kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
291746 commits 42 branches 80 tags 2.7 GiB
Commit graph

2953 commits

Author SHA1 Message Date
Rene Ladan
714b96e33c Document vulnerabilities in www/chromium < 24.0.1312.52 
Obtained from:	http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
 2013-01-11 00:32:48 +00:00
Florian Smeets
fc9eea7212 - update firefox, thunderbird, linux-firefox and linux-thunderbird to 17.0.2 
- update firefox-esr, thunderbird-esr and libxul to 10.0.12
- update linux-seamonkey to 2.15

Security:	http://www.vuxml.org/freebsd/a4ed6632-5aa9-11e2-8fcb-c8600054b392.html
 2013-01-09 23:28:19 +00:00
Sergey Matveychuk
abf896d430 Fix <topic> style: common dash style, remove softvare versions 2013-01-09 15:03:01 +00:00
Steve Wills
039ae3caa9 - Update rubygem-rails to 3.2.11 
- Update ports require by rubygem-rails
- Add vuxml entry for rails security issues

Security:	ca5d3272-59e3-11e2-853b-00262d5ed8ee
Security:	b4051b52-58fa-11e2-853b-00262d5ed8ee
 2013-01-09 03:53:15 +00:00
Ryan Steinmetz
6d7ff3db8d - Properly copy namespace attributes/resolve make validate issues 
Reviewed by:	simon@, eadler@
Approved by:	zi (with ports-secteam hat)
 2013-01-08 23:46:02 +00:00
Li-Wen Hsu
9e8220759f Document Jenkins 2013-01-04 Security Advisory 2013-01-08 05:18:14 +00:00
Eygene Ryabinkin
10329684c5 VuXML: extend entry for MoinMoin vulnerabilities fixed in 1.9.6 
Use more verbose descriptions from CVE entries and trim citation
from CHANGES to the relevant parts.
 2013-01-06 20:37:24 +00:00
Li-Wen Hsu
ea30109921 Document Django 2012-12-10 vulnerabilty 2013-01-06 18:14:23 +00:00
Eygene Ryabinkin
f23d543f2c VuXML: fix r309982 
Use proper tags for CVE identifiers.  I should run 'make validate'
_every_ time before committing.
Pointyhat to:	rea
 2013-01-06 13:24:39 +00:00
Eygene Ryabinkin
5160c1cd21 VuXML for MoinMoin issues: add CVE references 2013-01-06 13:10:10 +00:00
Chris Rees
6e35983b99 Freetype 2.4.8 vulnerabilities were already documented. 
While here, correct pkgname

Noticed by:	kwm
 2013-01-05 12:54:28 +00:00
Chris Rees
d3b77c45e6 Mark moinmoin vulnerable 
Security:	http://www.debian.org/security/2012/dsa-2593

document freetype vulnerabilities

Security:	CVE-2012-(1126-1144)
 2013-01-05 11:29:00 +00:00
Erwin Lansing
cf6de2da7f Bump copyright to 2013. 2013-01-04 07:30:09 +00:00
Florian Smeets
a3056ea587 Add correct version numbers to the recent asterisk entry 
Pointy hat to:	flo
 2013-01-03 19:46:51 +00:00
Florian Smeets
9a4203f7ce - update net/asterisk to 1.8.19.1 
- update net/asterisk10 to 10.11.1
- update net/asterisk11 to 10.1.2
- add vuln.xml entry

Security:	f7c87a8a-55d5-11e2-a255-c8600054b392
 2013-01-03 19:41:30 +00:00
Chris Rees
b9dc70b62d Note charybdis and ircd-ratbox vulnerabilities 
PR:		ports/174878
Security:	http://www.ratbox.org/ASA-2012-12-31.txt
 2013-01-02 12:28:47 +00:00
Anders Nordby
551bf88c0c Separate entries for Puppet 2.6 and 2.7. 2012-12-30 23:13:04 +00:00
Carlo Strub
320f705698 Add OTRS vulnerabilities 2012-12-30 20:10:42 +00:00
Eygene Ryabinkin
13301f3509 VuXML entries for Tomcat: split into three distinct ones 
They affect different Tomcat versions from 7.x branch, so don't let
users of VuXML be fooled on the affected software for each vulnerability.

Feature safe:	yes
 2012-12-29 19:53:46 +00:00
Eygene Ryabinkin
084838b8d4 VuXML: add entry for DoS in Squid's cachemgr.cgi 
Feature safe:	yes
Submitted by:	Thomas-Martin Seck <tmseck@web.de>
 2012-12-28 18:17:22 +00:00
Bryan Drewery
cc2cf11162 Remove invalid entry 2012-12-18 16:34:14 +00:00
Dirk Meyer
561707aef4 - add entry for opera 12.11 2012-12-18 16:28:56 +00:00
Xin LI
9629a9dd1e Fix typo. 
Noticed by:	mandree
 2012-12-14 09:09:16 +00:00
Jason Helfman
72222c2042 - add url block in references for 1657a3e6-4585-11e2-a396-10bf48230856 2012-12-14 03:51:07 +00:00
Xin LI
0dcdb66111 Update linux-f10-flashpulgin11 to 11.2r202.258 to address multiple 
vulnerabilities that could cause a crash and potentially allow an
attacker to take control of the affected system.

Submitted by:	Tsurutani Naoki <turutani scphys kyoto-u ac jp>
 2012-12-14 00:41:42 +00:00
Rene Ladan
589167d795 Document vulnerabilities in www/chromium < 23.0.1271.97 
Obtained from:	http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
 2012-12-12 11:33:16 +00:00
Ryan Steinmetz
69ba078f35 - Fix recent vulnerability entry for www/tomcat[67] 
Reported by:	Victor Balada Diaz <victor@bsdes.net>
Feature safe:	yes
 2012-12-05 23:52:35 +00:00
Ryan Steinmetz
2705e94e03 - Document recent vulnerabilities in www/tomcat6 and www/tomcat7 
Requested by:	Victor Balada Diaz <victor@bsdes.net>
Feature safe:	yes
 2012-12-05 18:47:24 +00:00
Erwin Lansing
f7345394fe Update to the latest patch level from ISC: 
BIND 9 nameservers using the DNS64 IPv6 transition mechanism are
  vulnerable to a software defect that allows a crafted query to
  crash the server with a REQUIRE assertion failure.  Remote
  exploitation of this defect can be achieved without extensive
  effort, resulting in a denial-of-service (DoS) vector against
  affected servers.

Security:	2892a8e2-3d68-11e2-8e01-0800273fe665
		CVE-2012-5688
Feature safe:	yes
 2012-12-05 07:46:03 +00:00
Matthias Andree
905a78cc66 Add URL for recent bogofilter heap vuln', CVE-2012-5468, aka. vuln vid= 
f524d8e0-3d83-11e2-807a-080027ef73ec

Feature safe: yes
 2012-12-03 22:49:42 +00:00
Matthias Andree
d8c09eec63 Update bogofilter to new upstream release 1.2.3. 
Security update to fix a heap corruption bug with invalid base64 input,
reported and fixed by Julius Plenz, FU Berlin, Germany.

Feature safe:   yes
Security:       CVE-2012-5468
Security:       f524d8e0-3d83-11e2-807a-080027ef73ec
 2012-12-03 20:16:21 +00:00
Rene Ladan
c68f649d19 Document vulnerabilities in www/chromium < 23.0.1271.95 
Obtained from:	http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe:	yes
 2012-11-30 09:13:32 +00:00
Olli Hauer
ef2bdd9595 www/yahoo-ui 
- fix CVE-2012-5881

security/vuxml
 - adjust version (we have only 2.8.2 in the tree)

Feature safe: yes

Approved by:	glarkin (maintainer) explicit
 2012-11-29 20:33:19 +00:00
Wesley Shields
ff9560f056 Fix date in yahoo-ui entry. 
Noticed by:	dvl@
Feature safe:	yes
 2012-11-28 14:37:24 +00:00
Olli Hauer
3bcd3fdd25 - document www/yahoo-ui security issue and mark port forbidden [1] 
pet portlint (maintainer is already notified)

- adjust CVE entries for bugzilla (CVE-2012-5475 was rejected) [2]

Feature safe: yes

Security:	CVE-2012-5881 [1][2]
		CVE-2012-5882 [1][2]
		CVE-2012-5883 [2]

Approved by:	glarkin (implicit) [1]
 2012-11-27 20:09:34 +00:00
Rene Ladan
11e9990c10 Describe new vulnerabilities in www/chromium < 23.0.1271.91 
Obtained from:	http://googlechromereleases.blogspot.nl/search/label/Stable%20updates
Feature safe:	yes
 2012-11-27 10:02:25 +00:00
Florian Smeets
abbf32d4b2 - Update backports patch to 20121114 
- Bump PORTREVISION

Changes:
- CVE-2006-7243
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow
context-dependent attackers to bypass intended access restrictions by placing a
safe file extension after this character, as demonstrated by .php\0.jpg at the
end of the argument to the file_exists function

Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions
for strlen(filename) != filename_len

- CVE-2012-4388
The sapi_header_op function in main/SAPI.c does not properly determine a pointer
during checks for %0D sequences (aka carriage return characters), which allows
remote attackers to bypass an HTTP response-splitting protection mechanism via a
crafted URL, this vulnerability exists because of an incorrect fix for
CVE-2011-1398.

- Timezone database updated to version 2012.9 (2012i)

PR:		ports/173685
Submitted by:	Svyatoslav Lempert <svyatoslav.lempert@gmail.com>
Approved by:	maintainer
Feature safe:	yes
 2012-11-25 15:42:22 +00:00
Wesley Shields
5fb60dc50f Add entries for the following advisories: 
FreeBSD-SA-12:08.linux
FreeBSD-SA-12:07.hostapd
FreeBSD-SA-12:06.bind

Feature safe:	yes
 2012-11-25 04:02:28 +00:00
Dirk Meyer
96e5bf3440 - opera -- execution of arbitrary code 
Feature safe: yes
 2012-11-22 20:27:45 +00:00
Martin Matuska
1d8470b15e Document new vulnerability in www/lighttpd 1.4.31 
Feature safe:	yes
 2012-11-21 14:35:31 +00:00
Florian Smeets
9aafe503d0 - Update firefox and thunderbird to 17.0 
- Update seamonkey to 2.14
- Update ESR ports and libxul to 10.0.11
- support more h264 codecs when using GSTREAMER with YouTube
- Unbreak firefox-esr, thunderbird-esr and libxul on head >= 1000024 [1]
- Buildsystem is not python 3 aware, use python up to 2.7 [2]

PR:		ports/173679 [1]
Submitted by:	swills [1], demon [2]
In collaboration with:	Jan Beich <jbeich@tormail.org>
Security:	d23119df-335d-11e2-b64c-c8600054b392
Approved by:	portmgr (beat)
Feature safe:	yes
 2012-11-20 23:01:15 +00:00
Jase Thew
04822a6d48 - Fix copy and paste error in latest weechat entry 
(81826d12-317a-11e2-9186-406186f3d89d)

Feature safe:	yes
 2012-11-18 12:51:26 +00:00
Jase Thew
7d1870cfd5 - Document new vulnerability in irc/weechat and irc/weechat-devel 
Feature safe:	yes
 2012-11-18 12:46:39 +00:00
Olli Hauer
bb7daf8882 - bugzilla security updates to version(s) 
3.6.11, 4.0.8, 4.2.4

Summary
=======

The following security issues have been discovered in Bugzilla:

* Confidential product and component names can be disclosed to
  unauthorized users if they are used to control the visibility of
  a custom field.

* When calling the 'User.get' WebService method with a 'groups'
  argument, it is possible to check if the given group names exist
  or not.

* Due to incorrectly filtered field values in tabular reports, it is
  possible to inject code which can lead to XSS.

* When trying to mark an attachment in a bug you cannot see as
  obsolete, the description of the attachment is disclosed in the
  error message.

* A vulnerability in swfstore.swf from YUI2 can lead to XSS.

Feature safe: yes

Security:	CVE-2012-4199
		https://bugzilla.mozilla.org/show_bug.cgi?id=731178

		CVE-2012-4198
		https://bugzilla.mozilla.org/show_bug.cgi?id=781850

		CVE-2012-4189
		https://bugzilla.mozilla.org/show_bug.cgi?id=790296

		CVE-2012-4197
		https://bugzilla.mozilla.org/show_bug.cgi?id=802204

		CVE-2012-5475
		https://bugzilla.mozilla.org/show_bug.cgi?id=808845
		http://yuilibrary.com/support/20121030-vulnerability/
 2012-11-14 19:29:42 +00:00
Jase Thew
fe3e63dcfc - Update recent weechat entry (e02c572f-2af0-11e2-bb44-003067b2972c) 
- Document assigned CVE Identifier
- Document workaround for vulnerable versions

Feature safe:	yes
 2012-11-13 18:17:13 +00:00
Rene Ladan
616eda309b Document vulnerabilities in two typo3 components. 
Obtained from:	http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/
Feature safe:	yes
 2012-11-12 21:47:27 +00:00
Guido Falsi
edee9b21b3 Fix typo. 
Feature safe:	yes
 2012-11-12 13:07:30 +00:00
Guido Falsi
864702607f - Update to 2.7.1 
- Convert to new options framework
- Document US-CERT VU#268267
- Trim Makefile headers

PR:		ports/173226
Submitted by:	Hirohisa Yamaguchi <umq@ueo.co.jp> (maintainer)
Feature safe:	yes
 2012-11-12 13:04:37 +00:00
Steve Wills
80df39460a - Improve latest ruby entry slightly 
Feature safe:	yes
 2012-11-10 15:17:31 +00:00
Jase Thew
b5f3820240 - Modify recent e02c572f-2af0-11e2-bb44-003067b2972c entry 
- Add constraints to vulnerable versions
- Add additional references
- Improve topic
- Correct description

Feature safe:	yes
 2012-11-10 14:45:55 +00:00