kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
361730 commits 42 branches 80 tags 2.7 GiB
Commit graph

3570 commits

Author SHA1 Message Date
Koop Mast
b28795f807 Record new libXfont security issues. 2015-03-18 09:07:05 +00:00
Johannes Jost Meixner
5593254fbd Add latest security vulnerabilities in linux-*-flashplugin11: 
CVE-2015-0332
	CVE-2015-0333
	CVE-2015-0334
	CVE-2015-0335
	CVE-2015-0336
	CVE-2015-0337
	CVE-2015-0338
	CVE-2015-0339
	CVE-2015-0340
	CVE-2015-0341
	CVE-2015-0342

Differential Revision:	https://reviews.freebsd.org/D2061
Approved by:		swills (mentor)
 2015-03-16 17:01:01 +00:00
Brad Davis
8408e7f155 Add vulnerability for mail/sympa. 
Approved by:	bapt
Security:	CVE-2015-1306
 2015-03-13 04:08:21 +00:00
Matthew Seaman
70d3ce5005 Document latest security vulnerabilities in rt42 and rt40: 
CVE-2014-9472
      CVE-2015-1165
      CVE-2015-1464
 2015-03-08 11:55:51 +00:00
Matthew Seaman
01695c6e77 Document the latest phpMyAdmin vulnerability: CVE-2015-2206 2015-03-08 11:41:18 +00:00
Romain Tartière
5fb92938f6 Document mono TLS bugs. 
Reported by:	delphij
 2015-03-07 17:17:31 +00:00
Matthias Andree
371c596738 Document recently fixed PuTTY < 0.64 vuln. CVE-2015-2157. 2015-03-05 22:10:26 +00:00
Rene Ladan
fe98e4cc80 Document new vulnerabilities in www/chromium < 41.0.2272.76 
Submitted by:	Carlos Jacobo Puga Medina
Obtained from:	http://googlechromereleases.blogspot.nl/
 2015-03-04 23:18:35 +00:00
Raphael Kubo da Costa
84bc960e23 Add entry for CVE-2015-0295 in qt4-gui and qt5-gui. 2015-03-04 23:05:03 +00:00
Steve Wills
a276ca075f Add entry for security issue in jenkins 
Reviewed by:	zi
 2015-03-01 03:42:30 +00:00
Jan Beich
153f00da5e Fix typo: s/MSFA/MFSA/. The source to follow later. 
https://bugzilla.mozilla.org/show_bug.cgi?id=1137604
 2015-02-27 08:28:02 +00:00
Jan Beich
677f1b51c1 Document mozilla vulnerabilities 2015-02-27 07:14:24 +00:00
Brad Davis
cce5f5c0f2 Document vulnerablities in php for CVE-2015-0235 and CVE-2015-0273. 
Approved by:	zi (mentor)
 2015-02-26 19:58:58 +00:00
Cy Schubert
1a7f2737d8 Document bugs fixed in krb5 1.11.6. 
* Handle certain invalid RFC 1964 GSS tokens correctly to avoid
  invalid memory reference vulnerabilities.  [CVE-2014-4341
  CVE-2014-4342]

* Fix memory management vulnerabilities in GSSAPI SPNEGO.
  [CVE-2014-4343 CVE-2014-4344]

* Fix buffer overflow vulnerability in LDAP KDB back end.
  [CVE-2014-4345]

* Fix multiple vulnerabilities in the LDAP KDC back end.
  [CVE-2014-5354 CVE-2014-5353]

* Fix multiple kadmind vulnerabilities, some of which are based in the
  gssrpc library. [CVE-2014-5352 CVE-2014-9421 CVE-2014-9422
  CVE-2014-9423]

Security:	CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344
		CVE-2014-4345, CVE-2014-5354, CVE-2014-5353, CVE-2014-5352
		CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
 2015-02-26 01:12:44 +00:00
Xin LI
f83e77266c Document Samba remote code execution vulnerability. 2015-02-24 00:54:47 +00:00
Matthias Andree
428bfcc169 Record two e2fsprogs vulnerabilities.CVE-2015-0247 
<URL:http://vuxml.freebsd.org/0f488b7b-bbb9-11e4-903c-080027ef73ec.html>

    Topic: e2fsprogs -- potential buffer overflow in closefs()
    Affects:
        e2fsprogs < 1.42.12_2
	References:
	    url:http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=maint&id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
	        cvename:CVE-2015-1572
		<URL:http://vuxml.freebsd.org/2a4bcd7d-bbb8-11e4-903c-080027ef73ec.html>

Security:	CVE-2015-0247
Security:	CVE-2015-1572
Security:	0f488b7b-bbb9-11e4-903c-080027ef73ec
Security:	2a4bcd7d-bbb8-11e4-903c-080027ef73ec.html
 2015-02-24 00:20:16 +00:00
Xin LI
70e0e535db Document BIND DoS issue with trust anchor management. 2015-02-23 22:13:03 +00:00
Cy Schubert
1f7fa041b7 Kerberos Version 5, Release 1.12.3 is released affecting 
security/krb5-112. This fixes multiple vulnerabilities, some previously
committed by point patches and others newly fixed in this release.

* Fix multiple vulnerabilities in the LDAP KDC back end.
  [CVE-2014-5354] [CVE-2014-5353]

* Fix multiple kadmind vulnerabilities, some of which are based in the
  gssrpc library. [CVE-2014-5352 CVE-2014-5352 CVE-2014-9421
  CVE-2014-9422 CVE-2014-9423]

Security:	CVE-2014-5354, CVE-2014-5353
Security:	CVE-2014-5352, CVE-2014-5352, CVE-2014-9421
Security:	CVE-2014-9422, CVE-2014-9423
 2015-02-21 16:12:36 +00:00
Xin LI
55445fd020 Document unzip heap based buffer overflow in iconv patch. 
PR:		ports/197772
 2015-02-17 22:03:32 +00:00
Guido Falsi
6a0ae6b7c5 Add modified date to entries I touched recently. 
Noticed by:	kwm (thanks)
 2015-02-17 17:19:31 +00:00
Guido Falsi
e177e566ad Add CVE number to asterisk advisory. 2015-02-17 16:14:30 +00:00
Cy Schubert
82c37d8660 Backported patches for CVE-2014-5353 and CVE-2014-5354 received from MIT 
for krb5-111 and krb5-112.

Obtained from:	Greg Hudson <ghudson@mit.edu>
Security:	CVE-2014-5353, CVE-2014-5354
 2015-02-13 20:23:28 +00:00
Ryan Steinmetz
4583de6e13 - Additional fixes from the krb5 commit 2015-02-13 01:59:09 +00:00
Ryan Steinmetz
9daed152d1 - Correct errors in previous commit to resolve build 2015-02-13 01:55:33 +00:00
Cy Schubert
5d7fc0f809 Document new krb5 vulnerabilities. 
Security:	CVE-2014-5353, CVE-2014-5354
 2015-02-13 01:45:41 +00:00
Koop Mast
5eb4ef2599 The xorg-server entry in commit 378888, also mention portepoch for the other 
version we want to check.
 2015-02-12 21:00:49 +00:00
Koop Mast
d7d1d8da5b Document xorg-server CVE-2015-0255. 
Information leak in the XkbSetGeometry request of X servers
 2015-02-12 19:56:45 +00:00
Palle Girgensohn
1477369948 In r378499, PostgreSQL package names where not version-suffixed. Fixed this. 
Submitted by:	kuriyama@
 2015-02-09 08:23:50 +00:00
Rene Ladan
7ab1892fd6 Fix CVE name for www/chromium entry 
Submitted by:	bz via bot
 2015-02-06 23:27:41 +00:00
Xin LI
b9640de8a0 Document two recent OpenLDAP DoS issues. 2015-02-06 22:48:14 +00:00
Rene Ladan
61b2e02abd Document new vulnerabilities in www/chromium < 40.0.2214.111 
Submitted by:	Carlos Jacobo Puga Medina
Obtained from:	http://googlechromereleases.blogspot.nl/
 2015-02-06 22:21:14 +00:00
Palle Girgensohn
665a780cb4 Update PostgreSQL-9.x to latests versions. 
This update fixes multiple security issues reported in PostgreSQL over the past
few months. All of these issues require prior authentication, and some require
additional conditions, and as such are not considered generally urgent.
However, users should examine the list of security holes patched below in case
they are particularly vulnerable.

Security:	CVE-2015-0241,CVE-2015-0242,CVE-2015-0243,
		CVE-2015-0244,CVE-2014-8161
 2015-02-05 22:54:21 +00:00
Tijl Coosemans
12a1f8e664 Remove 734bcd49-aae6-11e4-a0c1-c485083ca99c because Adobe Flash Player 11.x 
isn't affected.  See February 2 revision of
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
 2015-02-05 08:57:04 +00:00
Cy Schubert
34e7f5cab2 Add the following KRB5 CVEs. 
CVE-2014-5352: gss_process_context_token() incorrectly frees context

CVE-2014-9421: kadmind doubly frees partial deserialization results

CVE-2014-9422: kadmind incorrectly validates server principal name

CVE-2014-9423: libgssrpc server applications leak uninitialized bytes

Security:	CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
 2015-02-04 20:38:30 +00:00
Xin LI
fd65c6c16b Document unzip out of boundary access issues in test_compr_eb. 
PR:		ports/197300
 2015-02-03 22:35:06 +00:00
Johannes Jost Meixner
6aeb32db74 Add linux-f10-devtools (any version) and linux-c6-devtools (prior to 6.6_3) to 
the CVE-2015-0235 entry from 2015-01-28.

Approved by:	swills (mentor)
 2015-02-02 19:09:35 +00:00
Mark Felder
ff9005823f Add net-mgmt/xymon-server CVE-2015-1430 2015-02-02 15:25:31 +00:00
Johannes Jost Meixner
3db147c9dc www/linux-*-flashplugin11: Add CVE-2015-0313 
Spotted by:	kwm
Approved by:	swills (mentor)
 2015-02-02 14:53:56 +00:00
Jimmy Olgeni
7933cbc833 Add CVE-2015-0862 for net/rabbitmq. 2015-01-31 16:09:37 +00:00
Olli Hauer
6a093ced96 - document apache24 issues 2015-01-31 15:07:28 +00:00
Guido Falsi
79ede1bfbe Document asterisk security issues. 
While here, add CVE number to a previous asterisk entry.
 2015-01-29 11:20:51 +00:00
Johannes Jost Meixner
b94dece6fd Add CVE-2015-0235. 
- Affects linux_base-*

Approved by:	so@ (des)
 2015-01-28 08:39:20 +00:00
Tijl Coosemans
20ebd85bff Document critical Adobe Flash Player vulnerability (CVE-2015-0311) 2015-01-26 21:20:43 +00:00
Olli Hauer
dad6a4f07c - document bugzilla security issues 2015-01-26 20:24:08 +00:00
Li-Wen Hsu
8ad3597657 - Fix description of 9c7b6c20-a324-11e4-879c-00e0814cab4e 2015-01-24 17:58:07 +00:00
Li-Wen Hsu
f3324ced2c Document Django 2014-01-13 vulnerabilty 2015-01-23 17:47:00 +00:00
Mikhail Teterin
af56c7fc52 Add a note about the just-fixed vulnerability of applications using net/libutp. 
PR:		196351
Differential Revision:	D1575
Submitted by:	Jan Beich
Approved by:	bapt
 2015-01-22 17:43:47 +00:00
Johannes Jost Meixner
2925c75bbb Amend linux-c6-openssl version in OpenSSL entry from 2015-01-08. 
Approved by:	swills (mentor)
 2015-01-22 17:09:22 +00:00
Vsevolod Stakhov
a91fe34f1e Add CVE-2015-0206 description for LibreSSL port. 2015-01-22 17:02:40 +00:00
Tijl Coosemans
96f7bce425 Document Adobe Flash Player vulnerabilities 2015-01-22 12:54:13 +00:00