freebsd-ports

Author	SHA1	Message	Date
Remko Lodder	52dcfc0417	Remove the pinentry entry. It was gentoo specific and I overlooked that. Noticed by: Dejan Lesjak <dejan dot lesjak at ijs dot si> Pointyhat: remko Approved by: portmgr (implicit VuXML)	2006-02-27 20:16:33 +00:00
Sergey Skvortsov	bb655e6ade	Document Bugzilla [2.*, 2.20.1) vulnerabilities. Approved by: security-officer (simon) Approved by: portmgr (implicit)	2006-02-27 14:36:52 +00:00
Xin LI	978c80a462	Document squirrelmail (< 1.4.6) vulnerabilities: CVE-2006-0377 (IMAP injection) CVE-2006-0195 (XSS) CVE-2006-0188 (XSS) Approved by: security-officer (simon) Approved by: portmgr (implicit)	2006-02-24 19:56:28 +00:00
Remko Lodder	a57877665c	Remove the latest squid entry, it already existed. Noticed by: Thomas-Martin Seck <tmseck at netcologne dot de>	2006-02-20 19:15:17 +00:00
Remko Lodder	193f489b68	Document gedit -- format string vulnerability.	2006-02-20 16:03:36 +00:00
Remko Lodder	5b65a6dfe1	Add koffice to the RTF import issue.	2006-02-20 15:43:52 +00:00
Remko Lodder	e110989d25	Documenet WebCalendar -- unauthorized access vulnerability.	2006-02-20 15:17:48 +00:00
Remko Lodder	3073642d70	Document abiword -- stack based buffer overflow vulnerabilities.	2006-02-20 14:29:51 +00:00
Remko Lodder	424cfcab59	Document pinentry -- local privilege escalation. Correct previous entry (the entry time was invalid).	2006-02-20 12:26:22 +00:00
Remko Lodder	3c6a572716	Document squid -- dns lookup spoofing.	2006-02-20 12:02:09 +00:00
Simon L. B. Nielsen	a211d0431d	Document postgresql81-server -- SET ROLE privilege escalation.	2006-02-18 14:22:41 +00:00
Simon L. B. Nielsen	51909aa65e	Document gnupg -- false positive signature verification.	2006-02-17 09:53:58 +00:00
Remko Lodder	f42ea1d7c5	Document rssh -- privilege escalation vulnerability. The port will be marked forbidden due to possible root access.	2006-02-16 15:05:13 +00:00
Remko Lodder	5803e4d25e	Document tor -- malicious tor server can locate a hidden service.	2006-02-16 14:33:20 +00:00
Remko Lodder	7d56bb9418	Document sudo -- arbitrary command execution.	2006-02-16 14:20:23 +00:00
Remko Lodder	96d8b28256	Document libtomcrypt -- weak signature scheme with ECC keys.	2006-02-16 14:08:27 +00:00
Remko Lodder	b1b350edad	Document mantis -- "view_filters_page.php" cross site scripting vulnerability.	2006-02-16 13:19:07 +00:00
Remko Lodder	357c6d5847	Document phpbb -- multiple vulnerabilities. Reviewed by: simon	2006-02-16 12:59:20 +00:00
Remko Lodder	e7e1028351	Document postgresql -- character conversion and tsearch2 vulnerabilities.	2006-02-16 12:50:35 +00:00
Remko Lodder	16ea24ccb4	Document heartbeat -- insecure temporary file creation vulnerability.	2006-02-16 09:08:03 +00:00
Remko Lodder	f5972ea28f	Document kpdf -- heap based buffer overflow	2006-02-15 13:25:55 +00:00
Remko Lodder	0be8d00ea7	Document perl, webmin, usermin -- perl format string integer wrap vulnerability PR: ports/91202 Submitted by: KOMATSU Shinichiro <koma2 at lovepeers dot org> (slightly modified).	2006-02-15 12:53:20 +00:00
Remko Lodder	7021a772ef	Document phpicalendar -- cross site scripting vulnerability and document phpicalendar -- file disclosure vulnerability [1]. Reviewed by: simon [1] Spotted on: cvs-ports@ [1]	2006-02-15 12:33:36 +00:00
Remko Lodder	25ca5f88be	Document FreeBSD -- Infinite loop in SACK handling (FreeBSD SA 06.08)	2006-02-14 10:35:40 +00:00
Remko Lodder	424491da55	Document pf -- IP fragment handling panic, FreeBSD SA 06.07	2006-02-14 10:28:53 +00:00
Remko Lodder	7d67746133	Document FreeBSD -- Local kernel memory disclosure (FreeBSD SA 06.07).	2006-02-14 10:09:23 +00:00
Remko Lodder	75aa0b238b	Document IEEE 802.11 -- buffer overflow (FreeBSD SA 06.05).	2006-02-14 09:57:31 +00:00
Remko Lodder	07f1e71655	Add FreeBSD SA 06.04.ipfw to the vuln.xml list.	2006-02-14 08:13:53 +00:00
Simon L. B. Nielsen	fdb960e906	Mark ivtools 1.2.3 as fixed for jpeg vulnerabilities. Note that this version is not yet in ports, but marking the new version fixed now make porting a bit simpler.	2006-02-07 20:43:51 +00:00
Simon L. B. Nielsen	bc35a4c8f8	Document kpopup -- local root exploit and local denial of service. PR: ports/92359 Submitted by: Ion-Mihai "IOnut" Tetcu <itetcu@people.tecnik93.com>	2006-02-07 20:09:16 +00:00
Remko Lodder	fd5ec1d397	Oops. Forgot to modify the discovery date. Spotted by: simon (again)	2006-01-27 19:07:32 +00:00
Remko Lodder	14168109d9	Add 4 FreeBSD advisories to the VuXML database. The other recently released advisories will be added later today. o SA-06:03.cpio o SA-06:02.ee o SA-06:01.texindex o SA-05:20.cvsbug	2006-01-27 12:20:06 +00:00
Edwin Groothuis	41ce2d5cf9	SHA256ify Approved by: krion@	2006-01-24 06:38:31 +00:00
Brooks Davis	a558911631	Document local root exploit in SGE.	2006-01-23 21:29:46 +00:00
Simon Barner	d9e48a62d0	Document "fetchmail -- crash when bouncing a message" DOS vulnerability. Reviewed by: secteam (simon)	2006-01-23 15:35:22 +00:00
Simon L. B. Nielsen	7e58b30f65	- Update description and references for "clamav -- possible heap overflow in the UPX code" now that more information is available. - Remove some EOL whitespace.	2006-01-14 23:36:11 +00:00
Emanuel Haupt	0b2183233e	Add an entry for clamav/clamav-devel Reviewed by: simon (secteam)	2006-01-10 14:02:52 +00:00
Simon L. B. Nielsen	e255ffdee3	Document milter-bogom -- headerless message crash. Reported by: Victor Balada Diaz <victor@bsdes.net>	2006-01-09 21:47:29 +00:00
Simon L. B. Nielsen	e67f22fd29	Mark latest bnc version as fixed wrt. to "fd_set -- bitmap index overflow in multiple applications". Reported by: Christian Elmerot <Chreo At chreo , net>	2006-01-09 20:49:54 +00:00
Simon L. B. Nielsen	44c850656f	Document two bogofilter vulnerabilities. Submitted by: Matthias Andree <matthias.andree@gmx.de>	2006-01-07 14:56:01 +00:00
Thierry Thomas	fbe708601a	Add an entry for rxvt-unicode < 6.3: root privileges were not restored before the call to openpty(), so the permissions on the pty device node remain root:wheel 666 after opening a new terminal. Discovered by: Ryan Beasley <ryanb (at) rainbowdevilsland.co.uk>	2006-01-04 23:00:38 +00:00
Lev A. Serebryakov	473045a644	`ru-apache' and` ru-apache+mod_ssl' was patchet against CAN-2005-3352 (http://www.FreeBSD.org/ports/portaudit/9fff8dc8-7aa7-11da-bf72-00123f589060.html) Yes, changes are validated with xmllint at this time.	2006-01-03 18:40:54 +00:00
Remko Lodder	7f39f465ee	Correct a little typo.	2006-01-02 18:32:19 +00:00
Remko Lodder	ba2e705394	Document apache -- mod_imap cross-site scripting flaw. I expanded the diff from the PR a bit to denote other affected apache ports as well. Therefor mistakes in that should be redirected to me. Also bump the copyright year for the vuxml file. PR: ports/91157 (based on) Submitted by: KOMATSU Shinichiro <koma2 at lovepeers dot org>	2006-01-01 21:40:15 +00:00
Hiroki Sato	ed868573b5	Fix the affected versions of 9b4facec-6761-11da-99f6-00123ffe8333. PR: ports/91156 Submitted by: KOMATSU Shinichiro (koma2 at lovepeers dot org)	2006-01-01 09:03:31 +00:00
Simon L. B. Nielsen	148232b94b	Add missing "</package>" tag from rev. 1.917, which caused the file to be invalid XML and in turn caused the portaudit database to be only partially built. Bump modification date of all entries which had modification date on the 23'rd to make sure VuXML consumers catch the updates. Portaudit problem reported by: Peter Vohmann Pointy hat to: lev	2005-12-25 22:23:51 +00:00
Lev A. Serebryakov	1c38ba0f8a	russian/apache13 and russian/apache13-modssl were updated and new version doesn't contain any known vulnerabilities.	2005-12-23 13:33:26 +00:00
Simon L. B. Nielsen	07c857289d	Bump modification date for entries touched by last commit.	2005-12-23 12:10:21 +00:00
Remko Lodder	b8bdbc097e	Update the phpSysInfo entries, PR ports/90849 will solve the documented issues. Requested by: Babak Farrokhi <babak at farrokhi dot net>	2005-12-23 11:47:23 +00:00
Remko Lodder	089f400b2f	Fix another typo in my nbd entry. Spotted by: Linus Nordberg <linus at nordberg dot se>	2005-12-23 10:29:49 +00:00

1 2 3 4 5 ...

971 commits