kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
369587 commits 42 branches 80 tags 2.7 GiB
Commit graph

3671 commits

Author SHA1 Message Date
Xin LI
352640920a Document OpenSSL multiple vulnerabilities. 2015-03-19 21:21:03 +00:00
Koop Mast
b28795f807 Record new libXfont security issues. 2015-03-18 09:07:05 +00:00
Johannes Jost Meixner
5593254fbd Add latest security vulnerabilities in linux-*-flashplugin11: 
CVE-2015-0332
	CVE-2015-0333
	CVE-2015-0334
	CVE-2015-0335
	CVE-2015-0336
	CVE-2015-0337
	CVE-2015-0338
	CVE-2015-0339
	CVE-2015-0340
	CVE-2015-0341
	CVE-2015-0342

Differential Revision:	https://reviews.freebsd.org/D2061
Approved by:		swills (mentor)
 2015-03-16 17:01:01 +00:00
Brad Davis
8408e7f155 Add vulnerability for mail/sympa. 
Approved by:	bapt
Security:	CVE-2015-1306
 2015-03-13 04:08:21 +00:00
Matthew Seaman
70d3ce5005 Document latest security vulnerabilities in rt42 and rt40: 
CVE-2014-9472
      CVE-2015-1165
      CVE-2015-1464
 2015-03-08 11:55:51 +00:00
Matthew Seaman
01695c6e77 Document the latest phpMyAdmin vulnerability: CVE-2015-2206 2015-03-08 11:41:18 +00:00
Romain Tartière
5fb92938f6 Document mono TLS bugs. 
Reported by:	delphij
 2015-03-07 17:17:31 +00:00
Matthias Andree
371c596738 Document recently fixed PuTTY < 0.64 vuln. CVE-2015-2157. 2015-03-05 22:10:26 +00:00
Rene Ladan
fe98e4cc80 Document new vulnerabilities in www/chromium < 41.0.2272.76 
Submitted by:	Carlos Jacobo Puga Medina
Obtained from:	http://googlechromereleases.blogspot.nl/
 2015-03-04 23:18:35 +00:00
Raphael Kubo da Costa
84bc960e23 Add entry for CVE-2015-0295 in qt4-gui and qt5-gui. 2015-03-04 23:05:03 +00:00
Steve Wills
a276ca075f Add entry for security issue in jenkins 
Reviewed by:	zi
 2015-03-01 03:42:30 +00:00
Jan Beich
153f00da5e Fix typo: s/MSFA/MFSA/. The source to follow later. 
https://bugzilla.mozilla.org/show_bug.cgi?id=1137604
 2015-02-27 08:28:02 +00:00
Jan Beich
677f1b51c1 Document mozilla vulnerabilities 2015-02-27 07:14:24 +00:00
Brad Davis
cce5f5c0f2 Document vulnerablities in php for CVE-2015-0235 and CVE-2015-0273. 
Approved by:	zi (mentor)
 2015-02-26 19:58:58 +00:00
Cy Schubert
1a7f2737d8 Document bugs fixed in krb5 1.11.6. 
* Handle certain invalid RFC 1964 GSS tokens correctly to avoid
  invalid memory reference vulnerabilities.  [CVE-2014-4341
  CVE-2014-4342]

* Fix memory management vulnerabilities in GSSAPI SPNEGO.
  [CVE-2014-4343 CVE-2014-4344]

* Fix buffer overflow vulnerability in LDAP KDB back end.
  [CVE-2014-4345]

* Fix multiple vulnerabilities in the LDAP KDC back end.
  [CVE-2014-5354 CVE-2014-5353]

* Fix multiple kadmind vulnerabilities, some of which are based in the
  gssrpc library. [CVE-2014-5352 CVE-2014-9421 CVE-2014-9422
  CVE-2014-9423]

Security:	CVE-2014-4341, CVE-2014-4342, CVE-2014-4343, CVE-2014-4344
		CVE-2014-4345, CVE-2014-5354, CVE-2014-5353, CVE-2014-5352
		CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
 2015-02-26 01:12:44 +00:00
Xin LI
f83e77266c Document Samba remote code execution vulnerability. 2015-02-24 00:54:47 +00:00
Matthias Andree
428bfcc169 Record two e2fsprogs vulnerabilities.CVE-2015-0247 
<URL:http://vuxml.freebsd.org/0f488b7b-bbb9-11e4-903c-080027ef73ec.html>

    Topic: e2fsprogs -- potential buffer overflow in closefs()
    Affects:
        e2fsprogs < 1.42.12_2
	References:
	    url:http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=maint&id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
	        cvename:CVE-2015-1572
		<URL:http://vuxml.freebsd.org/2a4bcd7d-bbb8-11e4-903c-080027ef73ec.html>

Security:	CVE-2015-0247
Security:	CVE-2015-1572
Security:	0f488b7b-bbb9-11e4-903c-080027ef73ec
Security:	2a4bcd7d-bbb8-11e4-903c-080027ef73ec.html
 2015-02-24 00:20:16 +00:00
Xin LI
70e0e535db Document BIND DoS issue with trust anchor management. 2015-02-23 22:13:03 +00:00
Cy Schubert
1f7fa041b7 Kerberos Version 5, Release 1.12.3 is released affecting 
security/krb5-112. This fixes multiple vulnerabilities, some previously
committed by point patches and others newly fixed in this release.

* Fix multiple vulnerabilities in the LDAP KDC back end.
  [CVE-2014-5354] [CVE-2014-5353]

* Fix multiple kadmind vulnerabilities, some of which are based in the
  gssrpc library. [CVE-2014-5352 CVE-2014-5352 CVE-2014-9421
  CVE-2014-9422 CVE-2014-9423]

Security:	CVE-2014-5354, CVE-2014-5353
Security:	CVE-2014-5352, CVE-2014-5352, CVE-2014-9421
Security:	CVE-2014-9422, CVE-2014-9423
 2015-02-21 16:12:36 +00:00
Xin LI
55445fd020 Document unzip heap based buffer overflow in iconv patch. 
PR:		ports/197772
 2015-02-17 22:03:32 +00:00
Guido Falsi
6a0ae6b7c5 Add modified date to entries I touched recently. 
Noticed by:	kwm (thanks)
 2015-02-17 17:19:31 +00:00
Guido Falsi
e177e566ad Add CVE number to asterisk advisory. 2015-02-17 16:14:30 +00:00
Cy Schubert
82c37d8660 Backported patches for CVE-2014-5353 and CVE-2014-5354 received from MIT 
for krb5-111 and krb5-112.

Obtained from:	Greg Hudson <ghudson@mit.edu>
Security:	CVE-2014-5353, CVE-2014-5354
 2015-02-13 20:23:28 +00:00
Ryan Steinmetz
4583de6e13 - Additional fixes from the krb5 commit 2015-02-13 01:59:09 +00:00
Ryan Steinmetz
9daed152d1 - Correct errors in previous commit to resolve build 2015-02-13 01:55:33 +00:00
Cy Schubert
5d7fc0f809 Document new krb5 vulnerabilities. 
Security:	CVE-2014-5353, CVE-2014-5354
 2015-02-13 01:45:41 +00:00
Koop Mast
5eb4ef2599 The xorg-server entry in commit 378888, also mention portepoch for the other 
version we want to check.
 2015-02-12 21:00:49 +00:00
Koop Mast
d7d1d8da5b Document xorg-server CVE-2015-0255. 
Information leak in the XkbSetGeometry request of X servers
 2015-02-12 19:56:45 +00:00
Palle Girgensohn
1477369948 In r378499, PostgreSQL package names where not version-suffixed. Fixed this. 
Submitted by:	kuriyama@
 2015-02-09 08:23:50 +00:00
Rene Ladan
7ab1892fd6 Fix CVE name for www/chromium entry 
Submitted by:	bz via bot
 2015-02-06 23:27:41 +00:00
Xin LI
b9640de8a0 Document two recent OpenLDAP DoS issues. 2015-02-06 22:48:14 +00:00
Rene Ladan
61b2e02abd Document new vulnerabilities in www/chromium < 40.0.2214.111 
Submitted by:	Carlos Jacobo Puga Medina
Obtained from:	http://googlechromereleases.blogspot.nl/
 2015-02-06 22:21:14 +00:00
Palle Girgensohn
665a780cb4 Update PostgreSQL-9.x to latests versions. 
This update fixes multiple security issues reported in PostgreSQL over the past
few months. All of these issues require prior authentication, and some require
additional conditions, and as such are not considered generally urgent.
However, users should examine the list of security holes patched below in case
they are particularly vulnerable.

Security:	CVE-2015-0241,CVE-2015-0242,CVE-2015-0243,
		CVE-2015-0244,CVE-2014-8161
 2015-02-05 22:54:21 +00:00
Tijl Coosemans
12a1f8e664 Remove 734bcd49-aae6-11e4-a0c1-c485083ca99c because Adobe Flash Player 11.x 
isn't affected.  See February 2 revision of
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
 2015-02-05 08:57:04 +00:00
Cy Schubert
34e7f5cab2 Add the following KRB5 CVEs. 
CVE-2014-5352: gss_process_context_token() incorrectly frees context

CVE-2014-9421: kadmind doubly frees partial deserialization results

CVE-2014-9422: kadmind incorrectly validates server principal name

CVE-2014-9423: libgssrpc server applications leak uninitialized bytes

Security:	CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423
 2015-02-04 20:38:30 +00:00
Xin LI
fd65c6c16b Document unzip out of boundary access issues in test_compr_eb. 
PR:		ports/197300
 2015-02-03 22:35:06 +00:00
Johannes Jost Meixner
6aeb32db74 Add linux-f10-devtools (any version) and linux-c6-devtools (prior to 6.6_3) to 
the CVE-2015-0235 entry from 2015-01-28.

Approved by:	swills (mentor)
 2015-02-02 19:09:35 +00:00
Mark Felder
ff9005823f Add net-mgmt/xymon-server CVE-2015-1430 2015-02-02 15:25:31 +00:00
Johannes Jost Meixner
3db147c9dc www/linux-*-flashplugin11: Add CVE-2015-0313 
Spotted by:	kwm
Approved by:	swills (mentor)
 2015-02-02 14:53:56 +00:00
Jimmy Olgeni
7933cbc833 Add CVE-2015-0862 for net/rabbitmq. 2015-01-31 16:09:37 +00:00
Olli Hauer
6a093ced96 - document apache24 issues 2015-01-31 15:07:28 +00:00
Guido Falsi
79ede1bfbe Document asterisk security issues. 
While here, add CVE number to a previous asterisk entry.
 2015-01-29 11:20:51 +00:00
Johannes Jost Meixner
b94dece6fd Add CVE-2015-0235. 
- Affects linux_base-*

Approved by:	so@ (des)
 2015-01-28 08:39:20 +00:00
Tijl Coosemans
20ebd85bff Document critical Adobe Flash Player vulnerability (CVE-2015-0311) 2015-01-26 21:20:43 +00:00
Olli Hauer
dad6a4f07c - document bugzilla security issues 2015-01-26 20:24:08 +00:00
Li-Wen Hsu
8ad3597657 - Fix description of 9c7b6c20-a324-11e4-879c-00e0814cab4e 2015-01-24 17:58:07 +00:00
Li-Wen Hsu
f3324ced2c Document Django 2014-01-13 vulnerabilty 2015-01-23 17:47:00 +00:00
Mikhail Teterin
af56c7fc52 Add a note about the just-fixed vulnerability of applications using net/libutp. 
PR:		196351
Differential Revision:	D1575
Submitted by:	Jan Beich
Approved by:	bapt
 2015-01-22 17:43:47 +00:00
Johannes Jost Meixner
2925c75bbb Amend linux-c6-openssl version in OpenSSL entry from 2015-01-08. 
Approved by:	swills (mentor)
 2015-01-22 17:09:22 +00:00
Vsevolod Stakhov
a91fe34f1e Add CVE-2015-0206 description for LibreSSL port. 2015-01-22 17:02:40 +00:00
Tijl Coosemans
96f7bce425 Document Adobe Flash Player vulnerabilities 2015-01-22 12:54:13 +00:00
Rene Ladan
3872f5cc79 Document new vulnerabilities in www/chromium < 40.0.2214.91 
Also affects FFmpeg, ICU, DOM but the links on the webpage all result in a 403.

Obtained from:	http://googlechromereleases.blogspot.nl
 2015-01-21 22:09:38 +00:00
Jase Thew
d0fe2da51c security/vuxml: 
- Document security/polarssl and security/polarssl13 crafted certificates
  vulnerability (CVE-2015-1182)
 2015-01-19 20:52:53 +00:00
Emanuel Haupt
c27b61c442 Document multiple archivers/unzip vulnerabilities (CVE-2014-8139, 
CVE-2014-8140, CVE-2014-8141).

PR:		196777 (based on)
Submitted by:	rsimmons0@gmail.com
 2015-01-16 08:18:13 +00:00
Timur I. Bakeyev
a6a5351c99 Add description of CVE-2014-8143 in net/samba4 and net/samba41 2015-01-16 04:05:17 +00:00
Raphael Kubo da Costa
a1819b117a Add entry for CVE-2013-7252 in x11/kde4-runtime. 2015-01-14 21:54:30 +00:00
Beat Gaetzi
6cbf8fb6e3 Document mozilla vulnerabilities 2015-01-14 07:10:09 +00:00
Martin Matuska
348c132ecb Add vuln.xml entry for libevent CVE-2014-6272 
PR:	ports/199640
 2015-01-11 19:39:45 +00:00
Sunpoet Po-Chuan Hsieh
976f98780d - Fix more typo 2015-01-09 18:56:57 +00:00
Sunpoet Po-Chuan Hsieh
43c5ef5e0f - Fix typo 2015-01-09 18:51:32 +00:00
Sunpoet Po-Chuan Hsieh
71e80745d9 - Document cURL URL request injection vulnerability (CVE-2014-8150) 2015-01-09 18:41:22 +00:00
Koop Mast
4aa0ef3cf1 Document webkit-gtk[23] vulnabilities. 2015-01-09 13:35:31 +00:00
Xin LI
5a41788320 Document OpenSSL multiple vulnerabilities. 2015-01-08 23:59:59 +00:00
Matthias Andree
908673d4b7 Add three upstream patches to busybox 1.22.1, bumping PORTREVISION to 2. 
One fixes the CVE-2014-4608 buffer overrun in LZO2,
one fixes the nc app, one fixes the zcat and related apps when accessing
files without extension.

List busybox < 1.22.1_2 as vulnerable, and add CVE Name to the vulndb.

Security:	CVE-2014-4608
Security:	d1f5e12a-fd5a-11e3-a108-080027ef73ec
 2015-01-06 21:11:35 +00:00
Eygene Ryabinkin
b38f77b8f0 VuXML: document multiple vulnerabilities in WordPress 
CVE-2014-9033 to CVE-2014-9039.
 2015-01-04 22:54:02 +00:00
Eygene Ryabinkin
d18540c9f3 VuXML: document heap overflow in 32-bit builds of libpng 2015-01-04 22:25:19 +00:00
Xin LI
a89cf81862 Document file multiple vulnerabilities. 2015-01-02 23:24:17 +00:00
Eygene Ryabinkin
72aeb95356 Fix whitespace in entry for ntp (4033d826-87dd-11e4-9079-3c970e169bc2) 2014-12-23 21:24:55 +00:00
Eygene Ryabinkin
e21577fb97 Document CVE-2014-9116 in mutt 2014-12-23 21:22:35 +00:00
Xin LI
fc85605516 Document ntp multiple vulnerabilities. 2014-12-20 00:21:30 +00:00
Brad Davis
08f04987d9 Document git vulerability 
Approved by:	swills
Security:	CVE-2014-9390
 2014-12-19 18:05:51 +00:00
Carlo Strub
437f3b2ca1 OTRS security announcement 2014-12-16 22:06:31 +00:00
Koop Mast
f31902eea6 Register portepoch in the xorg-server entry. 
Submitted by:	Adam McDougall <mcdouga9@egr.msu.edu>
Pointyhat to:	kwm@
 2014-12-16 11:44:27 +00:00
Tijl Coosemans
722e2d67d3 Fix version information on several subversion vulnerabilities 2014-12-16 10:46:57 +00:00
Olli Hauer
2109543101 - document Subversion remote DoS 2014-12-15 22:18:49 +00:00
Alexey Dokuchaev
86fc1958ae The GLX indirect rendering support supplied on NVIDIA products is subject to 
the recently disclosed X.Org vulnerabilities (CVE-2014-8093, CVE-2014-8098)
as well as internally identified vulnerabilities (CVE-2014-8298).
 2014-12-14 09:45:08 +00:00
Xin LI
22bd7eedd5 Document BIND vulnerability. 2014-12-11 20:56:21 +00:00
Guido Falsi
6402653253 Document vulnerability in asterisk11. 2014-12-11 09:41:10 +00:00
Koop Mast
1f9994ea64 Document xserver security advisories. 2014-12-10 21:31:56 +00:00
Sergey Matveychuk
98b3a22b15 - Remove a redundant dot 2014-12-09 03:05:14 +00:00
Sergey Matveychuk
a8c2eba33a Document unbound vulnerability 2014-12-09 02:43:37 +00:00
Koop Mast
9ceda43b34 Document freetype 2 vulnability. 2014-12-07 12:25:30 +00:00
Matthew Seaman
07d81befa7 The latest in a long line of phpMyAdmin security advisories: DoS and 
XSS vulnerabilities.

Security:	c9c46fbf-7b83-11e4-a96e-6805ca0b3d42
 2014-12-04 07:15:30 +00:00
Beat Gaetzi
66f36fcbe0 Document mozilla vulnerabilities 
PR:		195559
Submitted by:	Jan Beich
 2014-12-03 11:20:51 +00:00
Xin LI
40cb0d33ed Document OpenVPN Denial of Service vulnerability. 2014-12-02 01:38:26 +00:00
Christian Weisgerber
f47b61b778 Document CVE-2014-8962 and CVE-2014-9028 in audio/flac. 2014-11-25 21:42:42 +00:00
Guido Falsi
f72299bfdd Add CVE names for recent asterisk vulnerabilities. 2014-11-23 10:35:06 +00:00
Guido Falsi
0428741c55 Document multiple vulnerabilities in asterisk ports. 2014-11-21 11:06:59 +00:00
Matthew Seaman
abdc729b94 Document the latest round of phpMyAdmin vulnerabilities. 
Security:	a5d4a82a-7153-11e4-88c7-6805ca0b3d42
 2014-11-21 08:13:00 +00:00
Raphael Kubo da Costa
1823ac9220 Add note about CVE-2014-8600 in kde4-runtime and kwebkitpart. 2014-11-20 21:30:29 +00:00
Guido Falsi
f3b72790cd Document yii vulnerability CVE-2014-4672. 2014-11-20 08:42:28 +00:00
Rene Ladan
74d7107830 Document new vulnerabilities in www/chromium < 39.0.2171.65 
Obtained from:	http://googlechromereleases.blogspot.nl/2014/11/stable-channel-update_18.html
 2014-11-18 18:32:22 +00:00
Raphael Kubo da Costa
97d4c532da Fix version check for the entry added in r372686. 
4.11.14 is not in ports yet, the fix was backported to 4.11.13 so we are
safe with 4.11.13_1.
 2014-11-17 21:27:58 +00:00
Raphael Kubo da Costa
20b860a4f7 Add entry for CVE-2014-8651 in x11/kde4-workspace. 2014-11-17 20:59:59 +00:00
Antoine Brodin
ff9251773b Cleanup plist 2014-11-13 10:38:16 +00:00
Koop Mast
11e7d8245f document dbus CVE-2014-7824 2014-11-11 18:35:05 +00:00
Eygene Ryabinkin
8eef663357 ftp/wget: document CVE-2014-4877, path traversal in recursive FTP mode 2014-11-07 22:07:54 +00:00
Max Brazhnikov
76f357180d VuXML: fix spelling for the latest entry 
Noticed by:	ports-secteam (rea)
 2014-11-05 22:18:26 +00:00
Max Brazhnikov
e772343952 VuXML: document CVE-2014-8483 for irc/konversation-kde4 
Approved by:	ports-secteam (zi)
 2014-11-05 14:49:08 +00:00
Eygene Ryabinkin
bc0b5959da VuXML: document remote Perl code execution in TWiki 
Crafted GET parameter "debugenableplugins" can be used to trigger
code execution,
  http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236
 2014-10-31 15:38:00 +00:00
Eygene Ryabinkin
37eb303bd8 VuXML: document vulnerability in Jenkins 
CVE-2014-3665, remote code execution on master servers that can
be initiated by (untrusted) slaves,
  https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30
 2014-10-31 11:09:17 +00:00
Raphael Kubo da Costa
4c593ccfb2 Add entry for libssh's CVE-2014-0017. 2014-10-29 21:51:17 +00:00
Ryan Steinmetz
a272580889 - Document recent vulnerabilities in libpurple/pidgin 2014-10-24 01:58:13 +00:00
Matthew Seaman
24c270c5ad Document cross site scripting vulnerabilities in phpMyAdmin 
Security:	25b78f04-59c8-11e4-b711-6805ca0b3d42
 2014-10-22 08:54:58 +00:00
Guido Falsi
3103916734 Document asterisk susceptibility to the POODLE vulnerability, 
described in CVE-2014-3566.
 2014-10-21 13:58:33 +00:00
Koop Mast
a502e38ceb Document libxml2 denial of service 2014-10-18 12:52:26 +00:00
Johannes Jost Meixner
8950579048 Add linux-c6-openssl to OpenSSL entry from 2014-10-15. 
Approved by:	swills (mentor)
 2014-10-17 14:34:14 +00:00
Florian Smeets
2eac7ee011 Document critical SQL Injection Vulnerability in www/drupal7 2014-10-16 18:19:57 +00:00
Beat Gaetzi
f74c61732f - Mark libxul as vulnerable too 
Submitted by:	Jan Beich
 2014-10-16 10:34:50 +00:00
Xin LI
7126d27017 Document OpenSSL multiple vulnerabilities. 2014-10-15 17:59:37 +00:00
Beat Gaetzi
ae91f822d2 Document mozilla vulnerabilities 
PR:		194356
Submitted by:	Jan Beich
 2014-10-15 11:46:04 +00:00
Mark Felder
c1641fed7e Convert USE_PYTHON_RUN to new USES syntax; 
Appease the angry DEVELOPER=YES god

Approved by:	mat
 2014-10-09 13:17:26 +00:00
Mark Felder
cee4eb51b0 Add entry for foreman-proxy 
Obtained from:	mmoll
 2014-10-09 13:09:52 +00:00
Rene Ladan
92e654eadb Document new vulnerabilities in www/chromium < 38.0.2125.101 
Obtained from:	http://googlechromereleases.blogspot.nl/2014/10/stable-channel-update.html
MFH:		2014Q4
 2014-10-08 08:32:04 +00:00
Olli Hauer
4f19d92e37 - document bugzilla security issues 2014-10-06 19:09:34 +00:00
Bryan Drewery
a1d0d79986 Fix rsyslog entry for pkgname matching 2014-10-02 21:14:31 +00:00
Matthew Seaman
c042b3ff7e www/rt42 < 4.2.8 is vulnerable to shellshock related exploits through 
its SMIME integration.

Security:	81e2b308-4a6c-11e4-b711-6805ca0b3d42
 2014-10-02 19:59:02 +00:00
Brad Davis
fb3f37589e - Update the rsyslog entry to reflect the new versions 
Reviewed by:	bdrewery
 2014-10-02 19:30:56 +00:00
Bryan Drewery
ddc9d6d9b4 Update Jenkins entry 549a2771-49cc-11e4-ae2c-c80aa9043978 to be readable. 2014-10-02 01:06:43 +00:00
Bryan Drewery
25485f86c6 Update grammar of DoS in Jenkins entry 2014-10-02 00:54:29 +00:00
Bryan Drewery
c2c59333ab Fix Jenkins entry to note that XSS is an issue, not as compiler 2014-10-02 00:53:43 +00:00
Bryan Drewery
59834325c3 Document Jenkins vulnerabilities 
Security:		CVE-2014-3661
Security:		CVE-2014-3662
Security:		CVE-2014-3663
Security:		CVE-2014-3664
Security:		CVE-2014-3680
Security:		CVE-2014-3681
Security:		CVE-2014-3666
Security:		CVE-2014-3667
Security:		CVE-2013-2186
Security:		CVE-2014-1869
Security:		CVE-2014-3678
Security:		CVE-2014-3679
 2014-10-02 00:46:54 +00:00
Bryan Drewery
33e5a12d5b Fix bash entries to also mark bash-static vulnerable 2014-10-01 22:57:16 +00:00
Bryan Drewery
15015e6b02 Document CVE-2014-6277 and CVE-2014-6278 for bash. 2014-10-01 22:30:59 +00:00
Bryan Drewery
ca11fc5279 - Document CVE-2014-7187 fixed in bash-4.3.27_1 2014-10-01 22:12:11 +00:00
Matthew Seaman
a763414630 Document the latest phpMyAdmin vulnerability. 
- while here fix the '>' breakage in the rsyslogd entry.

Security:	3e8b7f8a-49b0-11e4-b711-6805ca0b3d42
 2014-10-01 21:25:46 +00:00
Bryan Drewery
a703832b9e Document CVE-2014-7186 for bash 2014-10-01 03:40:03 +00:00
Brad Davis
b210b76fd9 - Document sysutils/rsyslog vulnerabilities CVE-2014-3634 
Reviewed by:	bdrewery@
 2014-09-30 20:09:32 +00:00
Bryan Drewery
e7ca3763f8 Document shells/fish vulnerabilities 2014-09-29 23:34:30 +00:00
Johannes Jost Meixner
af93a5d189 Add linux-c6-nss-3.15.1 package to the NSS vulnerability report. 
Approved by:	swills (mentor)
 2014-09-26 17:34:26 +00:00
Johannes Jost Meixner
6a6123d47e Add linux_base-c6-6.5 package to the bash vulnerability report. 
Approved by:	swills (mentor)
 2014-09-26 17:05:38 +00:00
Bryan Drewery
a7b1fd362d The 2nd bash issue was reassigned to CVE-2014-7169: 
http://seclists.org/oss-sec/2014/q3/685

Reported by:	jkim
 2014-09-25 16:22:06 +00:00
Bryan Drewery
f0256b1c19 Update bash entry for CVE-2014-3659 
Security:	CVE-2014-3659
Security:	ca44b64c-4453-11e4-9ea1-c485083ca99c
 2014-09-25 15:44:00 +00:00
Eygene Ryabinkin
7d75c62abd VuXML entry 48108fb0-751c-4cbb-8f33-09239ead4b55: expanded details 
Reviewed by:	des@
 2014-09-25 13:29:38 +00:00
Johannes Jost Meixner
e1e8f53b39 www/linux-*-flashplugin11: Fix multiple security vulnerabilities 
Adobe has discovered multiple security vulnerabilities in Flash
linux-*-flashplugin-11.2r202.400. Ugrade the two Linux ports to
version .406, which fixes these.

While there, assign www/linux-c6-flashplugin11 to emulation@
in order to match r369160.

PR:		193904
Differential Revision:	https://reviews.freebsd.org/D831
Submitted by:	Jung-uk Kim
Approved by:	koobs (mentor)
MFH:		2014Q3
Security:	ca44b64c-4453-11e4-9ea1-c485083ca99c
 2014-09-25 12:48:21 +00:00
Dag-Erling Smørgrav
f884047cb4 fix 2014-09-25 07:45:16 +00:00
Dag-Erling Smørgrav
46f042b4d0 Add entry for the NSS signature forgery bug. 
PR:		193906
MFH:		2014Q3
Security:	CVE-2014-1568
 2014-09-25 07:43:17 +00:00
Rene Ladan
9e4133005f Document new vulnerability in www/chromium < 37.0.2062.124 
Obtained from:	http://googlechromereleases.blogspot.nl/
MFH:		2014Q3
 2014-09-25 07:34:52 +00:00
Raphael Kubo da Costa
2c2f3a2f60 Add entry for net/krfb (CVE-2014-6055). 2014-09-24 21:22:02 +00:00
Xin LI
60ee221669 Document bash remote code execution vulnerability. 2014-09-24 18:07:12 +00:00
Guido Falsi
2814daf170 Document new asterisk11 vulnerability. 
MFH:		2014Q3
 2014-09-18 19:53:09 +00:00
Guido Falsi
33e5dc1889 Document new squid vulnerability. 
PR:		193737
Submitted by:	timp87 at gmail.com
MFH:		2014Q3
 2014-09-18 13:20:57 +00:00
Koop Mast
3a4a25974f Document new dbus vulnabilities. 
MFH:		2014Q3
 2014-09-17 11:04:33 +00:00
Sergey A. Osokin
dc7dfebbe6 Document nginx security advisory (CVE-2014-3616). 2014-09-16 17:35:34 +00:00
Matthew Seaman
0b57820092 Document the latest phpMyAdmin vulnerability 
Security:	cc627e6c-3b89-11e4-b629-6805ca0b3d42
 2014-09-13 21:18:56 +00:00
Brad Davis
d159ee42c7 Document CVE-2014-5284 affecting security/ossec-hids-* < 2.8.1. 
Reviewed by:	zi@
 2014-09-11 14:09:43 +00:00
Rene Ladan
934764e569 Document new vulnerabilities in www/chromium < 37.0.2062.120 
Obtained from:	http://googlechromereleases.blogspot.nl/
MFH:		2014Q3
 2014-09-09 21:27:24 +00:00
Tijl Coosemans
218ef4e8d4 Document trafficserver vulnerability 
MFH:		2014Q3
 2014-09-05 14:45:47 +00:00
Olli Hauer
2e538bbbe7 - update vid f927e06c-1109-11e4-b090-20cf30e32f6d 
(httpd-2.2.29 was released today)

MFH:		2014Q3
 2014-09-03 20:16:29 +00:00
Rene Ladan
772a313bc5 Document new vulnerabilities in www/chromium < 37.0.2062.94 
Obtained from:	http://googlechromereleases.blogspot.nl
MFH:		2014Q3
 2014-08-26 16:36:41 +00:00