freebsd-ports

Author	SHA1	Message	Date
Wesley Shields	d806ac2381	Document sudo secure path vulnerability. We are not vulnerable to this by default but a user could build sudo with SUDO_SECURE_PATH defined or turn it on in sudoers.	2010-06-03 00:10:56 +00:00
Pav Lucistnik	083caba9b4	- Update to 3.0.1 PR: ports/147195 Submitted by: Pavel Pankov <pankov_p@mail.ru> (maintainer)	2010-06-02 11:24:45 +00:00
Wen Heping	91baf4a377	- Document two mediawiki security vulnerabilities Approved by: delphij@(ports-security override)	2010-06-02 06:20:29 +00:00
Bernhard Froehlich	ad145262b2	- Document multiple redmine vulnerabilities Approved by: miwi (secteam), beat (co-mentor) Security: http://www.redmine.org/news/39	2010-05-14 18:28:43 +00:00
Niels Heinen	4157801da8	Updated tomcat entry (CVE-2010-1157) with fixed version information. This makes sure that the correct older versions are marked vulnerable Approved by: itetcu (mentor, implicit) Security: http://www.vuxml.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html	2010-05-13 09:12:02 +00:00
Niels Heinen	1a3471cffa	- Added 109 missing CVE names to 60 VuXML entries - Fixed Tomcat55 entry to mark current PORTREVISION vulnerable PR: ports/146418 Approved by: itetcu (mentor, implicit) Security: http://people.freebsd.org/~niels/vuxml/	2010-05-12 09:46:12 +00:00
Niels Heinen	49a549c833	Added wireshark (DoS) and piwik (XSS) issues Approved by: itetcu (mentor, implicit) Security: http://www.wireshark.org/security/wnpa-sec-2010-03.html Security: http://www.wireshark.org/security/wnpa-sec-2010-04.html Security: http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/	2010-05-07 19:53:26 +00:00
Niels Heinen	7aac44df75	Added spamass-milter remote command execution vulnerability Approved by: itetcu (mentor, implicit) Security: CVE-2010-1132 Security: http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html	2010-05-06 19:44:56 +00:00
Niels Heinen	d21e18711c	- Added mediawiki and lxr vulnerabilities - Fixed vlc topic format (lower case, portname first) PR: ports/146337 Approved by: itetcu (mentor, implicit) Security: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html Security: http://sourceforge.net/mailarchive/message.php?msg_name=E1NS2s4-0001PE-F2%403bkjzd1.ch3.sourceforge.com	2010-05-05 19:12:36 +00:00
Niels Heinen	b862db7acd	Added 38 missing CVE names to 24 VuXML entries (256 CVE names to go) Approved by: itetcu (mentor, implicit) Security: http://people.freebsd.org/~niels/vuxml/	2010-05-04 20:46:06 +00:00
Niels Heinen	18810baef9	Added 34 missing CVE names to 24 VuXML entries (294 CVE names to go) Approved by: miwi (secteam) Security: http://people.freebsd.org/~niels/vuxml/	2010-05-02 15:32:40 +00:00
Sylvio Cesar Teixeira	2090b054ec	- VideoLAN has released 1.0.6 to address serveral vulnerabilities they discoverd while working towards the 1.1.0 release. These vulnerabilities could potentially allow for a specially crafted file to execute code. PR: ports/146099 Submitted by: Joseph S. Atkinson <jsa@wickedmachine.net> (maintainer)	2010-05-02 00:52:40 +00:00
Dirk Meyer	264a5a1382	- fix version for apache+mod_ssl	2010-04-30 04:25:33 +00:00
Dirk Meyer	e1c76fac63	- fix info for apache+mod_ssl	2010-04-30 04:24:30 +00:00
Max Brazhnikov	656a0e705f	Mark kdebase3 as safe now.	2010-04-28 21:09:45 +00:00
Niels Heinen	e64951607a	- Documented multiple Joomla! vulnerabilities - Added new reference to the recent cacti issue Approved by: remko (secteam) Security: http://developer.joomla.org/security/	2010-04-27 05:46:00 +00:00
Niels Heinen	036c017b0a	Documented vulnerabilities in moodle, tomcat55, tomcat66 and cacti PR: ports/146021 PR: ports/146022 Approved by: remko (secteam) Security: http://seclists.org/bugtraq/2010/Apr/200 Security: http://docs.moodle.org/en/Moodle_1.9.8_release_notes Security: http://www.bonsai-sec.com/en/research/vulnerability.php	2010-04-24 21:14:57 +00:00
Niels Heinen	51db653fe0	Documented emacs movemail vulnerability and marked the seperate mail/movemail port vulnerable to an old format string vulnerability. Approved by: remko (secteam) Security: http://www.ubuntu.com/usn/USN-919-1	2010-04-23 18:16:18 +00:00
Niels Heinen	5dcd72f257	Added krb5 double free vulnerability Approved by: remko (secteam) Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt Security: CVE-2010-1320	2010-04-21 20:19:11 +00:00
Niels Heinen	3d4109bb47	Documented the following vulnerabilities: - png: libpng decompression denial of service - e107: code execution and XSS vulnerabilities - pidgin: multiple remote denial of service vulnerabilities - fetchmail: denial of service vulnerability PR: ports/145885 PR: ports/145857 Approved by: remko (secteam) Security: CVE-2010-0996 Security: CVE-2010-0997 Security: CVE-2010-1167 Security: CVE-2010-0277 Security: CVE-2010-0420 Security: CVE-2010-0423 Security: CVE-2010-0205	2010-04-20 21:03:51 +00:00
Niels Heinen	a6899bdd1c	Documented the following vulnerabilities: - curl: libcurl buffer overflow vulnerability - irssi: multiple vulnerabilities - ejabberd: queue overload denial of service vulnerability Approved by: remko (secteam) Security: http://curl.haxx.se/docs/adv_20100209.html Security: http://support.process-one.net/browse/EJAB-1173 Security: http://xforce.iss.net/xforce/xfdb/57790 Security: http://xforce.iss.net/xforce/xfdb/57791	2010-04-19 19:06:22 +00:00
Niels Heinen	f5a502da05	- Added three krb5 vulnerabilities - Fixed indent on mahara entry - Fixed title of KDM entry Approved by: remko (secteam) Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt Security: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt	2010-04-19 07:13:42 +00:00
Niels Heinen	829d453ca4	Document mahara sql injection vulnerability Approved by: remko (secteam) Security: http://www.debian.org/security/2010/dsa-2030	2010-04-18 19:00:29 +00:00
Wesley Shields	bdc10870cc	Correct CVE entry. The advisory from Todd[0] says CVE 2010-0426, which is the entry assigned to the original sudoedit vulnerability[1]. The new one (CVE-2010-1163) was just assigned. I believe the one assigned by CVE folks is the proper one to use. [0]: http://sudo.ws/sudo/alerts/sudoedit_escalate2.html [1]: 018a84d0-2548-11df-b4a3-00e0815b8da8	2010-04-16 02:25:07 +00:00
Wesley Shields	a0381d77dc	- Document sudo privilege escalation bug. This is similar to 018a84d0-2548-11df-b4a3-00e0815b8da8.	2010-04-15 20:53:03 +00:00
Alberto Villa	5b805f79e0	- Do not match x11/kdebase4 in latest KDM vulnerability. Approved by: tabthorpe (mentor)	2010-04-14 21:46:52 +00:00
Alberto Villa	0e435ac5f8	- Document KDM local privilege escalation vulnerability. Approved by: tabthorpe (mentor), delphij (secteam)	2010-04-14 19:04:39 +00:00
Greg Larkin	77b0ea314a	- Document dojo - cross-site scripting and other vulnerabilities - Document ZendFramework - security issues in bundled Dojo library Approved by: secteam (remko) Security: http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/ Security: http://framework.zend.com/security/advisory/ZF2010-07	2010-04-06 17:53:39 +00:00
Beat Gaetzi	f977ca1bcc	- Document firefox -- Re-use of freed object due to scope confusion Submitted by: Florian Smeets <flo AT smeets.im> Approved by: miwi	2010-04-06 07:36:30 +00:00
Beat Gaetzi	59b38507d3	- Document mozilla -- multiple vulnerabilities Approved by: delphij	2010-03-30 22:25:05 +00:00
Xin LI	deaff4938a	Document postgresql bitsubstr overflow vulnerability	2010-03-25 21:45:55 +00:00
Christian Weisgerber	25a2b64738	Document a buffer overflow in gtar's rmt client functionality.	2010-03-24 18:48:01 +00:00
Beat Gaetzi	2d396eb517	- Document firefox -- WOFF heap corruption due to integer overflow Approved by: miwi	2010-03-23 08:36:57 +00:00
Niels Heinen	3622f594f7	Updated the xzgv entry: 0.9 version (now in portstree) is not vulnerable Approved by: itetcu (mentor), miwi (secteam) Security: http://www.vuxml.org/freebsd/a813a219-d2d4-11da-a672-000e0c2e438a.html Security: http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml	2010-03-22 21:30:59 +00:00
Martin Wilke	00cd9cf629	- Fix build	2010-03-19 10:16:03 +00:00
Beat Gaetzi	16fd879141	- Document mozilla -- multiple vulnerabilities - Fix a typo Approved by: miwi	2010-03-19 07:39:28 +00:00
Xin LI	93d156ee68	Document eGroupware vulnerabilities. Submitted by: wenheping	2010-03-12 01:45:48 +00:00
Martin Wilke	9a245c731e	- Document drupal -- multiple vulnerabilities Feature safe: yep	2010-03-08 22:50:43 +00:00
Wesley Shields	5a3c012a8e	- Document sudo privilege escalation vulnerability when using pseudo-command sudoedit Feature safe: yes	2010-03-01 17:47:04 +00:00
Juergen Lock	89d66179ae	Attempt to properly take care of the ooo3 -RC and -devel ports too (doh!) Feature safe: yes	2010-02-28 20:25:10 +00:00
Beat Gaetzi	313b31226f	- Document thunderbird3 vulnerabilities Approved by: miwi Feature safe: yes	2010-02-28 13:07:54 +00:00
Juergen Lock	9dd97217c1	Document openoffice -- multiple vulnerabilities Reviewed by: delphij Feature safe: yes	2010-02-26 21:20:05 +00:00
Beat Gaetzi	6f1c956210	- Document mozilla -- multiple vulnerabilities Approved by: miwi (secteam) Feature safe: yes	2010-02-18 10:02:50 +00:00
Xin LI	243b0c17bd	Document lighttpd remote DoS vulnerability. Reported by: Dan Rowe <dan dracosplace com> Feature safe: yes	2010-02-16 18:06:33 +00:00
Xin LI	c0cd5f4cb7	Update www/squid and www/squid30 to address Squid HTCP Packet Processing NULL Pointer Dereference vulnerability (SQUID-2010:2)	2010-02-15 06:29:30 +00:00
Juergen Lock	d32b361180	Document linux-flashplugin -- multiple vulnerabilities. Reviewed by: miwi	2010-02-13 21:55:50 +00:00
Koop Mast	7863e0ed46	Add CVE-2010-0414 and CVE-2010-0422 for gnome-screensaver. Reviewed by: miwi@	2010-02-13 10:29:49 +00:00
Matthias Andree	a407838a4a	Fix range for fetchmail CVE-2010-0562. Approved by: miwi@ (mentor)	2010-02-12 14:25:39 +00:00
Matthias Andree	1f8469eb74	Add CVE-2010-0562 entry for mail/fetchmail. Approved by: miwi (mentor).	2010-02-12 09:56:30 +00:00
Xin LI	67b519607f	Document wireshark lwres buffer overflow vulnerability. Reported by: Andreas <akoga hawaii edu>	2010-02-10 00:47:00 +00:00

1 2 3 4 5 ...

2174 commits