kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
148382 commits 42 branches 80 tags 2.7 GiB
Commit graph

1006 commits

Author SHA1 Message Date
Remko Lodder
53991e4223 Also mark all other versions of FreeBSD (That were released) as 
vulnerable.

Noticed by:	brueffer
Discussed with:	brueffer, simon
 2006-04-19 17:53:26 +00:00
Remko Lodder
e74e70ddc0 Add FreeBSD -- FPU information disclosure (SA-06:14) to the 
vuxml list.
 2006-04-19 17:36:56 +00:00
Simon L. B. Nielsen
ce1b83e95a Add some CERT references to latest Mozilla entry. 2006-04-18 19:39:22 +00:00
Marcus Alves Grando
a4e46f07ab plone -- "member_id" Parameter Portrait Manipulation Vulnerability 2006-04-18 13:48:46 +00:00
Simon L. B. Nielsen
cd8ff57933 Fix copy/paste error in last commit and mark linux-mozilla < 1.7.13 as 
vulnerable.
 2006-04-16 22:02:11 +00:00
Simon L. B. Nielsen
e07ffdcc18 Document mozilla/firefox/thunderbirds's latest attempt at Internet 
Explorer compatibility.

Note that I omitted marking some really old mozilla versions as
vulnerable this time, since there is already a bunch of entries
covering these versions (which haven't been in ports for a while).
 2006-04-16 21:52:31 +00:00
Emanuel Haupt
244f2b5f51 Update entry for sysutils/heartbeat. The insecure temporary file creation 
vulnerability is fixed in 1.2.4.

Approved by:	secteam (simon)
 2006-04-16 13:00:04 +00:00
Marcus Alves Grando
587b3e48fb mailman -- Private Archive Script Cross-Site Scripting 2006-04-16 01:52:16 +00:00
Remko Lodder
7e9c6efc20 Document f2c -- insecure temporary files. 
It is not very clear to me to see what version is fixed.  The one fixing
this port should import the latest available one which is fixed.
 2006-04-10 19:11:14 +00:00
Marcus Alves Grando
2a4e03ec76 mplayer -- Multiple integer overflows 2006-04-08 14:53:00 +00:00
Marcus Alves Grando
84746ec7d3 - Add Secunia references for last phpMyAdmin issue. 2006-04-07 14:15:02 +00:00
Remko Lodder
519fd752c5 Document kaffeine -- buffer overflow vulnerability. 2006-04-07 11:23:05 +00:00
Remko Lodder
463ef4e6b1 Document thunderbird -- javascript execution. 2006-04-07 10:38:53 +00:00
Remko Lodder
9c636d302a Update the latest zoo entry to match the latest update to the port. 
This will mark zoo-2.10.1_2 and later as not vulnerable for this
issue.
 2006-04-06 17:30:16 +00:00
Marcus Alves Grando
7f57c9182c phpmyadmin -- XSS vulnerabilities 
phpmyadmin -- 'set_theme' Cross-Site Scripting
 2006-04-06 16:44:46 +00:00
Marcus Alves Grando
f926976ec0 clamav -- Multiple Vulnerabilities 2006-04-06 15:30:12 +00:00
Remko Lodder
ca0e535fe7 Add cvename to the recent OpenVPN entry. 
Submitted by:	Matthias Andree <matthias dot andree at gmx dot de>
 2006-04-06 04:47:47 +00:00
Remko Lodder
a0ddc702a3 Document mediawiki -- hardcoded placeholder string security bypass 
vulnerability.
 2006-04-05 20:00:17 +00:00
Remko Lodder
fc258f1004 Document netpbm -- buffer overflow in pnmtopng. 2006-04-05 19:50:24 +00:00
Remko Lodder
f15877a546 Document zoo -- stack based buffer overflow. 2006-04-05 19:23:10 +00:00
Remko Lodder
eeb9bc7a2f Document mediawiki -- cross site scripting vulnerability. 2006-04-05 19:02:44 +00:00
Marcus Alves Grando
e532bbaa7d dia -- XFig Import Plugin Buffer Overflow 2006-04-05 17:37:37 +00:00
Marcus Alves Grando
043a17fd5f openvpn -- LD_PRELOAD code execution on client through malicious or compromised server 
PR:		95343
Submitted by:	Matthias Andree <matthias.andree__gmx.de>
 2006-04-05 14:57:46 +00:00
Marcus Alves Grando
d9ff0f6565 samba -- Exposure of machine account credentials in winbind log files 2006-04-05 04:33:24 +00:00
Brooks Davis
77e1e58771 Upgrade pubcookie from 3.3.0-beta2 to 3.3.0a fixing serious XSS 
vulnerabilities.
 2006-04-05 03:46:56 +00:00
Edwin Groothuis
baee87aba2 Fill in the version numbers for the vids 
6e3b12e2-6ce3-11da-b90c-000e0c2e438a and
82a41084-6ce7-11da-b90c-000e0c2e438a to show which Mantis versions
are vulnerable.

Submitted by:	In cooperation with dvl
 2006-04-01 05:01:11 +00:00
Simon L. B. Nielsen
16fb63b929 For horde -- remote code execution vulnerability in the help viewer 
entry:
- Add more references.
- Reformat description to follow normal formatting style better.
- Remove a redundant line in the description to make the meaning more
  clear.
 2006-03-30 06:53:30 +00:00
Marcus Alves Grando
0354370716 freeradius -- EAP-MSCHAPv2 Authentication Bypass 2006-03-29 19:08:51 +00:00
Thierry Thomas
92a2d1b920 Add an entry about Horde's remote code execution vulnerability in the 
help viewer.
 2006-03-28 18:13:13 +00:00
Marcus Alves Grando
e841881f4b linux-realplayer -- buffer overrun 
linux-realplayer -- heap overflow

Reviewed by:	simon
 2006-03-27 19:06:53 +00:00
Remko Lodder
ac7f108ff9 s/8 spaces/tab/ in the sendmail entry. 
Noticed by:	simon
 2006-03-24 18:02:29 +00:00
Remko Lodder
6767097f01 Record that our sendmail port was also vulnerable. 
Bump modification date.
 2006-03-24 17:10:23 +00:00
Remko Lodder
d81923c6b4 Update the 'Evolution - remote format string vulnerabilities' entry. 2006-03-24 13:08:53 +00:00
Remko Lodder
f9cee5162f Document the latest three FreeBSD Security Advisories: 
SA-06:13
SA-06:12
SA-06:11
 2006-03-24 12:25:58 +00:00
Dejan Lesjak
461e2908dc xorg-server -- privilege escalation 
Reviewed by:	simon
 2006-03-21 17:05:15 +00:00
Marcus Alves Grando
48b19385b0 - heimdal -- Multiple vulnerabilities 
Reviewed by:	simon
 2006-03-20 15:21:49 +00:00
Vasil Dimov
4ff24336d9 Document ftp/curl's TFTP packet buffer overflow vulnerability 
Reworked by:	simon
Approved by:	security-officer (simon)
 2006-03-20 12:58:15 +00:00
Brooks Davis
f9aea91fed Add drupal <= 4.6.5 vulns. 2006-03-17 23:24:43 +00:00
Thierry Thomas
bfbd4b55b2 Add an entry for Horde < 3.1 (SA19246). 
Noticed by:	mnag
 2006-03-15 21:27:33 +00:00
Simon L. B. Nielsen
4fcab4c05c Document linux-flashplugin -- arbitrary code execution vulnerability. 2006-03-15 07:10:33 +00:00
Remko Lodder
1d8c141834 Document nfs -- remote denial of service (FreeBSD: SA-06:10) 
Approved by:	portmgr (blanket VuXML)
 2006-03-12 21:25:12 +00:00
Remko Lodder
bd046df41f Add OpenSSH Remote Denial of Service (FreeBSD SA-06:09.openssh) to the 
vuxml list.

Approved by:	portmgr (Blanket VuXML)
 2006-03-12 19:57:53 +00:00
Remko Lodder
70a8938a87 Correct the gpg entry wrt. style. 
Approved by:		portmgr (Blanket VuXML)
 2006-03-11 10:38:10 +00:00
Jun Kuriyama
b73fb62f12 Update to 1.4.2.2. 
Security:	GnuPG does not detect injection of unsigned data
References:	http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
Probbed by:	simon
Approved by:	portmgr (erwin)
 2006-03-09 22:44:35 +00:00
Vasil Dimov
991064231d Document multimedia/mplayer's heap overflow in the ASF demuxer 
Reviewed by:	simon
Approved by:	portmgr (implicit), security-officer (simon)
 2006-03-09 10:53:14 +00:00
Marius Strobl
861c04f5ea Add the ssh2-nox11 slave port to the list of ports affected by 
VID 594ad3c5-a39b-11da-926c-0800209adf0e.

Prodded by:	Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
Approved by:	portmgr (erwin)
 2006-03-06 12:15:25 +00:00
Marius Strobl
888793f6ac Document a SSH.COM SFTP server format string vulnerability affecting 
the security/ssh2 port.

Approved by:	portmgr (erwin)
 2006-03-04 17:31:06 +00:00
Christian Weisgerber
d3926c182d Document GNU tar invalid headers buffer overflow. 
Approved by:	portmgr (erwin)
 2006-03-04 15:03:46 +00:00
Remko Lodder
52dcfc0417 Remove the pinentry entry. It was gentoo specific and I overlooked 
that.

Noticed by:	Dejan Lesjak <dejan dot lesjak at ijs dot si>
Pointyhat:	remko
Approved by:	portmgr (implicit VuXML)
 2006-02-27 20:16:33 +00:00
Sergey Skvortsov
bb655e6ade Document Bugzilla [2.*, 2.20.1) vulnerabilities. 
Approved by:	security-officer (simon)
Approved by:	portmgr (implicit)
 2006-02-27 14:36:52 +00:00