Simon L. B. Nielsen
07c857289d
Bump modification date for entries touched by last commit.
2005-12-23 12:10:21 +00:00
Remko Lodder
b8bdbc097e
Update the phpSysInfo entries, PR ports/90849 will solve the documented
...
issues.
Requested by: Babak Farrokhi <babak at farrokhi dot net>
2005-12-23 11:47:23 +00:00
Remko Lodder
089f400b2f
Fix another typo in my nbd entry.
...
Spotted by: Linus Nordberg <linus at nordberg dot se>
2005-12-23 10:29:49 +00:00
Remko Lodder
2560e63b03
Correct a typo.
...
Submitted by: Linus Nordberg <linus at nordberg dot se>
2005-12-22 21:25:07 +00:00
Remko Lodder
c3647ba89e
Update the affected range.
...
Prodded by: erwin
2005-12-22 21:08:08 +00:00
Remko Lodder
a573c0bbf8
:
2005-12-22 21:05:31 +00:00
Renato Botelho
f2e0663da9
- Register scponly-4.1 vulnerabilities
...
PR: ports/90813
Submitted by: maintainer
Security: https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html
2005-12-22 16:25:09 +00:00
Remko Lodder
9467f6bd7a
Correct the recent horde entries as per the FDP
...
(made the entries max 72 chars wide).
2005-12-22 15:49:31 +00:00
Simon Barner
b218a8d221
Document fetchmail vulnerability:
...
http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt (CVE-2005-4348)
Reviewed by: secteam (simon@)
2005-12-19 15:14:33 +00:00
Remko Lodder
77eaeee548
Document the following mantis vulnerabilities:
...
o "t_core_path" file inclusion vulnerability
o "view_filters_page.php" cross-site scripting vulnerability
2005-12-14 21:51:50 +00:00
Thierry Thomas
ebe3cc4d05
- Add entries for several XSS vulnerabilities in Horde, Kronolith, Nag
...
Turba and Mnemo;
- Fix a typo in the previous Horde entry.
2005-12-11 21:41:22 +00:00
Marcus Alves Grando
03872f0906
Add curl -- URL buffer overflow vulnerability
...
Reviewed by: simon
2005-12-09 12:24:21 +00:00
Marcus Alves Grando
4bcaccddbe
Add phpmyadmin -- register_globals emulation "import_blacklist" manipulation
...
Add phpmyadmin -- XSS vulnerabilities
2005-12-07 21:59:01 +00:00
Marcus Alves Grando
feadf43eb5
Add ffmpeg -- libavcodec buffer overflow vulnerability
...
Reviewed by: simon
2005-12-07 11:53:07 +00:00
Marcus Alves Grando
a5c05ad2ac
Add trac -- search module SQL injection vulnerability
...
Reviewed by: simon
2005-12-07 11:34:33 +00:00
Marcus Alves Grando
662164b1da
Add drupal -- multiple vulnerabilities
...
Reviewed by: simon
2005-12-01 16:08:47 +00:00
Simon L. B. Nielsen
0e1765d248
Document opera -- multiple vulnerabilities.
2005-11-30 20:55:36 +00:00
Simon L. B. Nielsen
43403b4c69
Document opera -- command line URL shell command injection.
2005-11-30 20:35:51 +00:00
Marcus Alves Grando
8d8572161c
Add entry to www/mambo
...
Reviewed by: simon
2005-11-30 13:41:53 +00:00
Simon L. B. Nielsen
f7f50cf4a0
Mark flyspar 0.9.8 as fixed wrt. "flyspray -- cross-site scripting
...
vulnerabilities" since our port version of 0.9.8 includes update1 which
fixes the issue.
Reported by: Volodymyr Kostyrko via pav
2005-11-29 08:41:51 +00:00
Marcus Alves Grando
1213510c44
Change topic zope28 to zope (www/zope affected too)
...
Add <cvename> to zope entry
Change CAN-XXXX-XXXX to CVE-XXXX-XXXX
Reviewed by: simon
2005-11-28 15:37:03 +00:00
Hiroki Sato
ceed13510d
Security fix: several shell scripts included in the Ghostscript package
...
allow local users to overwrite files via a symlink attack on temporary
files.
Security: CAN-2004-0967
2005-11-27 17:57:19 +00:00
Remko Lodder
0f2ad8777c
Standarize the horde -- Cross site scripting vulnerabilities in MIME
...
viewers entry as per the FDP-primer and the vuxml layout (topic).
Also correct the qpopper vulnerability to match 4.0 and above since
the 2.x range is listed as affected at the moment but has an entirely
different base. After checking it appears that the information all
point to >= 4.0. [1]
Noticed by: ache [1]
2005-11-26 10:54:21 +00:00
Thierry Thomas
2a2d2becd1
Add an entry for cross site scripting vulnerabilities in Horde's MIME
...
viewers.
2005-11-22 19:56:53 +00:00
Marcus Alves Grando
96a2aa8bd7
phpmyadmin -- HTTP Response Splitting vulnerability
...
Reviewed by: simon
2005-11-16 14:17:43 +00:00
Simon L. B. Nielsen
13c002e952
Add CVE name to an old sudo entry.
2005-11-14 16:57:25 +00:00
Simon L. B. Nielsen
a8e0909706
Update latest phpSysInfo entry to reflect that 2.4 was in fact not fixed
...
(or rather, had an incorrect "fix").
Reported by: Christopher Kunz (advisory author)
Security: http://www.hardened-php.net/advisory_222005.81.html
2005-11-14 08:45:08 +00:00
Sergey Matveychuk
49a81eebfa
- Micromedia -> Macromedia
...
- Standard FDP primer documentation rules apply
- Two dots fixed
Noted by: remko
2005-11-13 21:39:56 +00:00
Sergey Matveychuk
5e8e8dd93a
- Document phpSysInfo vulnerability
2005-11-13 21:21:16 +00:00
Sergey Matveychuk
0f9a54454c
- Document flashplugin vulnerability
2005-11-13 20:59:46 +00:00
Sergey Matveychuk
64ba4504f8
- Document p5-Mail-SpamAssassin vulnerabily (alread fixed in ports)
...
- Document flyspray cross-site scripting vulnerabilities
2005-11-10 11:09:55 +00:00
Remko Lodder
b7b4aa1a89
Update the recent gallery2 and webcalendar entries:
...
o Add a better topic (description)
o Reword the webcalendar entry to have some more usefull data
o Add references (bid's and CVE names).
2005-11-08 17:34:39 +00:00
Remko Lodder
a4156d4fb4
Document qpopper -- multiple privilege escalation vulnerabilities.
...
Note that the current version is not affected anymore.
2005-11-07 20:44:06 +00:00
Sergey Matveychuk
3a95aa3424
- Add missed </p> tag [1]
...
- Modify 594eb447-e398-11d9-a8bd-000cf18bbe54 entry:
ruby 1.6.x is not affected this vulnerability,
it have no XMLRPC support.
Pointy hat to: simon [1]
2005-11-06 17:28:04 +00:00
Simon L. B. Nielsen
e878b5dcc2
Add a bit more info from the PEAR advisory about the vulnerability to
...
make the scope of the vulnerability a bit more clear.
Disussed with: thierry
2005-11-04 22:49:33 +00:00
Simon L. B. Nielsen
fc7d9d38e2
The two latest OpenVPN vulnerabilities were both only for 2.0 and
...
newer, so mark the correctly as such.
Submitted by: Matthias Andree <matthias.andree@gmx.de>
2005-11-04 22:35:05 +00:00
Thierry Thomas
6908b8e306
Add an entry for pear-PEAR arbitrary code execution vulnerability.
2005-11-04 21:23:28 +00:00
Simon L. B. Nielsen
20415e3666
Correct skype entry to match the correct fixed port version number.
...
Noted by: Stefan Lambrev, cheffo FreeBSD-BG org
2005-11-02 10:16:50 +00:00
Simon L. B. Nielsen
74bda32714
Document two OpenVPN vulnerabilities.
...
Submitted by: Matthias Andree <matthias.andree@gmx.de>
2005-11-01 22:49:20 +00:00
Christian Weisgerber
043bec08e1
As Peter Jeremy points out, the recent lynx vulnerability also concerns
...
lynx-ssl.
2005-11-01 21:39:24 +00:00
Sergey Matveychuk
ba5c859849
- Document skype vulnerabilities
...
- Document PHP vulnerabilities
- Convert first letters in titles from upcase to lowercase
in my last additions.
2005-11-01 09:33:40 +00:00
Sergey Matveychuk
4b4f27f030
- Document CVE-2005-3258:
...
Squid FTP Server Response Handling Denial of Service
2005-11-01 08:44:36 +00:00
Sergey Matveychuk
0cfd8b1054
- Document a BASE Basic Analysis and Security Engine vulnerability
2005-10-31 19:03:12 +00:00
Simon L. B. Nielsen
d25bb42000
Back out the accidentally committed white-space modification parts of
...
rev. 1.869, but keep the lynx entry.
Pointy hat to: naddy
OK'ed by: naddy
2005-10-31 18:02:10 +00:00
Simon Barner
7eefc00039
Add entry for "fetchmail -- fetchmailconf local password exposure",
...
which was fixed with fetchmail-6.2.5.2_1 and above.
2005-10-31 09:04:22 +00:00
Christian Weisgerber
9e143bac60
Document lynx remote buffer overflow in NNTP header handling.
2005-10-30 22:17:54 +00:00
Sergey Matveychuk
705fca86db
- Fix a ruby vulnerabuility in the safe level settings.
...
Based on: ports/87816
Submitted by: Phil Oleson <oz@nixil.net>
Security: http://vuxml.FreeBSD.org/1daea60a-4719-11da-b5c6-0004614cc33d.html
2005-10-27 19:40:25 +00:00
Simon L. B. Nielsen
c587ee6bfb
Add more references to entry net-snmp -- remote DoS vulnerability.
2005-10-26 19:53:24 +00:00
Simon L. B. Nielsen
d8b39dfd0d
- Mark linux-firefox 1.0.7 as fixed
...
wrt. 8665ebb9-2237-11da-978e-0001020eed82 (Mozilla/firefox IDN buffer
overflow) [1].
- Correct some of the the earlier linux-firefox entries to match
versions before 1.0.7, not after (whoops)...
Prodded by: Andrew P. <infofarmer@gmail.com> [1]
2005-10-26 10:00:17 +00:00
Dejan Lesjak
228b1fb072
Add misc/compat5x to "openssl -- potential SSL 2.0 rollback".
...
Reviewed by: simon
2005-10-25 19:52:37 +00:00
Simon L. B. Nielsen
c7a517bf2d
Also mark xli as vulnerable to xloadimage -- buffer overflows in NIFF
...
image title handling, and latest port version as fixed.
Reported by: jkoshy
2005-10-23 17:10:48 +00:00
Simon L. B. Nielsen
530688ac0c
For entry libgadu -- multiple vulnerabilities:
...
- Mark latest centericq port version as fixed.
- Fix cite in description.
2005-10-23 16:50:42 +00:00
Simon L. B. Nielsen
31635d863b
For entry zope28 -- expose RestructuredText functionality to untrusted
...
users:
- Do not match zope 2.7.8 which has been fixed. [1]
- Fix typo in topic.
- Add another reference.
Reported by: Gerhard Schmidt <estartu augusta de> [1]
2005-10-23 09:09:46 +00:00
Simon L. B. Nielsen
2289fae663
Add another reference to clamav -- arbitrary code execution and DoS
...
vulnerabilities entry.
2005-10-22 13:41:20 +00:00
Christian Weisgerber
46df580663
Document x11/xloadimage buffer overflows in NIFF image title handling.
2005-10-20 13:52:35 +00:00
Jacques Vidrine
66bb2d5d4d
Rename all CAN-yyyy-nnnn to CVE-yyyy-nnnn, with the exception of text
...
inside <blockquote>s.
See <URL:http://www.cve.mitre.org/cve/renumber.html >.
2005-10-19 18:17:47 +00:00
Simon L. B. Nielsen
0fb395018e
For entry: snort -- Back Orifice preprocessor buffer overflow vulnerability:
...
- Sort references.
- Add ISS advisory to references.
2005-10-18 19:45:58 +00:00
Simon L. B. Nielsen
e9dcf64a76
- Document snort -- Back Orifice preprocessor buffer overflow vulnerability.
...
- Use standard topic format for webcalendar entry.
- Fix package name in webcalendar so it matches the actual package
name.
2005-10-18 17:42:13 +00:00
Sergey Matveychuk
42f8e5df56
- Document www/webcalendar vulnerability.
2005-10-14 21:57:41 +00:00
Sergey Matveychuk
afc778e560
- Document www/gallery2 vulnerability.
2005-10-14 21:38:08 +00:00
Simon L. B. Nielsen
060b28a44c
Improve last couple of entries:
...
- Use standard topic format.
- Fix packagename in phpmyadmin and zone entries.
- Fix indention and remove EOL white-space.
- Make lead in a bit more verbose.
- Add more references to phpmyadmin issue.
- Remove some redundant quoted text in zope issue.
2005-10-12 22:53:00 +00:00
Marcus Alves Grando
50473025e1
Add entry for openssl
...
Remove entry about safe mode in phpmyadmin
2005-10-12 14:51:14 +00:00
Marcus Alves Grando
2197a4f7d5
Add entry for phpmyadmin (PMASA-2005-4)
2005-10-12 00:24:38 +00:00
Marcus Alves Grando
0019741ea6
Fix typo with range values
2005-10-12 00:12:20 +00:00
Marcus Alves Grando
398ca09449
Add entry from zope28
2005-10-12 00:01:03 +00:00
Simon L. B. Nielsen
0fd61e032b
For libxine -- format string vulnerability entry:
...
- Add reference to xine security announcement.
- Fix indention on a few lines.
2005-10-09 21:03:07 +00:00
MANTANI Nobutaka
53462117ca
Add an entry for libxine format string vulnerability.
2005-10-09 16:14:41 +00:00
Simon L. B. Nielsen
e9669d49c2
Mark older revisions linux_base-suse 9.3 as vulnerable to kdebase --
...
Kate backup file permission leak.
2005-10-09 10:14:26 +00:00
Sergei Kolobov
eaca034440
- Mark cfengine's arbitrary file overwriting vulnerability as fixed in 2.1.6_1
...
- Add another possible variant of package name - cfengine2
2005-10-07 07:31:50 +00:00
Thierry Thomas
c2caa0f6a0
Add an entry for UW-IMAP Mailbox Name Handling Remote Buffer Overflow
...
Vulnerability (CAN-2005-2933).
2005-10-05 17:44:06 +00:00
Emanuel Haupt
ec08f711e1
Add credit for recent ftp/weex incident
...
Approved by: novel (mentor)
2005-10-05 15:55:08 +00:00
Renato Botelho
a1bb849ee3
rinetd >= 0.62_1 has no more vulnerabilities
2005-10-04 13:22:59 +00:00
Remko Lodder
2d1e7daa64
Add references to three squid entries.
...
Submitted by: Thomas-Martin Seck <tmseck at netcologne dot de>
(except for the bid's which i added myself).
2005-10-02 20:10:41 +00:00
Simon L. B. Nielsen
99a5d1fcad
Use the <freebsdpr> tag to markup a PR in weex -- remote format string
...
vulnerability entry.
2005-10-02 17:46:23 +00:00
Jean-Yves Lefort
2d89b6b140
Document a format string vulnerability in ftp/weex.
2005-10-02 16:11:30 +00:00
Simon L. B. Nielsen
28d0fdcdbf
Document picasm -- buffer overflow vulnerability.
2005-10-02 07:45:28 +00:00
MANTANI Nobutaka
3be9e2b847
Add an URL to the entry of the japanese/uim.
2005-10-01 16:43:38 +00:00
MANTANI Nobutaka
48c0ea3617
Document japanese/uim privilege escalation vulnerability.
2005-10-01 16:35:20 +00:00
Simon L. B. Nielsen
1389eab081
Document cfengine -- arbitrary file overwriting vulnerability.
2005-10-01 15:21:56 +00:00
Remko Lodder
a68c8964d5
Mark zsync <= 0.4.1 vulnerable to the zlib buffer overflow vulnerability.
...
Inspired by: gordon's commit
2005-10-01 10:17:19 +00:00
Simon L. B. Nielsen
df8805e636
Add more references to unace -- multiple vulnerabilities entry.
2005-10-01 08:40:57 +00:00
Simon L. B. Nielsen
2ab099b72e
Add CVE name to an older ProZilla entry.
2005-10-01 07:14:34 +00:00
Simon L. B. Nielsen
bd704294a4
Add more references for latest phpmyfaq entry.
2005-09-29 20:01:41 +00:00
Simon L. B. Nielsen
0daf44cec5
- Add a note that new entries, per convention, should be added to the
...
start of this file.
For latest phpmyfaq entry:
- Use port directory name as first part of topic.
- No need to include information about affected releases in topic
(it's somewhat redundant and makes the title longer).
- Reindent body with standard FreeBSD Doc Project (more or less)
style.
2005-09-29 19:31:12 +00:00
Vsevolod Stakhov
2c558cfdfd
Document vulnerabilities in www/phpmyfaq
2005-09-28 22:54:43 +00:00
Remko Lodder
29187277a0
Add linux_base-suse-9.3 to the zlib entry.
...
Inspired by: trevors commit.
2005-09-24 09:22:30 +00:00
Simon L. B. Nielsen
2548c814c4
Document clamav -- arbitrary code execution and DoS vulnerabilities.
2005-09-24 08:31:46 +00:00
Simon L. B. Nielsen
30b443303c
- Be consistent and call entries "firefox & mozilla", not the other way
...
around.
- Mark latest linux-mozilla port as fixed for recent mozilla
vulnerabilities.
2005-09-23 21:44:15 +00:00
Simon L. B. Nielsen
5477df8a4d
- Document mozilla & firefox -- multiple vulnerabilities.
...
- Add Mozilla Foundation Security Advisory references to two other
firefox/mozilla entries.
2005-09-23 19:19:03 +00:00
Simon L. B. Nielsen
9caf96ed77
Add real references to urban -- stack overflow vulnerabilities.
2005-09-21 23:03:56 +00:00
Simon L. B. Nielsen
dd5c1f81f5
Document mozilla & firefox -- command line URL shell command injection.
2005-09-21 22:31:09 +00:00
Simon L. B. Nielsen
e348f65ac4
Add CVE name for tor -- diffie-hellman handshake flaw.
2005-09-21 21:59:31 +00:00
Simon L. B. Nielsen
ae68849b21
Correct package name for entry bind -- buffer overrun vulnerability.
2005-09-21 21:46:25 +00:00
Simon L. B. Nielsen
28c69d6d13
Add CVE name to an older CUPS issue.
2005-09-21 21:15:51 +00:00
Remko Lodder
7869900ab0
Fix the htdig entry, the port version and the VuXML version did not
...
align.
Reported by: Nic Bellamy <nic at bellamy dot co dot nz>
2005-09-19 16:12:06 +00:00
Remko Lodder
e16354e3c3
Fix the squirrelmail entry since only versions prior to 1.4.5 were
...
affected. Bump modification date accordingly.
Reported by: Avinash Piare <avinash at piare dot org>
2005-09-19 16:09:27 +00:00
Remko Lodder
2c4ab28551
Document the following items:
...
o apache -- Certificate Revocation List (CRL) off-by-one vulnerability
o squirrelmail -- _$POST variable handling allows for various attacks
Reviewed by: simon
2005-09-17 19:08:42 +00:00
Pav Lucistnik
2e5accd757
- Add an entry on possible DOS condition regarding NTLM in squid
...
PR: ports/86179
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>
2005-09-15 20:14:26 +00:00
Dejan Lesjak
bf24ec6453
Document X11 server -- pixmap allocation vulnerability.
...
Reviewed by: simon
2005-09-14 22:22:49 +00:00
Remko Lodder
b4a8bdcba3
Document unzip -- permission race vulnerability. [1]
...
Update the recent htdig entry with it's corrected version.
Reviewed by: simon [1]
2005-09-13 20:18:44 +00:00
Simon L. B. Nielsen
02e71a56c9
Document firefox & mozilla -- buffer overflow vulnerability.
...
Prodded by: pav
2005-09-10 20:55:35 +00:00
Sam Lawrance
79fc4d5562
Mark the latest version of cups-base fixed for "xpdf -- disk fill DoS
...
vulnerability"
2005-09-07 08:46:52 +00:00
Remko Lodder
9869f02a09
Add forgotten </package> line.
...
Spotted by: simon
2005-09-04 15:24:56 +00:00
Remko Lodder
1f32002401
Mark b2evolution prior to 0.9.0.12_2 vulnerable to the XML_RPC remote php code injection vulnerability.
...
Inspired by: pav's commit, updating the port.
2005-09-04 15:16:52 +00:00
Remko Lodder
8d52ed02cb
Document htdig -- cross site scripting vulnerability.
...
Reviewed by: simon
2005-09-04 09:03:05 +00:00
Sergey Matveychuk
df93a435e2
- Document two squid security related issues.
...
PR: ports/85688
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (squid maintainer)
2005-09-04 07:54:46 +00:00
Remko Lodder
59790d976f
Document bind9 -- denial of service.
...
Also merge the FreeBSD-SA-05:12.bind9 advisory in the entry. [1]
Suggested by: simon [1]
Reviewed by: simon
2005-09-03 19:05:00 +00:00
Remko Lodder
5d3e7f35e7
Document bind -- buffer overrun vulnerability
2005-09-03 18:06:52 +00:00
Simon L. B. Nielsen
b8fc727f1e
Add a more or less bogus reference section to the last entry, to make it
...
a valid entry. The reference simply references the VuXML entry itself,
but at least it fixes the build for now.
Missed by: simon
2005-09-02 13:10:51 +00:00
Jean-Yves Lefort
83951565f6
Document stack overflow vulnerabilities in games/urban.
...
Approved by: simon
2005-09-02 12:59:55 +00:00
Simon L. B. Nielsen
ab66fb30d3
Mark latest evolution port version as fixed wrt. evolution -- remote
...
format string vulnerabilities.
2005-08-29 20:47:28 +00:00
Jun Kuriyama
11ed143aa7
Add entry for fswiki's vuln.
2005-08-29 15:10:29 +00:00
Niels Heinen
14c354e28c
Dante 1.1.15 is no longer affected by the fd_set bitmap index overflow.
...
Updated the version in VuXML (was 0).
Approved by: nectar (mentor)
2005-08-29 08:11:20 +00:00
Simon L. B. Nielsen
db3d72ecbf
- Fill out part of the std. VuXML template missed in the last entry.
...
- Mark acroread 7.0.1 as fixed for acroread -- XML External Entity
vulnerability. [1]
Reported by: Sverre H. Huseby [1]
2005-08-28 20:48:11 +00:00
Simon L. B. Nielsen
b7a42fed66
Document evolution -- remote format string vulnerabilities.
...
Approved by: portmgr (blanket, VuXML)
2005-08-27 22:25:30 +00:00
Simon L. B. Nielsen
32797fc1e4
Document pam_ldap -- authentication bypass vulnerability.
...
Approved by: portmgr (blanket, VuXML)
2005-08-27 21:54:42 +00:00
Simon L. B. Nielsen
8322548dab
Mark phpgroupware as vulnerable to pear-XML_RPC -- remote PHP code
...
injection vulnerability.
Reported by: olgeni
Approved by: portmgr (blanket, VuXML)
2005-08-27 18:17:24 +00:00
Simon L. B. Nielsen
e88212ee93
Document pcre -- regular expression buffer overflow.
...
Approved by: portmgr (blanket, VuXML)
2005-08-26 21:24:31 +00:00
Simon L. B. Nielsen
5fff46907e
Mark latest awstats port as fixed for awstats -- arbitrary code
...
execution vulnerability.
Approved by: portmgr (blanket, VuXML)
2005-08-23 20:26:38 +00:00
Sergey Matveychuk
5a393f74af
Document mail/elm remote buffer overflow vulnerability.
...
PR: ports/85225
Submitted by: Kevin Day <toasty@dragondata.com> (elm maintainer)
Approved by: portmgr (blanket, VuXML)
2005-08-23 19:07:08 +00:00
Remko Lodder
5dd48b46c5
Document four vulnerabilities in openvpn:
...
* openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server
* openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory
* openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients
* openvpn -- denial of service: client certificate validation can disconnect unrelated clients
Approved by: portsmgr (blanket VuXML)
Submitted by: Matthias Andree <matthias dot andree at gmx dot de>
2005-08-19 09:58:19 +00:00
Simon L. B. Nielsen
36ab3408aa
Also mark phpAdsNew as affected by "pear-XML_RPC -- remote PHP code
...
injection vulnerability".
Approved by: portmgr (blanket, VuXML)
2005-08-17 20:01:01 +00:00
Remko Lodder
b942a2a7c2
Add the fixed version so that people do not get a stale portaudit when the update is there.
...
Also fix some indentation that i overlooked.
Noticed by: simon (both of the items)
Approved by: portsmgr (blanket VuXML)
2005-08-17 19:46:39 +00:00
Remko Lodder
937ce6aba9
Document tor -- diffie-hellman handshake flaw.
...
Submitted by: Michal Bartkowiak <michal at nonspace dot net>
Approved by: portsmgr (blanket VuXML)
2005-08-17 19:34:44 +00:00
Simon L. B. Nielsen
b301e67e49
gpdf has been fixed for "xpdf -- disk fill DoS vulnerability", mark it
...
as such.
Approved by: portmgr (blanket, VuXML)
2005-08-16 21:19:30 +00:00
Simon L. B. Nielsen
75172d796f
Add eGroupWare to the list of packages affected by "pear-XML_RPC --
...
remote PHP code injection vulnerability".
Approved by: portmgr (blanket, VuXML)
2005-08-16 20:56:54 +00:00
Simon L. B. Nielsen
59a6826b92
Document acroread -- plug-in buffer overflow vulnerability.
...
Approved by: portmgr (blanket, VuXML)
2005-08-16 18:43:41 +00:00
Simon L. B. Nielsen
2836760398
Add phpmyfaq and drupal to the "pear-XML_RPC -- remote PHP code
...
injection vulnerability" entry since they contain an embedded version of
pear-XML_RPC.
Fix typo in body of the latest xpdf entry (note: no modified date bump
as this is a minor typo fix which does change <affects>).
Approved by: portmgr (blanket, VuXML)
2005-08-15 20:38:54 +00:00
Simon L. B. Nielsen
a098192895
Document pear-XML_RPC -- remote PHP code injection vulnerability.
...
Submitted by: hrs
Approved by: portmgr (blanket, VuXML)
2005-08-15 13:20:30 +00:00
Simon L. B. Nielsen
782374f5c4
Document awstats -- arbitrary code execution vulnerability.
...
Approved by: portmgr (blanket, VuXML)
2005-08-14 21:09:10 +00:00
Simon L. B. Nielsen
c1bc774e4b
After further examination it turns out that gnugadu does not include
...
libgadu, at least not any in any current version, and from looking at
the gnugadu code there is no direct indication that this code should
actually be vulnerable to the other libgadu vulnerabilities. [1]
The gaim part of libgadu -- multiple vulnerabilities was fixed in
1.4.0_1. [2]
Polish translation clue: pjd [1]
General clue by: markus [2]
Not enough checking: simon
Approved by: portmgr (blanket, VuXML)
2005-08-12 16:38:54 +00:00
Simon L. B. Nielsen
41071473f7
Remove pl-gnugadu2 and kadu from being affected by libgadu -- multiple
...
vulnerabilities, since it turns out that they use libgadu from the ekg
port.
Approved by: portmgr (blanket, VuXML)
2005-08-12 14:45:57 +00:00
Simon L. B. Nielsen
57454f0e97
Document libgadu -- multiple vulnerabilities.
...
Approved by: portmgr (blanket, VuXML)
2005-08-12 14:21:10 +00:00
Simon L. B. Nielsen
da8382985a
Document gaim -- AIM/ICQ away message buffer overflow and gaim --
...
AIM/ICQ non-UTF-8 filename crash.
Approved by: portmgr (blanket, VuXML)
2005-08-12 11:26:44 +00:00
Simon L. B. Nielsen
7cc5d12599
Remove pdftohtml from the list of packages affected by xpdf -- disk
...
fill DoS vulnerability, since it includes xpdf 2, which should not be
affected.
Approved by: portmgr (blanket, VuXML)
2005-08-12 10:42:13 +00:00
Simon L. B. Nielsen
2a2ea79881
Document xpdf -- disk fill DoS vulnerability.
...
Approved by: portmgr (blanket, VuXML)
2005-08-11 22:18:53 +00:00
Simon L. B. Nielsen
4518fa7463
Mark apache 1.3.33_2 as fixed for apache -- http request smuggling.
...
Approved by: portmgr (blanket, VuXML)
2005-08-11 12:40:51 +00:00
Simon L. B. Nielsen
d20662bf31
Document gforge -- XSS and email flood vulnerabilities.
...
Approved by: portmgr (blanket, VuXML)
2005-08-09 11:51:25 +00:00
Simon L. B. Nielsen
befbd7cfa6
Document postnuke -- multiple vulnerabilities.
...
Approved by: portmgr (blanket, VuXML)
2005-08-07 22:19:56 +00:00
Simon L. B. Nielsen
68bc305b6a
Document mambo -- multiple vulnerabilities.
...
Approved by: portmgr (blanket, VuXML)
2005-08-05 13:32:16 +00:00
Remko Lodder
fe4ad03a99
Correct the ranges for the IPSec advisory and the devfs advisory.
...
Also correct proper ranges for the zlib advisory.
Approved by: portsmgr (blanket VuXML)
2005-08-05 10:34:41 +00:00
Remko Lodder
22fd9bb398
Document some recent FreeBSD advisories:
...
o devfs -- ruleset bypass.
o zlib -- buffer overflow vulnerability.
o ipsec -- Incorrect key usage in AES-XCBC-MAC.
Approved by: portsmgr (blanket VuXML)
2005-08-05 10:21:39 +00:00
Remko Lodder
6b21656446
Add some more entries to the apache -- http smuggling vulnerability.
...
PR: ports/84312
Submitted by: Dmitry A Grigorovich <odip at bionet dot nsc dot ru>
Approved by: portsmgr (blanket VuXML)
2005-08-04 15:56:53 +00:00
Simon L. B. Nielsen
379edd924d
Document proftpd -- format string vulnerabilities.
...
Approved by: portmgr (blanket, VuXML)
2005-08-03 17:14:16 +00:00
Simon L. B. Nielsen
fa7419cac1
Note that the fix for gnupg -- OpenPGP symmetric encryption
...
vulnerability in gnupg is not complete (see entry for details).
Discussed with: nectar
Approved by: portmgr (blanket, VuXML)
2005-08-03 16:54:47 +00:00
Simon L. B. Nielsen
79a8a98fa3
Mark p5-Crypt-OpenPGP, pgp, and pgpin as vulnerable to gnupg --
...
OpenPGP symmetric encryption vulnerability.
Reminded by: nectar
Approved by: portmgr (blanket, VuXML)
2005-08-03 11:58:12 +00:00
Simon L. B. Nielsen
e439b01dd9
Mark latest gdal version as fixed for all tiff vulnerabilities.
2005-08-01 18:38:11 +00:00
Niels Heinen
1e90f90311
Added nbsmtp format string vulnerability.
...
Approved by: nectar (mentor)
2005-08-01 07:45:17 +00:00
Simon L. B. Nielsen
78b7cf7598
Mark latest the linux-tiff and pdflib ports safe from latest tiff
...
vulnerability.
Thanks to lawrance and netchild for fast fixes.
2005-07-31 23:39:50 +00:00
Simon L. B. Nielsen
609dafe78b
Document sylpheed -- MIME-encoded file name buffer overflow
...
vulnerability.
2005-07-31 15:00:54 +00:00