kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
394110 commits 42 branches 80 tags 2.7 GiB
Commit graph

4241 commits

Author SHA1 Message Date
Olli Hauer
2581bec91b - document bugzilla Cross-Site Scripting issue 2016-05-17 18:32:17 +00:00
Matthias Andree
3ff31d77d6 Mark openvpn-polarssl <v2.3.11 vulnerable, too, not just openvpn. 
Security: 0dc8be9e-19af-11e6-8de0-080027ef73ec
 2016-05-14 08:46:46 +00:00
Matthias Andree
86aaef45fd Mark OpenVPN before 2.3.11 vulnerable. 
v2.3.11 fixed a buffer overrun in PAM authentication,
and a port-share bug with denial-of-service potential.
 2016-05-14 08:43:48 +00:00
Mark Felder
177b620cfc Fix vuxml 2016-05-13 12:51:44 +00:00
Koop Mast
ae096366da Add basic imagemagick entry. 2016-05-13 12:43:03 +00:00
Li-Wen Hsu
8cf4514559 Fix affected versions 2016-05-12 03:45:23 +00:00
Li-Wen Hsu
632a708341 Document Jenkins Security Advisory 2016-05-11 2016-05-12 03:44:24 +00:00
Jason Unovitch
a89044883a Document Perl taint protection bypass vulnerability 
PR:		208879
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
Security:	CVE-2016-2381
Security:	https://vuxml.FreeBSD.org/freebsd/d9f99491-1656-11e6-94fa-002590263bf5.html
 2016-05-10 03:00:13 +00:00
Jason Unovitch
9fa87774a7 Document Wordpress vulnerabilities fixed in 4.5.2 
PR:		209409
PR:		209378 [1]
Reported by:	Mihail Timofeev <9267096@gmail.com> [1]
Security:	CVE-2016-4566
Security:	CVE-2016-4567
Security:	https://vuxml.FreeBSD.org/freebsd/3686917b-164d-11e6-94fa-002590263bf5.html
 2016-05-10 01:49:25 +00:00
Jason Unovitch
15a1974ad6 Fix version range for libarchive entry. [1] 
While here, add CVE and wrap lines at <80

PR:		209404 [1]
Reported by:	dereks@lifeofadishwasher.com [1]
Security:	CVE-2016-1541
Security:	https://vuxml.FreeBSD.org/freebsd/2b4c8e1f-1609-11e6-b55e-b499baebfeaf.html
 2016-05-10 00:22:27 +00:00
Bernard Spil
b162764570 security/vuxml: Add entry for libarchive 
- Vulnerable < 2.3.0

Reviewed by:	feld (mentor)
Approved by:	feld (mentor, ports-secteam)
Security:	CVE-2016-1541
 2016-05-09 19:31:37 +00:00
Matthew Seaman
c6977bb14a Update recent squid, squid-devel entry to add CVE Numbers 2016-05-09 15:24:48 +00:00
Matthew Seaman
37549c4c9b Document three security advisories for the squid and squid-devel 
ports.  CVE numbers are not yet available.

PR:		209334
Submitted by:	timp87@gmail.com (maintainer)
 2016-05-07 11:56:27 +00:00
Koop Mast
9fc62f0d7b Add forgotten portepoch to the ImageMagick 6.x version. 
PR:		209241
Reported by:	Ben Woods, Jason Unovitch
 2016-05-07 07:30:31 +00:00
Koop Mast
d06cca2e1c Document ImageMagick vulnabilities. 
PR:		209241
Submitted by:	Ben Woods
 2016-05-06 15:27:49 +00:00
Vanilla I. Shu
cd225457e4 Add entry of devel/jansson 
PR:		209219
Submitted by:	junovitch@
 2016-05-04 06:25:52 +00:00
Jason Unovitch
251486b3a1 Fix <url> -> <cvename> tags in OpenSSL entry plus spacing fixes. 
While here, combine both entries as they both refer to the same CVEs and
we've typically done these as combined entries in the past.
 2016-05-03 23:57:03 +00:00
Bernard Spil
0e62d5880d security/vuxml: Document LibreSSL vulnerabilities 
Reviewed by:	swills
MFH:		2016Q3
 2016-05-03 17:56:24 +00:00
Bernard Spil
f7c15cbaac security/vuxml: Document OpenSSL 1.0.2g vulnerabilities 
Reviewed by:	swills
MFH:		2016Q2
 2016-05-03 17:50:20 +00:00
Jason Unovitch
698146106d Document gitlab privilege escalation via "impersonate" feature 
PR:		209225
Reported by:	Torsten Zuehlsdorff <ports@toco-domains.de>
Security:	CVE-2016-4340
Security:	https://vuxml.FreeBSD.org/freebsd/be72e773-1131-11e6-94fa-002590263bf5.html
 2016-05-03 13:27:45 +00:00
Jason Unovitch
b2b65f3cd2 Document php multiple vulnerabilities 
PR:		209145
Reported by	Christian Schwarz <me@cschwarz.com>
Security:	CVE-2016-3074
Security:	https://vuxml.FreeBSD.org/freebsd/5764c634-10d2-11e6-94fa-002590263bf5.html
 2016-05-03 03:05:31 +00:00
Jason Unovitch
46dd503088 Document libksba local denial of service vulnerabilities 
Security:	CVE-2016-4353
Security:	CVE-2016-4354
Security:	CVE-2016-4355
Security:	CVE-2016-4356
Security:	https://vuxml.FreeBSD.org/freebsd/a1134048-10c6-11e6-94fa-002590263bf5.html
 2016-05-03 00:40:04 +00:00
Jason Unovitch
df85b22260 Document denial of service advisories from Wireshark's recent release 
Security:	https://vuxml.FreeBSD.org/freebsd/7e36c369-10c0-11e6-94fa-002590263bf5.html
 2016-05-02 23:58:59 +00:00
Olivier Duchateau
37751c6817 Document arbitrary code execution vulnerability in Mercurial 
Security:	CVE-2016-3105
 2016-05-01 21:15:35 +00:00
Bernard Spil
dbfbe23221 security/vuxml: Add entry for MySQL/MariaDB/Percona April Critical Patch Update 
- Add entry for 31 security fixes for Oracle MySQL
  - Add also affected MariaDB packages
  - Add also affected Percona packages

Reviewed by:	junovitch (ports-secteam)
Approved by:	junovitch (ports-secteam)
Differential Revision:	D6159
 2016-05-01 07:33:15 +00:00
Matthew Seaman
06dd6c6dc6 Logstash password disclosure vulnerability. 2016-04-28 20:17:30 +00:00
Lev A. Serebryakov
2dcfa94faa Add two CVEs for subversion: 
http://subversion.apache.org/security/CVE-2016-2167-advisory.txt
   http://subversion.apache.org/security/CVE-2016-2168-advisory.txt
 2016-04-28 15:15:38 +00:00
Xin LI
590aa7fa02 Document NTP multiple vulnerabilities. 2016-04-27 04:43:31 +00:00
Jan Beich
4b97fe7c4f Document recent Firefox vulnerabilities 2016-04-26 20:24:35 +00:00
Florian Smeets
cdbf450860 Document phpmyfaq vulnerability 
Security:	https://vuxml.freebsd.org/freebsd/f87a9376-0943-11e6-8fc4-00a0986f28c4.html
Security:	http://www.phpmyfaq.de/security/advisory-2016-04-11
Sponsored by:	Essen Linuxhotel Hackathon 2016
 2016-04-23 11:40:45 +00:00
Jason Unovitch
8d403d568d Document libtasn1 denial of service via parsing malicious DER certificates 
Security:	CVE-2016-4008
Security:	https://vuxml.FreeBSD.org/freebsd/1b0d2938-0766-11e6-94fa-002590263bf5.html
 2016-04-21 02:16:31 +00:00
Jason Unovitch
41641f6570 Document squid -- multiple vulnerabilities 
PR:		208939
Reported by:	Pavel Timofeev <timp87@gmail.com>
Security:	CVE-2016-4054
Security:	CVE-2016-4053
Security:	CVE-2016-4052
Security:	CVE-2016-4051
Security:	https://vuxml.FreeBSD.org/freebsd/e05bfc92-0763-11e6-94fa-002590263bf5.html
 2016-04-21 02:01:29 +00:00
Matthew Seaman
40e279eadb CVE-2016-3096 -- ansible and ansible1 vulnerability due to using 
predictable temporary file names when managing LXC containers.
 2016-04-20 12:33:44 +00:00
Martin Matuska
baa871e408 Document security vulnerability in proftpd mod_tls. 
PR:		208876
Security:	CVE-2016-3125
 2016-04-20 11:46:34 +00:00
Rene Ladan
1c53ed88f9 Doument new vulnerabilities in www/chromium < 50.0.2661.75 
Obtained from:	http://googlechromereleases.blogspot.nl/2016/04/stable-channel-update_13.html
 2016-04-19 20:14:53 +00:00
Jason Unovitch
07f3f9ed8d Document wpa_supplicant security advisories 
PR:		208482
Security:	CVE-2015-5310
Security:	CVE-2015-5315
Security:	CVE-2015-5316
Security:	https://vuxml.FreeBSD.org/freebsd/976567f6-05c5-11e6-94fa-002590263bf5.html
 2016-04-19 00:36:17 +00:00
Jason Unovitch
1c77f25690 Document earlier dhcpcd security issue that has been fixed in an earlier 
version before the security implications were reported.

PR:		208840
Submitted by:	Ben Woods <woodsb02@gmail.com>
Submitted by:	Roy Marples <roy@marples.name>
Security:	CVE-2014-7912
Security:	https://vuxml.FreeBSD.org/freebsd/092156c9-04d7-11e6-b1ce-002590263bf5.html
 2016-04-17 20:07:36 +00:00
Jason Unovitch
47ba8e2915 Document dhcpcd security remote execution/denial of service 
PR:		208840
Submitted by:	Ben Woods <woodsb02@gmail.com>
Security:	CVE-2014-7913
Security:	https://vuxml.FreeBSD.org/freebsd/6ec9f210-0404-11e6-9aee-bc5ff4fb5ea1.html
 2016-04-17 01:16:22 +00:00
Guido Falsi
2272af58cb Document Asterisk and PJsip vulnerabilities. 2016-04-15 15:12:45 +00:00
Jason Unovitch
719e1101ec Document go remote denial of service 
Security:	CVE-2016-3959
Security:	https://vuxml.FreeBSD.org/freebsd/f2217cdf-01e4-11e6-b1ce-002590263bf5.html
 2016-04-14 02:07:44 +00:00
Mark Felder
af7844bdd3 Document linux-c6-nspr which was overlooked in previous vuxml entry 2016-04-13 18:59:29 +00:00
Timur I. Bakeyev
258dae53f0 Multiple vulnerabilities in Samba. 
[CVE-2015-5370] Errors in Samba DCE-RPC code can lead to denial of service (crashes and high cpu consumption) and man in the middle attacks.
[CVE-2016-2110] The feature negotiation of NTLMSSP is not downgrade protected. A man in the middle is able to clear even required flags,
    especially NTLMSSP_NEGOTIATE_SIGN and NTLMSSP_NEGOTIATE_SEAL.
[CVE-2016-2111] When Samba is configured as Domain Controller it allows remote attackers to spoof the computer name of a secure channel's endpoints,
    and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic.
[CVE-2016-2112] A man in the middle is able to downgrade LDAP connections to no integrity protection.
[CVE-2016-2113] Man in the middle attacks are possible for client triggered LDAP connections (with ldaps://) and ncacn_http connections (with https://).
[CVE-2016-2114] Due to a bug Samba doesn't enforce required smb signing, even if explicitly configured.
[CVE-2016-2115] The protection of DCERPC communication over ncacn_np (which is the default for most the file server related protocols) is inherited
    from the underlying SMB connection.
[CVE-2016-2118] a.k.a. BADLOCK. A man in the middle can intercept any DCERPC traffic between a client and a server in order to impersonate the client
    and get the same privileges as the authenticated user account. This is most problematic against active directory domain controllers.
Security:	CVE-2015-5370
		CVE-2016-2110
		CVE-2016-2111
		CVE-2016-2112
		CVE-2016-2113
		CVE-2016-2114
		CVE-2016-2115
		CVE-2016-2118
Sponsored by:	Micro$oft
 2016-04-12 18:49:29 +00:00
Jason Unovitch
927f94f3eb Document multiple vulnerabilities from the 31 Mar 16 PHP releases 
PR:		208465
Reported by	Christian Schwarz <me@cschwarz.com>
Security:	https://vuxml.FreeBSD.org/freebsd/482d40cb-f9a3-11e5-92ce-002590263bf5.html
 2016-04-03 14:19:01 +00:00
Jason Unovitch
ccb5f4c71a Document PCRE heap overflow vulnerability 
PR:		208260
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
Security:	CVE-2016-1283
Security:	https://vuxml.FreeBSD.org/freebsd/497b82e0-f9a0-11e5-92ce-002590263bf5.html
 2016-04-03 13:43:13 +00:00
Jason Unovitch
65283680a9 Document djblets vulnerability from the 0.9.2 release notes 
Security:	https://vuxml.FreeBSD.org/freebsd/df328fac-f942-11e5-92ce-002590263bf5.html
 2016-04-03 02:27:46 +00:00
Jason Unovitch
dffec6cc8d Document multiple security advisories for Moodle 
Security:	CVE-2016-2151
Security:	CVE-2016-2152
Security:	CVE-2016-2153
Security:	CVE-2016-2154
Security:	CVE-2016-2155
Security:	CVE-2016-2156
Security:	CVE-2016-2157
Security:	CVE-2016-2158
Security:	CVE-2016-2159
Security:	CVE-2016-2190
Security:	https://vuxml.FreeBSD.org/freebsd/a430e15d-f93f-11e5-92ce-002590263bf5.html
 2016-04-03 02:11:52 +00:00
Jason Unovitch
3324d4936d Add additional reference URL for Kamailio entry from r411376 
Security:	CVE-2016-2385
Security:	https://vuxml.FreeBSD.org/freebsd/c428de09-ed69-11e5-92ce-002590263bf5.html
 2016-04-03 00:48:24 +00:00
Jason Unovitch
249e429010 Document squid multiple vulnerabilities 
PR:		208463
Security:	CVE-2016-3947
Security:	CVE-2016-3948
Security:	https://vuxml.FreeBSD.org/freebsd/297117ba-f92d-11e5-92ce-002590263bf5.html
 2016-04-03 00:00:26 +00:00
Mathieu Arnold
597afc47ba Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u. 
With hat:	portmgr
Sponsored by:	Absolight
 2016-04-01 14:25:16 +00:00
Palle Girgensohn
ae80c36049 This CVE is actually for the -contrib module: 
Security: CVE-2016-3065
 2016-03-31 14:52:39 +00:00