kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
148676 commits 42 branches 80 tags 2.7 GiB
Commit graph

1012 commits

Author SHA1 Message Date
Remko Lodder
9fca86861c Document zgv, xzgv -- heap overflow vulnerability. 2006-04-23 21:46:34 +00:00
Remko Lodder
b2c8757b20 Document crossfire-server -- denial of service and remote code execution 
vulnerability.
 2006-04-23 14:14:52 +00:00
Remko Lodder
1d4bde5eb6 Document p5-DBI -- insecure temporary file creation vulnerability. 2006-04-23 10:25:26 +00:00
Remko Lodder
77dac30344 Document wordpress -- full path disclosure. 2006-04-23 09:58:02 +00:00
Remko Lodder
cdbf49e1ec Document xine -- multiple remote string vulnerabilities. 2006-04-23 09:35:37 +00:00
Hajimu UMEMOTO
2a6899cab1 Add an entry for cyrus-sasl -- DIGEST-MD5 Pre-Authentication 
Denial of Service.
 2006-04-21 16:51:12 +00:00
Remko Lodder
53991e4223 Also mark all other versions of FreeBSD (That were released) as 
vulnerable.

Noticed by:	brueffer
Discussed with:	brueffer, simon
 2006-04-19 17:53:26 +00:00
Remko Lodder
e74e70ddc0 Add FreeBSD -- FPU information disclosure (SA-06:14) to the 
vuxml list.
 2006-04-19 17:36:56 +00:00
Simon L. B. Nielsen
ce1b83e95a Add some CERT references to latest Mozilla entry. 2006-04-18 19:39:22 +00:00
Marcus Alves Grando
a4e46f07ab plone -- "member_id" Parameter Portrait Manipulation Vulnerability 2006-04-18 13:48:46 +00:00
Simon L. B. Nielsen
cd8ff57933 Fix copy/paste error in last commit and mark linux-mozilla < 1.7.13 as 
vulnerable.
 2006-04-16 22:02:11 +00:00
Simon L. B. Nielsen
e07ffdcc18 Document mozilla/firefox/thunderbirds's latest attempt at Internet 
Explorer compatibility.

Note that I omitted marking some really old mozilla versions as
vulnerable this time, since there is already a bunch of entries
covering these versions (which haven't been in ports for a while).
 2006-04-16 21:52:31 +00:00
Emanuel Haupt
244f2b5f51 Update entry for sysutils/heartbeat. The insecure temporary file creation 
vulnerability is fixed in 1.2.4.

Approved by:	secteam (simon)
 2006-04-16 13:00:04 +00:00
Marcus Alves Grando
587b3e48fb mailman -- Private Archive Script Cross-Site Scripting 2006-04-16 01:52:16 +00:00
Remko Lodder
7e9c6efc20 Document f2c -- insecure temporary files. 
It is not very clear to me to see what version is fixed.  The one fixing
this port should import the latest available one which is fixed.
 2006-04-10 19:11:14 +00:00
Marcus Alves Grando
2a4e03ec76 mplayer -- Multiple integer overflows 2006-04-08 14:53:00 +00:00
Marcus Alves Grando
84746ec7d3 - Add Secunia references for last phpMyAdmin issue. 2006-04-07 14:15:02 +00:00
Remko Lodder
519fd752c5 Document kaffeine -- buffer overflow vulnerability. 2006-04-07 11:23:05 +00:00
Remko Lodder
463ef4e6b1 Document thunderbird -- javascript execution. 2006-04-07 10:38:53 +00:00
Remko Lodder
9c636d302a Update the latest zoo entry to match the latest update to the port. 
This will mark zoo-2.10.1_2 and later as not vulnerable for this
issue.
 2006-04-06 17:30:16 +00:00
Marcus Alves Grando
7f57c9182c phpmyadmin -- XSS vulnerabilities 
phpmyadmin -- 'set_theme' Cross-Site Scripting
 2006-04-06 16:44:46 +00:00
Marcus Alves Grando
f926976ec0 clamav -- Multiple Vulnerabilities 2006-04-06 15:30:12 +00:00
Remko Lodder
ca0e535fe7 Add cvename to the recent OpenVPN entry. 
Submitted by:	Matthias Andree <matthias dot andree at gmx dot de>
 2006-04-06 04:47:47 +00:00
Remko Lodder
a0ddc702a3 Document mediawiki -- hardcoded placeholder string security bypass 
vulnerability.
 2006-04-05 20:00:17 +00:00
Remko Lodder
fc258f1004 Document netpbm -- buffer overflow in pnmtopng. 2006-04-05 19:50:24 +00:00
Remko Lodder
f15877a546 Document zoo -- stack based buffer overflow. 2006-04-05 19:23:10 +00:00
Remko Lodder
eeb9bc7a2f Document mediawiki -- cross site scripting vulnerability. 2006-04-05 19:02:44 +00:00
Marcus Alves Grando
e532bbaa7d dia -- XFig Import Plugin Buffer Overflow 2006-04-05 17:37:37 +00:00
Marcus Alves Grando
043a17fd5f openvpn -- LD_PRELOAD code execution on client through malicious or compromised server 
PR:		95343
Submitted by:	Matthias Andree <matthias.andree__gmx.de>
 2006-04-05 14:57:46 +00:00
Marcus Alves Grando
d9ff0f6565 samba -- Exposure of machine account credentials in winbind log files 2006-04-05 04:33:24 +00:00
Brooks Davis
77e1e58771 Upgrade pubcookie from 3.3.0-beta2 to 3.3.0a fixing serious XSS 
vulnerabilities.
 2006-04-05 03:46:56 +00:00
Edwin Groothuis
baee87aba2 Fill in the version numbers for the vids 
6e3b12e2-6ce3-11da-b90c-000e0c2e438a and
82a41084-6ce7-11da-b90c-000e0c2e438a to show which Mantis versions
are vulnerable.

Submitted by:	In cooperation with dvl
 2006-04-01 05:01:11 +00:00
Simon L. B. Nielsen
16fb63b929 For horde -- remote code execution vulnerability in the help viewer 
entry:
- Add more references.
- Reformat description to follow normal formatting style better.
- Remove a redundant line in the description to make the meaning more
  clear.
 2006-03-30 06:53:30 +00:00
Marcus Alves Grando
0354370716 freeradius -- EAP-MSCHAPv2 Authentication Bypass 2006-03-29 19:08:51 +00:00
Thierry Thomas
92a2d1b920 Add an entry about Horde's remote code execution vulnerability in the 
help viewer.
 2006-03-28 18:13:13 +00:00
Marcus Alves Grando
e841881f4b linux-realplayer -- buffer overrun 
linux-realplayer -- heap overflow

Reviewed by:	simon
 2006-03-27 19:06:53 +00:00
Remko Lodder
ac7f108ff9 s/8 spaces/tab/ in the sendmail entry. 
Noticed by:	simon
 2006-03-24 18:02:29 +00:00
Remko Lodder
6767097f01 Record that our sendmail port was also vulnerable. 
Bump modification date.
 2006-03-24 17:10:23 +00:00
Remko Lodder
d81923c6b4 Update the 'Evolution - remote format string vulnerabilities' entry. 2006-03-24 13:08:53 +00:00
Remko Lodder
f9cee5162f Document the latest three FreeBSD Security Advisories: 
SA-06:13
SA-06:12
SA-06:11
 2006-03-24 12:25:58 +00:00
Dejan Lesjak
461e2908dc xorg-server -- privilege escalation 
Reviewed by:	simon
 2006-03-21 17:05:15 +00:00
Marcus Alves Grando
48b19385b0 - heimdal -- Multiple vulnerabilities 
Reviewed by:	simon
 2006-03-20 15:21:49 +00:00
Vasil Dimov
4ff24336d9 Document ftp/curl's TFTP packet buffer overflow vulnerability 
Reworked by:	simon
Approved by:	security-officer (simon)
 2006-03-20 12:58:15 +00:00
Brooks Davis
f9aea91fed Add drupal <= 4.6.5 vulns. 2006-03-17 23:24:43 +00:00
Thierry Thomas
bfbd4b55b2 Add an entry for Horde < 3.1 (SA19246). 
Noticed by:	mnag
 2006-03-15 21:27:33 +00:00
Simon L. B. Nielsen
4fcab4c05c Document linux-flashplugin -- arbitrary code execution vulnerability. 2006-03-15 07:10:33 +00:00
Remko Lodder
1d8c141834 Document nfs -- remote denial of service (FreeBSD: SA-06:10) 
Approved by:	portmgr (blanket VuXML)
 2006-03-12 21:25:12 +00:00
Remko Lodder
bd046df41f Add OpenSSH Remote Denial of Service (FreeBSD SA-06:09.openssh) to the 
vuxml list.

Approved by:	portmgr (Blanket VuXML)
 2006-03-12 19:57:53 +00:00
Remko Lodder
70a8938a87 Correct the gpg entry wrt. style. 
Approved by:		portmgr (Blanket VuXML)
 2006-03-11 10:38:10 +00:00
Jun Kuriyama
b73fb62f12 Update to 1.4.2.2. 
Security:	GnuPG does not detect injection of unsigned data
References:	http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
Probbed by:	simon
Approved by:	portmgr (erwin)
 2006-03-09 22:44:35 +00:00