freebsd-ports

Author	SHA1	Message	Date
Simon L. B. Nielsen	07c857289d	Bump modification date for entries touched by last commit.	2005-12-23 12:10:21 +00:00
Remko Lodder	b8bdbc097e	Update the phpSysInfo entries, PR ports/90849 will solve the documented issues. Requested by: Babak Farrokhi <babak at farrokhi dot net>	2005-12-23 11:47:23 +00:00
Remko Lodder	089f400b2f	Fix another typo in my nbd entry. Spotted by: Linus Nordberg <linus at nordberg dot se>	2005-12-23 10:29:49 +00:00
Remko Lodder	2560e63b03	Correct a typo. Submitted by: Linus Nordberg <linus at nordberg dot se>	2005-12-22 21:25:07 +00:00
Remko Lodder	c3647ba89e	Update the affected range. Prodded by: erwin	2005-12-22 21:08:08 +00:00
Remko Lodder	a573c0bbf8	:	2005-12-22 21:05:31 +00:00
Renato Botelho	f2e0663da9	- Register scponly-4.1 vulnerabilities PR: ports/90813 Submitted by: maintainer Security: https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html	2005-12-22 16:25:09 +00:00
Remko Lodder	9467f6bd7a	Correct the recent horde entries as per the FDP (made the entries max 72 chars wide).	2005-12-22 15:49:31 +00:00
Simon Barner	b218a8d221	Document fetchmail vulnerability: http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt (CVE-2005-4348) Reviewed by: secteam (simon@)	2005-12-19 15:14:33 +00:00
Remko Lodder	77eaeee548	Document the following mantis vulnerabilities: o "t_core_path" file inclusion vulnerability o "view_filters_page.php" cross-site scripting vulnerability	2005-12-14 21:51:50 +00:00
Thierry Thomas	ebe3cc4d05	- Add entries for several XSS vulnerabilities in Horde, Kronolith, Nag Turba and Mnemo; - Fix a typo in the previous Horde entry.	2005-12-11 21:41:22 +00:00
Marcus Alves Grando	03872f0906	Add curl -- URL buffer overflow vulnerability Reviewed by: simon	2005-12-09 12:24:21 +00:00
Marcus Alves Grando	4bcaccddbe	Add phpmyadmin -- register_globals emulation "import_blacklist" manipulation Add phpmyadmin -- XSS vulnerabilities	2005-12-07 21:59:01 +00:00
Marcus Alves Grando	feadf43eb5	Add ffmpeg -- libavcodec buffer overflow vulnerability Reviewed by: simon	2005-12-07 11:53:07 +00:00
Marcus Alves Grando	a5c05ad2ac	Add trac -- search module SQL injection vulnerability Reviewed by: simon	2005-12-07 11:34:33 +00:00
Marcus Alves Grando	662164b1da	Add drupal -- multiple vulnerabilities Reviewed by: simon	2005-12-01 16:08:47 +00:00
Simon L. B. Nielsen	0e1765d248	Document opera -- multiple vulnerabilities.	2005-11-30 20:55:36 +00:00
Simon L. B. Nielsen	43403b4c69	Document opera -- command line URL shell command injection.	2005-11-30 20:35:51 +00:00
Marcus Alves Grando	8d8572161c	Add entry to www/mambo Reviewed by: simon	2005-11-30 13:41:53 +00:00
Simon L. B. Nielsen	f7f50cf4a0	Mark flyspar 0.9.8 as fixed wrt. "flyspray -- cross-site scripting vulnerabilities" since our port version of 0.9.8 includes update1 which fixes the issue. Reported by: Volodymyr Kostyrko via pav	2005-11-29 08:41:51 +00:00
Marcus Alves Grando	1213510c44	Change topic zope28 to zope (www/zope affected too) Add <cvename> to zope entry Change CAN-XXXX-XXXX to CVE-XXXX-XXXX Reviewed by: simon	2005-11-28 15:37:03 +00:00
Hiroki Sato	ceed13510d	Security fix: several shell scripts included in the Ghostscript package allow local users to overwrite files via a symlink attack on temporary files. Security: CAN-2004-0967	2005-11-27 17:57:19 +00:00
Remko Lodder	0f2ad8777c	Standarize the horde -- Cross site scripting vulnerabilities in MIME viewers entry as per the FDP-primer and the vuxml layout (topic). Also correct the qpopper vulnerability to match 4.0 and above since the 2.x range is listed as affected at the moment but has an entirely different base. After checking it appears that the information all point to >= 4.0. [1] Noticed by: ache [1]	2005-11-26 10:54:21 +00:00
Thierry Thomas	2a2d2becd1	Add an entry for cross site scripting vulnerabilities in Horde's MIME viewers.	2005-11-22 19:56:53 +00:00
Marcus Alves Grando	96a2aa8bd7	phpmyadmin -- HTTP Response Splitting vulnerability Reviewed by: simon	2005-11-16 14:17:43 +00:00
Simon L. B. Nielsen	13c002e952	Add CVE name to an old sudo entry.	2005-11-14 16:57:25 +00:00
Simon L. B. Nielsen	a8e0909706	Update latest phpSysInfo entry to reflect that 2.4 was in fact not fixed (or rather, had an incorrect "fix"). Reported by: Christopher Kunz (advisory author) Security: http://www.hardened-php.net/advisory_222005.81.html	2005-11-14 08:45:08 +00:00
Sergey Matveychuk	49a81eebfa	- Micromedia -> Macromedia - Standard FDP primer documentation rules apply - Two dots fixed Noted by: remko	2005-11-13 21:39:56 +00:00
Sergey Matveychuk	5e8e8dd93a	- Document phpSysInfo vulnerability	2005-11-13 21:21:16 +00:00
Sergey Matveychuk	0f9a54454c	- Document flashplugin vulnerability	2005-11-13 20:59:46 +00:00
Sergey Matveychuk	64ba4504f8	- Document p5-Mail-SpamAssassin vulnerabily (alread fixed in ports) - Document flyspray cross-site scripting vulnerabilities	2005-11-10 11:09:55 +00:00
Remko Lodder	b7b4aa1a89	Update the recent gallery2 and webcalendar entries: o Add a better topic (description) o Reword the webcalendar entry to have some more usefull data o Add references (bid's and CVE names).	2005-11-08 17:34:39 +00:00
Remko Lodder	a4156d4fb4	Document qpopper -- multiple privilege escalation vulnerabilities. Note that the current version is not affected anymore.	2005-11-07 20:44:06 +00:00
Sergey Matveychuk	3a95aa3424	- Add missed </p> tag [1] - Modify 594eb447-e398-11d9-a8bd-000cf18bbe54 entry: ruby 1.6.x is not affected this vulnerability, it have no XMLRPC support. Pointy hat to: simon [1]	2005-11-06 17:28:04 +00:00
Simon L. B. Nielsen	e878b5dcc2	Add a bit more info from the PEAR advisory about the vulnerability to make the scope of the vulnerability a bit more clear. Disussed with: thierry	2005-11-04 22:49:33 +00:00
Simon L. B. Nielsen	fc7d9d38e2	The two latest OpenVPN vulnerabilities were both only for 2.0 and newer, so mark the correctly as such. Submitted by: Matthias Andree <matthias.andree@gmx.de>	2005-11-04 22:35:05 +00:00
Thierry Thomas	6908b8e306	Add an entry for pear-PEAR arbitrary code execution vulnerability.	2005-11-04 21:23:28 +00:00
Simon L. B. Nielsen	20415e3666	Correct skype entry to match the correct fixed port version number. Noted by: Stefan Lambrev, cheffo FreeBSD-BG org	2005-11-02 10:16:50 +00:00
Simon L. B. Nielsen	74bda32714	Document two OpenVPN vulnerabilities. Submitted by: Matthias Andree <matthias.andree@gmx.de>	2005-11-01 22:49:20 +00:00
Christian Weisgerber	043bec08e1	As Peter Jeremy points out, the recent lynx vulnerability also concerns lynx-ssl.	2005-11-01 21:39:24 +00:00
Sergey Matveychuk	ba5c859849	- Document skype vulnerabilities - Document PHP vulnerabilities - Convert first letters in titles from upcase to lowercase in my last additions.	2005-11-01 09:33:40 +00:00
Sergey Matveychuk	4b4f27f030	- Document CVE-2005-3258: Squid FTP Server Response Handling Denial of Service	2005-11-01 08:44:36 +00:00
Sergey Matveychuk	0cfd8b1054	- Document a BASE Basic Analysis and Security Engine vulnerability	2005-10-31 19:03:12 +00:00
Simon L. B. Nielsen	d25bb42000	Back out the accidentally committed white-space modification parts of rev. 1.869, but keep the lynx entry. Pointy hat to: naddy OK'ed by: naddy	2005-10-31 18:02:10 +00:00
Simon Barner	7eefc00039	Add entry for "fetchmail -- fetchmailconf local password exposure", which was fixed with fetchmail-6.2.5.2_1 and above.	2005-10-31 09:04:22 +00:00
Christian Weisgerber	9e143bac60	Document lynx remote buffer overflow in NNTP header handling.	2005-10-30 22:17:54 +00:00
Sergey Matveychuk	705fca86db	- Fix a ruby vulnerabuility in the safe level settings. Based on: ports/87816 Submitted by: Phil Oleson <oz@nixil.net> Security: http://vuxml.FreeBSD.org/1daea60a-4719-11da-b5c6-0004614cc33d.html	2005-10-27 19:40:25 +00:00
Simon L. B. Nielsen	c587ee6bfb	Add more references to entry net-snmp -- remote DoS vulnerability.	2005-10-26 19:53:24 +00:00
Simon L. B. Nielsen	d8b39dfd0d	- Mark linux-firefox 1.0.7 as fixed wrt. 8665ebb9-2237-11da-978e-0001020eed82 (Mozilla/firefox IDN buffer overflow) [1]. - Correct some of the the earlier linux-firefox entries to match versions before 1.0.7, not after (whoops)... Prodded by: Andrew P. <infofarmer@gmail.com> [1]	2005-10-26 10:00:17 +00:00
Dejan Lesjak	228b1fb072	Add misc/compat5x to "openssl -- potential SSL 2.0 rollback". Reviewed by: simon	2005-10-25 19:52:37 +00:00
Simon L. B. Nielsen	c7a517bf2d	Also mark xli as vulnerable to xloadimage -- buffer overflows in NIFF image title handling, and latest port version as fixed. Reported by: jkoshy	2005-10-23 17:10:48 +00:00
Simon L. B. Nielsen	530688ac0c	For entry libgadu -- multiple vulnerabilities: - Mark latest centericq port version as fixed. - Fix cite in description.	2005-10-23 16:50:42 +00:00
Simon L. B. Nielsen	31635d863b	For entry zope28 -- expose RestructuredText functionality to untrusted users: - Do not match zope 2.7.8 which has been fixed. [1] - Fix typo in topic. - Add another reference. Reported by: Gerhard Schmidt <estartu augusta de> [1]	2005-10-23 09:09:46 +00:00
Simon L. B. Nielsen	2289fae663	Add another reference to clamav -- arbitrary code execution and DoS vulnerabilities entry.	2005-10-22 13:41:20 +00:00
Christian Weisgerber	46df580663	Document x11/xloadimage buffer overflows in NIFF image title handling.	2005-10-20 13:52:35 +00:00
Jacques Vidrine	66bb2d5d4d	Rename all CAN-yyyy-nnnn to CVE-yyyy-nnnn, with the exception of text inside <blockquote>s. See <URL:http://www.cve.mitre.org/cve/renumber.html>.	2005-10-19 18:17:47 +00:00
Simon L. B. Nielsen	0fb395018e	For entry: snort -- Back Orifice preprocessor buffer overflow vulnerability: - Sort references. - Add ISS advisory to references.	2005-10-18 19:45:58 +00:00
Simon L. B. Nielsen	e9dcf64a76	- Document snort -- Back Orifice preprocessor buffer overflow vulnerability. - Use standard topic format for webcalendar entry. - Fix package name in webcalendar so it matches the actual package name.	2005-10-18 17:42:13 +00:00
Sergey Matveychuk	42f8e5df56	- Document www/webcalendar vulnerability.	2005-10-14 21:57:41 +00:00
Sergey Matveychuk	afc778e560	- Document www/gallery2 vulnerability.	2005-10-14 21:38:08 +00:00
Simon L. B. Nielsen	060b28a44c	Improve last couple of entries: - Use standard topic format. - Fix packagename in phpmyadmin and zone entries. - Fix indention and remove EOL white-space. - Make lead in a bit more verbose. - Add more references to phpmyadmin issue. - Remove some redundant quoted text in zope issue.	2005-10-12 22:53:00 +00:00
Marcus Alves Grando	50473025e1	Add entry for openssl Remove entry about safe mode in phpmyadmin	2005-10-12 14:51:14 +00:00
Marcus Alves Grando	2197a4f7d5	Add entry for phpmyadmin (PMASA-2005-4)	2005-10-12 00:24:38 +00:00
Marcus Alves Grando	0019741ea6	Fix typo with range values	2005-10-12 00:12:20 +00:00
Marcus Alves Grando	398ca09449	Add entry from zope28	2005-10-12 00:01:03 +00:00
Simon L. B. Nielsen	0fd61e032b	For libxine -- format string vulnerability entry: - Add reference to xine security announcement. - Fix indention on a few lines.	2005-10-09 21:03:07 +00:00
MANTANI Nobutaka	53462117ca	Add an entry for libxine format string vulnerability.	2005-10-09 16:14:41 +00:00
Simon L. B. Nielsen	e9669d49c2	Mark older revisions linux_base-suse 9.3 as vulnerable to kdebase -- Kate backup file permission leak.	2005-10-09 10:14:26 +00:00
Sergei Kolobov	eaca034440	- Mark cfengine's arbitrary file overwriting vulnerability as fixed in 2.1.6_1 - Add another possible variant of package name - cfengine2	2005-10-07 07:31:50 +00:00
Thierry Thomas	c2caa0f6a0	Add an entry for UW-IMAP Mailbox Name Handling Remote Buffer Overflow Vulnerability (CAN-2005-2933).	2005-10-05 17:44:06 +00:00
Emanuel Haupt	ec08f711e1	Add credit for recent ftp/weex incident Approved by: novel (mentor)	2005-10-05 15:55:08 +00:00
Renato Botelho	a1bb849ee3	rinetd >= 0.62_1 has no more vulnerabilities	2005-10-04 13:22:59 +00:00
Remko Lodder	2d1e7daa64	Add references to three squid entries. Submitted by: Thomas-Martin Seck <tmseck at netcologne dot de> (except for the bid's which i added myself).	2005-10-02 20:10:41 +00:00
Simon L. B. Nielsen	99a5d1fcad	Use the <freebsdpr> tag to markup a PR in weex -- remote format string vulnerability entry.	2005-10-02 17:46:23 +00:00
Jean-Yves Lefort	2d89b6b140	Document a format string vulnerability in ftp/weex.	2005-10-02 16:11:30 +00:00
Simon L. B. Nielsen	28d0fdcdbf	Document picasm -- buffer overflow vulnerability.	2005-10-02 07:45:28 +00:00
MANTANI Nobutaka	3be9e2b847	Add an URL to the entry of the japanese/uim.	2005-10-01 16:43:38 +00:00
MANTANI Nobutaka	48c0ea3617	Document japanese/uim privilege escalation vulnerability.	2005-10-01 16:35:20 +00:00
Simon L. B. Nielsen	1389eab081	Document cfengine -- arbitrary file overwriting vulnerability.	2005-10-01 15:21:56 +00:00
Remko Lodder	a68c8964d5	Mark zsync <= 0.4.1 vulnerable to the zlib buffer overflow vulnerability. Inspired by: gordon's commit	2005-10-01 10:17:19 +00:00
Simon L. B. Nielsen	df8805e636	Add more references to unace -- multiple vulnerabilities entry.	2005-10-01 08:40:57 +00:00
Simon L. B. Nielsen	2ab099b72e	Add CVE name to an older ProZilla entry.	2005-10-01 07:14:34 +00:00
Simon L. B. Nielsen	bd704294a4	Add more references for latest phpmyfaq entry.	2005-09-29 20:01:41 +00:00
Simon L. B. Nielsen	0daf44cec5	- Add a note that new entries, per convention, should be added to the start of this file. For latest phpmyfaq entry: - Use port directory name as first part of topic. - No need to include information about affected releases in topic (it's somewhat redundant and makes the title longer). - Reindent body with standard FreeBSD Doc Project (more or less) style.	2005-09-29 19:31:12 +00:00
Vsevolod Stakhov	2c558cfdfd	Document vulnerabilities in www/phpmyfaq	2005-09-28 22:54:43 +00:00
Remko Lodder	29187277a0	Add linux_base-suse-9.3 to the zlib entry. Inspired by: trevors commit.	2005-09-24 09:22:30 +00:00
Simon L. B. Nielsen	2548c814c4	Document clamav -- arbitrary code execution and DoS vulnerabilities.	2005-09-24 08:31:46 +00:00
Simon L. B. Nielsen	30b443303c	- Be consistent and call entries "firefox & mozilla", not the other way around. - Mark latest linux-mozilla port as fixed for recent mozilla vulnerabilities.	2005-09-23 21:44:15 +00:00
Simon L. B. Nielsen	5477df8a4d	- Document mozilla & firefox -- multiple vulnerabilities. - Add Mozilla Foundation Security Advisory references to two other firefox/mozilla entries.	2005-09-23 19:19:03 +00:00
Simon L. B. Nielsen	9caf96ed77	Add real references to urban -- stack overflow vulnerabilities.	2005-09-21 23:03:56 +00:00
Simon L. B. Nielsen	dd5c1f81f5	Document mozilla & firefox -- command line URL shell command injection.	2005-09-21 22:31:09 +00:00
Simon L. B. Nielsen	e348f65ac4	Add CVE name for tor -- diffie-hellman handshake flaw.	2005-09-21 21:59:31 +00:00
Simon L. B. Nielsen	ae68849b21	Correct package name for entry bind -- buffer overrun vulnerability.	2005-09-21 21:46:25 +00:00
Simon L. B. Nielsen	28c69d6d13	Add CVE name to an older CUPS issue.	2005-09-21 21:15:51 +00:00
Remko Lodder	7869900ab0	Fix the htdig entry, the port version and the VuXML version did not align. Reported by: Nic Bellamy <nic at bellamy dot co dot nz>	2005-09-19 16:12:06 +00:00
Remko Lodder	e16354e3c3	Fix the squirrelmail entry since only versions prior to 1.4.5 were affected. Bump modification date accordingly. Reported by: Avinash Piare <avinash at piare dot org>	2005-09-19 16:09:27 +00:00
Remko Lodder	2c4ab28551	Document the following items: o apache -- Certificate Revocation List (CRL) off-by-one vulnerability o squirrelmail -- _$POST variable handling allows for various attacks Reviewed by: simon	2005-09-17 19:08:42 +00:00
Pav Lucistnik	2e5accd757	- Add an entry on possible DOS condition regarding NTLM in squid PR: ports/86179 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2005-09-15 20:14:26 +00:00
Dejan Lesjak	bf24ec6453	Document X11 server -- pixmap allocation vulnerability. Reviewed by: simon	2005-09-14 22:22:49 +00:00
Remko Lodder	b4a8bdcba3	Document unzip -- permission race vulnerability. [1] Update the recent htdig entry with it's corrected version. Reviewed by: simon [1]	2005-09-13 20:18:44 +00:00
Simon L. B. Nielsen	02e71a56c9	Document firefox & mozilla -- buffer overflow vulnerability. Prodded by: pav	2005-09-10 20:55:35 +00:00
Sam Lawrance	79fc4d5562	Mark the latest version of cups-base fixed for "xpdf -- disk fill DoS vulnerability"	2005-09-07 08:46:52 +00:00
Remko Lodder	9869f02a09	Add forgotten </package> line. Spotted by: simon	2005-09-04 15:24:56 +00:00
Remko Lodder	1f32002401	Mark b2evolution prior to 0.9.0.12_2 vulnerable to the XML_RPC remote php code injection vulnerability. Inspired by: pav's commit, updating the port.	2005-09-04 15:16:52 +00:00
Remko Lodder	8d52ed02cb	Document htdig -- cross site scripting vulnerability. Reviewed by: simon	2005-09-04 09:03:05 +00:00
Sergey Matveychuk	df93a435e2	- Document two squid security related issues. PR: ports/85688 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (squid maintainer)	2005-09-04 07:54:46 +00:00
Remko Lodder	59790d976f	Document bind9 -- denial of service. Also merge the FreeBSD-SA-05:12.bind9 advisory in the entry. [1] Suggested by: simon [1] Reviewed by: simon	2005-09-03 19:05:00 +00:00
Remko Lodder	5d3e7f35e7	Document bind -- buffer overrun vulnerability	2005-09-03 18:06:52 +00:00
Simon L. B. Nielsen	b8fc727f1e	Add a more or less bogus reference section to the last entry, to make it a valid entry. The reference simply references the VuXML entry itself, but at least it fixes the build for now. Missed by: simon	2005-09-02 13:10:51 +00:00
Jean-Yves Lefort	83951565f6	Document stack overflow vulnerabilities in games/urban. Approved by: simon	2005-09-02 12:59:55 +00:00
Simon L. B. Nielsen	ab66fb30d3	Mark latest evolution port version as fixed wrt. evolution -- remote format string vulnerabilities.	2005-08-29 20:47:28 +00:00
Jun Kuriyama	11ed143aa7	Add entry for fswiki's vuln.	2005-08-29 15:10:29 +00:00
Niels Heinen	14c354e28c	Dante 1.1.15 is no longer affected by the fd_set bitmap index overflow. Updated the version in VuXML (was 0). Approved by: nectar (mentor)	2005-08-29 08:11:20 +00:00
Simon L. B. Nielsen	db3d72ecbf	- Fill out part of the std. VuXML template missed in the last entry. - Mark acroread 7.0.1 as fixed for acroread -- XML External Entity vulnerability. [1] Reported by: Sverre H. Huseby [1]	2005-08-28 20:48:11 +00:00
Simon L. B. Nielsen	b7a42fed66	Document evolution -- remote format string vulnerabilities. Approved by: portmgr (blanket, VuXML)	2005-08-27 22:25:30 +00:00
Simon L. B. Nielsen	32797fc1e4	Document pam_ldap -- authentication bypass vulnerability. Approved by: portmgr (blanket, VuXML)	2005-08-27 21:54:42 +00:00
Simon L. B. Nielsen	8322548dab	Mark phpgroupware as vulnerable to pear-XML_RPC -- remote PHP code injection vulnerability. Reported by: olgeni Approved by: portmgr (blanket, VuXML)	2005-08-27 18:17:24 +00:00
Simon L. B. Nielsen	e88212ee93	Document pcre -- regular expression buffer overflow. Approved by: portmgr (blanket, VuXML)	2005-08-26 21:24:31 +00:00
Simon L. B. Nielsen	5fff46907e	Mark latest awstats port as fixed for awstats -- arbitrary code execution vulnerability. Approved by: portmgr (blanket, VuXML)	2005-08-23 20:26:38 +00:00
Sergey Matveychuk	5a393f74af	Document mail/elm remote buffer overflow vulnerability. PR: ports/85225 Submitted by: Kevin Day <toasty@dragondata.com> (elm maintainer) Approved by: portmgr (blanket, VuXML)	2005-08-23 19:07:08 +00:00
Remko Lodder	5dd48b46c5	Document four vulnerabilities in openvpn: * openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server * openvpn -- denial of service: malicious authenticated "tap" client can deplete server virtual memory * openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients * openvpn -- denial of service: client certificate validation can disconnect unrelated clients Approved by: portsmgr (blanket VuXML) Submitted by: Matthias Andree <matthias dot andree at gmx dot de>	2005-08-19 09:58:19 +00:00
Simon L. B. Nielsen	36ab3408aa	Also mark phpAdsNew as affected by "pear-XML_RPC -- remote PHP code injection vulnerability". Approved by: portmgr (blanket, VuXML)	2005-08-17 20:01:01 +00:00
Remko Lodder	b942a2a7c2	Add the fixed version so that people do not get a stale portaudit when the update is there. Also fix some indentation that i overlooked. Noticed by: simon (both of the items) Approved by: portsmgr (blanket VuXML)	2005-08-17 19:46:39 +00:00
Remko Lodder	937ce6aba9	Document tor -- diffie-hellman handshake flaw. Submitted by: Michal Bartkowiak <michal at nonspace dot net> Approved by: portsmgr (blanket VuXML)	2005-08-17 19:34:44 +00:00
Simon L. B. Nielsen	b301e67e49	gpdf has been fixed for "xpdf -- disk fill DoS vulnerability", mark it as such. Approved by: portmgr (blanket, VuXML)	2005-08-16 21:19:30 +00:00
Simon L. B. Nielsen	75172d796f	Add eGroupWare to the list of packages affected by "pear-XML_RPC -- remote PHP code injection vulnerability". Approved by: portmgr (blanket, VuXML)	2005-08-16 20:56:54 +00:00
Simon L. B. Nielsen	59a6826b92	Document acroread -- plug-in buffer overflow vulnerability. Approved by: portmgr (blanket, VuXML)	2005-08-16 18:43:41 +00:00
Simon L. B. Nielsen	2836760398	Add phpmyfaq and drupal to the "pear-XML_RPC -- remote PHP code injection vulnerability" entry since they contain an embedded version of pear-XML_RPC. Fix typo in body of the latest xpdf entry (note: no modified date bump as this is a minor typo fix which does change <affects>). Approved by: portmgr (blanket, VuXML)	2005-08-15 20:38:54 +00:00
Simon L. B. Nielsen	a098192895	Document pear-XML_RPC -- remote PHP code injection vulnerability. Submitted by: hrs Approved by: portmgr (blanket, VuXML)	2005-08-15 13:20:30 +00:00
Simon L. B. Nielsen	782374f5c4	Document awstats -- arbitrary code execution vulnerability. Approved by: portmgr (blanket, VuXML)	2005-08-14 21:09:10 +00:00
Simon L. B. Nielsen	c1bc774e4b	After further examination it turns out that gnugadu does not include libgadu, at least not any in any current version, and from looking at the gnugadu code there is no direct indication that this code should actually be vulnerable to the other libgadu vulnerabilities. [1] The gaim part of libgadu -- multiple vulnerabilities was fixed in 1.4.0_1. [2] Polish translation clue: pjd [1] General clue by: markus [2] Not enough checking: simon Approved by: portmgr (blanket, VuXML)	2005-08-12 16:38:54 +00:00
Simon L. B. Nielsen	41071473f7	Remove pl-gnugadu2 and kadu from being affected by libgadu -- multiple vulnerabilities, since it turns out that they use libgadu from the ekg port. Approved by: portmgr (blanket, VuXML)	2005-08-12 14:45:57 +00:00
Simon L. B. Nielsen	57454f0e97	Document libgadu -- multiple vulnerabilities. Approved by: portmgr (blanket, VuXML)	2005-08-12 14:21:10 +00:00
Simon L. B. Nielsen	da8382985a	Document gaim -- AIM/ICQ away message buffer overflow and gaim -- AIM/ICQ non-UTF-8 filename crash. Approved by: portmgr (blanket, VuXML)	2005-08-12 11:26:44 +00:00
Simon L. B. Nielsen	7cc5d12599	Remove pdftohtml from the list of packages affected by xpdf -- disk fill DoS vulnerability, since it includes xpdf 2, which should not be affected. Approved by: portmgr (blanket, VuXML)	2005-08-12 10:42:13 +00:00
Simon L. B. Nielsen	2a2ea79881	Document xpdf -- disk fill DoS vulnerability. Approved by: portmgr (blanket, VuXML)	2005-08-11 22:18:53 +00:00
Simon L. B. Nielsen	4518fa7463	Mark apache 1.3.33_2 as fixed for apache -- http request smuggling. Approved by: portmgr (blanket, VuXML)	2005-08-11 12:40:51 +00:00
Simon L. B. Nielsen	d20662bf31	Document gforge -- XSS and email flood vulnerabilities. Approved by: portmgr (blanket, VuXML)	2005-08-09 11:51:25 +00:00
Simon L. B. Nielsen	befbd7cfa6	Document postnuke -- multiple vulnerabilities. Approved by: portmgr (blanket, VuXML)	2005-08-07 22:19:56 +00:00
Simon L. B. Nielsen	68bc305b6a	Document mambo -- multiple vulnerabilities. Approved by: portmgr (blanket, VuXML)	2005-08-05 13:32:16 +00:00
Remko Lodder	fe4ad03a99	Correct the ranges for the IPSec advisory and the devfs advisory. Also correct proper ranges for the zlib advisory. Approved by: portsmgr (blanket VuXML)	2005-08-05 10:34:41 +00:00
Remko Lodder	22fd9bb398	Document some recent FreeBSD advisories: o devfs -- ruleset bypass. o zlib -- buffer overflow vulnerability. o ipsec -- Incorrect key usage in AES-XCBC-MAC. Approved by: portsmgr (blanket VuXML)	2005-08-05 10:21:39 +00:00
Remko Lodder	6b21656446	Add some more entries to the apache -- http smuggling vulnerability. PR: ports/84312 Submitted by: Dmitry A Grigorovich <odip at bionet dot nsc dot ru> Approved by: portsmgr (blanket VuXML)	2005-08-04 15:56:53 +00:00
Simon L. B. Nielsen	379edd924d	Document proftpd -- format string vulnerabilities. Approved by: portmgr (blanket, VuXML)	2005-08-03 17:14:16 +00:00
Simon L. B. Nielsen	fa7419cac1	Note that the fix for gnupg -- OpenPGP symmetric encryption vulnerability in gnupg is not complete (see entry for details). Discussed with: nectar Approved by: portmgr (blanket, VuXML)	2005-08-03 16:54:47 +00:00
Simon L. B. Nielsen	79a8a98fa3	Mark p5-Crypt-OpenPGP, pgp, and pgpin as vulnerable to gnupg -- OpenPGP symmetric encryption vulnerability. Reminded by: nectar Approved by: portmgr (blanket, VuXML)	2005-08-03 11:58:12 +00:00
Simon L. B. Nielsen	e439b01dd9	Mark latest gdal version as fixed for all tiff vulnerabilities.	2005-08-01 18:38:11 +00:00
Niels Heinen	1e90f90311	Added nbsmtp format string vulnerability. Approved by: nectar (mentor)	2005-08-01 07:45:17 +00:00
Simon L. B. Nielsen	78b7cf7598	Mark latest the linux-tiff and pdflib ports safe from latest tiff vulnerability. Thanks to lawrance and netchild for fast fixes.	2005-07-31 23:39:50 +00:00
Simon L. B. Nielsen	609dafe78b	Document sylpheed -- MIME-encoded file name buffer overflow vulnerability.	2005-07-31 15:00:54 +00:00

1 2 3 4 5 ...

1012 commits