freebsd-ports

Author	SHA1	Message	Date
Martin Wilke	ff19112890	Document joomla -- multiple vulnerabilities Approved by: markus (co mentor)	2006-06-30 22:48:34 +00:00
Remko Lodder	41e0e86c20	Document hashcash -- heap overflow vulnerability.	2006-06-27 19:55:04 +00:00
Simon L. B. Nielsen	8b26ccec73	Document gnupg -- user id integer overflow vulnerability.	2006-06-25 18:39:19 +00:00
Simon L. B. Nielsen	94c648fcee	Document opera -- JPEG processing integer overflow vulnerability.	2006-06-23 08:32:01 +00:00
Remko Lodder	1da779f169	Update the webcalendar entry, use alphabetic sorting, no functional change of information.	2006-06-17 14:36:33 +00:00
Thierry Thomas	5d748de2a7	Add an entry for Horde's latest XSS vulnerabilities.	2006-06-17 07:11:10 +00:00
Simon L. B. Nielsen	18fafae1ca	Add webcalendar -- information disclosure vulnerability. PR: ports/98993 Submitted by: Gregory C. Larkin <glarkin@sourcehosting.net>	2006-06-16 22:38:16 +00:00
Remko Lodder	91cc7df2e2	Add FreeBSD-SA-06:17.sendmail to the VuXML database.	2006-06-14 16:30:58 +00:00
Remko Lodder	4fe30c4eeb	Bump modification date in the last entry and earn my own pointyhat. Forgotten by/pointyhat: remko	2006-06-12 15:41:35 +00:00
Remko Lodder	55e4b96192	Fix the latest entry by using the entity for &, this passes make validate. Reported by: Michal Kaps <michal at ionic dot co dot uk> Pointyhat by: aaron, (tobez implicit)	2006-06-12 15:26:46 +00:00
Aaron Dalton	c7615f6eb0	- Added multiple dokuwiki vulnerabilities Approved by: tobez	2006-06-12 06:22:59 +00:00
MANTANI Nobutaka	a39b070264	Add an entry for libxine -- buffer overflow vulnerability.	2006-06-11 12:55:21 +00:00
Remko Lodder	0fa93d6514	Document FreeBSD-SA-06:15.ypserv and FreeBSD-SA-06:16.smbfs. Add the proper freebsdsa tag for older entries and bump their modification date.	2006-06-09 13:32:10 +00:00
Remko Lodder	23df5a0166	Document two freeradius issues, one newer and one older issue: freeradius -- multiple vulnerabilities freeradius -- authentication bypass vulnerability	2006-06-08 17:10:56 +00:00
Emanuel Haupt	6e4dd55d45	Mark graphics/fractorama 1.6.7_1 "clean". This port now links against libtiff from ports. Approved by: simon (secteam)	2006-06-08 12:21:35 +00:00
Simon L. B. Nielsen	15d863f019	The awstats port has PORTEPOCH bumped, so update the vuxml entry awstats -- arbitrary command execution vulnerability to reflect that.	2006-06-07 18:51:20 +00:00
Simon L. B. Nielsen	dc587b2b2e	Mumble, back out local changes which should not have been committed.	2006-06-06 10:57:44 +00:00
Simon L. B. Nielsen	9fb355fc8b	Mark squirrelmail-1.4.6_1 as fixed for squirrelmail -- plugin.php local file inclusion vulnerability.	2006-06-06 10:55:10 +00:00
Simon L. B. Nielsen	01995fb4eb	Document squirrelmail -- plugin.php local file inclusion vulnerability.	2006-06-05 20:18:51 +00:00
Simon L. B. Nielsen	22050a51ca	Document dokuwiki -- spellchecker remote PHP code execution.	2006-06-05 19:57:27 +00:00
Simon L. B. Nielsen	f6daabd82b	Document drupal -- multiple vulnerabilities.	2006-06-05 19:48:00 +00:00
Marcus Alves Grando	9d9bbf3ac5	- Add last two MySQL vulnerabilities MySQL -- SQL-injection security vulnerability MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities	2006-06-01 18:30:07 +00:00
Simon L. B. Nielsen	419a2dffdf	Document frontpage -- cross site scripting vulnerability and point FORBIDDEN from the frontpage ports at it. While this is "only" a cross site scripting vulnerability it has some rather serious implications which can allow an attacker to take over a web site, so I'm keeping FORBIDDEN.	2006-05-23 19:23:48 +00:00
Marcus Alves Grando	faffd590f3	cscope -- buffer overflow vulnerabilities	2006-05-23 15:20:45 +00:00
Marcus Alves Grando	b6cf40b4b2	coppermine -- Multiple File Extensions Vulnerability coppermine -- "file" Local File Inclusion Vulnerability coppermine -- File Inclusion Vulnerabilities	2006-05-22 15:25:54 +00:00
Marcus Alves Grando	7704088faf	phpmyadmin -- XSRF vulnerabilities	2006-05-21 01:02:29 +00:00
Pav Lucistnik	cfc6ac0c96	- Normalize the topic of last entry Requested by: remko	2006-05-18 21:19:01 +00:00
Pav Lucistnik	9d781e10f0	- Add VuXML entry for vnc 4.1.1	2006-05-18 16:12:17 +00:00
Marcus Alves Grando	4c21528e84	- Add vulnerabilities in last topic.	2006-05-14 03:57:13 +00:00
Marcus Alves Grando	592f87e350	phpldapadmin -- Cross-Site Scripting and Script Insertion	2006-05-14 03:56:08 +00:00
Anton Berezin	0e1311f0e0	Modify the entry for p5-DBI insecure temporary files creation to reflect the fact that version 1.37_1 of p5-DBI-137 is OK now. Reviewed by: simon	2006-05-11 19:17:54 +00:00
Jun Kuriyama	fb01ce7790	Add www/fswiki vulnerability.	2006-05-06 10:56:38 +00:00
Simon L. B. Nielsen	fd0ae98d6f	- Add missing s in latest awstats entry's title. - Document mysql50-server -- COM_TABLE_DUMP arbitrary code execution.	2006-05-05 22:24:36 +00:00
Marcus Alves Grando	5eb5f80d7d	- Cancel last rsync entry. Does not affect FreeBSD port. Notified by: simon, pav Discussed with: simon	2006-05-05 21:39:21 +00:00
Simon L. B. Nielsen	43e7124ffe	Document awstat -- arbitrary command execution vulnerability. Fix a incorrect use of cvename in the latest firefox entry, which I missed when reviewing the entry (and which make validate did not / can not catch).	2006-05-05 20:45:20 +00:00
Marcus Alves Grando	3738973f04	phpwebftp -- "language" Local File Inclusion	2006-05-03 20:14:47 +00:00
Vasil Dimov	9200d9071b	Document firefox -- denial of service vulnerability Reviewed by: simon	2006-05-03 08:00:56 +00:00
Marcus Alves Grando	324e5358b1	trac -- Wiki Macro Script Insertion Vulnerability	2006-05-03 01:01:55 +00:00
Marcus Alves Grando	3dd6cc3ef2	rsync -- "xattrs.diff" Patch Integer Overflow Vulnerability	2006-05-03 00:56:32 +00:00
Marcus Alves Grando	ebeb8c19cb	clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability	2006-05-03 00:45:51 +00:00
Marcus Alves Grando	d38cbf4f07	- Add last jabberd entry: jabberd -- SASL Negotiation Denial of Service Vulnerability	2006-05-01 15:09:47 +00:00
Simon L. B. Nielsen	d64fe02de2	Also mark linux-seamonkey vulnerable to recent mozilla vulnerabilities. Reported by: Andrew Pantyukhin infofarmer at gmail dotty com	2006-04-27 11:12:18 +00:00
Marcus Alves Grando	6d0d71dfe5	cacti -- ADOdb "server.php" Insecure Test Script Security Issue	2006-04-27 04:30:53 +00:00
Marcus Alves Grando	e69d0df24f	amaya -- Attribute Value Buffer Overflow Vulnerabilities	2006-04-27 03:48:32 +00:00
Marcus Alves Grando	ac69cc6c3c	lifetype -- ADOdb "server.php" Insecure Test Script Security Issue	2006-04-27 03:22:25 +00:00
Marcus Alves Grando	c97506a8c5	ethereal -- Multiple Protocol Dissector Vulnerabilities	2006-04-27 02:46:40 +00:00
Remko Lodder	6d264d8dc2	My 100th commit to the vuln.xml file: - Document Asterisk -- denial of service vulnerability, local system access.	2006-04-25 20:57:47 +00:00
Eric Anholt	d990ae19c3	Change paraview checks to be < 2.4.3 now that paraview uses system libtiff.	2006-04-25 17:40:49 +00:00
Remko Lodder	9fca86861c	Document zgv, xzgv -- heap overflow vulnerability.	2006-04-23 21:46:34 +00:00
Remko Lodder	b2c8757b20	Document crossfire-server -- denial of service and remote code execution vulnerability.	2006-04-23 14:14:52 +00:00
Remko Lodder	1d4bde5eb6	Document p5-DBI -- insecure temporary file creation vulnerability.	2006-04-23 10:25:26 +00:00
Remko Lodder	77dac30344	Document wordpress -- full path disclosure.	2006-04-23 09:58:02 +00:00
Remko Lodder	cdbf49e1ec	Document xine -- multiple remote string vulnerabilities.	2006-04-23 09:35:37 +00:00
Hajimu UMEMOTO	2a6899cab1	Add an entry for cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service.	2006-04-21 16:51:12 +00:00
Remko Lodder	53991e4223	Also mark all other versions of FreeBSD (That were released) as vulnerable. Noticed by: brueffer Discussed with: brueffer, simon	2006-04-19 17:53:26 +00:00
Remko Lodder	e74e70ddc0	Add FreeBSD -- FPU information disclosure (SA-06:14) to the vuxml list.	2006-04-19 17:36:56 +00:00
Simon L. B. Nielsen	ce1b83e95a	Add some CERT references to latest Mozilla entry.	2006-04-18 19:39:22 +00:00
Marcus Alves Grando	a4e46f07ab	plone -- "member_id" Parameter Portrait Manipulation Vulnerability	2006-04-18 13:48:46 +00:00
Simon L. B. Nielsen	cd8ff57933	Fix copy/paste error in last commit and mark linux-mozilla < 1.7.13 as vulnerable.	2006-04-16 22:02:11 +00:00
Simon L. B. Nielsen	e07ffdcc18	Document mozilla/firefox/thunderbirds's latest attempt at Internet Explorer compatibility. Note that I omitted marking some really old mozilla versions as vulnerable this time, since there is already a bunch of entries covering these versions (which haven't been in ports for a while).	2006-04-16 21:52:31 +00:00
Emanuel Haupt	244f2b5f51	Update entry for sysutils/heartbeat. The insecure temporary file creation vulnerability is fixed in 1.2.4. Approved by: secteam (simon)	2006-04-16 13:00:04 +00:00
Marcus Alves Grando	587b3e48fb	mailman -- Private Archive Script Cross-Site Scripting	2006-04-16 01:52:16 +00:00
Remko Lodder	7e9c6efc20	Document f2c -- insecure temporary files. It is not very clear to me to see what version is fixed. The one fixing this port should import the latest available one which is fixed.	2006-04-10 19:11:14 +00:00
Marcus Alves Grando	2a4e03ec76	mplayer -- Multiple integer overflows	2006-04-08 14:53:00 +00:00
Marcus Alves Grando	84746ec7d3	- Add Secunia references for last phpMyAdmin issue.	2006-04-07 14:15:02 +00:00
Remko Lodder	519fd752c5	Document kaffeine -- buffer overflow vulnerability.	2006-04-07 11:23:05 +00:00
Remko Lodder	463ef4e6b1	Document thunderbird -- javascript execution.	2006-04-07 10:38:53 +00:00
Remko Lodder	9c636d302a	Update the latest zoo entry to match the latest update to the port. This will mark zoo-2.10.1_2 and later as not vulnerable for this issue.	2006-04-06 17:30:16 +00:00
Marcus Alves Grando	7f57c9182c	phpmyadmin -- XSS vulnerabilities phpmyadmin -- 'set_theme' Cross-Site Scripting	2006-04-06 16:44:46 +00:00
Marcus Alves Grando	f926976ec0	clamav -- Multiple Vulnerabilities	2006-04-06 15:30:12 +00:00
Remko Lodder	ca0e535fe7	Add cvename to the recent OpenVPN entry. Submitted by: Matthias Andree <matthias dot andree at gmx dot de>	2006-04-06 04:47:47 +00:00
Remko Lodder	a0ddc702a3	Document mediawiki -- hardcoded placeholder string security bypass vulnerability.	2006-04-05 20:00:17 +00:00
Remko Lodder	fc258f1004	Document netpbm -- buffer overflow in pnmtopng.	2006-04-05 19:50:24 +00:00
Remko Lodder	f15877a546	Document zoo -- stack based buffer overflow.	2006-04-05 19:23:10 +00:00
Remko Lodder	eeb9bc7a2f	Document mediawiki -- cross site scripting vulnerability.	2006-04-05 19:02:44 +00:00
Marcus Alves Grando	e532bbaa7d	dia -- XFig Import Plugin Buffer Overflow	2006-04-05 17:37:37 +00:00
Marcus Alves Grando	043a17fd5f	openvpn -- LD_PRELOAD code execution on client through malicious or compromised server PR: 95343 Submitted by: Matthias Andree <matthias.andree__gmx.de>	2006-04-05 14:57:46 +00:00
Marcus Alves Grando	d9ff0f6565	samba -- Exposure of machine account credentials in winbind log files	2006-04-05 04:33:24 +00:00
Brooks Davis	77e1e58771	Upgrade pubcookie from 3.3.0-beta2 to 3.3.0a fixing serious XSS vulnerabilities.	2006-04-05 03:46:56 +00:00
Edwin Groothuis	baee87aba2	Fill in the version numbers for the vids 6e3b12e2-6ce3-11da-b90c-000e0c2e438a and 82a41084-6ce7-11da-b90c-000e0c2e438a to show which Mantis versions are vulnerable. Submitted by: In cooperation with dvl	2006-04-01 05:01:11 +00:00
Simon L. B. Nielsen	16fb63b929	For horde -- remote code execution vulnerability in the help viewer entry: - Add more references. - Reformat description to follow normal formatting style better. - Remove a redundant line in the description to make the meaning more clear.	2006-03-30 06:53:30 +00:00
Marcus Alves Grando	0354370716	freeradius -- EAP-MSCHAPv2 Authentication Bypass	2006-03-29 19:08:51 +00:00
Thierry Thomas	92a2d1b920	Add an entry about Horde's remote code execution vulnerability in the help viewer.	2006-03-28 18:13:13 +00:00
Marcus Alves Grando	e841881f4b	linux-realplayer -- buffer overrun linux-realplayer -- heap overflow Reviewed by: simon	2006-03-27 19:06:53 +00:00
Remko Lodder	ac7f108ff9	s/8 spaces/tab/ in the sendmail entry. Noticed by: simon	2006-03-24 18:02:29 +00:00
Remko Lodder	6767097f01	Record that our sendmail port was also vulnerable. Bump modification date.	2006-03-24 17:10:23 +00:00
Remko Lodder	d81923c6b4	Update the 'Evolution - remote format string vulnerabilities' entry.	2006-03-24 13:08:53 +00:00
Remko Lodder	f9cee5162f	Document the latest three FreeBSD Security Advisories: SA-06:13 SA-06:12 SA-06:11	2006-03-24 12:25:58 +00:00
Dejan Lesjak	461e2908dc	xorg-server -- privilege escalation Reviewed by: simon	2006-03-21 17:05:15 +00:00
Marcus Alves Grando	48b19385b0	- heimdal -- Multiple vulnerabilities Reviewed by: simon	2006-03-20 15:21:49 +00:00
Vasil Dimov	4ff24336d9	Document ftp/curl's TFTP packet buffer overflow vulnerability Reworked by: simon Approved by: security-officer (simon)	2006-03-20 12:58:15 +00:00
Brooks Davis	f9aea91fed	Add drupal <= 4.6.5 vulns.	2006-03-17 23:24:43 +00:00
Thierry Thomas	bfbd4b55b2	Add an entry for Horde < 3.1 (SA19246). Noticed by: mnag	2006-03-15 21:27:33 +00:00
Simon L. B. Nielsen	4fcab4c05c	Document linux-flashplugin -- arbitrary code execution vulnerability.	2006-03-15 07:10:33 +00:00
Remko Lodder	1d8c141834	Document nfs -- remote denial of service (FreeBSD: SA-06:10) Approved by: portmgr (blanket VuXML)	2006-03-12 21:25:12 +00:00
Remko Lodder	bd046df41f	Add OpenSSH Remote Denial of Service (FreeBSD SA-06:09.openssh) to the vuxml list. Approved by: portmgr (Blanket VuXML)	2006-03-12 19:57:53 +00:00
Remko Lodder	70a8938a87	Correct the gpg entry wrt. style. Approved by: portmgr (Blanket VuXML)	2006-03-11 10:38:10 +00:00
Jun Kuriyama	b73fb62f12	Update to 1.4.2.2. Security: GnuPG does not detect injection of unsigned data References: http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html Probbed by: simon Approved by: portmgr (erwin)	2006-03-09 22:44:35 +00:00
Vasil Dimov	991064231d	Document multimedia/mplayer's heap overflow in the ASF demuxer Reviewed by: simon Approved by: portmgr (implicit), security-officer (simon)	2006-03-09 10:53:14 +00:00
Marius Strobl	861c04f5ea	Add the ssh2-nox11 slave port to the list of ports affected by VID 594ad3c5-a39b-11da-926c-0800209adf0e. Prodded by: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua> Approved by: portmgr (erwin)	2006-03-06 12:15:25 +00:00
Marius Strobl	888793f6ac	Document a SSH.COM SFTP server format string vulnerability affecting the security/ssh2 port. Approved by: portmgr (erwin)	2006-03-04 17:31:06 +00:00
Christian Weisgerber	d3926c182d	Document GNU tar invalid headers buffer overflow. Approved by: portmgr (erwin)	2006-03-04 15:03:46 +00:00
Remko Lodder	52dcfc0417	Remove the pinentry entry. It was gentoo specific and I overlooked that. Noticed by: Dejan Lesjak <dejan dot lesjak at ijs dot si> Pointyhat: remko Approved by: portmgr (implicit VuXML)	2006-02-27 20:16:33 +00:00
Sergey Skvortsov	bb655e6ade	Document Bugzilla [2.*, 2.20.1) vulnerabilities. Approved by: security-officer (simon) Approved by: portmgr (implicit)	2006-02-27 14:36:52 +00:00
Xin LI	978c80a462	Document squirrelmail (< 1.4.6) vulnerabilities: CVE-2006-0377 (IMAP injection) CVE-2006-0195 (XSS) CVE-2006-0188 (XSS) Approved by: security-officer (simon) Approved by: portmgr (implicit)	2006-02-24 19:56:28 +00:00
Remko Lodder	a57877665c	Remove the latest squid entry, it already existed. Noticed by: Thomas-Martin Seck <tmseck at netcologne dot de>	2006-02-20 19:15:17 +00:00
Remko Lodder	193f489b68	Document gedit -- format string vulnerability.	2006-02-20 16:03:36 +00:00
Remko Lodder	5b65a6dfe1	Add koffice to the RTF import issue.	2006-02-20 15:43:52 +00:00
Remko Lodder	e110989d25	Documenet WebCalendar -- unauthorized access vulnerability.	2006-02-20 15:17:48 +00:00
Remko Lodder	3073642d70	Document abiword -- stack based buffer overflow vulnerabilities.	2006-02-20 14:29:51 +00:00
Remko Lodder	424cfcab59	Document pinentry -- local privilege escalation. Correct previous entry (the entry time was invalid).	2006-02-20 12:26:22 +00:00
Remko Lodder	3c6a572716	Document squid -- dns lookup spoofing.	2006-02-20 12:02:09 +00:00
Simon L. B. Nielsen	a211d0431d	Document postgresql81-server -- SET ROLE privilege escalation.	2006-02-18 14:22:41 +00:00
Simon L. B. Nielsen	51909aa65e	Document gnupg -- false positive signature verification.	2006-02-17 09:53:58 +00:00
Remko Lodder	f42ea1d7c5	Document rssh -- privilege escalation vulnerability. The port will be marked forbidden due to possible root access.	2006-02-16 15:05:13 +00:00
Remko Lodder	5803e4d25e	Document tor -- malicious tor server can locate a hidden service.	2006-02-16 14:33:20 +00:00
Remko Lodder	7d56bb9418	Document sudo -- arbitrary command execution.	2006-02-16 14:20:23 +00:00
Remko Lodder	96d8b28256	Document libtomcrypt -- weak signature scheme with ECC keys.	2006-02-16 14:08:27 +00:00
Remko Lodder	b1b350edad	Document mantis -- "view_filters_page.php" cross site scripting vulnerability.	2006-02-16 13:19:07 +00:00
Remko Lodder	357c6d5847	Document phpbb -- multiple vulnerabilities. Reviewed by: simon	2006-02-16 12:59:20 +00:00
Remko Lodder	e7e1028351	Document postgresql -- character conversion and tsearch2 vulnerabilities.	2006-02-16 12:50:35 +00:00
Remko Lodder	16ea24ccb4	Document heartbeat -- insecure temporary file creation vulnerability.	2006-02-16 09:08:03 +00:00
Remko Lodder	f5972ea28f	Document kpdf -- heap based buffer overflow	2006-02-15 13:25:55 +00:00
Remko Lodder	0be8d00ea7	Document perl, webmin, usermin -- perl format string integer wrap vulnerability PR: ports/91202 Submitted by: KOMATSU Shinichiro <koma2 at lovepeers dot org> (slightly modified).	2006-02-15 12:53:20 +00:00
Remko Lodder	7021a772ef	Document phpicalendar -- cross site scripting vulnerability and document phpicalendar -- file disclosure vulnerability [1]. Reviewed by: simon [1] Spotted on: cvs-ports@ [1]	2006-02-15 12:33:36 +00:00
Remko Lodder	25ca5f88be	Document FreeBSD -- Infinite loop in SACK handling (FreeBSD SA 06.08)	2006-02-14 10:35:40 +00:00
Remko Lodder	424491da55	Document pf -- IP fragment handling panic, FreeBSD SA 06.07	2006-02-14 10:28:53 +00:00
Remko Lodder	7d67746133	Document FreeBSD -- Local kernel memory disclosure (FreeBSD SA 06.07).	2006-02-14 10:09:23 +00:00
Remko Lodder	75aa0b238b	Document IEEE 802.11 -- buffer overflow (FreeBSD SA 06.05).	2006-02-14 09:57:31 +00:00
Remko Lodder	07f1e71655	Add FreeBSD SA 06.04.ipfw to the vuln.xml list.	2006-02-14 08:13:53 +00:00
Simon L. B. Nielsen	fdb960e906	Mark ivtools 1.2.3 as fixed for jpeg vulnerabilities. Note that this version is not yet in ports, but marking the new version fixed now make porting a bit simpler.	2006-02-07 20:43:51 +00:00
Simon L. B. Nielsen	bc35a4c8f8	Document kpopup -- local root exploit and local denial of service. PR: ports/92359 Submitted by: Ion-Mihai "IOnut" Tetcu <itetcu@people.tecnik93.com>	2006-02-07 20:09:16 +00:00
Remko Lodder	fd5ec1d397	Oops. Forgot to modify the discovery date. Spotted by: simon (again)	2006-01-27 19:07:32 +00:00
Remko Lodder	14168109d9	Add 4 FreeBSD advisories to the VuXML database. The other recently released advisories will be added later today. o SA-06:03.cpio o SA-06:02.ee o SA-06:01.texindex o SA-05:20.cvsbug	2006-01-27 12:20:06 +00:00
Edwin Groothuis	41ce2d5cf9	SHA256ify Approved by: krion@	2006-01-24 06:38:31 +00:00
Brooks Davis	a558911631	Document local root exploit in SGE.	2006-01-23 21:29:46 +00:00
Simon Barner	d9e48a62d0	Document "fetchmail -- crash when bouncing a message" DOS vulnerability. Reviewed by: secteam (simon)	2006-01-23 15:35:22 +00:00
Simon L. B. Nielsen	7e58b30f65	- Update description and references for "clamav -- possible heap overflow in the UPX code" now that more information is available. - Remove some EOL whitespace.	2006-01-14 23:36:11 +00:00
Emanuel Haupt	0b2183233e	Add an entry for clamav/clamav-devel Reviewed by: simon (secteam)	2006-01-10 14:02:52 +00:00
Simon L. B. Nielsen	e255ffdee3	Document milter-bogom -- headerless message crash. Reported by: Victor Balada Diaz <victor@bsdes.net>	2006-01-09 21:47:29 +00:00
Simon L. B. Nielsen	e67f22fd29	Mark latest bnc version as fixed wrt. to "fd_set -- bitmap index overflow in multiple applications". Reported by: Christian Elmerot <Chreo At chreo , net>	2006-01-09 20:49:54 +00:00
Simon L. B. Nielsen	44c850656f	Document two bogofilter vulnerabilities. Submitted by: Matthias Andree <matthias.andree@gmx.de>	2006-01-07 14:56:01 +00:00
Thierry Thomas	fbe708601a	Add an entry for rxvt-unicode < 6.3: root privileges were not restored before the call to openpty(), so the permissions on the pty device node remain root:wheel 666 after opening a new terminal. Discovered by: Ryan Beasley <ryanb (at) rainbowdevilsland.co.uk>	2006-01-04 23:00:38 +00:00
Lev A. Serebryakov	473045a644	`ru-apache' and` ru-apache+mod_ssl' was patchet against CAN-2005-3352 (http://www.FreeBSD.org/ports/portaudit/9fff8dc8-7aa7-11da-bf72-00123f589060.html) Yes, changes are validated with xmllint at this time.	2006-01-03 18:40:54 +00:00
Remko Lodder	7f39f465ee	Correct a little typo.	2006-01-02 18:32:19 +00:00
Remko Lodder	ba2e705394	Document apache -- mod_imap cross-site scripting flaw. I expanded the diff from the PR a bit to denote other affected apache ports as well. Therefor mistakes in that should be redirected to me. Also bump the copyright year for the vuxml file. PR: ports/91157 (based on) Submitted by: KOMATSU Shinichiro <koma2 at lovepeers dot org>	2006-01-01 21:40:15 +00:00
Hiroki Sato	ed868573b5	Fix the affected versions of 9b4facec-6761-11da-99f6-00123ffe8333. PR: ports/91156 Submitted by: KOMATSU Shinichiro (koma2 at lovepeers dot org)	2006-01-01 09:03:31 +00:00
Simon L. B. Nielsen	148232b94b	Add missing "</package>" tag from rev. 1.917, which caused the file to be invalid XML and in turn caused the portaudit database to be only partially built. Bump modification date of all entries which had modification date on the 23'rd to make sure VuXML consumers catch the updates. Portaudit problem reported by: Peter Vohmann Pointy hat to: lev	2005-12-25 22:23:51 +00:00
Lev A. Serebryakov	1c38ba0f8a	russian/apache13 and russian/apache13-modssl were updated and new version doesn't contain any known vulnerabilities.	2005-12-23 13:33:26 +00:00
Simon L. B. Nielsen	07c857289d	Bump modification date for entries touched by last commit.	2005-12-23 12:10:21 +00:00
Remko Lodder	b8bdbc097e	Update the phpSysInfo entries, PR ports/90849 will solve the documented issues. Requested by: Babak Farrokhi <babak at farrokhi dot net>	2005-12-23 11:47:23 +00:00
Remko Lodder	089f400b2f	Fix another typo in my nbd entry. Spotted by: Linus Nordberg <linus at nordberg dot se>	2005-12-23 10:29:49 +00:00
Remko Lodder	2560e63b03	Correct a typo. Submitted by: Linus Nordberg <linus at nordberg dot se>	2005-12-22 21:25:07 +00:00
Remko Lodder	c3647ba89e	Update the affected range. Prodded by: erwin	2005-12-22 21:08:08 +00:00
Remko Lodder	a573c0bbf8	:	2005-12-22 21:05:31 +00:00
Renato Botelho	f2e0663da9	- Register scponly-4.1 vulnerabilities PR: ports/90813 Submitted by: maintainer Security: https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html	2005-12-22 16:25:09 +00:00
Remko Lodder	9467f6bd7a	Correct the recent horde entries as per the FDP (made the entries max 72 chars wide).	2005-12-22 15:49:31 +00:00
Simon Barner	b218a8d221	Document fetchmail vulnerability: http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt (CVE-2005-4348) Reviewed by: secteam (simon@)	2005-12-19 15:14:33 +00:00
Remko Lodder	77eaeee548	Document the following mantis vulnerabilities: o "t_core_path" file inclusion vulnerability o "view_filters_page.php" cross-site scripting vulnerability	2005-12-14 21:51:50 +00:00
Thierry Thomas	ebe3cc4d05	- Add entries for several XSS vulnerabilities in Horde, Kronolith, Nag Turba and Mnemo; - Fix a typo in the previous Horde entry.	2005-12-11 21:41:22 +00:00
Marcus Alves Grando	03872f0906	Add curl -- URL buffer overflow vulnerability Reviewed by: simon	2005-12-09 12:24:21 +00:00
Marcus Alves Grando	4bcaccddbe	Add phpmyadmin -- register_globals emulation "import_blacklist" manipulation Add phpmyadmin -- XSS vulnerabilities	2005-12-07 21:59:01 +00:00
Marcus Alves Grando	feadf43eb5	Add ffmpeg -- libavcodec buffer overflow vulnerability Reviewed by: simon	2005-12-07 11:53:07 +00:00
Marcus Alves Grando	a5c05ad2ac	Add trac -- search module SQL injection vulnerability Reviewed by: simon	2005-12-07 11:34:33 +00:00
Marcus Alves Grando	662164b1da	Add drupal -- multiple vulnerabilities Reviewed by: simon	2005-12-01 16:08:47 +00:00
Simon L. B. Nielsen	0e1765d248	Document opera -- multiple vulnerabilities.	2005-11-30 20:55:36 +00:00
Simon L. B. Nielsen	43403b4c69	Document opera -- command line URL shell command injection.	2005-11-30 20:35:51 +00:00
Marcus Alves Grando	8d8572161c	Add entry to www/mambo Reviewed by: simon	2005-11-30 13:41:53 +00:00
Simon L. B. Nielsen	4bfdd6f32b	Backup rev 1.9 which should not have been committed since it was just my local hack. Note to self: Do not commit before having at least two cups of coffee. Pointy hat to: simon	2005-11-29 08:46:13 +00:00
Simon L. B. Nielsen	f7f50cf4a0	Mark flyspar 0.9.8 as fixed wrt. "flyspray -- cross-site scripting vulnerabilities" since our port version of 0.9.8 includes update1 which fixes the issue. Reported by: Volodymyr Kostyrko via pav	2005-11-29 08:41:51 +00:00
Marcus Alves Grando	1213510c44	Change topic zope28 to zope (www/zope affected too) Add <cvename> to zope entry Change CAN-XXXX-XXXX to CVE-XXXX-XXXX Reviewed by: simon	2005-11-28 15:37:03 +00:00
Hiroki Sato	ceed13510d	Security fix: several shell scripts included in the Ghostscript package allow local users to overwrite files via a symlink attack on temporary files. Security: CAN-2004-0967	2005-11-27 17:57:19 +00:00
Remko Lodder	0f2ad8777c	Standarize the horde -- Cross site scripting vulnerabilities in MIME viewers entry as per the FDP-primer and the vuxml layout (topic). Also correct the qpopper vulnerability to match 4.0 and above since the 2.x range is listed as affected at the moment but has an entirely different base. After checking it appears that the information all point to >= 4.0. [1] Noticed by: ache [1]	2005-11-26 10:54:21 +00:00
Thierry Thomas	2a2d2becd1	Add an entry for cross site scripting vulnerabilities in Horde's MIME viewers.	2005-11-22 19:56:53 +00:00
Marcus Alves Grando	96a2aa8bd7	phpmyadmin -- HTTP Response Splitting vulnerability Reviewed by: simon	2005-11-16 14:17:43 +00:00
Simon L. B. Nielsen	13c002e952	Add CVE name to an old sudo entry.	2005-11-14 16:57:25 +00:00
Simon L. B. Nielsen	a8e0909706	Update latest phpSysInfo entry to reflect that 2.4 was in fact not fixed (or rather, had an incorrect "fix"). Reported by: Christopher Kunz (advisory author) Security: http://www.hardened-php.net/advisory_222005.81.html	2005-11-14 08:45:08 +00:00
Sergey Matveychuk	49a81eebfa	- Micromedia -> Macromedia - Standard FDP primer documentation rules apply - Two dots fixed Noted by: remko	2005-11-13 21:39:56 +00:00
Sergey Matveychuk	5e8e8dd93a	- Document phpSysInfo vulnerability	2005-11-13 21:21:16 +00:00
Sergey Matveychuk	0f9a54454c	- Document flashplugin vulnerability	2005-11-13 20:59:46 +00:00
Sergey Matveychuk	64ba4504f8	- Document p5-Mail-SpamAssassin vulnerabily (alread fixed in ports) - Document flyspray cross-site scripting vulnerabilities	2005-11-10 11:09:55 +00:00
Remko Lodder	b7b4aa1a89	Update the recent gallery2 and webcalendar entries: o Add a better topic (description) o Reword the webcalendar entry to have some more usefull data o Add references (bid's and CVE names).	2005-11-08 17:34:39 +00:00
Remko Lodder	a4156d4fb4	Document qpopper -- multiple privilege escalation vulnerabilities. Note that the current version is not affected anymore.	2005-11-07 20:44:06 +00:00
Sergey Matveychuk	3a95aa3424	- Add missed </p> tag [1] - Modify 594eb447-e398-11d9-a8bd-000cf18bbe54 entry: ruby 1.6.x is not affected this vulnerability, it have no XMLRPC support. Pointy hat to: simon [1]	2005-11-06 17:28:04 +00:00
Simon L. B. Nielsen	e878b5dcc2	Add a bit more info from the PEAR advisory about the vulnerability to make the scope of the vulnerability a bit more clear. Disussed with: thierry	2005-11-04 22:49:33 +00:00
Simon L. B. Nielsen	fc7d9d38e2	The two latest OpenVPN vulnerabilities were both only for 2.0 and newer, so mark the correctly as such. Submitted by: Matthias Andree <matthias.andree@gmx.de>	2005-11-04 22:35:05 +00:00
Thierry Thomas	6908b8e306	Add an entry for pear-PEAR arbitrary code execution vulnerability.	2005-11-04 21:23:28 +00:00
Simon L. B. Nielsen	20415e3666	Correct skype entry to match the correct fixed port version number. Noted by: Stefan Lambrev, cheffo FreeBSD-BG org	2005-11-02 10:16:50 +00:00
Simon L. B. Nielsen	74bda32714	Document two OpenVPN vulnerabilities. Submitted by: Matthias Andree <matthias.andree@gmx.de>	2005-11-01 22:49:20 +00:00
Christian Weisgerber	043bec08e1	As Peter Jeremy points out, the recent lynx vulnerability also concerns lynx-ssl.	2005-11-01 21:39:24 +00:00
Sergey Matveychuk	ba5c859849	- Document skype vulnerabilities - Document PHP vulnerabilities - Convert first letters in titles from upcase to lowercase in my last additions.	2005-11-01 09:33:40 +00:00
Sergey Matveychuk	4b4f27f030	- Document CVE-2005-3258: Squid FTP Server Response Handling Denial of Service	2005-11-01 08:44:36 +00:00
Sergey Matveychuk	0cfd8b1054	- Document a BASE Basic Analysis and Security Engine vulnerability	2005-10-31 19:03:12 +00:00
Simon L. B. Nielsen	d25bb42000	Back out the accidentally committed white-space modification parts of rev. 1.869, but keep the lynx entry. Pointy hat to: naddy OK'ed by: naddy	2005-10-31 18:02:10 +00:00
Simon Barner	7eefc00039	Add entry for "fetchmail -- fetchmailconf local password exposure", which was fixed with fetchmail-6.2.5.2_1 and above.	2005-10-31 09:04:22 +00:00
Christian Weisgerber	9e143bac60	Document lynx remote buffer overflow in NNTP header handling.	2005-10-30 22:17:54 +00:00
Sergey Matveychuk	705fca86db	- Fix a ruby vulnerabuility in the safe level settings. Based on: ports/87816 Submitted by: Phil Oleson <oz@nixil.net> Security: http://vuxml.FreeBSD.org/1daea60a-4719-11da-b5c6-0004614cc33d.html	2005-10-27 19:40:25 +00:00
Simon L. B. Nielsen	c587ee6bfb	Add more references to entry net-snmp -- remote DoS vulnerability.	2005-10-26 19:53:24 +00:00
Simon L. B. Nielsen	d8b39dfd0d	- Mark linux-firefox 1.0.7 as fixed wrt. 8665ebb9-2237-11da-978e-0001020eed82 (Mozilla/firefox IDN buffer overflow) [1]. - Correct some of the the earlier linux-firefox entries to match versions before 1.0.7, not after (whoops)... Prodded by: Andrew P. <infofarmer@gmail.com> [1]	2005-10-26 10:00:17 +00:00
Dejan Lesjak	228b1fb072	Add misc/compat5x to "openssl -- potential SSL 2.0 rollback". Reviewed by: simon	2005-10-25 19:52:37 +00:00
Simon L. B. Nielsen	c7a517bf2d	Also mark xli as vulnerable to xloadimage -- buffer overflows in NIFF image title handling, and latest port version as fixed. Reported by: jkoshy	2005-10-23 17:10:48 +00:00
Simon L. B. Nielsen	530688ac0c	For entry libgadu -- multiple vulnerabilities: - Mark latest centericq port version as fixed. - Fix cite in description.	2005-10-23 16:50:42 +00:00
Simon L. B. Nielsen	31635d863b	For entry zope28 -- expose RestructuredText functionality to untrusted users: - Do not match zope 2.7.8 which has been fixed. [1] - Fix typo in topic. - Add another reference. Reported by: Gerhard Schmidt <estartu augusta de> [1]	2005-10-23 09:09:46 +00:00
Simon L. B. Nielsen	2289fae663	Add another reference to clamav -- arbitrary code execution and DoS vulnerabilities entry.	2005-10-22 13:41:20 +00:00
Christian Weisgerber	46df580663	Document x11/xloadimage buffer overflows in NIFF image title handling.	2005-10-20 13:52:35 +00:00
Jacques Vidrine	66bb2d5d4d	Rename all CAN-yyyy-nnnn to CVE-yyyy-nnnn, with the exception of text inside <blockquote>s. See <URL:http://www.cve.mitre.org/cve/renumber.html>.	2005-10-19 18:17:47 +00:00
Simon L. B. Nielsen	0fb395018e	For entry: snort -- Back Orifice preprocessor buffer overflow vulnerability: - Sort references. - Add ISS advisory to references.	2005-10-18 19:45:58 +00:00
Simon L. B. Nielsen	e9dcf64a76	- Document snort -- Back Orifice preprocessor buffer overflow vulnerability. - Use standard topic format for webcalendar entry. - Fix package name in webcalendar so it matches the actual package name.	2005-10-18 17:42:13 +00:00
Sergey Matveychuk	42f8e5df56	- Document www/webcalendar vulnerability.	2005-10-14 21:57:41 +00:00
Sergey Matveychuk	afc778e560	- Document www/gallery2 vulnerability.	2005-10-14 21:38:08 +00:00
Simon L. B. Nielsen	060b28a44c	Improve last couple of entries: - Use standard topic format. - Fix packagename in phpmyadmin and zone entries. - Fix indention and remove EOL white-space. - Make lead in a bit more verbose. - Add more references to phpmyadmin issue. - Remove some redundant quoted text in zope issue.	2005-10-12 22:53:00 +00:00
Marcus Alves Grando	50473025e1	Add entry for openssl Remove entry about safe mode in phpmyadmin	2005-10-12 14:51:14 +00:00
Marcus Alves Grando	2197a4f7d5	Add entry for phpmyadmin (PMASA-2005-4)	2005-10-12 00:24:38 +00:00
Marcus Alves Grando	0019741ea6	Fix typo with range values	2005-10-12 00:12:20 +00:00
Marcus Alves Grando	398ca09449	Add entry from zope28	2005-10-12 00:01:03 +00:00
Simon L. B. Nielsen	0fd61e032b	For libxine -- format string vulnerability entry: - Add reference to xine security announcement. - Fix indention on a few lines.	2005-10-09 21:03:07 +00:00
MANTANI Nobutaka	53462117ca	Add an entry for libxine format string vulnerability.	2005-10-09 16:14:41 +00:00
Simon L. B. Nielsen	e9669d49c2	Mark older revisions linux_base-suse 9.3 as vulnerable to kdebase -- Kate backup file permission leak.	2005-10-09 10:14:26 +00:00
Sergei Kolobov	eaca034440	- Mark cfengine's arbitrary file overwriting vulnerability as fixed in 2.1.6_1 - Add another possible variant of package name - cfengine2	2005-10-07 07:31:50 +00:00
Thierry Thomas	c2caa0f6a0	Add an entry for UW-IMAP Mailbox Name Handling Remote Buffer Overflow Vulnerability (CAN-2005-2933).	2005-10-05 17:44:06 +00:00
Emanuel Haupt	ec08f711e1	Add credit for recent ftp/weex incident Approved by: novel (mentor)	2005-10-05 15:55:08 +00:00
Renato Botelho	a1bb849ee3	rinetd >= 0.62_1 has no more vulnerabilities	2005-10-04 13:22:59 +00:00
Remko Lodder	2d1e7daa64	Add references to three squid entries. Submitted by: Thomas-Martin Seck <tmseck at netcologne dot de> (except for the bid's which i added myself).	2005-10-02 20:10:41 +00:00
Simon L. B. Nielsen	99a5d1fcad	Use the <freebsdpr> tag to markup a PR in weex -- remote format string vulnerability entry.	2005-10-02 17:46:23 +00:00
Jean-Yves Lefort	2d89b6b140	Document a format string vulnerability in ftp/weex.	2005-10-02 16:11:30 +00:00
Simon L. B. Nielsen	28d0fdcdbf	Document picasm -- buffer overflow vulnerability.	2005-10-02 07:45:28 +00:00
MANTANI Nobutaka	3be9e2b847	Add an URL to the entry of the japanese/uim.	2005-10-01 16:43:38 +00:00
MANTANI Nobutaka	48c0ea3617	Document japanese/uim privilege escalation vulnerability.	2005-10-01 16:35:20 +00:00
Simon L. B. Nielsen	1389eab081	Document cfengine -- arbitrary file overwriting vulnerability.	2005-10-01 15:21:56 +00:00
Remko Lodder	a68c8964d5	Mark zsync <= 0.4.1 vulnerable to the zlib buffer overflow vulnerability. Inspired by: gordon's commit	2005-10-01 10:17:19 +00:00
Simon L. B. Nielsen	df8805e636	Add more references to unace -- multiple vulnerabilities entry.	2005-10-01 08:40:57 +00:00
Simon L. B. Nielsen	2ab099b72e	Add CVE name to an older ProZilla entry.	2005-10-01 07:14:34 +00:00
Simon L. B. Nielsen	bd704294a4	Add more references for latest phpmyfaq entry.	2005-09-29 20:01:41 +00:00
Simon L. B. Nielsen	0daf44cec5	- Add a note that new entries, per convention, should be added to the start of this file. For latest phpmyfaq entry: - Use port directory name as first part of topic. - No need to include information about affected releases in topic (it's somewhat redundant and makes the title longer). - Reindent body with standard FreeBSD Doc Project (more or less) style.	2005-09-29 19:31:12 +00:00
Vsevolod Stakhov	2c558cfdfd	Document vulnerabilities in www/phpmyfaq	2005-09-28 22:54:43 +00:00
Remko Lodder	29187277a0	Add linux_base-suse-9.3 to the zlib entry. Inspired by: trevors commit.	2005-09-24 09:22:30 +00:00
Simon L. B. Nielsen	2548c814c4	Document clamav -- arbitrary code execution and DoS vulnerabilities.	2005-09-24 08:31:46 +00:00
Simon L. B. Nielsen	30b443303c	- Be consistent and call entries "firefox & mozilla", not the other way around. - Mark latest linux-mozilla port as fixed for recent mozilla vulnerabilities.	2005-09-23 21:44:15 +00:00
Simon L. B. Nielsen	5477df8a4d	- Document mozilla & firefox -- multiple vulnerabilities. - Add Mozilla Foundation Security Advisory references to two other firefox/mozilla entries.	2005-09-23 19:19:03 +00:00
Simon L. B. Nielsen	9caf96ed77	Add real references to urban -- stack overflow vulnerabilities.	2005-09-21 23:03:56 +00:00
Simon L. B. Nielsen	dd5c1f81f5	Document mozilla & firefox -- command line URL shell command injection.	2005-09-21 22:31:09 +00:00
Simon L. B. Nielsen	e348f65ac4	Add CVE name for tor -- diffie-hellman handshake flaw.	2005-09-21 21:59:31 +00:00
Simon L. B. Nielsen	ae68849b21	Correct package name for entry bind -- buffer overrun vulnerability.	2005-09-21 21:46:25 +00:00
Simon L. B. Nielsen	28c69d6d13	Add CVE name to an older CUPS issue.	2005-09-21 21:15:51 +00:00
Remko Lodder	7869900ab0	Fix the htdig entry, the port version and the VuXML version did not align. Reported by: Nic Bellamy <nic at bellamy dot co dot nz>	2005-09-19 16:12:06 +00:00
Remko Lodder	e16354e3c3	Fix the squirrelmail entry since only versions prior to 1.4.5 were affected. Bump modification date accordingly. Reported by: Avinash Piare <avinash at piare dot org>	2005-09-19 16:09:27 +00:00
Remko Lodder	2c4ab28551	Document the following items: o apache -- Certificate Revocation List (CRL) off-by-one vulnerability o squirrelmail -- _$POST variable handling allows for various attacks Reviewed by: simon	2005-09-17 19:08:42 +00:00
Pav Lucistnik	2e5accd757	- Add an entry on possible DOS condition regarding NTLM in squid PR: ports/86179 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>	2005-09-15 20:14:26 +00:00
Dejan Lesjak	bf24ec6453	Document X11 server -- pixmap allocation vulnerability. Reviewed by: simon	2005-09-14 22:22:49 +00:00
Remko Lodder	b4a8bdcba3	Document unzip -- permission race vulnerability. [1] Update the recent htdig entry with it's corrected version. Reviewed by: simon [1]	2005-09-13 20:18:44 +00:00

... 3 4 5 6 7 ...

1273 commits