kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
369587 commits 42 branches 80 tags 2.7 GiB
Commit graph

3671 commits

Author SHA1 Message Date
Johannes Jost Meixner
9dedc233ee Document multiple vulnerabilities in www/linux-*-flashplugin11. 
Security:	CVE-2015-3044
Security:	CVE-2015-3077
Security:	CVE-2015-3078
Security:	CVE-2015-3079
Security:	CVE-2015-3080
Security:	CVE-2015-3081
Security:	CVE-2015-3082
Security:	CVE-2015-3083
Security:	CVE-2015-3084
Security:	CVE-2015-3085
Security:	CVE-2015-3086
Security:	CVE-2015-3087
Security:	CVE-2015-3088
Security:	CVE-2015-3089
Security:	CVE-2015-3090
Security:	CVE-2015-3091
Security:	CVE-2015-3092
Security:	CVE-2015-3093
 2015-05-13 14:39:00 +00:00
Jan Beich
e70ecdfb05 VuXML: document recent mozilla vulnerabilities 2015-05-12 18:24:57 +00:00
Kubilay Kocak
e299c4d4e2 security/vuxml: Add CVE-2015-0971 entry for security/suricata 2015-05-12 10:48:17 +00:00
Xin LI
a84e12c6a4 Revert r385940,r385932,r385864: 
The usage of * is actually valid, as pointed out at the FreeBSD porter's
handbook:

https://www.freebsd.org/doc/en/books/porters-handbook/security-notify.html

Which denotes "the smallest version number" (in other words, * < 0).

Requested by:	many
Pointy hat to:	delphij
 2015-05-11 18:12:02 +00:00
Raphael Kubo da Costa
1bb85ae312 Add entry for CVE-2015-3146 in security/libssh. 2015-05-10 20:24:26 +00:00
Olli Hauer
d0d7cdabce - fix a second postfix entry 
PR:			200089 (followup)
 2015-05-10 12:12:30 +00:00
Xin LI
06fe68b21d Correct version range. 
PR:		200089
 2015-05-10 08:28:43 +00:00
Xin LI
65719d6d41 * is not valid for version number, replace all instances with 0 and bump 
modification date.

Submitted by:	Chris Nehren <cnehren tenable com> (version number part)
 2015-05-09 08:20:44 +00:00
Jan Beich
4126eef4cd VuXML: update sqlite3 entry with verbose descriptions. CVE-2015-341[4-6] 
PR:		199483
 2015-05-08 18:42:31 +00:00
Don Lewis
ce81ac1948 Document HWP filter vulnerability in editors/libreoffice < 4.3.7 and 
editors/openoffice < 4.1.2, CVE-2015-1774.

Approved by:	mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D2475
 2015-05-07 23:56:04 +00:00
Koop Mast
ae39d6e38f Document current and previous wordpress vulnabilities. 2015-05-07 09:21:39 +00:00
Xin LI
cba1cd6de0 Fix version range of two ancient items. 
Submitted by:	Chris Nehren <cnehren tenable com>
 2015-05-02 00:59:18 +00:00
Brad Davis
6b188e7ac4 Add entry for powerdns and powerdns-recursor. 
Approved by:	bdrewery (mentor)
 2015-05-01 15:05:36 +00:00
Rene Ladan
b4343973b4 Document new vulnerabities in www/chromium < 42.0.2311.135 
Obtained from:	http://googlechromereleases.blogspot.nl/2015/04/stable-channel-update_28.html
 2015-04-28 20:28:49 +00:00
Rene Ladan
dc81ad839e Document new vulnerabilities in www/chromium < 42.0.2311.90 
Obtained from:	http://googlechromereleases.blogspot.nl/2015/04/stable-channel-update_14.html
 2015-04-27 10:53:40 +00:00
John Marino
a1fac23f0f security/vuxml: Add entry for security/wpa_supplicant 
Security:	CVE-2015-1863
PR:		199678
 2015-04-26 16:32:34 +00:00
Xin LI
0c587d67d9 Document PHP multiple vulnerabilities. 
Submitted by:	Bernard Spil <spil.oss gmail com>
 2015-04-26 06:34:50 +00:00
Koop Mast
0eed30f27f There are actualy two chinese wordpress ports, which have both different 
suffixes. List them both.
 2015-04-24 16:52:03 +00:00
Koop Mast
b6e643a557 Add wordpress vulnabilities. 2015-04-24 15:42:31 +00:00
Roman Bogorodskiy
74b39b7b6a Add an entry for security/libtasn1 vulnerability. 
Security:	CVE-2015-2806
 2015-04-22 07:40:01 +00:00
Jan Beich
ffe2287f3a Document new Firefox vulnerability. CVE-2015-2706 2015-04-21 02:41:56 +00:00
Jan Beich
572692c9f6 Document sqlite3 multiple vulnerabilites 
PR:		199483
 2015-04-18 10:17:25 +00:00
Jan Beich
ddf94f6362 Document chrony multiple vulnerabilites. 
PR:		199508
 2015-04-18 09:27:50 +00:00
Jan Beich
fb365a87c3 Document new Dulwich vulnerability. CVE-2015-0838 
PR:		199162
Submitted by:	Marco Bröder (maintainer)
 2015-04-17 22:11:14 +00:00
Johannes Jost Meixner
9b82acf5d6 Register Flash vulnerabilities. 
Affected: www/linux-*-flashplugin11.
 2015-04-17 10:09:41 +00:00
Jan Beich
7313d8e6de Document Wesnoth vulnerability. CVE-2015-0844 
PR:		199414
 2015-04-17 08:04:24 +00:00
Raphael Kubo da Costa
19d9aa2b81 Add entry for CVE-2015-1858, CVE-2015-1859 and CVE-2015-1860. 
Multiple vulnerabilities in Qt image format handling (the 3 CVEs are part of
the same security advisory).
 2015-04-14 08:33:04 +00:00
Steve Wills
6574fab10f Document issues in ruby 2015-04-14 00:50:37 +00:00
Matthias Andree
3f93e22150 Add mailman < 2.1.20 vulnerability. 
Port update to arrive shortly.
 2015-04-09 19:35:00 +00:00
Guido Falsi
ef47d9661c Document new asterisk ports vulnerability. 2015-04-08 21:46:51 +00:00
Xin LI
a444f6a3de Document NTP multiple vulnerabilities. 2015-04-07 23:48:04 +00:00
Jan Beich
fe5c0d4c53 Document mozilla vulnerabilities in Firefox 37.0 2015-04-03 23:42:55 +00:00
Thomas Zander
059a0b2eb2 Document multiple vulnerabilities in multimedia/libav prior to version 11.3 
PR:		198873
Submitted by:	venture37@geeklan.co.uk
MFH:		2015Q2
 2015-04-03 16:34:45 +00:00
Xin LI
530668b2a7 Document multiple vulnerabilities of PHP. 
Submitted by:	Bernard Spil <bernard bachfreund nl>
 2015-04-01 20:03:30 +00:00
Olli Hauer
fe4e75e309 - document subversion issues 
http://subversion.apache.org/security/

Security:	 CVE-2015-0202
Security:	 CVE-2015-0248
Security:	 CVE-2015-0251
 2015-03-31 20:16:05 +00:00
Jan Beich
5744d948be Document mozilla vulnerabilities 2015-03-31 18:40:29 +00:00
Dmitry Marakasov
0cdf69cf5f Add vulnerability for devel/osc. 
Security:	CVE-2015-0778
PR:		198876
Submitted by:	venture37@geeklan.co.uk
 2015-03-31 16:10:20 +00:00
Christian Weisgerber
5edbabc92d Document GNU cpio vulnerabilities CVE-2014-9112 and CVE-2015-1197. 2015-03-31 14:51:30 +00:00
Max Brazhnikov
c524bbba47 Document libzip vulnerability CVE-2015-2331 2015-03-28 16:50:00 +00:00
Li-Wen Hsu
88fda303b9 Document django vulnerability CVE-2015-2316 and CVE-2015-2317 2015-03-27 05:33:34 +00:00
Dan Langille
75914998eb Revert my previous commit. 2015-03-25 13:13:57 +00:00
Dan Langille
684ab97412 Convert non-ASCII quotes to ASCII characters 
Approved by: mat (mentor)
 2015-03-25 13:03:32 +00:00
Jason Helfman
f6fa2f3023 - fixing package name 
$ make -C /usr/ports/devel/mingw64-binutils/ -V PKGNAME
x86_64-pc-mingw32-binutils-2.23.2_1
 2015-03-24 23:19:59 +00:00
Ryan Steinmetz
d8a73366f4 - Fix vuxml build: bad package names in f6a014cd-d268-11e4-8339-001e679db764 
- Fix blockquote style to match rest
 2015-03-24 22:15:48 +00:00
Brooks Davis
547621e3e4 The ancient version of binutils in the cross-binutils port suffers for 
several vulnerabilities.

This also effects devel/mingw64-binutils.

PR:		198816
Reported by:	Sevan Janiyan <venture37@geeklan.co.uk>
 2015-03-24 21:32:04 +00:00
Vanilla I. Shu
5bac1bc6b5 Document nodejs (libuv) CVE-2015-0278. 
PR:		198861
Submitted by:	venture37@geeklan.co.uk
 2015-03-24 16:11:41 +00:00
Johannes Jost Meixner
e706f86581 Document vulnerable linux-c6-openssl versions in vuxml entry from 2015-03-19 
Approved by:    swills (mentor)
 2015-03-24 12:17:14 +00:00
Li-Wen Hsu
62b0b60c59 Document Jenkins Security Advisory 2015-03-23 2015-03-24 06:22:27 +00:00
Jan Beich
f1eaf2de22 Document mozilla issues disclosed at HP Zero Day Initiative's Pwn2Own 2015-03-22 04:45:55 +00:00
Xin LI
10fed934b7 Mention LibreSSL too. Use <ul>'s per suggestion from vsevolod [1]. 
PR:		198718 [1]
 2015-03-19 22:54:13 +00:00
Xin LI
352640920a Document OpenSSL multiple vulnerabilities. 2015-03-19 21:21:03 +00:00
Koop Mast
b28795f807 Record new libXfont security issues. 2015-03-18 09:07:05 +00:00
Johannes Jost Meixner
5593254fbd Add latest security vulnerabilities in linux-*-flashplugin11: 
CVE-2015-0332
	CVE-2015-0333
	CVE-2015-0334
	CVE-2015-0335
	CVE-2015-0336
	CVE-2015-0337
	CVE-2015-0338
	CVE-2015-0339
	CVE-2015-0340
	CVE-2015-0341
	CVE-2015-0342

Differential Revision:	https://reviews.freebsd.org/D2061
Approved by:		swills (mentor)
 2015-03-16 17:01:01 +00:00
Brad Davis
8408e7f155 Add vulnerability for mail/sympa. 
Approved by:	bapt
Security:	CVE-2015-1306
 2015-03-13 04:08:21 +00:00
Matthew Seaman
70d3ce5005 Document latest security vulnerabilities in rt42 and rt40: 
CVE-2014-9472
      CVE-2015-1165
      CVE-2015-1464
 2015-03-08 11:55:51 +00:00
Matthew Seaman
01695c6e77 Document the latest phpMyAdmin vulnerability: CVE-2015-2206 2015-03-08 11:41:18 +00:00
Romain Tartière
5fb92938f6 Document mono TLS bugs. 
Reported by:	delphij
 2015-03-07 17:17:31 +00:00
Matthias Andree
371c596738 Document recently fixed PuTTY < 0.64 vuln. CVE-2015-2157. 2015-03-05 22:10:26 +00:00
Rene Ladan
fe98e4cc80 Document new vulnerabilities in www/chromium < 41.0.2272.76 
Submitted by:	Carlos Jacobo Puga Medina
Obtained from:	http://googlechromereleases.blogspot.nl/
 2015-03-04 23:18:35 +00:00
Raphael Kubo da Costa
84bc960e23 Add entry for CVE-2015-0295 in qt4-gui and qt5-gui. 2015-03-04 23:05:03 +00:00
Steve Wills
a276ca075f Add entry for security issue in jenkins 
Reviewed by:	zi
 2015-03-01 03:42:30 +00:00
Jan Beich
153f00da5e Fix typo: s/MSFA/MFSA/. The source to follow later. 
https://bugzilla.mozilla.org/show_bug.cgi?id=1137604
 2015-02-27 08:28:02 +00:00
Jan Beich
677f1b51c1 Document mozilla vulnerabilities 2015-02-27 07:14:24 +00:00
Brad Davis
cce5f5c0f2 Document vulnerablities in php for CVE-2015-0235 and CVE-2015-0273. 
Approved by:	zi (mentor)
 2015-02-26 19:58:58 +00:00
Cy Schubert
1a7f2737d8 Document bugs fixed in krb5 1.11.6. 
* Handle certain invalid RFC 1964 GSS tokens correctly to avoid
  invalid memory reference vulnerabilities.  [CVE-2014-4341
  CVE-2014-4342]

* Fix memory management vulnerabilities in GSSAPI SPNEGO.
  [CVE-2014-4343 CVE-2014-4344]

* Fix buffer overflow vulnerability in LDAP KDB back end.
  [CVE-2014-4345]

* Fix multiple vulnerabilities in the LDAP KDC back end.
  [CVE-2014-5354 CVE-2014-5353]

* Fix multiple kadmind vulnerabilities, some of which are based in the
  gssrpc library. [CVE-2014-5352 CVE-2014-9421 CVE-2014-9422
  CVE-2014-9423]

Security:	CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344
		CVE-2014-4345, CVE-2014-5354, CVE-2014-5353, CVE-2014-5352
		CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
 2015-02-26 01:12:44 +00:00
Xin LI
f83e77266c Document Samba remote code execution vulnerability. 2015-02-24 00:54:47 +00:00
Matthias Andree
428bfcc169 Record two e2fsprogs vulnerabilities.CVE-2015-0247 
<URL:http://vuxml.freebsd.org/0f488b7b-bbb9-11e4-903c-080027ef73ec.html>

    Topic: e2fsprogs -- potential buffer overflow in closefs()
    Affects:
        e2fsprogs < 1.42.12_2
	References:
	    url:http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=maint&id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
	        cvename:CVE-2015-1572
		<URL:http://vuxml.freebsd.org/2a4bcd7d-bbb8-11e4-903c-080027ef73ec.html>

Security:	CVE-2015-0247
Security:	CVE-2015-1572
Security:	0f488b7b-bbb9-11e4-903c-080027ef73ec
Security:	2a4bcd7d-bbb8-11e4-903c-080027ef73ec.html
 2015-02-24 00:20:16 +00:00
Xin LI
70e0e535db Document BIND DoS issue with trust anchor management. 2015-02-23 22:13:03 +00:00
Cy Schubert
1f7fa041b7 Kerberos Version 5, Release 1.12.3 is released affecting 
security/krb5-112. This fixes multiple vulnerabilities, some previously
committed by point patches and others newly fixed in this release.

* Fix multiple vulnerabilities in the LDAP KDC back end.
  [CVE-2014-5354] [CVE-2014-5353]

* Fix multiple kadmind vulnerabilities, some of which are based in the
  gssrpc library. [CVE-2014-5352 CVE-2014-5352 CVE-2014-9421
  CVE-2014-9422 CVE-2014-9423]

Security:	CVE-2014-5354, CVE-2014-5353
Security:	CVE-2014-5352, CVE-2014-5352, CVE-2014-9421
Security:	CVE-2014-9422, CVE-2014-9423
 2015-02-21 16:12:36 +00:00
Xin LI
55445fd020 Document unzip heap based buffer overflow in iconv patch. 
PR:		ports/197772
 2015-02-17 22:03:32 +00:00
Guido Falsi
6a0ae6b7c5 Add modified date to entries I touched recently. 
Noticed by:	kwm (thanks)
 2015-02-17 17:19:31 +00:00
Guido Falsi
e177e566ad Add CVE number to asterisk advisory. 2015-02-17 16:14:30 +00:00
Cy Schubert
82c37d8660 Backported patches for CVE-2014-5353 and CVE-2014-5354 received from MIT 
for krb5-111 and krb5-112.

Obtained from:	Greg Hudson <ghudson@mit.edu>
Security:	CVE-2014-5353, CVE-2014-5354
 2015-02-13 20:23:28 +00:00
Ryan Steinmetz
4583de6e13 - Additional fixes from the krb5 commit 2015-02-13 01:59:09 +00:00
Ryan Steinmetz
9daed152d1 - Correct errors in previous commit to resolve build 2015-02-13 01:55:33 +00:00
Cy Schubert
5d7fc0f809 Document new krb5 vulnerabilities. 
Security:	CVE-2014-5353, CVE-2014-5354
 2015-02-13 01:45:41 +00:00
Koop Mast
5eb4ef2599 The xorg-server entry in commit 378888, also mention portepoch for the other 
version we want to check.
 2015-02-12 21:00:49 +00:00
Koop Mast
d7d1d8da5b Document xorg-server CVE-2015-0255. 
Information leak in the XkbSetGeometry request of X servers
 2015-02-12 19:56:45 +00:00
Palle Girgensohn
1477369948 In r378499, PostgreSQL package names where not version-suffixed. Fixed this. 
Submitted by:	kuriyama@
 2015-02-09 08:23:50 +00:00
Rene Ladan
7ab1892fd6 Fix CVE name for www/chromium entry 
Submitted by:	bz via bot
 2015-02-06 23:27:41 +00:00
Xin LI
b9640de8a0 Document two recent OpenLDAP DoS issues. 2015-02-06 22:48:14 +00:00
Rene Ladan
61b2e02abd Document new vulnerabilities in www/chromium < 40.0.2214.111 
Submitted by:	Carlos Jacobo Puga Medina
Obtained from:	http://googlechromereleases.blogspot.nl/
 2015-02-06 22:21:14 +00:00
Palle Girgensohn
665a780cb4 Update PostgreSQL-9.x to latests versions. 
This update fixes multiple security issues reported in PostgreSQL over the past
few months. All of these issues require prior authentication, and some require
additional conditions, and as such are not considered generally urgent.
However, users should examine the list of security holes patched below in case
they are particularly vulnerable.

Security:	CVE-2015-0241,CVE-2015-0242,CVE-2015-0243,
		CVE-2015-0244,CVE-2014-8161
 2015-02-05 22:54:21 +00:00
Tijl Coosemans
12a1f8e664 Remove 734bcd49-aae6-11e4-a0c1-c485083ca99c because Adobe Flash Player 11.x 
isn't affected.  See February 2 revision of
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
 2015-02-05 08:57:04 +00:00
Cy Schubert
34e7f5cab2 Add the following KRB5 CVEs. 
CVE-2014-5352: gss_process_context_token() incorrectly frees context

CVE-2014-9421: kadmind doubly frees partial deserialization results

CVE-2014-9422: kadmind incorrectly validates server principal name

CVE-2014-9423: libgssrpc server applications leak uninitialized bytes

Security:	CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
 2015-02-04 20:38:30 +00:00
Xin LI
fd65c6c16b Document unzip out of boundary access issues in test_compr_eb. 
PR:		ports/197300
 2015-02-03 22:35:06 +00:00
Johannes Jost Meixner
6aeb32db74 Add linux-f10-devtools (any version) and linux-c6-devtools (prior to 6.6_3) to 
the CVE-2015-0235 entry from 2015-01-28.

Approved by:	swills (mentor)
 2015-02-02 19:09:35 +00:00
Mark Felder
ff9005823f Add net-mgmt/xymon-server CVE-2015-1430 2015-02-02 15:25:31 +00:00
Johannes Jost Meixner
3db147c9dc www/linux-*-flashplugin11: Add CVE-2015-0313 
Spotted by:	kwm
Approved by:	swills (mentor)
 2015-02-02 14:53:56 +00:00
Jimmy Olgeni
7933cbc833 Add CVE-2015-0862 for net/rabbitmq. 2015-01-31 16:09:37 +00:00
Olli Hauer
6a093ced96 - document apache24 issues 2015-01-31 15:07:28 +00:00
Guido Falsi
79ede1bfbe Document asterisk security issues. 
While here, add CVE number to a previous asterisk entry.
 2015-01-29 11:20:51 +00:00
Johannes Jost Meixner
b94dece6fd Add CVE-2015-0235. 
- Affects linux_base-*

Approved by:	so@ (des)
 2015-01-28 08:39:20 +00:00
Tijl Coosemans
20ebd85bff Document critical Adobe Flash Player vulnerability (CVE-2015-0311) 2015-01-26 21:20:43 +00:00
Olli Hauer
dad6a4f07c - document bugzilla security issues 2015-01-26 20:24:08 +00:00
Li-Wen Hsu
8ad3597657 - Fix description of 9c7b6c20-a324-11e4-879c-00e0814cab4e 2015-01-24 17:58:07 +00:00
Li-Wen Hsu
f3324ced2c Document Django 2014-01-13 vulnerabilty 2015-01-23 17:47:00 +00:00
Mikhail Teterin
af56c7fc52 Add a note about the just-fixed vulnerability of applications using net/libutp. 
PR:		196351
Differential Revision:	D1575
Submitted by:	Jan Beich
Approved by:	bapt
 2015-01-22 17:43:47 +00:00
Johannes Jost Meixner
2925c75bbb Amend linux-c6-openssl version in OpenSSL entry from 2015-01-08. 
Approved by:	swills (mentor)
 2015-01-22 17:09:22 +00:00
Vsevolod Stakhov
a91fe34f1e Add CVE-2015-0206 description for LibreSSL port. 2015-01-22 17:02:40 +00:00