freebsd-ports

Author	SHA1	Message	Date
Jacques Vidrine	324af71685	Add a CVE name for VIM modeline handling issue.	2005-01-13 19:46:40 +00:00
Jacques Vidrine	1ce7083c86	Cancel VID 14e8f315-600e-11d9-a9e7-0001020eed82 "tiff -- stripoffsets integer overflow vulnerability", as it was a subset of VID 3897a2f8-1d57-11d9-bc4a-000c41e2cdad "tiff -- multiple integer overflows". This is another case of iDEFENSE ``discovering'' a vulnerability months after it had already been made public and corrected. I've preserved the iDEFENSE advisory reference by moving it to the older entry, so that someone won't get misled by it again later.	2005-01-13 19:39:14 +00:00
Jacques Vidrine	48013c516f	Add CVE name for tnftp mget vulnerability. Re-indent <references> children while I'm here.	2005-01-13 19:09:13 +00:00
Jacques Vidrine	7c27423f3f	For recent squid WCCP DoS issue, correct the URL used in <blockquote> "cite" attribute and <url> content. It referenced the wrong squid patch description.	2005-01-13 18:41:58 +00:00
Jacques Vidrine	9d91c8188e	Document Mozilla NNTP handler vulnerability.	2005-01-13 18:03:57 +00:00
Simon L. B. Nielsen	c5b02bda96	- Document a vulnerability in mpg123. - Add mpg123-nas to an earlier mpg123 entry. - Make title for exim entry more accurate. - Fix invalid modification date in latest xpdf entry.	2005-01-13 16:10:46 +00:00
Simon L. B. Nielsen	8b446059f5	- Integrate vendor patches as published on <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for the following issues: + Prevent a possible denial of service attack via WCCP messages (squid bug #1190), classified as security issue by the vendor + Fix a buffer overflow in the Gopher to HTML conversion routine (squid bug #1189), classified as security issue by the vendor + Fix a null pointer access and plug memory leaks in the fake_auth NTLM helper (squid bug #1183) (this helper app is not installed by default by the port) + Stop closing open filedescriptors beyond stdin, stdout and stderr on startup (squid bug #1177) - Unbreak the port on NO_NIS systems (thanks to "Alexander <freebsd AT nagilum.de>" for reporting this) - Document the two security issues in VuXML. PR: ports/76173 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer) Approved by: erwin (mentor)	2005-01-12 22:37:29 +00:00
Jacques Vidrine	62bd6b7c6c	- Document some older security issues in libxine. - Cancel VID bef4515b-eaa9-11d8-9440-000347a4fa7d in favor of a more complete, new entry. (A xine security announcement covered the same issue and others.) - Add references to xine security announcements and iDEFENSE Security Advisories.	2005-01-12 14:39:03 +00:00
Jacques Vidrine	d9e18bd747	Document HylaFAX authentication bypass vulnerability.	2005-01-11 22:41:49 +00:00
Christian Weisgerber	d10d98ae37	Document xshisen buffer overflows.	2005-01-11 22:18:33 +00:00
Jacques Vidrine	30d2dc9579	Add CERT Vulnerability Note reference for tiff issue.	2005-01-11 16:39:18 +00:00
Jacques Vidrine	2de186c1a6	Bump copyright for 2005.	2005-01-11 14:31:39 +00:00
Simon L. B. Nielsen	a21ea1b2e3	Mark pdftohtml as vulnerable to recent xpdf vulnerability.	2005-01-11 00:33:20 +00:00
Niels Heinen	7f3b90f3b2	Documented two vulnerabilities in the helvis port	2005-01-10 22:20:50 +00:00
Jacques Vidrine	5ad7c7e107	Add CVE names for exim issue.	2005-01-09 18:34:21 +00:00
Simon L. B. Nielsen	e870db8f29	Document format string vulnerability in dillo.	2005-01-08 20:18:16 +00:00
Sergey Matveychuk	26460a693e	- Shorten exim entry Thanks to: simon	2005-01-08 17:47:59 +00:00
Simon L. B. Nielsen	3ae4987d74	Fix typo in latest tiff entry. Noticed by: bmah	2005-01-08 17:39:48 +00:00
Jacques Vidrine	c6d260351e	Change the behavior of `make newentry' so that it invokes ${EDITOR} after adding the template, since this is certainly the next required action. [1] Fix the error checking: a pipeline was masking some errors, and `set errexit' was not effective in some other places. Suggested by: delphij [1]	2005-01-08 17:13:09 +00:00
Jacques Vidrine	c510dbc5c3	Add a target, `newentry', that will insert a VuXML <vuln> template (including generated VID) to the top of the `vuln.xml' file. This will save a little time when adding new entries. Inspired by: a patch from simon	2005-01-08 15:43:23 +00:00
Simon L. B. Nielsen	08f3a5badf	- Document that two older tiff vulnerabilities also affects linux-tiff. [1] - Add an extra reference to each of the two entries while I'm here anyway. - In one of the tiff title elements do s/---/--/ for consistency. Discussed with: nectar [1] Approved by: portmgr (implicit, VuXML)	2005-01-08 00:20:23 +00:00
Jacques Vidrine	f7d666b587	The tnftp port has been updated. Approved by: portmgr (implicit, VuXML)	2005-01-07 15:34:42 +00:00
Jacques Vidrine	955c5bc874	Fix up last commit (tnftp entry): - Malformed XML - mismatched tags (<packages></package>) - invalid entity reference &content-type= (ampersand should have been replaced with &) - Replace <range> so that it matches all possible versions for now, until a fixed version is available in the ports tree - <entry> date was in the past Approved by: portmgr (implicit, VuXML) Pointy hat to: ahze (hint: make validate)	2005-01-07 13:59:15 +00:00
Michael Johnson	61b7a158a5	Document vulnerabilites in tnftp PR: ports/75782 Submitted by: Tom McLaughlin Approved by: portmgr (krion)	2005-01-07 07:09:45 +00:00
Simon L. B. Nielsen	aa893567cc	Document several vulnerabilites in tiff. Approved by: portmgr (implicit, VuXML)	2005-01-06 22:41:48 +00:00
Jacques Vidrine	d831033fcf	Fill in forgotten `cite' attribute value. Noticed by: simon Approved by: portmgr (implicit, VuXML)	2005-01-06 17:05:22 +00:00
Jacques Vidrine	8b07dc5aa8	Document a local vulnerability in VIM's modeline handling. Approved by: portmgr (implicit, VuXML)	2005-01-06 16:54:29 +00:00
Jacques Vidrine	51b0acc8c8	Add a CERT VU reference for the latest Acrobat Reader vulnerability. Add old package names (acroread4, acroread5) for an older Acrobat Reader vulnerability. Approved by: portmgr (implicit, VuXML)	2005-01-06 14:46:07 +00:00
Simon L. B. Nielsen	02ea68b4f5	Document buffer overflow vulnerabilities in pcal. Approved by: portmgr (implicit, VuXML)	2005-01-06 00:26:08 +00:00
Simon L. B. Nielsen	718307262c	Add (now deleted) exim-ldap package to latest exim entry. Approved by: portmgr (implicit, VuXML)	2005-01-05 20:41:07 +00:00
Sergey Matveychuk	0cfca5c418	s/le/lt/ on my last commit. it's "<", not "<=". Approved by: portmgr (implicitly)	2005-01-05 02:12:14 +00:00
Sergey Matveychuk	1478bf250d	exim -- two relatively minor security issues Approved by: portmgr (implicitly, VuXML)	2005-01-05 02:03:18 +00:00
Simon L. B. Nielsen	b3137d9b0e	For the "kdelibs3 -- konqueror FTP command injection vulnerability" entry: replace references to Debian and KDE bugtracking systems with a KDE advisory which basically contains the same information but is more readable. Approved by: portmgr (implicit, VuXML)	2005-01-04 20:28:26 +00:00
Josef El-Rayes	46e4a4b40b	Document security issues in golddig, greed, mpg123. Submitted by: niels Approved by: portmgr(implicit, VuXML)	2005-01-03 21:48:04 +00:00
Simon L. B. Nielsen	7a00e559d6	Mark open-motif-2.2.3_1 as fixed with regard to the "xpm -- image decoding vulnerabilities" entry. PR: misc/75726 Submitted by: Hilko Meyer <hilko.meyer@gmx.de> Approved by: portmgr (implicit, VuXML)	2005-01-02 23:54:31 +00:00
Simon L. B. Nielsen	879729f451	- Note that the port update to up-imapproxy 1.2.2 included a patch to fix the security vulnerability. - Mark pop3proxy as vulnerable to the up-imapproxy vulnerability, since pop3proxy is derived from up-imapproxy. Reported by: mbr Approved by: portmgr (implicit, VuXML)	2005-01-02 12:37:22 +00:00
Simon L. B. Nielsen	c158bf0613	Document vulnerabilities in up-imapproxy. Approved by: portmgr (implicit, VuXML)	2005-01-02 10:53:18 +00:00
Simon L. B. Nielsen	3e3b3d4466	Add two bugtraq ids to the latest a2ps entry. Approved by: portmgr (implicit, VuXML)	2005-01-02 00:59:25 +00:00
Simon L. B. Nielsen	100e2cb292	Document FTP command injection vulnerability in kdelibs3. Approved by: portmgr (implicit, VuXML)	2005-01-01 15:55:54 +00:00
Simon L. B. Nielsen	10acecfb52	Improve topic for latest phpbb vulnerability to highlight the main problem (arbitrary command execution). Prodded by: remko	2004-12-30 20:20:45 +00:00
Simon L. B. Nielsen	019c6d58f7	Document insecure temporary file creation in a2ps.	2004-12-30 17:55:08 +00:00
Simon L. B. Nielsen	be54244b47	Add more references to two older entries.	2004-12-30 14:11:23 +00:00
Josef El-Rayes	b00249d240	Add m odified date to my last commit. Spotted by: simon	2004-12-29 17:48:40 +00:00
Josef El-Rayes	c572cbb7c2	libxine is also affected by the mplayer vulnerabilities. Add cvenames.	2004-12-29 17:34:50 +00:00
Josef El-Rayes	dbe1950414	Document vulnerability in libxine.	2004-12-29 16:26:03 +00:00
Josef El-Rayes	8273b66e39	Document vulnerability in jabberd1	2004-12-26 20:51:24 +00:00
Josef El-Rayes	1b8c7389bd	s/kpdf/kdegraphics	2004-12-24 23:49:27 +00:00
Josef El-Rayes	47422bf1b3	Add ports to xpdf report that come with own xpdf in distfile. For kdegraphics: Reported by: lofi	2004-12-24 13:48:48 +00:00
Simon L. B. Nielsen	a6d79142f2	Remove duplicate word in the latest squid entry. Noticed by: josef	2004-12-23 11:03:29 +00:00
Simon L. B. Nielsen	94a1d048f6	Document potentially confusing results results on empty ACL declarations in squid. PR: ports/75403 (part of) Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2004-12-23 00:58:04 +00:00
Simon L. B. Nielsen	34acc215c8	Document multiple vulnerabilities in ethereal.	2004-12-23 00:39:08 +00:00
Simon L. B. Nielsen	109298cdf5	Document a buffer overflow vulnerability in xpdf.	2004-12-23 00:04:20 +00:00
Xin LI	26bf29cf65	Document phpBB vulnerability that exists on phpBB < 2.0.11 Submitted by: Kang LIU <liukang bjut edu cn>	2004-12-22 12:17:09 +00:00
Simon L. B. Nielsen	c96189e101	Document a vulnerability in acroread.	2004-12-21 22:37:51 +00:00
Simon L. B. Nielsen	88ebf5d9f5	Document a vulnerability in ecartis.	2004-12-21 22:10:52 +00:00
Simon L. B. Nielsen	23a19d5f6a	Document multiple vulnerabilities in mplayer.	2004-12-21 19:38:19 +00:00
Simon L. B. Nielsen	ef9cc44dab	Document a heap buffer overflow vulnerability in MIT Kerberos 5.	2004-12-21 02:09:08 +00:00
Simon L. B. Nielsen	572f21564f	Document an integer overflow vulnerability in samba.	2004-12-21 00:34:09 +00:00
Niels Heinen	a2d58b2e3e	Corrected typo (blockquote in wrong place). Approved by: nectar (implicit)	2004-12-20 09:55:15 +00:00
Simon L. B. Nielsen	f571d771b7	- Update the corrected version number for recent phpMyAdmin entry to match the actual ports version number for phpMyAdmin 2.6.1-rc1. - Bump modification date for the updated entries.	2004-12-19 12:49:20 +00:00
Simon L. B. Nielsen	7d38451068	Updates for the latest PHP entry: - Correctly match the www/mod_php4 port (it was missing PORTEPOCH). - Add a few more references. - Bump modified date.	2004-12-18 18:53:27 +00:00
Simon L. B. Nielsen	462f47f29f	Correct recent php entry, 4.3.10 and 5.0.3 are fixed.	2004-12-17 14:56:28 +00:00
Sergey Matveychuk	1087be430a	Fix VID for the last commit.	2004-12-17 10:56:20 +00:00
Sergey Matveychuk	1ca6044485	Multiple vulnerabilities in PHP. From Secunia report.	2004-12-17 09:32:44 +00:00
Niels Heinen	c4351f8170	Added 5 MySQL vulnerabilities Approved by: nectar (mentor)	2004-12-16 10:51:17 +00:00
Simon L. B. Nielsen	71a130d9e5	Document two vulnerabilities in phpMyAdmin.	2004-12-15 22:21:35 +00:00
Simon L. B. Nielsen	560c745a50	Document multiple vulnerabilities in wget.	2004-12-14 17:55:51 +00:00
Simon L. B. Nielsen	85fe47d148	- Add bugtraqid references to several entries. - Fix typo in msgid for a samba entry. - Bump modification date for updated entries.	2004-12-12 22:15:01 +00:00
Josef El-Rayes	66cfe51e76	Document security issue in Konqueror.	2004-12-12 21:14:14 +00:00
Simon L. B. Nielsen	eb8e1c132f	Document a NULL pointer dereference vulnerability in mod_access_referer. Submitted by: Niels Heinen <niels.heinen@ubizen.com>	2004-12-11 16:22:38 +00:00
Sergey Matveychuk	4c0635e2e4	Integrate the following vendor patches as published on http://www.squid-cache.org/Versions/v2/2.5/bugs/: - a malformed hostname can cause squid to return random data as error messages, possibly leaking internal information from former requests (squid bug #1143). (This is classified as a minor security issue by the squid developers, so maintainer cc'ed security-team@. See VuXML entry.) - the "httpd_accel_port 0" directive does not work on its own (squid bug #1121) - fix crashes occuring when using cachemgr's "vm_objects" operation (squid bug #1149) PR: ports/74859 Submitted by: maintainer	2004-12-08 23:16:53 +00:00
Simon L. B. Nielsen	43a63c2a9a	Document information leakage in viewcvs.	2004-12-07 23:38:31 +00:00
Simon L. B. Nielsen	f7f5caf523	Document a symlink attack vulnerability in cscope.	2004-12-07 13:35:42 +00:00
Greg Lewis	da140f5fea	. Put the topic in the same format all other recent topics have been in for the Java plugin vulnerability. . Note that the diablo-jdk and diablo-jre packages are vulnerable to the plugin issue. [1] Prodded by: simon [1]	2004-12-05 06:53:54 +00:00
Simon L. B. Nielsen	c7b95b76a8	Add cvename to bnc vulnerability.	2004-12-04 21:12:13 +00:00
Simon L. B. Nielsen	708cd4d296	Document a remote code execution vulnerability in bnc.	2004-12-04 20:47:45 +00:00
Simon L. B. Nielsen	db86a9a6b0	Fix grammar nit in ImageMagick entry. Submitted by: Daniel Seuffert <DS@praxisvermittlung24.de>	2004-12-04 18:21:14 +00:00
Simon L. B. Nielsen	c187d7750c	For the Java plugin vulnerability, also match the linux-jdk package (old name for linux-jdk-sun).	2004-12-04 18:09:43 +00:00
Greg Lewis	a76d08126f	. Note that although linux-sun-jdk13 had one plugin vulnerability fixed in 1.3.1.13, it contained another problem. This is fixed in 1.3.1.14.	2004-12-03 17:24:37 +00:00
Hideyuki KURASHINA	0ec4007514	Document vulnerability that allows arbitrary command execution in rssh and scponly. Approved & reviewed by: josef (security team)	2004-12-03 08:22:49 +00:00
Christian Weisgerber	19de9acd4d	Document buffer overflows in rockdodger.	2004-12-02 21:04:06 +00:00
Simon L. B. Nielsen	dd51751293	Add CVE to zip vulnerability.	2004-12-01 20:08:05 +00:00
Simon L. B. Nielsen	d0f583c274	Document a long path buffer overflow in zip.	2004-12-01 19:38:39 +00:00
Simon L. B. Nielsen	00be285ce9	Document signal delivery vulnerability in sudoscript.	2004-12-01 15:30:46 +00:00
Josef El-Rayes	bdaed38bb1	Document vulnerability in net/jabberd.	2004-11-30 21:54:53 +00:00
Josef El-Rayes	5a21690f3e	Document vulnerability in net/opendchub. Based on submission by: Niels Heinen <niels.heinen@ubizen.com>	2004-11-29 21:04:59 +00:00
Simon L. B. Nielsen	f74aa8b9bb	Add Bugtraq ID for SA-04:16.fetch entry.	2004-11-28 17:03:15 +00:00
Simon L. B. Nielsen	b0a66eacef	Document two vulnerabilities in unarj.	2004-11-26 20:41:06 +00:00
Greg Lewis	184b2b763b	. Mark linux-ibm-jdk as also vulnerable to the Java plugin vulnerability.	2004-11-25 19:29:26 +00:00
Greg Lewis	240f53e46e	. Fix the range and add an additional range for the jdk vulnerability. . Note that linux-sun-jdk and linux-blackdown-jdk are also vulnerable.	2004-11-25 18:43:18 +00:00
Greg Lewis	27b113d488	. Fix whitespace.	2004-11-25 17:56:03 +00:00
Greg Lewis	072875df73	. Add an entry for the problem in the Java plugin.	2004-11-25 16:10:28 +00:00
Simon L. B. Nielsen	6efb7225f2	Update ruby CGI DoS entry to note that the most recent version in ports is fixed. Also remove ruby-static as vulnerable, since it does not contain cgi.rb.	2004-11-25 15:32:16 +00:00
Josef El-Rayes	8475635cd8	Document vulnerability in ftp/prozilla. Submitted by: Niels Heinen <niels.heinen@ubizen.com>	2004-11-25 13:38:59 +00:00
Hajimu UMEMOTO	0a677bc617	correct fixed version Pointed out by: josef	2004-11-24 15:46:48 +00:00
Hajimu UMEMOTO	fadfdc8c24	c0a269d5-3d16-11d9-8818-008088034841 and 114d70f3-3d16-11d9-8818-008088034841 are fixed in cyrus-imapd 2.1.17.	2004-11-24 08:04:12 +00:00
Simon L. B. Nielsen	d3a7402f9a	Document that the twiki vulnerability is fixed in twiki-20040902.	2004-11-23 13:52:32 +00:00
Hajimu UMEMOTO	d052db5651	add Cyrus IMAP Server multiple remote vulnerabilities. Obtained from: http://security.e-matters.de/advisories/152004.html	2004-11-23 06:29:37 +00:00
Simon L. B. Nielsen	e9fa6b1fe8	Add CVE reference for the SA-04:16.fetch entry.	2004-11-20 22:21:08 +00:00
Josef El-Rayes	b8ac453616	Document vulnerability in phpmyadmin.	2004-11-20 00:39:56 +00:00
Josef El-Rayes	3f51fb62cc	Add localized versions of gd port to the VuXML entry.	2004-11-18 19:06:16 +00:00
Simon L. B. Nielsen	4da32e4a93	Document SA-04:16.fetch.	2004-11-18 15:47:47 +00:00
Josef El-Rayes	b264c72f94	Document the buffer overrun vulnerability in samba3 CAN-2004-882	2004-11-17 19:05:46 +00:00
Josef El-Rayes	edd6737247	Correct range for xpdf vulnerability, as cups-base got a fixing update.	2004-11-17 17:11:32 +00:00
Josef El-Rayes	bf9bc9c8ab	The last commit to japanese/samba also fixed the security issue in samba (CAN-2004-0815) As discussed with: NAKAJI Hiroyuki <nakaji@jp.freebsd.org> (maintainer)	2004-11-16 23:16:44 +00:00
Simon L. B. Nielsen	203db24bca	Add CVE name to twiki entry. Noticed by: josef	2004-11-16 22:53:06 +00:00
Josef El-Rayes	d0084a0835	Add teTeX-base to affected packages in xpdf's vuxml entry.	2004-11-16 20:02:09 +00:00
Simon L. B. Nielsen	06d3c6b0de	Document arbitrary shell command execution in twiki.	2004-11-15 10:18:49 +00:00
Simon L. B. Nielsen	f97a306743	Document a format string vulnerability in proxytunnel.	2004-11-14 23:05:37 +00:00
Simon L. B. Nielsen	6b43cac24a	Fix entry date for the ruby entry from the last commit.	2004-11-13 09:05:02 +00:00
Simon L. B. Nielsen	8e0f324975	- Document at DoS in the Ruby CGI module. - Document a privilege escalation in sudo.	2004-11-13 08:54:19 +00:00
Jacques Vidrine	a55c74530a	Add CVE name for gnats issue.	2004-11-12 15:23:39 +00:00
Jacques Vidrine	85398c8922	Note (likely) remotely exploitable vulnerability in samba 3. Submitted by: Shane Kinney <mod6@freebsdhackers.net>	2004-11-12 15:01:57 +00:00
Josef El-Rayes	6b773cb3bc	Document vulnerability in GNATS.	2004-11-12 11:15:02 +00:00
Simon L. B. Nielsen	6ac9a59d85	Document a XSS in squirrelmail.	2004-11-11 23:53:32 +00:00
Josef El-Rayes	5a0cf8914e	Fix entry date.	2004-11-11 23:01:51 +00:00
Josef El-Rayes	eecd97c0e7	Document BNC vulnerability.	2004-11-11 22:46:38 +00:00
Jacques Vidrine	13f4994a14	Note old hafiye bug. Submitted by: Shane Kinney <mod6@freebsdhackers.net>	2004-11-11 17:29:54 +00:00
Christian Weisgerber	9df9abd00d	Fix a format string vulnerability in ez-ipupdate. Approved by: se@ Obtained from: Ulf Harnhammar <Ulf.Harnhammar.9485@student.uu.se>	2004-11-11 15:46:04 +00:00
Simon L. B. Nielsen	d4071586cd	Document a buffer overflow in ImageMagick's EXIF parser.	2004-11-11 14:17:16 +00:00
Simon L. B. Nielsen	0125c9b9ea	Correct recent Apache 2 entry to not match Apache 1.X. Noticed by: Dan Langille <dan@langille.org>	2004-11-11 13:34:17 +00:00
Josef El-Rayes	da4f5c3bcf	Document vulnerability in Apache 2 (CAN-2004-0942).	2004-11-10 22:48:58 +00:00
Joe Marcus Clarke	691763e80f	Update the libxml vulnerability to indicate the fixed version.	2004-11-10 20:25:02 +00:00
Simon L. B. Nielsen	a484019f36	Document a format string vulnerability in socat.	2004-11-09 23:30:01 +00:00
Simon L. B. Nielsen	5a6b0d239f	Document remote buffers overflow in libxml and libxml2.	2004-11-09 22:07:14 +00:00
Jacques Vidrine	3c659b7743	The bugs discovered by Chris Evans have been fixed in linux-gdk-pixbuf. Reported by: thierry	2004-11-09 17:00:58 +00:00
Josef El-Rayes	8e29f1adcf	Fix pkgnames for mod_include vulnerability. Thanks to Dan Langille for helping me to track these down.	2004-11-08 10:26:50 +00:00
Simon L. B. Nielsen	e524be36a7	Document a virus detection evasion in p5-Archive-Zip.	2004-11-08 00:07:23 +00:00
Josef El-Rayes	814558216f	Document mod_include vulnerability in apache and related ports.	2004-11-06 12:31:29 +00:00
Simon L. B. Nielsen	6ed053c637	Document an insecure temporary file creation in postgresql-contrib.	2004-11-06 00:38:28 +00:00
Simon L. B. Nielsen	315b824ea6	Bump modified date in the entry for the last commit.	2004-11-05 21:57:00 +00:00
Simon L. B. Nielsen	76bc358048	Update latest mpg123 entry to note that the port is fixed in the most recent port version.	2004-11-05 21:54:05 +00:00
Simon L. B. Nielsen	f44a213093	There was a gd 1.X port with portepoch 2 for a while, so let the gd entry also match that.	2004-11-05 14:48:02 +00:00
Simon L. B. Nielsen	c3b11b3e2e	Document an integer overflow in the GD Graphics Library.	2004-11-05 13:59:19 +00:00
Simon L. B. Nielsen	c45b3c81ce	Correct entry date for the putty entry. OK'ed by: josef	2004-11-04 08:56:41 +00:00
Josef El-Rayes	2b56e8635b	Document vulnerability in putty Reviewed by: simon	2004-11-04 00:05:23 +00:00
Simon L. B. Nielsen	9422b36c6c	Add an entry for a wzdftpd remote DoS.	2004-11-03 22:49:13 +00:00
Simon L. B. Nielsen	2450d2e2a2	Updates to the bogofilter entry: - Improve information about which versions are vulnerable. [1] - Add a few more references. Submitted by: Matthias Andree <matthias.andree@gmx.de> [1]	2004-11-03 22:36:09 +00:00
Jeremy Messenger	27742360f0	Update linux-openmotif to 2.2.4 to fix the security. http://vuxml.freebsd.org/ef253f8b-0727-11d9-b45d-000c41e2cdad.html	2004-11-01 21:24:39 +00:00
Josef El-Rayes	5c18a76486	Document rssh format string vulnerability. Approved by: nectar	2004-10-27 21:11:09 +00:00
Jacques Vidrine	9cfb8ca626	Create a VuXML entry for Horde XSS help window vulnerability to replace the portaudit-db entry.	2004-10-27 12:25:06 +00:00
Jacques Vidrine	322ec63640	Document a denial-of-service issue in bogofilter. This entry is slightly modified from one that was Submitted by: Matthias Andree <matthias.andree@gmx.de>	2004-10-26 11:12:57 +00:00
Norikatsu Shigemura	ac37d1b5a1	Fix integer overflow vulnerabilities. Patch made by: Chris Evans, Dirk Muller, Sebastian Krahmer, Derek Noonburg and Marcus Meissner Submitted by: nectar	2004-10-26 05:41:47 +00:00
Jacques Vidrine	47b48767ad	Document xpdf 2 and xpdf 3 vulnerabilities.	2004-10-25 20:22:38 +00:00
Jacques Vidrine	9e47b8e345	Document several security issues in gaim, fixed in various versions from 0.82 through 1.0.2. While I'm here, notice that there have been ru-, ko-, and ja- flavors of gaim, as well as a fairly short-lived range of version numbers based on dates (snapshots).	2004-10-25 19:27:02 +00:00
Jacques Vidrine	b9d5212e26	Note that the Red Hat based linux_base ports contain vulnerable libXpm.so files. Noticed by: maho	2004-10-25 17:21:15 +00:00
Josef El-Rayes	9f77225ee7	Document SSL_Cypherbypass vulnerability in mod_ssl and buffer overflow vulnerability in gaim.	2004-10-24 19:39:27 +00:00
Simon L. B. Nielsen	7f69ed5df9	- Document more buffer overflows in mpg123. - Fix package name in two older mpg123 entries. Approved by: nectar	2004-10-23 16:08:43 +00:00
Jacques Vidrine	2c6feb87b3	I suck. (Correct a typo that would have been readily detected if I would have run `make validate' before committing.)	2004-10-22 12:21:52 +00:00
Jacques Vidrine	56e53bffbb	Add CVE name for cabextract issue.	2004-10-22 12:13:40 +00:00
Simon L. B. Nielsen	d845566b81	Fix a copy/paste typo in last commit.	2004-10-21 22:23:56 +00:00
Simon L. B. Nielsen	ce37c86e07	Document DoS in Apache 2 SSL handling. Approved by: nectar	2004-10-21 22:17:21 +00:00
Jacques Vidrine	60aaf4ac7b	Note that xpm has been fixed. Also, it appears that Motif itself is affected, so add related packages.	2004-10-21 20:04:21 +00:00
Jacques Vidrine	28d75b9f8c	Update entry regarding INN 2.4.x buffer overflow: - The email archive referenced is no longer available. Use marc.theaimsgroup.com archive instead. - Note that only 2.4.x versions are affected (earlier ones are not). Reported by: leeym	2004-10-21 12:34:33 +00:00
Simon L. B. Nielsen	366a5335b3	Document remote command execution vulnerability in phpMyAdmin. Approved by: nectar	2004-10-20 21:21:52 +00:00
Simon L. B. Nielsen	eeff877c8f	Document insecure directory handling in cabextract. Approved by: nectar	2004-10-20 18:38:07 +00:00
Simon L. B. Nielsen	14e9c74b1a	Set correct entry date for the a2ps issue. Noticed by: nectar Pointy hat to: simon	2004-10-19 22:08:34 +00:00
Simon L. B. Nielsen	682402bd22	Document insecure command line argument handling in a2ps. Approved by: nectar	2004-10-19 21:41:22 +00:00
Jacques Vidrine	91d7cbe48c	Document a vulnerability in ifmail. (There does not exist an appropriate public reference yet--- this entry should be updated when the port is updated.) Reported by: Niels Heinen <niels.heinen@ubizen.com>	2004-10-19 16:40:34 +00:00
Jacques Vidrine	436dbd733e	Document a vulnerability in imwheel.	2004-10-19 15:41:37 +00:00
Jacques Vidrine	6643e3dd29	Add CVE names for FreeRADIUS vulnerabilities.	2004-10-19 14:11:44 +00:00
Josef El-Rayes	66e6413b16	Document NTLM authentication vulnerability in squid Approved by: nectar	2004-10-18 20:21:39 +00:00
Simon L. B. Nielsen	cefe6377ea	Document a SQL command injection in Cacti. The status of the PHP configuration option magic_quotes_gpc was confirmed by: ale Approved by: nectar	2004-10-18 17:56:31 +00:00
Simon L. B. Nielsen	ba0075a7a9	Document a format string vulnerability in the apache13 mod_ssl proxy support. Approved by: nectar	2004-10-17 16:38:25 +00:00
Simon L. B. Nielsen	8a254b84a0	- Change a few uses of <url> into <mlist>. OK'ed by: nectar Additional comment to the Tor entry from v. 1.302, it was: Submitted by: rik <freebsd-security@rikrose.net> (original version)	2004-10-16 20:31:23 +00:00
Simon L. B. Nielsen	c8c999eb92	- Document remote DoS and loss of anonymity in Tor. - Update a Samba entry with new information about vulnerable versions. Approved by: nectar	2004-10-15 21:21:08 +00:00
Jacques Vidrine	d8970b85eb	lesstif has been upgraded to a version that is not affected by the libXpm vulnerability.	2004-10-14 17:52:41 +00:00
Simon L. B. Nielsen	8bb90c2570	Recommit my changes from 1.298 which was accidently removed in 1.299. Pointy hat to: josef (who also noticed the problem)	2004-10-14 17:06:55 +00:00
Josef El-Rayes	6ed5232306	Document two seperate security vulnerabilities in icecast1 and icecast2. Approved by: nectar	2004-10-14 16:55:27 +00:00
Simon L. B. Nielsen	cd9281d63e	Change the Xerces-C++ entry to match the xerces-c2 port. Noticed by: nectar	2004-10-14 16:46:39 +00:00
Josef El-Rayes	6851294cd9	Document vulnerability in freeradius. Approved by: nectar	2004-10-13 22:00:20 +00:00
Simon L. B. Nielsen	74565720cf	- Document DoS in Xerces-C++. - Fix typo in a mozilla entry. Approved by: nectar	2004-10-13 21:50:58 +00:00
Jacques Vidrine	fe3ca65906	It turns out that lesstif has libXpm sneakily embedded. There are at least three files with this comment at the top: * This file contains most of the source files of Xpm, concatenated and with * the public names changed (to have an _LtXpm prefix).	2004-10-13 21:12:02 +00:00
Simon L. B. Nielsen	2c8903f2fb	Document XSS in wordpress. Approved by: nectar	2004-10-13 21:01:12 +00:00
Jacques Vidrine	b6fa2d612e	Document integer overflows in libtiff.	2004-10-13 20:39:47 +00:00
Simon L. B. Nielsen	46ce8d4a7b	- Document a CUPS local information disclosure. - Note the impact of the sharutils buffer overflows. Approved by: nectar	2004-10-13 17:18:02 +00:00
Josef El-Rayes	cfeccaf435	Document a vulnerability in Zinf (freeamp). Approved by: nectar	2004-10-13 16:55:35 +00:00
Jacques Vidrine	33aa31f3d7	Document libtiff RLE decoder issues.	2004-10-13 16:06:33 +00:00
Simon L. B. Nielsen	775a8024eb	The sharutils buffer overflows has been fixed in sharutils 4.2.1_2.	2004-10-13 10:27:32 +00:00
Simon L. B. Nielsen	c94d440a5f	Document a vulnerability in sharutils. Approved by: nectar	2004-10-12 23:46:41 +00:00
Josef El-Rayes	015e40daad	Document 2 DoS attacks possible against older versions of mail-notifier. Based on the security advisories mentioned in the reference links. Approved by: nectar	2004-10-12 21:58:58 +00:00
Jacques Vidrine	8140c5484d	ale@ reports that the only ports affected are php[45], php[45]-cgi, and mod_php[45].	2004-10-12 15:39:33 +00:00
Jacques Vidrine	c4835ebf8a	Note squid SNMP DoS. Based on an entry that was Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2004-10-12 15:09:52 +00:00
Jacques Vidrine	8cc9af6661	The documented xv vulnerabilities were fixed by dinoex@ Approved by: portmgr	2004-10-12 02:08:57 +00:00
Jacques Vidrine	f2e5f2c600	Note that the image decoding vulnerabilities in gdk-pixbuf have been fixed. Reported by: marcus Approved by: portmgr	2004-10-12 01:07:22 +00:00
Jacques Vidrine	542e28fc48	Document older cyrus-sasl bug affecting DIGEST-MD5. Submitted by: simon Approved by: portmgr	2004-10-12 00:58:30 +00:00
Jacques Vidrine	ae3bbce876	Update the description of and list of packages affected by the PHP file upload processing bug. Submitted by: Jon Passki <cykyc@yahoo.com> Approved by: portmgr	2004-10-12 00:57:22 +00:00
Jacques Vidrine	5fc8e49951	Document unsafe use of environmental variable SASL_PATH in cyrus-sasl. Approved by: portmgr	2004-10-08 16:50:15 +00:00
Tom Rhodes	c57347a069	Add some more apache ports. Fix two errors found by nectar. Approved by: portmgr	2004-10-05 19:28:26 +00:00
Tom Rhodes	046685db30	Add imp3 issue, add apache13-ssl issue, correct a tag. Approved by: portmgr	2004-10-05 17:41:55 +00:00
Jacques Vidrine	ca9a79470c	Note that older packages of bmon were dangerously installed set-user-ID. Approved by: portmgr	2004-10-05 14:54:27 +00:00
Jacques Vidrine	9ae4693f5b	Document GnuTLS denial-of-service (already mentioned in portaudit's database). Approved by: portmgr	2004-10-05 14:33:02 +00:00
Jacques Vidrine	da3ca12960	Record another PHP vulnerability. Approved by: portmgr	2004-10-05 14:06:55 +00:00
Jacques Vidrine	3a866ed50b	Record another PHP security issue. Approved by: portmgr	2004-10-05 13:52:38 +00:00
Jacques Vidrine	196a8b7039	Note that xv should not be used. Approved by: portmgr	2004-10-05 12:52:57 +00:00
Jacques Vidrine	7f5388e9d6	Note a symlink vulnerability in getmail. Submitted by: Shane Kinney <mod6@freebsdhackers.net> Approved by: portmgr	2004-10-04 19:59:35 +00:00
Jacques Vidrine	a0e0b140b1	Fill in empty topic from previous commit. Noticed by: Shane Kinney <mod6@freebsdhackers.net> Approved by: portmgr	2004-10-04 17:30:00 +00:00
Jacques Vidrine	75a8348c4c	Record FreeBSD-SA-04:15.syscons. Approved by: portmgr	2004-10-04 17:09:55 +00:00
Jacques Vidrine	1ea5847470	Add missing PORTEPOCH for samba. Noticed by: dinoex Approved by: portmgr	2004-10-04 14:01:45 +00:00
Jacques Vidrine	796de6c0ad	Note racoon certificate verification bug. Submitted by: Jon Passki <cykyc@yahoo.com> Approved by: portmgr	2004-10-03 22:49:55 +00:00

... 2 3 4 5 6 ...

622 commits