Marcus Alves Grando
|
e841881f4b
|
linux-realplayer -- buffer overrun
linux-realplayer -- heap overflow
Reviewed by: simon
|
2006-03-27 19:06:53 +00:00 |
|
Remko Lodder
|
ac7f108ff9
|
s/8 spaces/tab/ in the sendmail entry.
Noticed by: simon
|
2006-03-24 18:02:29 +00:00 |
|
Remko Lodder
|
6767097f01
|
Record that our sendmail port was also vulnerable.
Bump modification date.
|
2006-03-24 17:10:23 +00:00 |
|
Remko Lodder
|
d81923c6b4
|
Update the 'Evolution - remote format string vulnerabilities' entry.
|
2006-03-24 13:08:53 +00:00 |
|
Remko Lodder
|
f9cee5162f
|
Document the latest three FreeBSD Security Advisories:
SA-06:13
SA-06:12
SA-06:11
|
2006-03-24 12:25:58 +00:00 |
|
Dejan Lesjak
|
461e2908dc
|
xorg-server -- privilege escalation
Reviewed by: simon
|
2006-03-21 17:05:15 +00:00 |
|
Marcus Alves Grando
|
48b19385b0
|
- heimdal -- Multiple vulnerabilities
Reviewed by: simon
|
2006-03-20 15:21:49 +00:00 |
|
Vasil Dimov
|
4ff24336d9
|
Document ftp/curl's TFTP packet buffer overflow vulnerability
Reworked by: simon
Approved by: security-officer (simon)
|
2006-03-20 12:58:15 +00:00 |
|
Brooks Davis
|
f9aea91fed
|
Add drupal <= 4.6.5 vulns.
|
2006-03-17 23:24:43 +00:00 |
|
Thierry Thomas
|
bfbd4b55b2
|
Add an entry for Horde < 3.1 (SA19246).
Noticed by: mnag
|
2006-03-15 21:27:33 +00:00 |
|
Simon L. B. Nielsen
|
4fcab4c05c
|
Document linux-flashplugin -- arbitrary code execution vulnerability.
|
2006-03-15 07:10:33 +00:00 |
|
Remko Lodder
|
1d8c141834
|
Document nfs -- remote denial of service (FreeBSD: SA-06:10)
Approved by: portmgr (blanket VuXML)
|
2006-03-12 21:25:12 +00:00 |
|
Remko Lodder
|
bd046df41f
|
Add OpenSSH Remote Denial of Service (FreeBSD SA-06:09.openssh) to the
vuxml list.
Approved by: portmgr (Blanket VuXML)
|
2006-03-12 19:57:53 +00:00 |
|
Remko Lodder
|
70a8938a87
|
Correct the gpg entry wrt. style.
Approved by: portmgr (Blanket VuXML)
|
2006-03-11 10:38:10 +00:00 |
|
Jun Kuriyama
|
b73fb62f12
|
Update to 1.4.2.2.
Security: GnuPG does not detect injection of unsigned data
References: http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
Probbed by: simon
Approved by: portmgr (erwin)
|
2006-03-09 22:44:35 +00:00 |
|
Vasil Dimov
|
991064231d
|
Document multimedia/mplayer's heap overflow in the ASF demuxer
Reviewed by: simon
Approved by: portmgr (implicit), security-officer (simon)
|
2006-03-09 10:53:14 +00:00 |
|
Marius Strobl
|
861c04f5ea
|
Add the ssh2-nox11 slave port to the list of ports affected by
VID 594ad3c5-a39b-11da-926c-0800209adf0e.
Prodded by: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
Approved by: portmgr (erwin)
|
2006-03-06 12:15:25 +00:00 |
|
Marius Strobl
|
888793f6ac
|
Document a SSH.COM SFTP server format string vulnerability affecting
the security/ssh2 port.
Approved by: portmgr (erwin)
|
2006-03-04 17:31:06 +00:00 |
|
Christian Weisgerber
|
d3926c182d
|
Document GNU tar invalid headers buffer overflow.
Approved by: portmgr (erwin)
|
2006-03-04 15:03:46 +00:00 |
|
Remko Lodder
|
52dcfc0417
|
Remove the pinentry entry. It was gentoo specific and I overlooked
that.
Noticed by: Dejan Lesjak <dejan dot lesjak at ijs dot si>
Pointyhat: remko
Approved by: portmgr (implicit VuXML)
|
2006-02-27 20:16:33 +00:00 |
|
Sergey Skvortsov
|
bb655e6ade
|
Document Bugzilla [2.*, 2.20.1) vulnerabilities.
Approved by: security-officer (simon)
Approved by: portmgr (implicit)
|
2006-02-27 14:36:52 +00:00 |
|
Xin LI
|
978c80a462
|
Document squirrelmail (< 1.4.6) vulnerabilities:
CVE-2006-0377 (IMAP injection)
CVE-2006-0195 (XSS)
CVE-2006-0188 (XSS)
Approved by: security-officer (simon)
Approved by: portmgr (implicit)
|
2006-02-24 19:56:28 +00:00 |
|
Remko Lodder
|
a57877665c
|
Remove the latest squid entry, it already existed.
Noticed by: Thomas-Martin Seck <tmseck at netcologne dot de>
|
2006-02-20 19:15:17 +00:00 |
|
Remko Lodder
|
193f489b68
|
Document gedit -- format string vulnerability.
|
2006-02-20 16:03:36 +00:00 |
|
Remko Lodder
|
5b65a6dfe1
|
Add koffice to the RTF import issue.
|
2006-02-20 15:43:52 +00:00 |
|
Remko Lodder
|
e110989d25
|
Documenet WebCalendar -- unauthorized access vulnerability.
|
2006-02-20 15:17:48 +00:00 |
|
Remko Lodder
|
3073642d70
|
Document abiword -- stack based buffer overflow vulnerabilities.
|
2006-02-20 14:29:51 +00:00 |
|
Remko Lodder
|
424cfcab59
|
Document pinentry -- local privilege escalation.
Correct previous entry (the entry time was invalid).
|
2006-02-20 12:26:22 +00:00 |
|
Remko Lodder
|
3c6a572716
|
Document squid -- dns lookup spoofing.
|
2006-02-20 12:02:09 +00:00 |
|
Simon L. B. Nielsen
|
a211d0431d
|
Document postgresql81-server -- SET ROLE privilege escalation.
|
2006-02-18 14:22:41 +00:00 |
|
Simon L. B. Nielsen
|
51909aa65e
|
Document gnupg -- false positive signature verification.
|
2006-02-17 09:53:58 +00:00 |
|
Remko Lodder
|
f42ea1d7c5
|
Document rssh -- privilege escalation vulnerability.
The port will be marked forbidden due to possible
root access.
|
2006-02-16 15:05:13 +00:00 |
|
Remko Lodder
|
5803e4d25e
|
Document tor -- malicious tor server can locate a hidden service.
|
2006-02-16 14:33:20 +00:00 |
|
Remko Lodder
|
7d56bb9418
|
Document sudo -- arbitrary command execution.
|
2006-02-16 14:20:23 +00:00 |
|
Remko Lodder
|
96d8b28256
|
Document libtomcrypt -- weak signature scheme with ECC keys.
|
2006-02-16 14:08:27 +00:00 |
|
Remko Lodder
|
b1b350edad
|
Document mantis -- "view_filters_page.php" cross site scripting vulnerability.
|
2006-02-16 13:19:07 +00:00 |
|
Remko Lodder
|
357c6d5847
|
Document phpbb -- multiple vulnerabilities.
Reviewed by: simon
|
2006-02-16 12:59:20 +00:00 |
|
Remko Lodder
|
e7e1028351
|
Document postgresql -- character conversion and tsearch2 vulnerabilities.
|
2006-02-16 12:50:35 +00:00 |
|
Remko Lodder
|
16ea24ccb4
|
Document heartbeat -- insecure temporary file creation vulnerability.
|
2006-02-16 09:08:03 +00:00 |
|
Remko Lodder
|
f5972ea28f
|
Document kpdf -- heap based buffer overflow
|
2006-02-15 13:25:55 +00:00 |
|
Remko Lodder
|
0be8d00ea7
|
Document perl, webmin, usermin -- perl format string integer wrap vulnerability
PR: ports/91202
Submitted by: KOMATSU Shinichiro <koma2 at lovepeers dot org>
(slightly modified).
|
2006-02-15 12:53:20 +00:00 |
|
Remko Lodder
|
7021a772ef
|
Document phpicalendar -- cross site scripting vulnerability and
document phpicalendar -- file disclosure vulnerability [1].
Reviewed by: simon [1]
Spotted on: cvs-ports@ [1]
|
2006-02-15 12:33:36 +00:00 |
|
Remko Lodder
|
25ca5f88be
|
Document FreeBSD -- Infinite loop in SACK handling (FreeBSD SA 06.08)
|
2006-02-14 10:35:40 +00:00 |
|
Remko Lodder
|
424491da55
|
Document pf -- IP fragment handling panic, FreeBSD SA 06.07
|
2006-02-14 10:28:53 +00:00 |
|
Remko Lodder
|
7d67746133
|
Document FreeBSD -- Local kernel memory disclosure
(FreeBSD SA 06.07).
|
2006-02-14 10:09:23 +00:00 |
|
Remko Lodder
|
75aa0b238b
|
Document IEEE 802.11 -- buffer overflow (FreeBSD SA 06.05).
|
2006-02-14 09:57:31 +00:00 |
|
Remko Lodder
|
07f1e71655
|
Add FreeBSD SA 06.04.ipfw to the vuln.xml list.
|
2006-02-14 08:13:53 +00:00 |
|
Simon L. B. Nielsen
|
fdb960e906
|
Mark ivtools 1.2.3 as fixed for jpeg vulnerabilities. Note that this
version is not yet in ports, but marking the new version fixed now
make porting a bit simpler.
|
2006-02-07 20:43:51 +00:00 |
|
Simon L. B. Nielsen
|
bc35a4c8f8
|
Document kpopup -- local root exploit and local denial of service.
PR: ports/92359
Submitted by: Ion-Mihai "IOnut" Tetcu <itetcu@people.tecnik93.com>
|
2006-02-07 20:09:16 +00:00 |
|
Remko Lodder
|
fd5ec1d397
|
Oops. Forgot to modify the discovery date.
Spotted by: simon (again)
|
2006-01-27 19:07:32 +00:00 |
|