freebsd-ports

Author	SHA1	Message	Date
Remko Lodder	9869f02a09	Add forgotten </package> line. Spotted by: simon	2005-09-04 15:24:56 +00:00
Remko Lodder	1f32002401	Mark b2evolution prior to 0.9.0.12_2 vulnerable to the XML_RPC remote php code injection vulnerability. Inspired by: pav's commit, updating the port.	2005-09-04 15:16:52 +00:00
Remko Lodder	8d52ed02cb	Document htdig -- cross site scripting vulnerability. Reviewed by: simon	2005-09-04 09:03:05 +00:00
Sergey Matveychuk	df93a435e2	- Document two squid security related issues. PR: ports/85688 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (squid maintainer)	2005-09-04 07:54:46 +00:00
Remko Lodder	59790d976f	Document bind9 -- denial of service. Also merge the FreeBSD-SA-05:12.bind9 advisory in the entry. [1] Suggested by: simon [1] Reviewed by: simon	2005-09-03 19:05:00 +00:00
Remko Lodder	5d3e7f35e7	Document bind -- buffer overrun vulnerability	2005-09-03 18:06:52 +00:00
Simon L. B. Nielsen	b8fc727f1e	Add a more or less bogus reference section to the last entry, to make it a valid entry. The reference simply references the VuXML entry itself, but at least it fixes the build for now. Missed by: simon	2005-09-02 13:10:51 +00:00
Jean-Yves Lefort	83951565f6	Document stack overflow vulnerabilities in games/urban. Approved by: simon	2005-09-02 12:59:55 +00:00
Simon L. B. Nielsen	ab66fb30d3	Mark latest evolution port version as fixed wrt. evolution -- remote format string vulnerabilities.	2005-08-29 20:47:28 +00:00
Jun Kuriyama	11ed143aa7	Add entry for fswiki's vuln.	2005-08-29 15:10:29 +00:00
Niels Heinen	14c354e28c	Dante 1.1.15 is no longer affected by the fd_set bitmap index overflow. Updated the version in VuXML (was 0). Approved by: nectar (mentor)	2005-08-29 08:11:20 +00:00
Simon L. B. Nielsen	db3d72ecbf	- Fill out part of the std. VuXML template missed in the last entry. - Mark acroread 7.0.1 as fixed for acroread -- XML External Entity vulnerability. [1] Reported by: Sverre H. Huseby [1]	2005-08-28 20:48:11 +00:00
Simon L. B. Nielsen	b7a42fed66	Document evolution -- remote format string vulnerabilities. Approved by: portmgr (blanket, VuXML)	2005-08-27 22:25:30 +00:00
Simon L. B. Nielsen	32797fc1e4	Document pam_ldap -- authentication bypass vulnerability. Approved by: portmgr (blanket, VuXML)	2005-08-27 21:54:42 +00:00
Simon L. B. Nielsen	8322548dab	Mark phpgroupware as vulnerable to pear-XML_RPC -- remote PHP code injection vulnerability. Reported by: olgeni Approved by: portmgr (blanket, VuXML)	2005-08-27 18:17:24 +00:00
Simon L. B. Nielsen	e88212ee93	Document pcre -- regular expression buffer overflow. Approved by: portmgr (blanket, VuXML)	2005-08-26 21:24:31 +00:00
Simon L. B. Nielsen	5fff46907e	Mark latest awstats port as fixed for awstats -- arbitrary code execution vulnerability. Approved by: portmgr (blanket, VuXML)	2005-08-23 20:26:38 +00:00
Sergey Matveychuk	5a393f74af	Document mail/elm remote buffer overflow vulnerability. PR: ports/85225 Submitted by: Kevin Day <toasty@dragondata.com> (elm maintainer) Approved by: portmgr (blanket, VuXML)	2005-08-23 19:07:08 +00:00
Remko Lodder	5dd48b46c5	Document four vulnerabilities in openvpn: * openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server * openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory * openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients * openvpn -- denial of service: client certificate validation can disconnect unrelated clients Approved by: portsmgr (blanket VuXML) Submitted by: Matthias Andree <matthias dot andree at gmx dot de>	2005-08-19 09:58:19 +00:00
Simon L. B. Nielsen	36ab3408aa	Also mark phpAdsNew as affected by "pear-XML_RPC -- remote PHP code injection vulnerability". Approved by: portmgr (blanket, VuXML)	2005-08-17 20:01:01 +00:00
Remko Lodder	b942a2a7c2	Add the fixed version so that people do not get a stale portaudit when the update is there. Also fix some indentation that i overlooked. Noticed by: simon (both of the items) Approved by: portsmgr (blanket VuXML)	2005-08-17 19:46:39 +00:00
Remko Lodder	937ce6aba9	Document tor -- diffie-hellman handshake flaw. Submitted by: Michal Bartkowiak <michal at nonspace dot net> Approved by: portsmgr (blanket VuXML)	2005-08-17 19:34:44 +00:00
Simon L. B. Nielsen	b301e67e49	gpdf has been fixed for "xpdf -- disk fill DoS vulnerability", mark it as such. Approved by: portmgr (blanket, VuXML)	2005-08-16 21:19:30 +00:00
Simon L. B. Nielsen	75172d796f	Add eGroupWare to the list of packages affected by "pear-XML_RPC -- remote PHP code injection vulnerability". Approved by: portmgr (blanket, VuXML)	2005-08-16 20:56:54 +00:00
Simon L. B. Nielsen	59a6826b92	Document acroread -- plug-in buffer overflow vulnerability. Approved by: portmgr (blanket, VuXML)	2005-08-16 18:43:41 +00:00
Simon L. B. Nielsen	2836760398	Add phpmyfaq and drupal to the "pear-XML_RPC -- remote PHP code injection vulnerability" entry since they contain an embedded version of pear-XML_RPC. Fix typo in body of the latest xpdf entry (note: no modified date bump as this is a minor typo fix which does change <affects>). Approved by: portmgr (blanket, VuXML)	2005-08-15 20:38:54 +00:00
Simon L. B. Nielsen	a098192895	Document pear-XML_RPC -- remote PHP code injection vulnerability. Submitted by: hrs Approved by: portmgr (blanket, VuXML)	2005-08-15 13:20:30 +00:00
Simon L. B. Nielsen	782374f5c4	Document awstats -- arbitrary code execution vulnerability. Approved by: portmgr (blanket, VuXML)	2005-08-14 21:09:10 +00:00
Simon L. B. Nielsen	c1bc774e4b	After further examination it turns out that gnugadu does not include libgadu, at least not any in any current version, and from looking at the gnugadu code there is no direct indication that this code should actually be vulnerable to the other libgadu vulnerabilities. [1] The gaim part of libgadu -- multiple vulnerabilities was fixed in 1.4.0_1. [2] Polish translation clue: pjd [1] General clue by: markus [2] Not enough checking: simon Approved by: portmgr (blanket, VuXML)	2005-08-12 16:38:54 +00:00
Simon L. B. Nielsen	41071473f7	Remove pl-gnugadu2 and kadu from being affected by libgadu -- multiple vulnerabilities, since it turns out that they use libgadu from the ekg port. Approved by: portmgr (blanket, VuXML)	2005-08-12 14:45:57 +00:00
Simon L. B. Nielsen	57454f0e97	Document libgadu -- multiple vulnerabilities. Approved by: portmgr (blanket, VuXML)	2005-08-12 14:21:10 +00:00
Simon L. B. Nielsen	da8382985a	Document gaim -- AIM/ICQ away message buffer overflow and gaim -- AIM/ICQ non-UTF-8 filename crash. Approved by: portmgr (blanket, VuXML)	2005-08-12 11:26:44 +00:00
Simon L. B. Nielsen	7cc5d12599	Remove pdftohtml from the list of packages affected by xpdf -- disk fill DoS vulnerability, since it includes xpdf 2, which should not be affected. Approved by: portmgr (blanket, VuXML)	2005-08-12 10:42:13 +00:00
Simon L. B. Nielsen	2a2ea79881	Document xpdf -- disk fill DoS vulnerability. Approved by: portmgr (blanket, VuXML)	2005-08-11 22:18:53 +00:00
Simon L. B. Nielsen	4518fa7463	Mark apache 1.3.33_2 as fixed for apache -- http request smuggling. Approved by: portmgr (blanket, VuXML)	2005-08-11 12:40:51 +00:00
Simon L. B. Nielsen	d20662bf31	Document gforge -- XSS and email flood vulnerabilities. Approved by: portmgr (blanket, VuXML)	2005-08-09 11:51:25 +00:00
Simon L. B. Nielsen	befbd7cfa6	Document postnuke -- multiple vulnerabilities. Approved by: portmgr (blanket, VuXML)	2005-08-07 22:19:56 +00:00
Simon L. B. Nielsen	68bc305b6a	Document mambo -- multiple vulnerabilities. Approved by: portmgr (blanket, VuXML)	2005-08-05 13:32:16 +00:00
Remko Lodder	fe4ad03a99	Correct the ranges for the IPSec advisory and the devfs advisory. Also correct proper ranges for the zlib advisory. Approved by: portsmgr (blanket VuXML)	2005-08-05 10:34:41 +00:00
Remko Lodder	22fd9bb398	Document some recent FreeBSD advisories: o devfs -- ruleset bypass. o zlib -- buffer overflow vulnerability. o ipsec -- Incorrect key usage in AES-XCBC-MAC. Approved by: portsmgr (blanket VuXML)	2005-08-05 10:21:39 +00:00
Remko Lodder	6b21656446	Add some more entries to the apache -- http smuggling vulnerability. PR: ports/84312 Submitted by: Dmitry A Grigorovich <odip at bionet dot nsc dot ru> Approved by: portsmgr (blanket VuXML)	2005-08-04 15:56:53 +00:00
Simon L. B. Nielsen	379edd924d	Document proftpd -- format string vulnerabilities. Approved by: portmgr (blanket, VuXML)	2005-08-03 17:14:16 +00:00
Simon L. B. Nielsen	fa7419cac1	Note that the fix for gnupg -- OpenPGP symmetric encryption vulnerability in gnupg is not complete (see entry for details). Discussed with: nectar Approved by: portmgr (blanket, VuXML)	2005-08-03 16:54:47 +00:00
Simon L. B. Nielsen	79a8a98fa3	Mark p5-Crypt-OpenPGP, pgp, and pgpin as vulnerable to gnupg -- OpenPGP symmetric encryption vulnerability. Reminded by: nectar Approved by: portmgr (blanket, VuXML)	2005-08-03 11:58:12 +00:00
Simon L. B. Nielsen	e439b01dd9	Mark latest gdal version as fixed for all tiff vulnerabilities.	2005-08-01 18:38:11 +00:00
Niels Heinen	1e90f90311	Added nbsmtp format string vulnerability. Approved by: nectar (mentor)	2005-08-01 07:45:17 +00:00
Simon L. B. Nielsen	78b7cf7598	Mark latest the linux-tiff and pdflib ports safe from latest tiff vulnerability. Thanks to lawrance and netchild for fast fixes.	2005-07-31 23:39:50 +00:00
Simon L. B. Nielsen	609dafe78b	Document sylpheed -- MIME-encoded file name buffer overflow vulnerability.	2005-07-31 15:00:54 +00:00
Simon L. B. Nielsen	5d71ef8197	Document phpmyadmin -- cross site scripting vulnerability.	2005-07-31 13:50:20 +00:00
Simon L. B. Nielsen	053cdd10d9	Document gnupg -- OpenPGP symmetric encryption vulnerability. Note: this is mainly a theoretical vulnerability.	2005-07-31 13:23:50 +00:00
Remko Lodder	c58dccb6b5	Bump entry date. Forgotten by: remko Spotted by: simon	2005-07-31 11:38:25 +00:00
Remko Lodder	1053ed30f3	Document vim -- vulnerabilities in modeline handling: glob, expand. Discussed with: nectar, simon	2005-07-31 11:31:52 +00:00
Simon L. B. Nielsen	39a985e2b4	Document that ekg -- insecure temporary file creation was fixed in 1.6r2,1. Noted by: Michal Kalkowski	2005-07-30 22:20:27 +00:00
Simon L. B. Nielsen	64a8f10e17	Add pdflib-perl, fractorama, gdal, iv, ivtools, ja-iv, ja-libimg, paraview to recent libtiff vulnerabilities since they contain (and compile) an embedded version of libtiff...	2005-07-30 20:20:52 +00:00
Simon L. B. Nielsen	8c91f8349c	Change MAINTAINER address for ports maintained by the Security Team to secteam@ instead of security@ to make it more clear that the ports are not maintained by the freebsd-security@ mailing list. Both addresses go to the same people.	2005-07-30 19:13:10 +00:00
Simon L. B. Nielsen	819cb94b17	Document tiff -- buffer overflow vulnerability.	2005-07-30 15:48:06 +00:00
Simon L. B. Nielsen	80d009be80	- Misc. markup/whitespace fixes. - Collapse a few package entries from the latest apache entry (still matches same package names, is just shorter markup-wise). - Use standard topic style for jaberd entry. - Fix entry date for jaberd entry.	2005-07-30 11:18:20 +00:00
Vsevolod Stakhov	c2cb81e45a	Document jabberd vulnerabilities that were fixed by the latest update. Approved by: perky (mentor)	2005-07-30 10:00:41 +00:00
Simon L. B. Nielsen	b151450eb0	Be consistent and use the same title for the latest ethereal vulnerabilities as used for previous entries.	2005-07-30 09:24:47 +00:00
Simon L. B. Nielsen	1c4842c911	Document opera -- image dragging vulnerability and opera -- download dialog spoofing vulnerability.	2005-07-30 09:13:14 +00:00
Simon L. B. Nielsen	c5114fefb3	Document ethereal -- multiple vulnerabilities.	2005-07-30 08:26:06 +00:00
Clement Laforet	f758062b43	- Fix apache 2.1 range for CAN-2005-2088 entry which prevents apache 2.0 from upgrading. Pointyhat to: clement, remko Reviewed by: erwin	2005-07-28 08:51:43 +00:00
Remko Lodder	086e9785f3	Mark apache+mod_ssl-1.3.33+2.8.22_1 as not vulnerable in the latest Apache entry.	2005-07-28 04:22:14 +00:00
Remko Lodder	7e01fa0b51	There must be an curse. s/il/li/. Noticed by: nectar	2005-07-27 17:21:35 +00:00
Remko Lodder	5199530afe	Update my latest Apache entry to make clear that this only affects certain installations (when Apache is used as a HTTP proxy in combination with some web servers). I didn't make that clear in the first commit. Requested by: nectar Discussed with: clement	2005-07-27 17:01:45 +00:00
Remko Lodder	fe0cc1d802	Document apache -- http request smuggling. Requested by: clement Glanced at by: clement	2005-07-27 15:57:54 +00:00
Erwin Lansing	4667fefaa7	Set modified date in entry for previous commit. Cluebat swung by: simon	2005-07-26 13:32:39 +00:00
Erwin Lansing	3070ab2383	Note that the fd_set vulnerability in net/bld was fixed in 0.3.3 Prodded by: garga Glanced at by: remko	2005-07-26 10:50:56 +00:00
Hiroki Sato	783a425a47	Document clamav -- multiple remote buffer overflows.	2005-07-25 15:57:46 +00:00
Simon L. B. Nielsen	820ff3497c	- Document isc-dhcpd -- format string vulnerabilities (older vulnerabilty). [1] - Use standard title format for latest egroupware entry. Reminded by: Panagiotis Christias [1]	2005-07-23 09:30:01 +00:00
Jun Kuriyama	e9ae1a90f5	Add entry for eGroupWare's recent vulnerabilities.	2005-07-23 02:03:37 +00:00
Simon Barner	632103ed79	Document denial of service attack in fetchmail 6.5.2.1. Reported by: Matthias Andree <matthias.andree@gmx.de> Reviewed by: simon	2005-07-22 09:44:32 +00:00
Simon L. B. Nielsen	3d69e33260	Update phppgadmin entry to note that it was fixed in 3.5.4 and add a few references while here anyway. Prodded by: Tobias Roth (I think :-) )	2005-07-21 21:13:45 +00:00
Simon L. B. Nielsen	f1b860d9e5	Document dnrd -- remote buffer and stack overflow vulnerabilities.	2005-07-21 16:31:13 +00:00
Simon L. B. Nielsen	e2038fe047	Fix typo in last commit Noticed by: Matthias Andree <matthias.andree@gmx.de>	2005-07-21 13:38:26 +00:00
Simon L. B. Nielsen	f085ba4502	Add more references to latest fetchmail entry [1] and sort references while here anyway. Submitted by: Matthias Andree <matthias.andree@gmx.de> [1]	2005-07-21 10:56:44 +00:00
Tom Rhodes	8eb060fe5c	Document an issue with the LDAP backend provided by PowerDNS.	2005-07-21 08:43:12 +00:00
Simon L. B. Nielsen	a23f66e331	Document fetchmail -- remote root/code injection from malicious POP3 server. Submitted by: Matthias Andree <matthias.andree@gmx.de>	2005-07-20 19:43:05 +00:00
Michael Landin	4ccb5ee963	o add kdebase (kate) vulnarability. Reviewed by: simon	2005-07-18 20:07:26 +00:00
Simon L. B. Nielsen	28825cc36f	Add CVE names to recent bugzilla entry.	2005-07-18 09:54:06 +00:00
Simon L. B. Nielsen	e47a7c39fe	- Document firefox & mozilla -- multiple vulnerabilities. - Minor style nit in drupal entry: Use port name (i.e. lower case) as first part of the title.	2005-07-16 14:38:04 +00:00
Erwin Lansing	ede485957c	Add an entry for the drupal vulnerabilities.	2005-07-16 11:29:43 +00:00
Niels Heinen	5bab4982a8	Fixed incorrect newsfetch and mnogosearch affected package versions Approved by: nectar (mentor)	2005-07-15 14:34:59 +00:00
Jun Kuriyama	29216de4a6	Markup fixed version of net-snmp problem.	2005-07-13 03:04:17 +00:00
Remko Lodder	2472e1c59f	Correct a typo: s/lemote/remote/ Spotted by: simon	2005-07-09 20:02:57 +00:00
Remko Lodder	112e0da40d	Document the following vulnerabilities: phpSysInfo -- cross site scripting vulnerability mysql-server -- insecure temporary file creation net-snmp -- fixproc insecure temporary file creation phpbb -- multiple vulnerabilities shtool -- insecure temporary file creation Approved by: simon	2005-07-09 19:57:12 +00:00
Simon L. B. Nielsen	0580c39d0f	Document phppgadmin -- "formLanguage" local file inclusion vulnerability.	2005-07-08 21:36:19 +00:00
Simon L. B. Nielsen	f76a96caad	Document pear-XML_RPC -- information disclosure vulnerabilities.	2005-07-08 21:17:12 +00:00
Simon L. B. Nielsen	81b2a86d18	Document ekg -- insecure temporary file creation.	2005-07-08 21:03:14 +00:00
Simon L. B. Nielsen	775ddef518	Document bugzilla -- multiple vulnerabilities.	2005-07-08 20:29:16 +00:00
Simon L. B. Nielsen	5bbec38d7c	Document nwclient -- multiple vulnerabilities (old issues). PR: ports/82101 Submitted by: niels Noticed by: Derik van Zuetphen <dz@426.ch>	2005-07-08 20:04:13 +00:00
Simon L. B. Nielsen	feedb4a329	Add CAN reference to recent phpbb vulnerability.	2005-07-06 22:46:02 +00:00
Simon L. B. Nielsen	a7f693e9cd	Document acroread -- insecure temporary file creation.	2005-07-06 22:25:11 +00:00
Simon L. B. Nielsen	e51ea6f83d	Document two calmav vulnerabilities.	2005-07-06 22:14:55 +00:00
Simon L. B. Nielsen	7d9bb89690	- Add FreeBSD-SA-05:16.zlib. - Fix ranges for recent security advisories, a bunch of <le> really should have been <lt>.	2005-07-06 21:34:32 +00:00
Simon L. B. Nielsen	417582572e	Document acroread -- buffer overflow vulnerability.	2005-07-06 20:45:34 +00:00
Simon L. B. Nielsen	04bda21000	Document net-snmp -- remote DoS vulnerability.	2005-07-05 21:13:38 +00:00
Simon L. B. Nielsen	3cf5b1eda5	Document cacti -- multiple vulnerabilities. Prodded by: Babak Farrokhi <babak@farrokhi.net>	2005-07-05 20:33:11 +00:00
Simon L. B. Nielsen	24dbf34258	- Add another reference to bzip2 -- denial of service and permission race vulnerabilities. - Document two cases of wordpress -- multiple vulnerabilities.	2005-07-05 19:01:15 +00:00
Hiroki Sato	0c4160ee5f	Document the following issues: - phpbb -- remote PHP code execution vulnerability - pear-XML_RPC -- arbitrary remote code execution	2005-07-03 08:40:51 +00:00
Simon L. B. Nielsen	f47912670d	Add certvu reference to kernel -- TCP connection stall denial of service vulnerability.	2005-07-03 08:12:20 +00:00
Simon L. B. Nielsen	0ced0e71fb	Add FreeBSD-SA-05:13.ipfw, FreeBSD-SA-05:14.bzip2, and FreeBSD-SA-05:15.tcp.	2005-06-29 23:00:52 +00:00
Simon L. B. Nielsen	107f041052	Document ethereal -- multiple protocol dissectors vulnerabilities.	2005-06-24 20:38:40 +00:00
Hiroki Sato	6612153b41	Document tor -- information disclosure.	2005-06-24 10:22:18 +00:00
Hiroki Sato	a3b72b8856	Document linux-realplayer -- RealText parsing heap overflow.	2005-06-24 09:09:22 +00:00
Hiroki Sato	4d8593594d	Document ruby -- arbitrary command execution on XMLRPC server.	2005-06-23 06:55:35 +00:00
Sergey Matveychuk	578582c275	- net/cacti - potential SQL injection and cross site scripting attacks	2005-06-21 09:58:39 +00:00
Simon L. B. Nielsen	6d9112c46e	Document three opera issues.	2005-06-20 22:34:16 +00:00
Simon L. B. Nielsen	087a40724b	Document sudo -- local race condition vulnerability.	2005-06-20 20:18:18 +00:00
Simon L. B. Nielsen	3114180a17	Add another reference to the latest tcpdump issue.	2005-06-20 19:17:10 +00:00
Simon L. B. Nielsen	474b753410	- Add entry for trac -- file upload/download vulnerability. - Improve the last couple of entries a bit: - Whilespace cleanup. - Use standard topic format (port name first, then description starting with lower case). - Make sure SpamAssasin entry also match other 3.0.3 port revisions.	2005-06-20 19:09:23 +00:00
Sergey Matveychuk	30348bd7b9	- razor-agents DoS vulnerabilities PR: ports/82414 Submitted by: dawnshade <h-k@mail.ru>	2005-06-20 07:30:57 +00:00
Hiroki Sato	e21fc4f2ab	Fix year in <discovery> and <entry>. Noticed by: nectar Pointy hat to: hrs	2005-06-19 04:57:35 +00:00
Hiroki Sato	c602fda13e	Document SpamAssassin -- Denial of service vulnerability.	2005-06-18 17:27:50 +00:00
Hiroki Sato	dc454f0ed2	Document squirrelmail -- Several cross site scripting vulnerabilities.	2005-06-18 17:15:37 +00:00
Hiroki Sato	22d1dafaee	Document acroread -- XML External Entity vulnerability.	2005-06-18 16:54:40 +00:00
Simon L. B. Nielsen	81889035ad	Use standard topic format for gzip vulnerability.	2005-06-18 14:49:14 +00:00
Simon L. B. Nielsen	30a5cf4a1a	Document FreeBSD-SA-05:11.gzip.	2005-06-18 14:32:18 +00:00
Simon L. B. Nielsen	89d53d3ffa	Document SA-05:10.tcpdump.	2005-06-17 23:19:34 +00:00
Simon L. B. Nielsen	377794aabe	Document two vulnerabilities in Gaim.	2005-06-17 19:12:46 +00:00
Jacques Vidrine	f9737b9ea0	Document an older, more serious gallery vulnerability.	2005-06-17 18:37:41 +00:00
Jacques Vidrine	b193fa2396	Document XSS vulnerabilities in gallery.	2005-06-17 18:30:12 +00:00
Jacques Vidrine	e4cd0f13f2	Document KDE kstars vulnerability.	2005-06-17 18:11:27 +00:00
Jacques Vidrine	82957a65f9	Document fd_set overruns reported by 3APA3A.	2005-06-17 17:00:17 +00:00
Simon L. B. Nielsen	48712a5c45	Document leafnode -- denial of service vulnerability. Submitted by: Matthias Andree <matthias.andree@gmx.de>	2005-06-09 08:44:03 +00:00
Jacques Vidrine	2c16d53af1	Document a directory traversal issue in older GForge versions.	2005-06-03 19:45:36 +00:00
Jacques Vidrine	6050e992bd	Document an authentication bypass vulnerability in imap-uw.	2005-06-03 19:29:42 +00:00
Jacques Vidrine	b25fc36098	Document squid denial-of-service vulnerabilities.	2005-06-03 19:18:39 +00:00
Jacques Vidrine	adb7bd090b	Document a remote denial-of-service vulnerability in racoon.	2005-06-03 19:08:21 +00:00
Jacques Vidrine	3bf8b576b5	Document integer overflows in xli.	2005-06-03 18:24:44 +00:00
Jacques Vidrine	332584b9f0	Document arbitrary command execution vulnerabilities in xli and xloadimage.	2005-06-03 18:19:23 +00:00
Jacques Vidrine	13baf51f61	Add new CVE names for yamt entry.	2005-06-03 18:01:04 +00:00
Jacques Vidrine	fbeb74e4ef	Correct and improve recent xli entry: * It actually affected xloadimage and xli * A slightly better topic than just "buffer overflows" * More refererences * Fix the version number for xli... it is still vulnerable as of this writing	2005-06-03 17:56:42 +00:00
Jacques Vidrine	605ddbb901	Correct recently added yamt entry: * This is not CAN-2004-1302, which was documented much earlier * Try to explain the issue * Add the only public reference to the issue I can find	2005-06-03 16:26:13 +00:00
Tom Rhodes	3bd4a605ca	Buffer overflow in xli.	2005-06-03 04:48:47 +00:00
Tom Rhodes	2409064d10	Fix breakage I caused.	2005-06-03 02:15:20 +00:00
Tom Rhodes	afa68b90b9	Note buffer overflows and directory transversal issues in audio/ymat.	2005-06-03 02:09:22 +00:00
Jacques Vidrine	d16a63702b	Update entry for FreeStyle Wiki: * <topic> style: ASCII em-dash "--" for separator * replace quoted text with more informative excerpt from a Secunia advisory * add CVE name	2005-06-01 17:16:28 +00:00
Jacques Vidrine	72e20d184e	Document vulnerabilities in XView library.	2005-06-01 17:07:58 +00:00
Jacques Vidrine	8d253084b7	document a vulnerability in xtrlock	2005-06-01 16:52:45 +00:00
Jacques Vidrine	6c9cf8ca51	Document vulnerabilities reported in the Red Hat 7.1 libraries.	2005-06-01 16:27:15 +00:00
Jacques Vidrine	e72a2d7a21	Document squirrelmail vulnerabilities.	2005-06-01 16:09:53 +00:00
Jacques Vidrine	9327563586	correct version number for mailman password generation issue	2005-06-01 15:53:40 +00:00
Jacques Vidrine	e556aa2809	Document vulnerability in set-user-ID sympa application.	2005-06-01 15:51:40 +00:00
Jacques Vidrine	41bd4d3d69	Another older mailman vulnerability, somewhat minor	2005-06-01 15:36:40 +00:00
Jacques Vidrine	8772585d06	Add year-old mailman vulnerability, that seems to not have been previously documented here.	2005-06-01 15:27:01 +00:00
Jacques Vidrine	354879700a	document Apache Jakarta Tomcat 5.x XSS issue	2005-06-01 14:48:38 +00:00
Simon L. B. Nielsen	4c6ccc52ae	Mark samba-2.2.12.j1.0beta1_2 as safe from "samba -- integer overflow vulnerability". Reminded by: NAKAJI Hiroyuki <nakaji@jp.freebsd.org>	2005-05-29 15:01:13 +00:00
Jun Kuriyama	f938b82a85	- Update to 3.5.8 (including XSS problem fix). Submitted by: Toshiya SAITOH <toshiya@saitoh.nu> PR: ports/81520	2005-05-29 03:06:34 +00:00
Remko Lodder	d926fe33ad	Remove a forgotten :. Spotted by: simon	2005-05-22 13:27:44 +00:00
Remko Lodder	855583f4c5	Document the following issues: o freeradius -- sql injection and denial of service vulnerability o ppxp -- local root exploit o oops -- format string vulnerability Approved by: simon	2005-05-22 13:18:12 +00:00
Simon L. B. Nielsen	20ce7ae978	Fix entry dates for latest squid entries.	2005-05-19 19:56:44 +00:00
Remko Lodder	78d9296cfb	Reword the cdrdao entry, this includes comments from Simon which i overlooked. Forgotten by: remko Spotted by: simon	2005-05-19 19:48:14 +00:00
Pav Lucistnik	33ad773d04	- Update Squid to 2.5.STABLE10 PR: ports/81213 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)	2005-05-19 14:17:01 +00:00
Remko Lodder	0cbfe8bb84	Document cdrdao -- unspecified privilege escalation vulnerability. Approved by: simon	2005-05-19 04:17:32 +00:00
Simon L. B. Nielsen	380d6e3f4f	Document two gaim issues.	2005-05-14 03:43:46 +00:00
Jacques Vidrine	eeff5de414	Add FreeBSD-SA-05:09.htt.	2005-05-13 16:24:43 +00:00
Jacques Vidrine	ef928928c0	$EDITOR should not be quoted. It might be "emacsclient -a vi" or something.	2005-05-13 15:34:49 +00:00
Jacques Vidrine	c4aefa7f29	MAINTAINER -> security@FreeBSD.org	2005-05-13 15:33:48 +00:00
Jacques Vidrine	d2df430c95	Update some leafnode references. Add new leafnode vulnerability. PR: ports/80724 Submitted by: Matthias Andree <matthias.andree@gmx.de>	2005-05-13 15:32:12 +00:00
Simon L. B. Nielsen	e025db3bee	Document two new vulnerabilities in mozilla/firefox.	2005-05-12 09:59:32 +00:00
Simon L. B. Nielsen	67d37ee36f	Document mozilla -- code execution via javascript: IconURL vulnerability.	2005-05-11 19:00:49 +00:00
OKAZAKI Tetsurou	1b0ba2026b	Document some vulnerabilities in groff. - pic2graph and eqn2graph are vulnerable to symlink attack through temporary files - groffer uses temporary files unsafely PR: ports/80671 Submitted by: KOMATSU Shinichiro	2005-05-09 07:04:52 +00:00
Sergey Matveychuk	71d86350f9	- gnu-radius exploitation was fixed in maintenance release 1.2.94 as reported in http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities PR: ports/80558 (follow-up) Submitted by: Vsevolod Stakhov <vsevolod@highsecure.ru>	2005-05-03 10:14:18 +00:00
Greg Lewis	f774451a8a	. Update the version for the jar(1) vulnerability so that 1.2.2p11_4 is no longer considered vulnerable. Adjust the modified date for the entry.	2005-05-02 18:57:25 +00:00
Remko Lodder	c13702b175	Document sharutils -- unshar insecure temporary file creation Approved by: simon	2005-05-01 14:33:37 +00:00
Remko Lodder	d3e3b64b15	Document rsnapshot -- local privilege escalation Approved by: simon	2005-05-01 12:25:14 +00:00
Brooks Davis	4b560ceb5b	coppermine -- IP spoofing and XSS vulnerability	2005-05-01 00:30:17 +00:00
Greg Lewis	f4f21ea49f	. Correct the range of vulnerable jdk14 ports for the jar(1) vulnerability and update the modified time for the entry.	2005-04-29 15:00:58 +00:00
Simon L. B. Nielsen	71d5e8a65b	Document ImageMagick -- ReadPNMImage() heap overflow vulnerability.	2005-04-27 21:35:57 +00:00
Simon L. B. Nielsen	f50fab0412	Bump modified date for last commit.	2005-04-27 21:24:36 +00:00
Greg Lewis	62d1ab007c	. Adjust ranges so that jdk-1.3.1p9_5 is no longer marked as vulnerable to the jar(1) vulnerability but is still marked vulnerable to the browser plugin vulnerability (although the plugin is no longer built by default).	2005-04-27 20:46:04 +00:00
Simon L. B. Nielsen	6cace676b3	Document mplayer & libxine -- MMS and Real RTSP buffer overflow vulnerabilities.	2005-04-25 21:53:19 +00:00
Simon L. B. Nielsen	991aff6f40	Document some older vulnerabilities in GAIM.	2005-04-25 21:10:40 +00:00
Simon L. B. Nielsen	feb5c578e2	Document kdewebdev -- kommander untrusted code execution vulnerability.	2005-04-23 11:40:18 +00:00
Remko Lodder	4de44e69c4	Fix a typo in the kdelibs - kimgio entry.	2005-04-22 21:53:43 +00:00
Remko Lodder	dfd9e7da6d	junkbuster -- heap corruption vulnerability and configuration modification vulnerability Approved by: simon	2005-04-22 21:52:07 +00:00
Simon L. B. Nielsen	882359b80a	Document kdelibs -- kimgio input validation errors.	2005-04-22 08:22:58 +00:00
Simon L. B. Nielsen	80a3080ca1	Mark latest openoffice 1.1 as fixed wrt. openoffice -- DOC document heap overflow vulnerability. Informed by: maho	2005-04-19 22:09:46 +00:00
Remko Lodder	aab5979e99	Document gld -- format string and buffer overflow vulnerabilities	2005-04-19 11:14:23 +00:00
Christian Weisgerber	e31b579a93	Document remote buffer overflow in ftp/axel.	2005-04-17 15:34:43 +00:00
Simon L. B. Nielsen	2bbbbc938d	Document firefox -- PLUGINSPAGE privileged javascript execution (also from the < 1.0.3 batch).	2005-04-16 22:52:07 +00:00
Remko Lodder	7ce5f5f5eb	Document jdk - jar directory traversal vulnerability. Approved by: simon	2005-04-16 22:35:09 +00:00
Simon L. B. Nielsen	c6463c5ae8	Document several mozilla/firefox issues.	2005-04-16 16:12:02 +00:00
Simon L. B. Nielsen	b8e8bd4784	Mark wget >= 1.10.a1 safe from the "wget -- multiple vulnerabilities" entry. Info provided by: sf	2005-04-15 21:47:10 +00:00
Simon L. B. Nielsen	c666625667	Document openoffice -- DOC document heap overflow vulnerability.	2005-04-13 23:17:14 +00:00
Simon L. B. Nielsen	2a6230f941	Fix and document insecure temporary file handling in portupgrade. Security: CAN-2005-0610 Security: http://vuxml.FreeBSD.org/22f00553-a09d-11d9-a788-0001020eed82.html Approved by: erwin (mentor), maintainer timeout OK'ed by: portmgr Reviewed by: nectar	2005-04-12 08:24:48 +00:00
Simon L. B. Nielsen	c5a9b3a376	Document three GAIM vulnerabilities.	2005-04-10 19:41:46 +00:00
Simon L. B. Nielsen	4ac987a82c	Document an old PHP issue.	2005-04-10 18:47:06 +00:00
Simon L. B. Nielsen	63de08eab1	Document squid -- DoS on failed PUT/POST requests vulnerability. Submitted by: Devon H. O'Dell <dodell@offmyserver.com> (original version)	2005-04-10 10:22:18 +00:00
Pav Lucistnik	b1c64c078b	- Fix closing tag on the entry I just touched. Pointed out by: still Chimera Blaming: too much bear earlier tonight	2005-04-09 20:42:03 +00:00
Pav Lucistnik	ecf039676f	- Add <modified> to the entry I just touched Prodded by: Chimera	2005-04-09 20:38:37 +00:00
Pav Lucistnik	e22567b87a	- CAN-2005-0133 is fixed in clamav-devel-20050408 PR: ports/79688 Submitted by: Renato Botelho <freebsd@galle.com.br>	2005-04-09 20:21:47 +00:00
Simon L. B. Nielsen	3325b65493	Bump modified date for entry modified last commit.	2005-04-05 20:57:06 +00:00
Hajimu UMEMOTO	f17f51ad0e	add CVE name to latest vuln of Cyrus IMAPd.	2005-04-05 20:03:49 +00:00
Thierry Thomas	24b5ab2bb9	Add an entry for a XSS vulnerabilty fixed in horde-3.0.4.	2005-04-05 19:57:09 +00:00
Simon L. B. Nielsen	7e369a9d2b	Document wu-ftpd -- remote globbing DoS vulnerability.	2005-04-04 20:06:01 +00:00
Simon L. B. Nielsen	08a1fddf90	Add CVE name to hashash entry.	2005-04-03 06:53:58 +00:00
Christian Weisgerber	7ce77e7525	Document hashcash format string vulnerability.	2005-04-02 23:15:17 +00:00
Simon L. B. Nielsen	3ea2a15c21	Document clamav -- zip handling DoS vulnerability. Approved by: portmgr (blanket, VuXML)	2005-03-26 20:49:39 +00:00

... 2 3 4 5 6 ...

971 commits