	ff26f95ce8	Document security issue in irc/konversation. Pointed out by: markus	2005-01-19 20:47:31 +00:00
Jacques Vidrine	924065316b	Correct several instances where the "msgid" attribute content had an extraneous trailing greater-than character ">", e.g. <mlist msgid="some-message@id>">some-url</mlist> These were probably the result of off-by-one errors during cut-and-paste.	2005-01-19 16:39:29 +00:00
Jacques Vidrine	6a7487d98c	Eliminate character entity references. They are technically fine of course, but I prefer to use the UTF-8 character directly: it makes grep'ing and the like easier.	2005-01-19 16:19:14 +00:00
Jacques Vidrine	82f5dbf866	Update entries with 12 new CVE name references.	2005-01-19 14:13:08 +00:00
Edwin Groothuis	85e001db7c	Fix date (was YYYY-MM-DD, now 2005-01-19) Thanks for Chimera@#bsdports	2005-01-19 11:52:27 +00:00
Edwin Groothuis	b7487cecbb	squid -- no sanity check of usernames in squid_ldap_auth (My first attempt to update this thing. Hope all goes fine!) PR: ports/76364 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2005-01-19 11:05:02 +00:00
Simon L. B. Nielsen	a8bfb30c11	Document remote DoS in CUPS. Heads-ups by: Hilko Meyer <hilko.meyer@gmx.de> Description by: nectar	2005-01-18 20:25:52 +00:00
Jacques Vidrine	8f0e289b8b	During last year's bumpercrop of vulnerabilities in libtiff, a 2004 CVE name was assigned to what was actually a much older (circa March 2002) denial-of-service issue. Document it, since occassionally the CVE name crops up and then I wonder why we missed it.	2005-01-18 17:47:15 +00:00
Jacques Vidrine	d0c1fddd87	Document exploitable vulnerabilities in zgv and xzgv.	2005-01-18 17:23:23 +00:00
Jacques Vidrine	410c998edc	Document bug in Mozilla-based software that may leave downloaded files or attachments world-readable.	2005-01-18 16:59:56 +00:00
Simon L. B. Nielsen	bb8192991e	Add more references to exim entry.	2005-01-18 16:02:38 +00:00
Jacques Vidrine	31c0747eb2	pdflib contains libtiff, and thus is affected by several vulnerabilities that affected libtiff.	2005-01-18 15:23:49 +00:00
Simon L. B. Nielsen	e26b4b8713	Document remote command execution vulnerability in awstats.	2005-01-18 12:29:58 +00:00
Simon L. B. Nielsen	534539b497	Document security vulnerability in ImageMagick.	2005-01-18 01:02:45 +00:00
Simon L. B. Nielsen	44af68883a	Update "cups-base -- HPGL buffer overflow vulnerability" entry to reflect the fix in the latest port version.	2005-01-17 17:44:12 +00:00
Jacques Vidrine	ee01ad1757	Spelling corrections.	2005-01-17 17:20:57 +00:00
Jacques Vidrine	1affd53e40	Regarding CUPS lppasswd entry: Add the CVE names for each issue inline with the excerpt from Bernstein's message. Note that the third issue does not effect users of FreeBSD 4.6 or later.	2005-01-17 13:42:10 +00:00
Simon L. B. Nielsen	e5f3dcd988	Document two vulnerabilities in CUPS. Heads up by: Hilko Meyer <hilko.meyer@gmx.de>	2005-01-16 23:15:54 +00:00
Simon L. B. Nielsen	358108a09d	Document mysqlaccess insecure temporary file creation.	2005-01-16 20:46:56 +00:00
Simon L. B. Nielsen	480696d0aa	Document buffer overflow vulnerability in unrtf.	2005-01-16 18:47:48 +00:00

... 3 4 5 6 7 ...

932 commits