freebsd-ports

Author	SHA1	Message	Date
Martin Wilke	1831cf3564	- Fix discovery date on my previous commit Approved by: portmgr (ports-security blanket)	2007-11-01 15:16:37 +00:00
Martin Wilke	b1780d50df	- document wordpress -- cross-site scripting Reviewed by: simon Approved by: portmgr (ports-security blanket)	2007-11-01 12:46:52 +00:00
Xin LI	3c0238f590	Extend coverage to OpenLDAP 2.4.x series which is affected according to CVS history. Approved by: portmgr (ports-security blanket)	2007-11-01 00:58:11 +00:00
Xin LI	12b31a21c3	Document openldap multiple vulnerabilities. Approved by: portmgr (ports-security blanket)	2007-10-31 21:48:26 +00:00
Simon L. B. Nielsen	0cbcb19f7c	Bump modified date for entry updated in last commit. Approved by: portmgr (secteam blanket)	2007-10-31 17:21:15 +00:00
Palle Girgensohn	109a1ae1a1	Update vuxml to reflect that mod_jk and mod_jk-ap2 have different portepochs. Approved by: portmgr (pav)	2007-10-31 16:38:07 +00:00
Martin Wilke	5486dda5b2	- Update mozilla -- code execution via Quicktime media-link files PR: 117704 Submitted by: John Hein <jhein@timing.com> Reviewed by: simon Approved by: portmgr (blanket) secteam (blanket via simon)	2007-10-31 12:44:03 +00:00
Xin LI	b046226089	Document django DoS issue.	2007-10-28 22:22:45 +00:00
Martin Wilke	0bc4193a2e	- Fix day entry for 498a8731-7cfc-11dc-96e6-0012f06707f0 Reviewed by: simon	2007-10-26 20:41:39 +00:00
Martin Wilke	b7852ea261	- Document opera -- multiple vulnerabilities Reviewed by: remko	2007-10-25 18:34:32 +00:00
Martin Wilke	3c22b82ef3	- Document drupal --- multiple vulnerabilities Reviewed by: simon	2007-10-25 08:47:21 +00:00
Martin Wilke	af520b1e1d	- Document ldapscripts -- Command Line User Credentials Disclosure PR: 117152 Submitted by: Ganael Laplanche <ganael.laplanche at martymac.com> (maintainer/author) rafan@ Reviewed by: simon@	2007-10-23 11:12:41 +00:00
Xin LI	79f666f212	Modify firefox entry to cover linux-* variants.	2007-10-22 18:51:32 +00:00
Xin LI	e8d809578a	Document firefox JavaScript Entrapment vulnerabilities.	2007-10-22 01:37:31 +00:00
Martin Wilke	7a91a45be7	- Fix year entry in 498a8731-7cfc-11dc-96e6-0012f06707f0 Submitted by: freshports Thanks to: Dan Langille	2007-10-20 20:48:33 +00:00
Marcus Alves Grando	dd323d2da4	- Add new line between entries.	2007-10-19 14:23:35 +00:00
Stanislav Sedov	c0e14e480e	- Add entry about recent phpMyAdmin XSS server_status.php vulnerability - Fix URL in my previous entry while I'm here.	2007-10-17 22:15:35 +00:00
Stanislav Sedov	905ba3f81c	- Fix package name in 51b51d4a-7c0f-11dc-9e47-0011d861d5e2 and 229577a8-0936-11db-bf72-00046151137e entries (phpmyadmin->phpMyAdmin).	2007-10-16 18:29:34 +00:00
Stanislav Sedov	f6e0ab5ae1	- Add entry about phpMyAdmin XSS vulnerability.	2007-10-16 18:13:04 +00:00
Martin Wilke	10c764870c	nagios-plugins -- Long Location Header Buffer Overflow Vulnerability Reviewed by: simon	2007-10-13 09:45:26 +00:00
Martin Wilke	7690f9d607	Document png -- multiple vulnerabilities Reviewed by: simon	2007-10-11 17:28:01 +00:00
Remko Lodder	279fd2f245	Document ImageMagick - Multiple vulnerabilities Submitted by: Nick Barkas	2007-10-10 12:47:22 +00:00
Remko Lodder	d325269732	Correct mediawiki package names. Spotted by: Nick Barkas	2007-10-10 12:35:43 +00:00
Martin Wilke	85cbee74af	- Dokument jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented Reviewed by: remko	2007-10-09 07:18:11 +00:00
Florent Thoumie	19c9068753	Document xfs -- multiple vulnerabilities.	2007-10-08 12:05:08 +00:00
Martin Wilke	30f9615ad2	- Document tcl/tk -- buffer overflow in ReadImage function PR: 116881 Submitted by: Nick Barkas <snb@threerings.net> Reviewed by: simon	2007-10-05 09:35:49 +00:00
Xin LI	d42f9fd9d4	Document firebird multiple remote buffer overflow vulnerabilities	2007-10-04 22:56:29 +00:00
Remko Lodder	f0bb9c6ed8	Update the bugzilla and mediawiki entries to properly match their corrected versions. Prodded by: Nick Barkas (and a few others)	2007-10-02 18:27:37 +00:00
Xin LI	abc5f7d1e6	Update to reflect the fixed version of id3lib.	2007-10-02 02:04:41 +00:00
Xin LI	c28f02d4c5	Document id3lib insecure temporary file creation vulnerability	2007-10-01 21:04:45 +00:00
Martin Wilke	0d4684e032	- modify mediawiki entry (add missing mediawiki18) Reviewed by: remko	2007-09-23 09:09:33 +00:00
Xin LI	403f96dca0	Some PHP 5.x vulnerabilities is also found in PHP 4.x series, unfortunately it seems that there is no newer PHP release to fix these issue for 4.x series, so mark it as so. While I'm there add a new CVE that was not mentioned in previous revision of entry.	2007-09-23 01:37:06 +00:00
Remko Lodder	c226087002	Document mediawiki -- cross site scripting vulnerability, our port versions had not been updated yet, 1.8.x is not vulnerable by default unless you are using the $wgEnableAPI = true; statement, in that case please set it to $wgEnableAPI = false; (where possible ofcourse, else upgrade to 1.8.5).	2007-09-21 13:14:29 +00:00
Remko Lodder	0dc1a827d6	Document wordpress -- remote sql injection vulnerability, our versions are already up to date for this vulnerability.	2007-09-21 13:02:53 +00:00
Remko Lodder	860a19c188	samba -- nss_info plugin privilege escalation vulnerability, the FreeBSD port had already been fixed for this.	2007-09-21 12:41:29 +00:00
Remko Lodder	073f037882	Document bugzilla -- multiple vulnerabilities PR: ports/116060 Submitted by: Nick Barkas <snb at threerings dot net>, minor nits from me	2007-09-21 06:49:49 +00:00
Xin LI	3739d27ad1	Document clamav CVE-2007-4510 issue (Remote DoS).	2007-09-21 06:35:53 +00:00
Remko Lodder	e5c43d59a4	Document coppermine -- multiple vulnerabilities, the FreeBSD port is already up to date.	2007-09-20 12:20:27 +00:00
Remko Lodder	97fb53af1d	Document openoffice -- arbitrary command execution vulnerability, all current versions marked vulnerable, everything as of 2.3 is believed to be fixed, but we do not have that yet ( I am also not sure whether the -devel version has the correct fix or not ) so lets be on the safe side till we know what version will be fixed in our repro.	2007-09-20 12:12:53 +00:00
Remko Lodder	aea8d6dfc2	Document bugzilla -- "createmailregexp" security bypass vulnerability, marking all versions as vulnerable till we know what version is the one fixed in our CVS repository.	2007-09-20 12:04:29 +00:00
Simon L. B. Nielsen	d455c815f2	Spell Ulf Harnhammar (ASCII version of name) using UTF-8 instead of HTML entities which can't be assumed is available to a paser by default. This fixes a warning from packaudit.	2007-09-19 19:24:45 +00:00
Remko Lodder	995f5c074d	Document kdm -- passwordless login vulnerability Document konquerer -- address bar spoofing Inspired by: lofi's cvs commits	2007-09-19 17:06:27 +00:00
Remko Lodder	ce6cba4277	Document flyspray -- authentication bypass Submitted by: Nick Hilliard <nick at foobar dot org>	2007-09-19 16:56:12 +00:00
Remko Lodder	7edc14ebb7	Document mozilla -- code execution via Quicktime media-link files, The Mozilla advisory talks somewhat about Windows for this matter, but better be safe then sorry (An updated firefox is available already).	2007-09-19 16:50:47 +00:00
Xin LI	da652c7e22	Update the PHP vulnerability entry: - Use php5 to cover php 5.x as the port did. - Add more information about the vulnerability. Submitted by: Nick Barkas <snb threerings net> PR: ports/116182	2007-09-13 05:50:33 +00:00
Remko Lodder	7e08d5963d	Correct a style nit and bump modification date. Bump modification date for "xpdf -- stack based buffer overflow" which was forgotten by Jeremy (mezz) :-)	2007-09-11 19:40:02 +00:00
Xin LI	8fc8f53403	Document Apache 2.0.x, 2.2.x series' vulnerabilities as well as security related improvements in php 5.2.4.	2007-09-11 06:20:54 +00:00
Jeremy Messenger	64e2ff2812	There is no code of CVE-2007-3387 vulnerability in evince, therefore remove it from the database. It only merely depends on poppler and poppler has been patched (marked as safe in database).	2007-09-10 21:59:15 +00:00
Marcus Alves Grando	3807aca979	- lighttpd -- FastCGI header overrun in mod_fastcgi	2007-09-10 13:37:24 +00:00
Remko Lodder	ac7d766ec1	Fix mod_jk's version since PORTEPOCH came into play. PR: 116115 Reported by: Klavs Klavsen <klavs at EnableIT dot dk>	2007-09-05 11:26:31 +00:00
Gabor Kovesdan	f855bc5f58	rkhunter -- insecure temporary file creation Reviewed by: remko	2007-09-05 08:50:44 +00:00
Gabor Kovesdan	4dec94b806	lsh -- multiple vulnerabilities Reviewed by: remko	2007-09-05 08:47:00 +00:00
Simon L. B. Nielsen	5a5dfabb6a	Document fetchmail -- denial of service on reject of local warning message. Submitted by: Matthias Andree <matthias.andree@gmx.de> PR: ports/??? (Not received by GNATS yet)	2007-09-02 12:09:33 +00:00
Christian Weisgerber	7ff7ed0c21	Document gtar directory traversal vulnerability. PR: 115914 Submitted by: Nick Barkas <snb@threerings.net>	2007-09-01 16:04:23 +00:00
Martin Wilke	cc5c791ddd	- Marked sylpheed2 as safe. Reviewed by: remko	2007-08-28 21:03:19 +00:00
Martin Wilke	1d39bb8c71	- Fix a typo.	2007-08-27 19:52:30 +00:00
Martin Wilke	b78c971c8a	- Document Sylpheed / Sylpheed-Claws POP3 Format String Vulnerability Reviewed by: simon	2007-08-27 19:44:03 +00:00
Simon L. B. Nielsen	539ab171b2	From latest Opera entry: - Remove redundant information. - Bump modified date for recent changes to the entry.	2007-08-25 19:36:42 +00:00
Ion-Mihai Tetcu	710346a74a	linux-opera and (for the moment defunct) opera-devel are also affected by df4a7d21-4b17-11dc-9fc2-001372ae3ab9 - Vulnerability in javascript handling so addd them to the entry. Submitted by: sat@	2007-08-24 15:20:16 +00:00
Xin LI	edcf248194	Update vuln.xml for rsync 2.6.9_1 which fixed CVE-2007-4091	2007-08-22 16:31:46 +00:00
Xin LI	18567a346b	Document rsync off-by-one stack overflow vulnerability.	2007-08-21 17:20:28 +00:00
Martin Wilke	8a0f887836	- Update the wordpress -- unmoderated comments disclosure entry. Is safe with the 2.2.2 Release. Approved by: simon	2007-08-16 11:53:01 +00:00
Ion-Mihai Tetcu	3eebdacd1c	Add info about www/opera's JavaScript vulnerability PR: ports/115543 Submitted by: Arjan van Leeuwen (maintainer) Reviewed by: simon@	2007-08-15 12:15:39 +00:00
Remko Lodder	5e0a055e4b	Fix the flac entry by specificing the correct fixed version. Bump modification date to reflect the above change. Submitted by: Stefan Ehmann	2007-08-10 07:31:11 +00:00
Martin Wilke	438b6f0455	- Document fsplib -- multiple vulnerabilities Reviewed by: remko	2007-08-02 19:52:51 +00:00
Martin Wilke	5e58e941e8	Document joomla -- multiple vulnerabilities Approved by: simon/remko	2007-08-02 18:50:06 +00:00
Remko Lodder	337ca9c149	Use the superseded attribute in the cancelled tcpdump entry. Requested by: simon	2007-08-02 11:09:13 +00:00
Remko Lodder	7df934cf0e	Document FreeBSD -- Buffer overflow in tcpdump(1). See: FreeBSD-SA-07:06.tcpdump This commit also takes over the older tcpdump entry that was specific to ports, I merged that into this entry and I retired the old one.	2007-08-02 07:22:25 +00:00
Remko Lodder	b945a8a163	Bump modification date for: SA-07:04.file Which I just touched.	2007-08-02 06:18:19 +00:00
Remko Lodder	1dd565c3dc	Correct the fixed version for the jail advisory which was revised yesterday. Also correct the <freebsdsa>FreeBSD-SA* tags which should not have FreeBSD in between.	2007-08-02 06:17:31 +00:00
Remko Lodder	cd4c734e40	Document FreeBSD -- Predictable query ids in named(8) See: FreeBSD-SA-07:07.bind	2007-08-02 06:15:15 +00:00
Martin Wilke	8a04ae0c28	- Marked phpSysInfo as safe Reviewed by: remko	2007-08-01 17:51:26 +00:00
Shaun Amott	6974f265d6	Update phpSysInfo entry: the current version (2.5.3) is affected.	2007-08-01 00:47:02 +00:00
Martin Wilke	60ebdbd581	Update mozilla entry - Marked seamonkey as safe Submitted by: John E. Hein <jhein@timing.com> Reviewed by: simon	2007-07-31 22:21:22 +00:00
Martin Wilke	b39b792f74	Update the xpdf entry - Marked poppler as save	2007-07-31 14:43:22 +00:00
Martin Wilke	168c561a7d	Update xpdf entry - Marked cups-base as safe - Add poppler as affected port Reviewed by: simon	2007-07-31 13:33:33 +00:00
Martin Wilke	8d605e2e9f	- Fix tcpdump entry	2007-07-31 11:31:29 +00:00
Martin Wilke	46aa01e61c	Document xpdf -- stack based buffer overflow Reviewed by: simon/remko	2007-07-31 11:30:03 +00:00
Martin Wilke	7eda652de0	- Fix a typo Submitted by: shaun	2007-07-31 09:49:44 +00:00
Martin Wilke	cc98183b55	- Document tcpdump -- remote integer underflow vulnerability Reviewed by: remko	2007-07-31 07:50:55 +00:00
Martin Wilke	f49264b6a1	- Document mutt -- buffer overflow vulnerability Reviewed by: remko	2007-07-29 18:28:31 +00:00
Martin Wilke	030df73f0c	- Document p5-Net-DNS -- multiple Vulnerabilities Reviewed by: remko	2007-07-29 11:29:45 +00:00
Martin Wilke	e4cf269412	- Document phpsysinfo -- url Cross-Site Scripting	2007-07-28 21:52:30 +00:00
Martin Wilke	600c251319	- Document drupal -- Cross site request forgeries - Document drupal -- Multiple cross-site scripting vulnerabilities Submitted by: nick@foobar.org Reviewed by: simon	2007-07-28 15:28:15 +00:00
Martin Wilke	ed239f1cb3	- Document vim -- Command Format String Vulnerability Approved by: simon	2007-07-27 18:04:48 +00:00
Martin Wilke	c7ba758c45	- Document libvorbis - Multiple memory corruption flaws Submitted by: lx@ Reviewed by: simon	2007-07-26 22:06:21 +00:00
Xin LI	cc5b3ad300	Document XSS vulnerabilities in several tomcat versions; update affected tomcat versions for CVE-2005-2090.	2007-07-24 14:31:49 +00:00
Xin LI	0aff17bab7	The previous vuxml entry applies to jakarta-tomcat 4.0.x as well, so mark it as affected as well. Since there is no newer release I have used 4.1.0 as the "fixed" version.	2007-07-24 14:17:06 +00:00
Xin LI	60df6f7e74	Document multiple vulnerabilities found in www/tomcat41	2007-07-24 13:54:49 +00:00
Xin LI	7cdfd867bf	Document dokuwiki spellchecker XSS vulnerabilities	2007-07-24 08:00:32 +00:00
Simon L. B. Nielsen	cf5d8266ed	Fix last commit: the name tag was empty. Reported by: FreshPorts via Dan Langille Pointyhat to: delphij	2007-07-21 15:09:39 +00:00
Xin LI	c22df82ca0	Document lighttpd multiple vulnerabilities	2007-07-21 14:10:50 +00:00
Simon L. B. Nielsen	94a37adcdf	Add another reference to mozilla -- multiple vulnerabilities.	2007-07-19 22:27:33 +00:00
Simon L. B. Nielsen	23088fbcfe	- Document opera -- multiple vulnerabilities. - Correct and sort a few links in the latest mozilla entry.	2007-07-19 21:47:04 +00:00
Simon L. B. Nielsen	04c38e3a79	Document mozilla -- multiple vulnerabilities.	2007-07-19 21:23:58 +00:00
Xin LI	29a592ce04	Document linuxflashplugin critical vulnerabilities. Reported by: jamie at bishopston net	2007-07-18 06:43:05 +00:00
Martin Wilke	fee6acc5a0	- Fix the versions number of typespeed from 4.1.0 to 0.4.1 PR: 114441 Submitted by: Tor Halvard Furulund <squat@squat.no>	2007-07-09 14:03:19 +00:00
Andrew Pantyukhin	fec0d4b44a	- Fix the latest wireshark entries by correcting a typo and adding more package names	2007-07-07 08:27:53 +00:00
Martin Wilke	9cd0314853	- Document wireshark - Multiple problems Reviewed by: simon@	2007-07-06 10:34:25 +00:00
Gabor Kovesdan	4c8afbbe37	- Document typespeed arbitrary code execution Reviewed by: remko	2007-07-03 19:50:57 +00:00
Martin Wilke	14148fb403	- Fix a typo vcl -> vlc Noticed by: lx@	2007-06-29 22:18:24 +00:00
Martin Wilke	08d66d63bc	- Document vlc - format string vulnerability and integer overflow	2007-06-29 09:42:05 +00:00
Martin Wilke	6e69c5aa16	- Document flac123 - stack overflow in comment parsing Reviewed by: simon@	2007-06-29 09:24:06 +00:00
Remko Lodder	fdfb889ae5	Document gd -- multiple vulnerabilities PR: ports/114115 Submitted by: Nick Barkas <snb at threerings dot net> (minor modifications by me).	2007-06-29 06:06:58 +00:00
Xin LI	cbb3bdea6f	Document that CVE-2007-3257 was fixed with evolution-data-server 1.10.2_1.	2007-06-28 07:38:03 +00:00
Andrew Pantyukhin	19d36d00b2	- Fix modified date in mod_perl entry	2007-06-27 20:52:24 +00:00
Erwin Lansing	9695a9e6ff	Mark www/mod_perl2 fixed in version 2.0.3_2,3	2007-06-27 20:44:12 +00:00
Xin LI	f64828b3cf	Document evolution-data-server remote arbitrary code execution vulnerability. Fix at: Evolution SVN changeset 7817 (#447414)	2007-06-25 10:57:52 +00:00
Erwin Lansing	c8d93d036e	The XMLRPC SQL Injection issue with wordpress was addressed in the latest release.	2007-06-24 11:34:12 +00:00
Gabor Kovesdan	525a1c1cfb	Document xpcd buffer overflow vulnerability. Revieved by: remko	2007-06-21 17:28:37 +00:00
Remko Lodder	02327974a6	Document clamav -- multiple vulnerabilities.	2007-06-19 19:47:51 +00:00
Xin LI	359efa1acf	Document SpamAssassin vulnerability CVE-2007-2873, a local DoS issue.	2007-06-18 07:56:53 +00:00
Martin Wilke	a6b094a5ee	- Document cups -- Incomplete SSL Negotiation Denial of Service. Reviewed by: simon@	2007-06-12 18:27:39 +00:00
Martin Wilke	807e4948e9	- Fix other duplicate entry. Reviewed by: simon	2007-06-09 19:47:04 +00:00
Martin Wilke	c3ae8a8590	- Document c-ares -- DNS Cache Poisoning Vulnerability Reviewed by: simon@	2007-06-09 17:46:22 +00:00
Martin Wilke	d00658d436	- Fix duplicate entry de-wordpress -> zh-wordpress.	2007-06-09 17:44:04 +00:00
Gabor Kovesdan	2e460cd831	Add zh-wordpress as affected by the last two wordpress entries.	2007-06-09 16:13:32 +00:00
Gabor Kovesdan	d929936825	wordpress -- XMLRPC SQL Injection wordpress -- unmoderated comments disclosure Reviewed by: simon	2007-06-09 15:07:22 +00:00
Martin Wilke	8fd707f9da	- Document webmin -- cross site scripting Reviewed by: simon@	2007-06-09 14:07:47 +00:00
Simon L. B. Nielsen	c40c31c7cb	- The fixed mplayer version number is 0.99.10_10, mark it as such. [1] - Add older mplayer package names. - Break long lines. Noticed by: Henrik Brix Andersen <henrik@brixandersen.dk>	2007-06-07 18:34:14 +00:00
Martin Wilke	8ec6f91e6e	- Fix mplayer portversion.	2007-06-07 08:44:24 +00:00
Martin Wilke	849c29c9fe	- Document mplayer -- cddb stack overflow. Reviewed by: simon@	2007-06-07 08:42:02 +00:00
Gabor Kovesdan	10f833a8e0	- Note that plone is also affected by 34414a1e-e377-11db-b8ab-000c76189c4c prior to version 2.5.3 Reviewed by: simon	2007-06-06 09:29:58 +00:00
Gabor Kovesdan	266bf60961	- gzip 1.3.12 has been patched and is not affected by 11a84092-8f9f-11db-ab33-000e0c2e438a any more Reviewed by: simon	2007-06-05 16:17:06 +00:00
Erwin Lansing	d0c078c27a	Document an information disclosure vulnerability in mod_jk < 1.2.23. Reviewed by: simon	2007-06-05 09:38:17 +00:00
Erwin Lansing	1da851aff6	Add an entry for an email header injection vulnerability in www/typo3 from February. Reviewed by: remko Persuaded by: cperciva and simon by setting up the ports-security team	2007-06-04 20:56:26 +00:00
Martin Wilke	781637120c	- Document phppgadmin - Cross Site Scripting Vulnerability. Reviewed by: mnag@ Reported by: dinoex@	2007-06-04 12:42:17 +00:00
Edward Tomasz Napierala	ed2a5982f8	- Add entry for findutils -- GNU locate heap buffer overrun. Revieved by: simon (secteam) Approved by: miwi (mentor)	2007-06-01 19:36:13 +00:00
Xin LI	ed56a09fc7	Mark file < 4.21 as vulnerable to the heap overflow.	2007-05-31 08:05:11 +00:00
Joe Marcus Clarke	3c9b6f623e	Add an entry for the recent Freetype heap overflow vulnerability. Submitted by: Nick Barkas <snb@threerings.net>	2007-05-25 00:37:57 +00:00
Remko Lodder	8003ff9706	Document FreeBSD-SA-07:04.file (heap overflow in file(1)) Approved by: portmgr (secteam implicit)	2007-05-23 16:29:27 +00:00
Martin Wilke	4f2588d5fc	- Document squirrelmail -- Cross site scripting in HTML filter Approved by: portmgr (marcus)	2007-05-21 20:08:21 +00:00
Simon L. B. Nielsen	e82affd309	Document png -- DoS crash vulnerability.	2007-05-16 21:10:03 +00:00
Simon L. B. Nielsen	fdeb5fd7a2	Document samba -- multiple vulnerabilities. Brought to you from Heathrow Airport and BSDCan 2007 Devsummit.	2007-05-16 20:22:35 +00:00
Simon L. B. Nielsen	5660505553	Backout last change. Blackboard: - I will remember to look at which files are committed. - I will remember to look at which files are committed. - I will remember to look at which files are committed. - I will remember to look at which files are committed. - I will remember to look at which files are committed. - I will remember to look at which files are committed. - I will remember to look at which files are committed. x1000 Pointy hat to: simon	2007-05-10 17:34:45 +00:00
Simon L. B. Nielsen	4e0a6f6ea4	Update PHP entry to include the vulnerable version so the entry is correct for when PHP is updated in ports (yes it's being worked on), or for people who upgrade "manually". With hat: secteam Requested by: several	2007-05-10 17:31:49 +00:00
Remko Lodder	947b7a739d	Document a lot of PHP vulnerabilities, mark all php4 and php5 (+cli,cgi) ports as vulnerable till the ports had been upgraded.	2007-05-07 09:12:41 +00:00
Remko Lodder	1ee4a7171c	Bump modification date for the latest mod_perl entry, this was forgotten by erwin, but there were "massive" changes that warrant a date bump.	2007-05-07 08:49:25 +00:00
Remko Lodder	573e3a6f58	Standarize the latest entry (qemu) a bit more and add a forgotten 'a' in the p5-Imager text.	2007-05-02 16:56:22 +00:00
Juergen Lock	1c19bc62dd	Document multiple qemu vulnerabilities Obtained from: debian-security-announce@lists.debian.org mailing list Security: multiple qemu vulnerabilities	2007-05-01 22:49:39 +00:00
Lars Balker Rasmussen	77e127836a	Update to 0.57 - fixes possible overflow vulnerability regarding malformed BMPs, see vuln.xml for details. Security: VuXML ID: 632c98be-aad2-4af2-849f-41a6862afd6a	2007-04-30 17:51:53 +00:00
Remko Lodder	507f8c5208	Document FreeBSD -- IPv6 Routing Header 0 is dangerous	2007-04-28 18:34:30 +00:00
Erwin Lansing	1b24a292e8	Rework the mod_perl entry to note that Mandriva originally released an advisory. Also add mod_perl2 to the vulnerable versions.	2007-04-25 19:05:44 +00:00
Erwin Lansing	e9ca1878e6	Minor wordsmithing in the last mod_perl entry. Submitted by: simon	2007-04-25 17:11:17 +00:00
Erwin Lansing	b85159572e	Add entry for mod_perl -- remote DOS in PATH_INFO parsing PR: 111844 Submitted by: "Philip M. Gollucci" <pgollucci@p6m7g8.com>	2007-04-25 17:04:36 +00:00
Anton Berezin	d9fddefe1b	p5-Crypt-OpenPGP 1.03_1 should not be vulnerable to CVE-2005-0366.	2007-04-23 14:12:10 +00:00
Andrew Pantyukhin	b97830622f	- Mark latest firefox and seamonkey snapshots as safe	2007-04-19 11:55:37 +00:00
Martin Wilke	c2497cc8f8	- Add entry for claws-mail - APOP vulnerability	2007-04-19 10:37:24 +00:00
Marcus Alves Grando	f6b5e52b70	lighttpd -- DOS when access files with mtime 0 lighttpd -- Remote DOS in CRLF parsing	2007-04-14 15:11:47 +00:00
Stanislav Sedov	fe6c10e9aa	- Add freeradius-mysql to the list of affected packages of the recent freeradius entry. Submitted by: David Wood <david@wood2.org.uk>	2007-04-13 15:46:38 +00:00
Florent Thoumie	0693e562cc	Mark Google Earth >= 4.0.2414 as safe.	2007-04-13 11:50:41 +00:00
Stanislav Sedov	c87d123fe1	- Document recent remote dos vulnerability in freeradius.	2007-04-13 08:19:58 +00:00
Simon L. B. Nielsen	771da9af81	Add an extra reference to the old "gnupg -- OpenPGP symmetric encryption vulnerability" entry which explains the problem in a more easy to read way. Submitted by: tobez (sort of)	2007-04-10 21:10:43 +00:00
Simon Barner	3ff5f20524	Document fetchmail's "insecure APOP authentication" issue (fixed in 6.3.8).	2007-04-09 20:05:50 +00:00
Remko Lodder	61fb9e495f	Stylify the latest zope entry: o Use consistent title description o Use tabs when 8 spaces are hit o Sort the references list (the alphabet goes from a to z) o Bump modification date (note: please check the entry date so that it matches the correct data of insertion). Also stylify the latest mcweject entry.	2007-04-08 19:58:35 +00:00
Stefan Walter	88f4ad87a7	Add entry for exploitable buffer overflow in mcweject. PR: 111365 Submitted by: Jeff Forsythe<tornandfilthy2006@yahoo.com>	2007-04-08 19:45:57 +00:00
Stefan Walter	43583a0ccc	Add entry for webcalendar "noSet" variable overwrite vulnerability. PR: 110585 Submitted by: Greg Larkin <glarkin@sourcehosting.net>	2007-04-08 14:36:53 +00:00
Stefan Walter	88caf0dcc5	Add entry for Zope2 cross-site scripting vulnerability. Inspired by: Yasushi Hayashi<yasi@yasi.to> (in PR 111119)	2007-04-08 11:16:40 +00:00
Sergey Matveychuk	949c18dd0c	Remove f951cf4a-a1fe-11db-98f9-0004aca3703d entry. It's duplicate to 41da2ba4-a24e-11db-bd24-000f3dcc6a5d.	2007-03-31 16:30:04 +00:00
Andrew Pantyukhin	ecd6369157	- Fix versions and dates in latest squid entry Pointy hat to: miwi	2007-03-22 02:27:18 +00:00
Remko Lodder	3c59371e69	Standarise the latest Squid entry.	2007-03-21 17:07:34 +00:00
Martin Wilke	a7782e32b9	- Add entry for squid TRACE method handling denial of service	2007-03-21 13:04:08 +00:00
Simon L. B. Nielsen	acd61e2658	Fix range for sql-ledger entry which I missed in my original review.	2007-03-16 16:57:50 +00:00
Lars Thegler	0643a8e6a4	Document sql-ledger vulnerability PR: ports/110350 Submitted by: Antoine Beaupre <anarcat@koumbit.org>	2007-03-16 11:48:32 +00:00
Remko Lodder	a87575e4d3	Document cacti -- remote injection exploit PR: ports/107838 Submitted by: Dan Langille <dan at langille dot org>	2007-03-16 07:35:42 +00:00
Remko Lodder	d7ba0f6190	Correct two tdiary entries: o correct the affected version numbers o package name of www/tdiary-devel is "tdiary-devel", not "tdiary" o add ja-tdiary and ja-tdiary-devel to affected packages PR: ports/109086 Submitted by: KOMATSU Shinichiro <koma2 at lovepeers dot org>	2007-03-16 07:31:36 +00:00
Remko Lodder	68712de05d	Document two long forgotten Samba vulnerabilities. PR: ports/109049 Submitted by: KOMATSU Shinichiro <koma2 at lovepeers dot org>	2007-03-16 07:28:17 +00:00
Markus Brueffer	f03a6e0dd5	ktorrent -- multiple vulnerabilities: - Add CVE references - Bump modification date	2007-03-14 23:00:41 +00:00
Remko Lodder	e4e952fbac	Spell out multiple vulnerabilities instead of specifying the exact amount (we always do that). Also bump the modification date for this entry and the PHP entry that had been touched	2007-03-12 08:39:18 +00:00
Markus Brueffer	49ad7fe1b0	Fix typo in PHP entry	2007-03-12 01:16:27 +00:00
Markus Brueffer	4fc45e848e	Document ktorrent -- two vulnerabilities	2007-03-12 01:11:44 +00:00
Jun Kuriyama	e35e03e2bf	Add ja-trac-*.	2007-03-10 02:19:12 +00:00
Martin Wilke	74c50829e9	- fix typo	2007-03-09 15:52:31 +00:00
Martin Wilke	31630be19e	- Add entry for mplayer -- DMO File Parsing Buffer Overflow Vulnerability Reviewed by: simon (secteam)	2007-03-09 15:48:35 +00:00
Martin Wilke	a6486cbf1f	- Add entry for Trac "download wiki page as text" Cross-Site Scripting Vulnerability. Reviewed by: simon@	2007-03-09 14:34:21 +00:00
Simon L. B. Nielsen	983a5a317d	Correct affected versions in "mod_jk -- long URL stack overflow vulnerability" entry. Noticed by: Nick Barkas	2007-03-06 07:18:07 +00:00
Simon L. B. Nielsen	e247fea80e	Document mod_jk -- long URL stack overflow vulnerability.	2007-03-05 23:17:51 +00:00
Simon L. B. Nielsen	9995667e85	For recent "mozilla -- multiple vulnerabilities" entry: - Mark Seamonkey 1.1.1 as safe. While mozilla.org does not clearly state this, it does seem to be the case. [1] - Add another critical vulnerability which wasn't on the web site when the vuxml entry was initially added. Reported by: Volodymyr Kostyrko [1]	2007-03-01 18:34:05 +00:00
Remko Lodder	04101b10f2	Document bind -- Multiple Denial of Service vulnerabilities Now all Security Advisories are merged again in VuXML.	2007-02-27 20:10:00 +00:00
Remko Lodder	901bed2605	Document FreeBSD -- Jail rc.d script privilege escalation	2007-02-27 20:00:37 +00:00
Remko Lodder	85fcdaf5ac	Document: gtar -- name mangling symlink vulnerability	2007-02-27 19:50:53 +00:00
Remko Lodder	d820a7b9a4	Document FreeBSD -- Kernel memory disclosure in firewire(4).	2007-02-27 19:46:18 +00:00
Remko Lodder	ff75480abf	Document libarchive -- Infinite loop in corrupt archives handling in libarchive. This is also FreeBSD SA-06:24.libarchive, FreeBSD systems are not affected, only specific STABLE versions which are not released!!	2007-02-26 21:08:24 +00:00
Remko Lodder	7ac1d4b06b	Document FreeBSD SA 06:23 OpenSSL - Multiple problems in crypto (3).	2007-02-26 20:24:45 +00:00
Simon L. B. Nielsen	0805021a07	- Bump modified date for last update in mozilla entry. - Bump file copyright year.	2007-02-25 21:27:09 +00:00
Michael Johnson	30c8a3905d	Extend the latest gecko vulnerabilities to mail/lightning.	2007-02-25 21:16:28 +00:00
Simon L. B. Nielsen	0813734055	Fix whitespace which I forgot before committing the last update.	2007-02-24 18:50:57 +00:00
Simon L. B. Nielsen	8f441b95bd	Document mozilla -- multiple vulnerabilities. Note that Seamonkey 1.1 is marked vulnerable under the "better safe than sorry" principle, since it's not yet clear if Seamonkey 1.1 is vulnerable to this batch of vulnerabilities.	2007-02-24 18:30:40 +00:00
Simon L. B. Nielsen	5419b93ea2	Document snort -- DCE/RPC preprocessor vulnerability.	2007-02-21 22:17:21 +00:00
Simon L. B. Nielsen	78b47416bc	Document rar -- password prompt buffer overflow vulnerability. Reminded by: Nate Eldredge	2007-02-17 13:55:27 +00:00
Simon L. B. Nielsen	21cd1f92bb	Mark 5.2.1_2 as the first safe version for the recent "php -- multiple vulnerabilities" entry since there was a bug in one of the fixes in upstream 5.2.1 which port revision 5.2.1_2 fixed.	2007-02-17 12:34:52 +00:00
Simon L. B. Nielsen	e3788f1bb9	Document php -- multiple vulnerabilities.	2007-02-17 11:51:27 +00:00
Gabor Kovesdan	a324a128eb	joomla -- multiple remote vulnerabilities Reviewed by: secteam (remko) Approved by: erwin (mentor, implicit)	2007-01-17 22:17:49 +00:00
Gabor Kovesdan	6bbb9da377	Document two sircd vulnerabilities: sircd -- remote reverse DNS buffer overflow sircd -- remote operator privilege escalation vulnerability Reviewed by: secteam (remko) Approved by: erwin (mentor)	2007-01-15 10:58:24 +00:00
Sergey Matveychuk	fb00cc561d	- Document multple net/cacti vulnerabilities.	2007-01-12 15:11:22 +00:00
Ion-Mihai Tetcu	006d580437	Add mplayer RealMedia RTSP streams buffer overflow entry. PR: ports/107217 Submitted by: Thomas E. Zander (multimedia/mplayer maintainer) Reviewed by: simon@	2007-01-08 16:06:29 +00:00
Simon Barner	e9f291f162	Document two fetchmail vulnerabilities. See also: http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt Reported by: Matthias Andree (upstream author)	2007-01-06 14:15:44 +00:00
Simon L. B. Nielsen	e0f44b3aed	Document opera -- multiple vulnerabilities.	2007-01-05 22:45:43 +00:00
Brooks Davis	874c88d048	Upgrade drupal to 4.7.5 fixing a couple security issues. Upgrade drupal-pubcookie and drupal-textile to the 4.7 versions. Submitted by: Nick Hilliard <nick at foobar dot org> (upgrade to 4.7.4) Security: vid:3d8d3548-9d02-11db-a541-000ae42e9b93	2007-01-05 21:32:19 +00:00
Simon L. B. Nielsen	eb234d6906	Unbreak file by using & in w3m entry. Pointy hat to: nobutaka Reported by: Philipp Wuensche	2007-01-03 17:21:43 +00:00

... 2 3 4 5 6 ...

1622 commits