freebsd-ports

Author	SHA1	Message	Date
Florian Smeets	50e94b5439	Fix a typo in the recent mozilla entry Reported by: pluknet Approved by: portmgr (tabthorpe)	2013-04-08 20:33:10 +00:00
Dirk Meyer	d917376b3d	- Security udpate to 12.15 Security: http://www.opera.com/docs/changelogs/unified/1215/ Security: http://www.opera.com/security/advisory/1046 Security: http://www.opera.com/security/advisory/1047 PR: 177654 Approved by: portmgr	2013-04-06 16:51:41 +00:00
Olli Hauer	4380eccc9f	- fix subversion range Approved by: portmgr (implizit)	2013-04-06 16:43:28 +00:00
Olli Hauer	e343942aad	- Subversion 1.7.9 security update [1] - Subversion 1.6.21 security update [2] This release addesses the following issues security issues: [1][2] CVE-2013-1845: mod_dav_svn excessive memory usage from property changes [1][2] CVE-2013-1846: mod_dav_svn crashes on LOCK requests against activity URLs [1][2] CVE-2013-1847: mod_dav_svn crashes on LOCK requests against non-existant URLs [1][2] CVE-2013-1849: mod_dav_svn crashes on PROPFIND requests against activity URLs [1] CVE-2013-1884: mod_dav_svn crashes on out of range limit in log REPORT request More information on these vulnerabilities, including the relevent advisories and potential attack vectors and workarounds, can be found on the Subversion security website: http://subversion.apache.org/security/ PR: 177646 Submitted by: ohauer Approved by: portmgr (tabthorpe, erwin), lev Security: b6beb137-9dc0-11e2-882f-20cf30e32f6d	2013-04-06 10:00:28 +00:00
Carlo Strub	b015061f67	Vulnerability in OTRS Approved by: portmgr Security: eae8e3cf-9dfe-11e2-ac7f-001fd056c417	2013-04-05 21:16:54 +00:00
Palle Girgensohn	7f4822d46a	The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. All users of the affected versions are strongly urged to apply the update immediately. A major security issue (for versions 9.x only) fixed in this release, [CVE-2013-1899](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899), makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request. This issue was discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center. Two lesser security fixes are also included in this release: [CVE-2013-1900](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900), wherein random numbers generated by contrib/pgcrypto functions may be easy for another database user to guess (all versions), and [CVE-2013-1901](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901), which mistakenly allows an unprivileged user to run commands that could interfere with in-progress backups (for versions 9.x only). Approved by: portmgr (bdrewery) URL: http://www.postgresql.org/about/news/1456/ Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899 Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900 Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901	2013-04-04 13:21:22 +00:00
Florian Smeets	513d21d838	- update thunderbird, firefox-esr, linux-thunderbird and linux-firefox to 17.0.5 - update firefox to 20.0 - update seamonkey and linux-seamonkey to 2.17 - update nspr to 4.9.6 - remove mail/thunderbird-esr, Mozilla stopped providing 2 versions of thunderbird - prune support for old FreeBSD versions; users of 8.2, 7.4 or earlier are advised to upgrade - http://www.freebsd.org/security/ - add vuln.xml entry Security: 94976433-9c74-11e2-a9fc-d43d7e0c7c02 Approved by: portmgr (miwi) In collaboration with: Jan Beich <jbeich@tormail.org>	2013-04-03 20:27:48 +00:00
Xin LI	719f05a5ea	Document two latest FreeBSD security advisories. Approved by: portmgr (bdrewery)	2013-04-02 20:21:28 +00:00
Olli Hauer	b3a7fc133a	- update japanes/bugzilla templates - update vuxml to reflect bugzilla templates - fix typo in vuxml Approved by: portmgr (miwi) Sponsored by:	2013-03-31 17:36:29 +00:00
Matthias Andree	2cc4d448bc	security upgrade to OpenVPN 2.3.1; upstream release notes are "This release adds supports for PolarSSL 1.2. It also adds a fix to prevent potential side-channel attacks by switching to a constant-time memcmp when comparing HMACs in the openvpn_decrypt function. In addition, it contains several bugfixes and documentation updates, as well as some minor enhancements." Full ChangeLog: <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23> The port upgrade also offers an option to use the GPLv2+-licensed PolarSSL instead of OpenSSL (which brings in a license mix). PR: ports/177517 Reviewed by: miwi Approved by: portmgr (miwi) Security: 92f30415-9935-11e2-ad4c-080027ef73ec	2013-03-31 16:00:02 +00:00
Koop Mast	be6202887a	Update to 2.8.0. [1] Add patch to fix CVE-2013-0338 and CVE-2013-0339. [2] Convert to OptionsNG, rename patches to standard form. [1] Notified by: swills@ [2] Obtained from: gnome team repo [1] Security: 843a4641-9816-11e2-9c51-080027019be0	2013-03-29 14:08:46 +00:00
Florian Smeets	e02bcece15	Update asterisk ports to: net/asterisk 1.8.20.2 net/asterisk10 10.12.2 net/asterisk11 11.2.2 Security: daf0a339-9850-11e2-879e-d43d7e0c7c02	2013-03-29 10:04:43 +00:00
Xin LI	0cbc78b834	Explicitly use -E for sed(1). Submitted by: des Reviewed by: eadler	2013-03-27 20:44:50 +00:00
Erwin Lansing	9f6f141996	Add entry for latest Bind advisory CVE-2013-2266	2013-03-27 10:29:25 +00:00
Xin LI	41a97d8f46	In validate target, use unexpand and sed to make sure that we are using consistent space style. Reviewed by: stas, simon	2013-03-26 23:25:19 +00:00
Rene Ladan	4f56d3db34	Document vulnerabilities in www/chromium < 26.0.1410.43 Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates	2013-03-26 20:58:23 +00:00
Xin LI	e01660febd	Remove trailing space, no content change.	2013-03-26 18:16:32 +00:00
Xin LI	efefd36dd3	unexpand vuln.xml.	2013-03-26 18:09:06 +00:00
Jose Alonso Cardenas Marquez	30a7303fdd	firebird vulnerability entry (CVE-2013-2492) Security: 6adca5e9-95d2-11e2-8549-68b599b52a02	2013-03-26 05:31:06 +00:00
Ryan Steinmetz	382cb43534	- Document vulnerability in graphics/optipng (CVE-2012-4432) PR: ports/177206 Submitted by: Alexander Milanov <a@amilanov.com> Security: 8818f7f-9182-11e2-9bdf-d48564727302	2013-03-26 01:13:34 +00:00
Florian Smeets	ed24f52ac4	Update to 5.3.23 Security: 1d23109a-9005-11e2-9602-d43d7e0c7c02	2013-03-18 20:46:51 +00:00
Ryan Steinmetz	0f1f29a73a	- Document recent vulnerabilities in www/piwigo: CVE-2013-1468, CVE-2013-1469 Reported by: Ruslan Makhmatkhanov <cvs-src@yandex.ru> Security: edd201a5-8fc3-11e2-b131-000c299b62e1	2013-03-18 12:12:58 +00:00
Remko Lodder	797ea47f12	Fix typo in the libpurple entry. Submitted by: Derek Schrock <dereks@lifeofadishwasher.com>	2013-03-16 22:12:53 +00:00
Ryan Steinmetz	c42a208b58	- Perl vulnerability (CVE-2013-1667) also applies to perl-threaded Reported by: Alexandre Krasnov <freebsd@tern.ru> Security: 68c1f75b-8824-11e2-9996-c4850808617	2013-03-15 13:52:09 +00:00
Po-Chien Lin	98d451887b	- graphics/libexif: * Update to 0.6.21 * Add LICENSE * Switch to OptionsNG and PORTDOCS - Document libexif 2012-07-12 vulnerabilty - Bump PORTREVISION for libexif related ports - Trim headers while here PR: ports/175910 Approved by: swills (mentor) Security: d881d254-70c6-11e2-862d-080027a5ec9a	2013-03-14 08:17:39 +00:00
Eitan Adler	85ace30496	Update flash the latest (hopefully) secure version. PR: ports/176904 Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> Security: http://www.vuxml.org/freebsd/5ff40cb4-8b92-11e2-bdb6-001060e06fd4.html	2013-03-13 04:04:47 +00:00
Steve Wills	c7ef66fd94	- Update puppet to 3.1.1 resolving multiple security issues - Update puppet27 to 2.7.21 resolving multiple security issues - Document multiple puppet security issues Security: cda566a0-2df0-4eb0-b70e-ed7a6fb0ab3c	2013-03-13 03:35:54 +00:00
Eygene Ryabinkin	ca78291f62	Perl 5.x: fix CVE-2013-1667 Feature safe: wholeheartedly hope so	2013-03-10 19:04:00 +00:00
Martin Wilke	06be4e421c	- Fix previous entry	2013-03-10 04:03:12 +00:00
Joe Marcus Clarke	b4fc3feb8f	Belatedly add an entry for libpurple's recent vulnerabilities.	2013-03-10 00:12:59 +00:00
Florian Smeets	5f18ea47e3	- update thunderbird, firefox-esr, linux-thunderbird and linux-firefox to 17.0.4 - update firefox to 19.0.2 - add vuln.xml entry Security: 630c8c08-880f-11e2-807f-d43d7e0c7c02	2013-03-08 22:27:39 +00:00
Rene Ladan	c775bc3c07	Document a vulnerability in chromium < 25.0.1364.160 Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates	2013-03-08 09:06:27 +00:00
Frederic Culot	564cfec669	- Document vulnerabilities in typo3. Security: b9a347ac-8671-11e2-b73c-0019d18c446a Obtained from: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/	2013-03-06 15:56:59 +00:00
Rene Ladan	0a75a27f0f	Document vulnerabilities in www/chromium < 25.0.1364.152 Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates	2013-03-06 00:19:08 +00:00
Ryan Steinmetz	d450ab3a4a	- Document recent vulerability in security/stunnel (CVE-2013-1762) Security: c97219b6-843d-11e2-b131-000c299b62e1	2013-03-03 20:17:59 +00:00
Olli Hauer	3411e90377	- document apache22 issues - tim trailing tabs	2013-03-02 20:07:41 +00:00
Wesley Shields	bc9a82dd2b	Document two sudo problems.	2013-03-01 02:08:30 +00:00
Steve Wills	ea9f3c8d6f	- Update to 0.9.14 to fix CVE-2013-1756 Security: aa7764af-0b5e-4ddc-bc65-38ad697a484f	2013-02-28 01:46:41 +00:00
Eitan Adler	bfe92b3914	Update to 11.2r202.273 Security: http://www.vuxml.org/freebsd/dbdac023-80e1-11e2-9a29-001060e06fd4.html	2013-02-27 13:40:46 +00:00
Sunpoet Po-Chuan Hsieh	05731af3f5	- Update affected ettercap versions: CVE-2012-0722 was fixed in 0.7.5.2-Assimilation	2013-02-26 17:27:06 +00:00
Bryan Drewery	8644e31f6a	- Document 3 OTRS vulnerabilities from 2012 - CVE-2012-4751 - CVE-2012-4600 - CVE-2012-2582	2013-02-26 01:38:58 +00:00
Steve Wills	19b9b04511	- Document Ruby REXML DoS	2013-02-24 18:21:02 +00:00
Steve Wills	4ebcd6044d	- Document rubygem-ruby_parser issue	2013-02-24 17:51:49 +00:00
Po-Chien Lin	92ebf424d6	- Document Django 2013-02-21 vulnerabilty Approved by: araujo (mentor)	2013-02-24 14:23:46 +00:00
Rene Ladan	8800a2b6fd	Document vulnerabilities in www/chromium < 25.0.1364.97 Obtained from: http://googlechromereleases.blogspot.nl/search/Stable%20Updates	2013-02-22 23:49:44 +00:00
Cy Schubert	7833a0f195	Document security/krb5 1.11 and prior null pointer dereference in the KDC PKINIT code [CVE-2013-1415]. Security: CVE-2013-1415	2013-02-22 20:28:21 +00:00
Remko Lodder	1be2aa0120	Convert the ! back into a 1. Noticed by: crees	2013-02-22 08:07:26 +00:00
Remko Lodder	71be45ba2c	Add the latest two FreeBSD Security Advisories.	2013-02-21 21:38:16 +00:00
Florian Smeets	719a920981	Document drupal7 Denial of service	2013-02-21 07:11:50 +00:00
Ruslan Makhmatkhanov	a3f2f050cc	- add an entry for net/nss-pam-ldapd stack-based buffer overflow According to advisory, vulnerability exists in nss-pam-ldapd < 0.8.11, but since we never had this version in the ports tree, mark everything < 0.8.12 as vulnerable. PR: 176293 Submitted by: pluknet	2013-02-20 13:58:19 +00:00
Florian Smeets	b452328822	Fix up the latest gecko update by: - reapplying the workaround for svn:eol-style and svn:keywords - fixing version matching in vuln.xml, 17.0.3 is NOT vulnerable	2013-02-20 07:16:31 +00:00
Olli Hauer	c6abd552ea	- update bugzilla ports to latest version Bugzilla 4.0.10 and 3.6.13 are security updates for the 4.0 branch and the 3.6 branch, respectively. 4.0.10 contains several useful bug fixes and 3.6.13 contains only security fixes. Security: CVE-2013-0785 CVE-2013-0786	2013-02-20 06:16:01 +00:00
Florian Smeets	d39d92427c	- update firefox to 19.0 - update firefox-esr, thunderbird, linux-firefox, linux-thunderbird to 17.0.3 - update linux-seamonkey to 2.16 - update nspr to 4.9.5 - update nss to 3.14.3 - add DuckDuckGo search plugin to firefox [1] - mark kompozer deprecated - clang fixes for www/libxul19 [2] Security: http://www.vuxml.org/freebsd/e3f0374a-7ad6-11e2-84cd-d43d7e0c7c02.html Submitted by: DuckDuckGo [1], dim [2] In collaboration with: Jan Beich <jbeich@tormail.org>	2013-02-19 23:53:07 +00:00
Ryan Steinmetz	41a95c5e37	- Fix version range for recent ruby vulnerabilities (d3e96508-056b-4259-88ad-50dc8d1978a6 and c79eb109-a754-45d7-b552-a42099eb2265) due to missing port epoch in package range Submitted by: Matthias Andree <mandree@FreeBSD.org>	2013-02-19 00:19:14 +00:00
Eitan Adler	83689ac33a	Combine ranges into one entry to prevent false positives	2013-02-17 19:58:28 +00:00
Steve Wills	c1a7765ec7	- Document rubygem-rack issue	2013-02-17 16:47:06 +00:00
Steve Wills	9a9878ba94	- Document activemodel issue	2013-02-17 16:33:18 +00:00
Li-Wen Hsu	e43326a3a9	Document Jenkins Security Advisory 2013-02-16	2013-02-17 10:28:54 +00:00
Ruslan Makhmatkhanov	ee0adc4530	- add entry for dns/poweradmin PR: 175704 Submitted by: Edmondas Girkantas <eg@fbsd.lt> (maintainer of dns/poweradmin)	2013-02-16 17:03:28 +00:00
Steve Wills	99ee3b7426	- Document ruby json issue	2013-02-16 14:41:44 +00:00
Steve Wills	63eb704749	- Document vulnerability in rdoc	2013-02-16 04:29:14 +00:00
Eitan Adler	d8ce37738d	Update flash to the latest version PR: ports/175159 Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>	2013-02-08 19:18:40 +00:00
Martin Wilke	1da0c559b8	- Fix whitespaces	2013-02-08 08:44:15 +00:00
Eitan Adler	4bdcfb44da	Fix vuxml build	2013-02-07 02:10:29 +00:00
Dirk Meyer	4f9c01bde1	- report openssl vulnerabilities	2013-02-06 20:06:18 +00:00
Florian Smeets	c7fd019365	- update databases/mariadb-server to 5.3.12 [1] - update databases/mariadb55-server 5.5.29 [2] PR: ports/175764 [1] PR: ports/175767 [2] Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> (maintainer) [1] Submitted by: Alexandr Kovalenko <never@nevermind.kiev.ua> (maintainer) [2] Security: 8c773d7f-6cbb-11e2-b242-c8600054b392	2013-02-01 22:42:55 +00:00
Dirk Meyer	95e92c6086	- report opera 12.12 vulnerabilities	2013-02-01 08:50:39 +00:00
Pawel Pekala	379f5be841	Document devel/upnp vulnerabilities	2013-01-30 18:34:02 +00:00
Xin LI	7621bd7fa7	Document wordpress multiple vulnerabilities.	2013-01-29 20:02:37 +00:00
Carlo Strub	e52f472555	Fix last entry: version 2.3.4 is also affected	2013-01-25 09:37:55 +00:00
Wesley Shields	4fd3100bcf	Fix whitespace in previous commit.	2013-01-25 02:08:56 +00:00
Carlo Strub	dcbeef410e	XSS vulnerability in py-django-cms	2013-01-25 01:26:37 +00:00
Rene Ladan	4ef577e990	Document vulnerabilities in www/chromium < 24.0.1312.56 Obtained from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates	2013-01-23 12:52:48 +00:00
Florian Smeets	8693d9fc6c	- update www/drupal6 to 6.28 - update www/drupal7 to 7.19 Security: http://www.vuxml.org/freebsd/1827f213-633e-11e2-8d93-c8600054b392.html Approved by: portmgr (beat)	2013-01-20 20:58:12 +00:00
Eygene Ryabinkin	398d37e270	VuXML: add newly-allocated CVE for SQUID-2012:1 New CVE was allocated for the underfixed DoS and added possible infinite loop in Squid 3.2 and 3.1.	2013-01-16 19:16:09 +00:00
Eygene Ryabinkin	ef77f594fb	VuXML: document buffer overflow in ettercap (CVE-2013-0722) Reviewed by: simon@	2013-01-16 19:13:31 +00:00
Eygene Ryabinkin	9353bf58bf	VuXML: document recent security manager bypass in Java 7.x Reviewed by: glewis@, simon@	2013-01-16 19:11:43 +00:00
Xin LI	15f1217b86	Properly limit the match for PHP 5.3.x and 5.2.x versions. Noticed by: remko	2013-01-16 07:39:27 +00:00
Xin LI	29ec9c184b	Apply version ranges of php53 and php52 to php5 as well.	2013-01-15 22:06:19 +00:00
Ryan Steinmetz	780c794649	- Fix discovery date on nagios vulnerability (CVE-2012-6096)	2013-01-11 14:11:27 +00:00
Eygene Ryabinkin	dfb4aa68fa	www/squid3x: upgrade to 3.1.23 and 3.2.6 Squid 3.1.23 is effectively Squid 3.1.22_2 with the final fix for CVE-2012-5643 applied. Squid 3.2.6 also received that abovementioned fix, but in comparison with 3.2.5 from ports it has another change that fixes handling the "tcp_outgoing_tos" directive for BSD-like systems, including FreeBSD, http://bugs.squid-cache.org/show_bug.cgi?id=3731 VuXML entry for SQUID:2012-1 (aka CVE-2012-5643) was also updated to reflect the proper version specifications from the updated advisory, http://www.squid-cache.org/Advisories/SQUID-2012_1.txt Approved by: Thomas-Martin Seck <tmseck@web.de> Security: http://portaudit.freebsd.org/c37de843-488e-11e2-a5c9-0019996bc1f7.html QA page: http://codelabs.ru/fbsd/ports/qa/www/squid31/3.1.23 QA page: http://codelabs.ru/fbsd/ports/qa/www/squid32/3.2.6	2013-01-11 09:53:41 +00:00
Ryan Steinmetz	61dff6701a	- Document vulnerability in net-mgmt/nagios (CVE-2012-6096)	2013-01-11 01:16:14 +00:00
Rene Ladan	714b96e33c	Document vulnerabilities in www/chromium < 24.0.1312.52 Obtained from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates	2013-01-11 00:32:48 +00:00
Florian Smeets	fc9eea7212	- update firefox, thunderbird, linux-firefox and linux-thunderbird to 17.0.2 - update firefox-esr, thunderbird-esr and libxul to 10.0.12 - update linux-seamonkey to 2.15 Security: http://www.vuxml.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html	2013-01-09 23:28:19 +00:00
Sergey Matveychuk	abf896d430	Fix <topic> style: common dash style, remove softvare versions	2013-01-09 15:03:01 +00:00
Steve Wills	039ae3caa9	- Update rubygem-rails to 3.2.11 - Update ports require by rubygem-rails - Add vuxml entry for rails security issues Security: ca5d3272-59e3-11e2-853b-00262d5ed8ee Security: b4051b52-58fa-11e2-853b-00262d5ed8ee	2013-01-09 03:53:15 +00:00
Ryan Steinmetz	6d7ff3db8d	- Properly copy namespace attributes/resolve make validate issues Reviewed by: simon@, eadler@ Approved by: zi (with ports-secteam hat)	2013-01-08 23:46:02 +00:00
Li-Wen Hsu	9e8220759f	Document Jenkins 2013-01-04 Security Advisory	2013-01-08 05:18:14 +00:00
Eygene Ryabinkin	10329684c5	VuXML: extend entry for MoinMoin vulnerabilities fixed in 1.9.6 Use more verbose descriptions from CVE entries and trim citation from CHANGES to the relevant parts.	2013-01-06 20:37:24 +00:00
Li-Wen Hsu	ea30109921	Document Django 2012-12-10 vulnerabilty	2013-01-06 18:14:23 +00:00
Eygene Ryabinkin	f23d543f2c	VuXML: fix r309982 Use proper tags for CVE identifiers. I should run 'make validate' _every_ time before committing. Pointyhat to: rea	2013-01-06 13:24:39 +00:00
Eygene Ryabinkin	5160c1cd21	VuXML for MoinMoin issues: add CVE references	2013-01-06 13:10:10 +00:00
Chris Rees	6e35983b99	Freetype 2.4.8 vulnerabilities were already documented. While here, correct pkgname Noticed by: kwm	2013-01-05 12:54:28 +00:00
Chris Rees	d3b77c45e6	Mark moinmoin vulnerable Security: http://www.debian.org/security/2012/dsa-2593 document freetype vulnerabilities Security: CVE-2012-(1126-1144)	2013-01-05 11:29:00 +00:00
Erwin Lansing	cf6de2da7f	Bump copyright to 2013.	2013-01-04 07:30:09 +00:00
Florian Smeets	a3056ea587	Add correct version numbers to the recent asterisk entry Pointy hat to: flo	2013-01-03 19:46:51 +00:00
Florian Smeets	9a4203f7ce	- update net/asterisk to 1.8.19.1 - update net/asterisk10 to 10.11.1 - update net/asterisk11 to 10.1.2 - add vuln.xml entry Security: f7c87a8a-55d5-11e2-a255-c8600054b392	2013-01-03 19:41:30 +00:00
Chris Rees	b9dc70b62d	Note charybdis and ircd-ratbox vulnerabilities PR: ports/174878 Security: http://www.ratbox.org/ASA-2012-12-31.txt	2013-01-02 12:28:47 +00:00
Anders Nordby	551bf88c0c	Separate entries for Puppet 2.6 and 2.7.	2012-12-30 23:13:04 +00:00
Carlo Strub	320f705698	Add OTRS vulnerabilities	2012-12-30 20:10:42 +00:00
Eygene Ryabinkin	13301f3509	VuXML entries for Tomcat: split into three distinct ones They affect different Tomcat versions from 7.x branch, so don't let users of VuXML be fooled on the affected software for each vulnerability. Feature safe: yes	2012-12-29 19:53:46 +00:00
Eygene Ryabinkin	084838b8d4	VuXML: add entry for DoS in Squid's cachemgr.cgi Feature safe: yes Submitted by: Thomas-Martin Seck <tmseck@web.de>	2012-12-28 18:17:22 +00:00
Bryan Drewery	cc2cf11162	Remove invalid entry	2012-12-18 16:34:14 +00:00
Dirk Meyer	561707aef4	- add entry for opera 12.11	2012-12-18 16:28:56 +00:00
Xin LI	9629a9dd1e	Fix typo. Noticed by: mandree	2012-12-14 09:09:16 +00:00
Jason Helfman	72222c2042	- add url block in references for 1657a3e6-4585-11e2-a396-10bf48230856	2012-12-14 03:51:07 +00:00
Xin LI	0dcdb66111	Update linux-f10-flashpulgin11 to 11.2r202.258 to address multiple vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Submitted by: Tsurutani Naoki <turutani scphys kyoto-u ac jp>	2012-12-14 00:41:42 +00:00
Rene Ladan	589167d795	Document vulnerabilities in www/chromium < 23.0.1271.97 Obtained from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates	2012-12-12 11:33:16 +00:00
Ryan Steinmetz	69ba078f35	- Fix recent vulnerability entry for www/tomcat[67] Reported by: Victor Balada Diaz <victor@bsdes.net> Feature safe: yes	2012-12-05 23:52:35 +00:00
Ryan Steinmetz	2705e94e03	- Document recent vulnerabilities in www/tomcat6 and www/tomcat7 Requested by: Victor Balada Diaz <victor@bsdes.net> Feature safe: yes	2012-12-05 18:47:24 +00:00
Erwin Lansing	f7345394fe	Update to the latest patch level from ISC: BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable to a software defect that allows a crafted query to crash the server with a REQUIRE assertion failure. Remote exploitation of this defect can be achieved without extensive effort, resulting in a denial-of-service (DoS) vector against affected servers. Security: 2892a8e2-3d68-11e2-8e01-0800273fe665 CVE-2012-5688 Feature safe: yes	2012-12-05 07:46:03 +00:00
Matthias Andree	905a78cc66	Add URL for recent bogofilter heap vuln', CVE-2012-5468, aka. vuln vid= f524d8e0-3d83-11e2-807a-080027ef73ec Feature safe: yes	2012-12-03 22:49:42 +00:00
Matthias Andree	d8c09eec63	Update bogofilter to new upstream release 1.2.3. Security update to fix a heap corruption bug with invalid base64 input, reported and fixed by Julius Plenz, FU Berlin, Germany. Feature safe: yes Security: CVE-2012-5468 Security: f524d8e0-3d83-11e2-807a-080027ef73ec	2012-12-03 20:16:21 +00:00
Rene Ladan	c68f649d19	Document vulnerabilities in www/chromium < 23.0.1271.95 Obtained from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates Feature safe: yes	2012-11-30 09:13:32 +00:00
Olli Hauer	ef2bdd9595	www/yahoo-ui - fix CVE-2012-5881 security/vuxml - adjust version (we have only 2.8.2 in the tree) Feature safe: yes Approved by: glarkin (maintainer) explicit	2012-11-29 20:33:19 +00:00
Wesley Shields	ff9560f056	Fix date in yahoo-ui entry. Noticed by: dvl@ Feature safe: yes	2012-11-28 14:37:24 +00:00
Olli Hauer	3bcd3fdd25	- document www/yahoo-ui security issue and mark port forbidden [1] pet portlint (maintainer is already notified) - adjust CVE entries for bugzilla (CVE-2012-5475 was rejected) [2] Feature safe: yes Security: CVE-2012-5881 [1][2] CVE-2012-5882 [1][2] CVE-2012-5883 [2] Approved by: glarkin (implicit) [1]	2012-11-27 20:09:34 +00:00
Rene Ladan	11e9990c10	Describe new vulnerabilities in www/chromium < 23.0.1271.91 Obtained from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates Feature safe: yes	2012-11-27 10:02:25 +00:00
Florian Smeets	abbf32d4b2	- Update backports patch to 20121114 - Bump PORTREVISION Changes: - CVE-2006-7243 PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions for strlen(filename) != filename_len - CVE-2012-4388 The sapi_header_op function in main/SAPI.c does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, this vulnerability exists because of an incorrect fix for CVE-2011-1398. - Timezone database updated to version 2012.9 (2012i) PR: ports/173685 Submitted by: Svyatoslav Lempert <svyatoslav.lempert@gmail.com> Approved by: maintainer Feature safe: yes	2012-11-25 15:42:22 +00:00
Wesley Shields	5fb60dc50f	Add entries for the following advisories: FreeBSD-SA-12:08.linux FreeBSD-SA-12:07.hostapd FreeBSD-SA-12:06.bind Feature safe: yes	2012-11-25 04:02:28 +00:00
Dirk Meyer	96e5bf3440	- opera -- execution of arbitrary code Feature safe: yes	2012-11-22 20:27:45 +00:00
Martin Matuska	1d8470b15e	Document new vulnerability in www/lighttpd 1.4.31 Feature safe: yes	2012-11-21 14:35:31 +00:00
Florian Smeets	9aafe503d0	- Update firefox and thunderbird to 17.0 - Update seamonkey to 2.14 - Update ESR ports and libxul to 10.0.11 - support more h264 codecs when using GSTREAMER with YouTube - Unbreak firefox-esr, thunderbird-esr and libxul on head >= 1000024 [1] - Buildsystem is not python 3 aware, use python up to 2.7 [2] PR: ports/173679 [1] Submitted by: swills [1], demon [2] In collaboration with: Jan Beich <jbeich@tormail.org> Security: d23119df-335d-11e2-b64c-c8600054b392 Approved by: portmgr (beat) Feature safe: yes	2012-11-20 23:01:15 +00:00
Jase Thew	04822a6d48	- Fix copy and paste error in latest weechat entry (81826d12-317a-11e2-9186-406186f3d89d) Feature safe: yes	2012-11-18 12:51:26 +00:00
Jase Thew	7d1870cfd5	- Document new vulnerability in irc/weechat and irc/weechat-devel Feature safe: yes	2012-11-18 12:46:39 +00:00
Olli Hauer	bb7daf8882	- bugzilla security updates to version(s) 3.6.11, 4.0.8, 4.2.4 Summary ======= The following security issues have been discovered in Bugzilla: * Confidential product and component names can be disclosed to unauthorized users if they are used to control the visibility of a custom field. * When calling the 'User.get' WebService method with a 'groups' argument, it is possible to check if the given group names exist or not. * Due to incorrectly filtered field values in tabular reports, it is possible to inject code which can lead to XSS. * When trying to mark an attachment in a bug you cannot see as obsolete, the description of the attachment is disclosed in the error message. * A vulnerability in swfstore.swf from YUI2 can lead to XSS. Feature safe: yes Security: CVE-2012-4199 https://bugzilla.mozilla.org/show_bug.cgi?id=731178 CVE-2012-4198 https://bugzilla.mozilla.org/show_bug.cgi?id=781850 CVE-2012-4189 https://bugzilla.mozilla.org/show_bug.cgi?id=790296 CVE-2012-4197 https://bugzilla.mozilla.org/show_bug.cgi?id=802204 CVE-2012-5475 https://bugzilla.mozilla.org/show_bug.cgi?id=808845 http://yuilibrary.com/support/20121030-vulnerability/	2012-11-14 19:29:42 +00:00
Jase Thew	fe3e63dcfc	- Update recent weechat entry (e02c572f-2af0-11e2-bb44-003067b2972c) - Document assigned CVE Identifier - Document workaround for vulnerable versions Feature safe: yes	2012-11-13 18:17:13 +00:00
Rene Ladan	616eda309b	Document vulnerabilities in two typo3 components. Obtained from: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/ Feature safe: yes	2012-11-12 21:47:27 +00:00
Guido Falsi	edee9b21b3	Fix typo. Feature safe: yes	2012-11-12 13:07:30 +00:00
Guido Falsi	864702607f	- Update to 2.7.1 - Convert to new options framework - Document US-CERT VU#268267 - Trim Makefile headers PR: ports/173226 Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp> (maintainer) Feature safe: yes	2012-11-12 13:04:37 +00:00
Steve Wills	80df39460a	- Improve latest ruby entry slightly Feature safe: yes	2012-11-10 15:17:31 +00:00
Jase Thew	b5f3820240	- Modify recent e02c572f-2af0-11e2-bb44-003067b2972c entry - Add constraints to vulnerable versions - Add additional references - Improve topic - Correct description Feature safe: yes	2012-11-10 14:45:55 +00:00
Eitan Adler	236f5555af	Apply an upstream patch that fixes a security hole when receiving a special colored message. The maintainer was contacted but due to the nature of the issue apply the patch ASAP. Approved by: secteam-ports (swills) Security: e02c572f-2af0-11e2-bb44-003067b2972c Feature safe: yes	2012-11-10 04:55:47 +00:00
Steve Wills	dd14410e21	- Update lang/ruby19 to 1.9.3p327 - Document security issue in earlier versions Security: 5e647ca3-2aea-11e2-b745-001fd0af1a4c Feature safe: yes	2012-11-10 04:00:41 +00:00
Jason Helfman	90461f79f5	- clarification that ASF reported issue for: - 152e4c7e-2a2e-11e2-99c7-00a0d181e71d - 4ca26574-2a2c-11e2-99c7-00a0d181e71d Feature safe: yes	2012-11-09 23:02:15 +00:00
Jason Helfman	c5d5f48eb2	- document tomcat vulnerabilities Feature safe: yes	2012-11-09 19:09:32 +00:00
Eitan Adler	528c35064c	Update latest version and document security issues PR: ports/173487 Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> Security: 4b8b748e-2a24-11e2-bb44-003067b2972c Feature safe: yes	2012-11-09 04:31:13 +00:00
Rene Ladan	98f8f6fd1f	Document new vulnerabilities in www/chromium < 23.0.1271.64 Obtained from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates Feature safe: yes	2012-11-07 10:15:19 +00:00
Chris Rees	a17bd43f2f	Document opera vulnerabilities Feature safe: yes	2012-11-06 20:45:14 +00:00
Eitan Adler	ec57b7c60d	Fix minor typo Feature safe: yes	2012-11-05 17:55:45 +00:00
Eitan Adler	d4f766c819	Update latest version and document security issues PR: ports/172619 Submitted by: tijl Security: 36533a59-2770-11e2-bb44-003067b2972c Feature safe: yes	2012-11-05 17:53:51 +00:00
Chris Rees	614a28ba15	Correct plural of "vulnerability" Feature safe: yes	2012-11-03 11:59:52 +00:00
Olli Hauer	6ce2ba945d	- update apache22 to version 2.22.23 - trim vuxml/Makefile header with hat apache@ Feature safe: yes Security: CVE-2012-2687	2012-11-02 18:45:31 +00:00
Jimmy Olgeni	3ec23a27f5	Add entry for webmin < 1.600_1 (potential XSS attack). Feature safe: yes	2012-11-02 18:08:19 +00:00
Bryan Drewery	02b8160c5a	- Document ruby vulnerabilities: * CVE-2012-4464 + CVE-2012-4466 $SAFE escaping vulnerability about Exception#to_s / NameError#to_s * CVE-2012-4522 Unintentional file creation caused by inserting an illegal NUL character Reviewed by: eadler Feature safe: yes	2012-11-02 03:17:18 +00:00
Florian Smeets	1345402cf6	Update to 3.8.15 Security: 4b738d54-2427-11e2-9817-c8600054b392 Feature safe: yes	2012-11-01 14:10:55 +00:00
Ruslan Makhmatkhanov	25b9c14558	- update to 7.16 [1] while here: - trim Makefile header - remove indefinite article in COMMENT - remove IGNORE_WITH_PHP and IGNORE_WITH_PGSQL since we have not this versions in the tree anymore - fix pkg-plist - add vuxml entry PR: 173211 Submitted by: Rick van der Zwet <info at rickvanderzwet dot nl> [1] Approved by: Nick Hilliard <nick at foobar dot org> (maintainer) Security: 2adc3e78-22d1-11e2-b9f0-d0df9acfd7e5 Feature safe: yes	2012-10-30 21:01:16 +00:00
Florian Smeets	912a7b12e4	- Update www/firefox{,-i18n} to 16.0.2 - Update seamonkey to 2.13.2 - Update ESR ports and libxul to 10.0.10 - Update nspr to 4.9.3 - Update nss to 3.14 - with GNOMEVFS2 option build its extension, too [1] - make heap-committed and heap-dirty reporters work in about:memory - properly mark QT4 as experimental (needs love upstream) - miscellaneous cleanups and fixups mail/thunderbird will be updated once the tarballs are available. PR: ports/173052 [1] Security: 6b3b1b97-207c-11e2-a03f-c8600054b392 Feature safe: yes In collaboration with: Jan Beich <jbeich@tormail.org>	2012-10-28 17:03:28 +00:00
Eygene Ryabinkin	98cf8cbd46	mail/exim: upgrade to 4.80.1 This is bugfix-only release, it eliminates remote code execution in the DKIM code. Security: http://www.vuxml.org/freebsd/b0f3ab1f-1f3b-11e2-8fe9-0022156e8794.html QA page: http://codelabs.ru/fbsd/ports/qa/mail/exim/4.80.1 Feature safe: yes	2012-10-26 08:46:40 +00:00
Ruslan Makhmatkhanov	339aa6e578	- add CVE reference (still in reserved state) for recent django vulnerabilty Feature safe: yes	2012-10-25 19:31:50 +00:00

1 2 3 4 5 ...

3135 commits