Edwin Groothuis
f31e29e939
Update: security/osiris 4.0.6 -> 4.0.8
...
Updating the Osiris integrity checker to 4.0.8. From changelog:
FIXED:
: updated copyrights.
: cli stat of editor incorrect.
: utilities.c, escape filename bug in octal handling.
: fixed memory leak in regex file filter hs_regfree missing.
FEATURES:
: port of host.conf config keyword from the 4.1 branch.
PR: ports/76481
Submitted by: David Thiel <lx@redundancy.redundancy.org>
2005-01-19 23:09:50 +00:00
Josef El-Rayes
ff26f95ce8
Document security issue in irc/konversation.
...
Pointed out by: markus
2005-01-19 20:47:31 +00:00
James E. Housley
a86ce286af
Update to DAT 4420
2005-01-19 19:03:08 +00:00
Jacques Vidrine
924065316b
Correct several instances where the "msgid" attribute content had an
...
extraneous trailing greater-than character ">", e.g.
<mlist msgid="some-message@id>">some-url</mlist>
These were probably the result of off-by-one errors during
cut-and-paste.
2005-01-19 16:39:29 +00:00
Jacques Vidrine
6a7487d98c
Eliminate character entity references. They are technically fine of
...
course, but I prefer to use the UTF-8 character directly: it makes
grep'ing and the like easier.
2005-01-19 16:19:14 +00:00
Jacques Vidrine
82f5dbf866
Update entries with 12 new CVE name references.
2005-01-19 14:13:08 +00:00
Edwin Groothuis
85e001db7c
Fix date (was YYYY-MM-DD, now 2005-01-19)
...
Thanks for Chimera@#bsdports
2005-01-19 11:52:27 +00:00
Edwin Groothuis
b7487cecbb
squid -- no sanity check of usernames in squid_ldap_auth
...
(My first attempt to update this thing. Hope all goes fine!)
PR: ports/76364
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>
2005-01-19 11:05:02 +00:00
Jacques Vidrine
6be5377970
Add CONFLICTS due to libexec/ftpd.
...
PR: ports/76235
Approved by: ache, sumikawa (maintainers for wu-ftpd*)
2005-01-18 20:55:05 +00:00
Simon L. B. Nielsen
a8bfb30c11
Document remote DoS in CUPS.
...
Heads-ups by: Hilko Meyer <hilko.meyer@gmx.de>
Description by: nectar
2005-01-18 20:25:52 +00:00
Jacques Vidrine
8f0e289b8b
During last year's bumpercrop of vulnerabilities in libtiff, a 2004 CVE
...
name was assigned to what was actually a much older (circa March 2002)
denial-of-service issue. Document it, since occassionally the CVE name
crops up and then I wonder why we missed it.
2005-01-18 17:47:15 +00:00
Jacques Vidrine
d0c1fddd87
Document exploitable vulnerabilities in zgv and xzgv.
2005-01-18 17:23:23 +00:00
Jacques Vidrine
410c998edc
Document bug in Mozilla-based software that may leave downloaded files
...
or attachments world-readable.
2005-01-18 16:59:56 +00:00
Bruce M Simpson
1d195d2edf
Fix plist, unmark broken.
2005-01-18 16:20:05 +00:00
Simon L. B. Nielsen
bb8192991e
Add more references to exim entry.
2005-01-18 16:02:38 +00:00
Jacques Vidrine
31c0747eb2
pdflib contains libtiff, and thus is affected by several vulnerabilities
...
that affected libtiff.
2005-01-18 15:23:49 +00:00
Simon L. B. Nielsen
e26b4b8713
Document remote command execution vulnerability in awstats.
2005-01-18 12:29:58 +00:00
Simon L. B. Nielsen
534539b497
Document security vulnerability in ImageMagick.
2005-01-18 01:02:45 +00:00
Brooks Davis
500e4184ff
Update to a new version of the none ciper patch. The previous version
...
mistakenly allowed ssh to switch to the none ciper for interactive
sessions which could pose a security risk. The new version corrects
this. This code was only enabled when WANT_NONE_CIPHER was set in the
make environment. Bump portrevision in this case.
2005-01-17 19:12:43 +00:00
Simon L. B. Nielsen
44af68883a
Update "cups-base -- HPGL buffer overflow vulnerability" entry to
...
reflect the fix in the latest port version.
2005-01-17 17:44:12 +00:00
Jacques Vidrine
ee01ad1757
Spelling corrections.
2005-01-17 17:20:57 +00:00
Jacques Vidrine
1affd53e40
Regarding CUPS lppasswd entry: Add the CVE names for each issue inline
...
with the excerpt from Bernstein's message. Note that the third issue
does not effect users of FreeBSD 4.6 or later.
2005-01-17 13:42:10 +00:00
Volker Stolz
f2f6e04584
Update to 2.0.5
...
PRs: ports/76295, ports/76296
Submitted by: maintainer
2005-01-17 13:10:31 +00:00
Simon L. B. Nielsen
e5f3dcd988
Document two vulnerabilities in CUPS.
...
Heads up by: Hilko Meyer <hilko.meyer@gmx.de>
2005-01-16 23:15:54 +00:00
Simon L. B. Nielsen
358108a09d
Document mysqlaccess insecure temporary file creation.
2005-01-16 20:46:56 +00:00
Simon L. B. Nielsen
480696d0aa
Document buffer overflow vulnerability in unrtf.
2005-01-16 18:47:48 +00:00
Simon L. B. Nielsen
1f5a4a6873
Correct recent squid entry: WCCP is in fact enabled by default.
...
Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (squid maintainer)
2005-01-16 17:18:52 +00:00
Adam Weinberger
64c8363c8f
Remove leftover directory.
...
PORTREVISION bump.
2005-01-16 04:27:22 +00:00
Adam Weinberger
9228b95a5d
Use a vendor-provided method for preventing gnomesu-pam installation.
2005-01-16 04:14:24 +00:00
Kirill Ponomarev
6d05e7c2be
Fix plist.
2005-01-15 08:33:34 +00:00
Joe Marcus Clarke
dfc758a497
Adjust the CONFLICTS to appease portlint.
2005-01-14 21:58:03 +00:00
Adam Weinberger
a2b7ea043b
Instruct 4.x users to append the sample gnomesu-pam to /etc/pam.conf,
...
not put it into /etc/pam.d.
2005-01-14 19:57:27 +00:00
Adam Weinberger
d345e22d12
Extra super OMFG-I'd-be-screwed-without-you thanks to marcus for the
...
sleuthing here.
- Stop libgnomesu from causing 4.x machines to catch fire and break
all your dishes.
- Don't install stuff into /etc/pam.d by default.
- Install example "gnomesu-pam"s, and include a pkg-message explaining
what to do with them (HINT: copy the appropriate one into /etc/pam.d
and name it gnomesu-pam).
- Fix a double-free.
With these fixes, the gnomeu binary in libgnomesu provides a much more
comprehensive GNOME su frontend, and the Great Red Eye of Adamwdor is
now turned towards sysutils/gnomesu.
2005-01-14 19:25:56 +00:00
Bruce M Simpson
3074e4d23e
Update to 0.9.4.
2005-01-14 15:08:23 +00:00
Niels Heinen
c3129ccd66
Fixed build error that occurs when libsavi is installed and added
...
ONLY_FOR_ARCHS since this port is for i386 only (reported by Kris)
Approved by: nectar (mentor), maintainer
2005-01-14 14:04:38 +00:00
Bruce M Simpson
7d44797014
Fix package.
2005-01-14 13:05:30 +00:00
Volker Stolz
d39ff399eb
- Update to 0.2.9
...
- mark non-working on sparc64 architecture
- nuke plist while here
PR: ports/76037
Submittd by: maintainer
2005-01-14 08:27:28 +00:00
Joe Marcus Clarke
b03bcc8e62
With my portmgr hat on, mark this port IGNORE on 4.X as it will corrupt
...
your PAM configuration, and cause subsequent logins to fail. The
maintainer has been notified.
2005-01-14 08:13:57 +00:00
Adam Weinberger
12f26b1c73
Fix build on >4.x.
2005-01-14 05:01:25 +00:00
Adam Weinberger
5b72979390
Author rerolled distfile with an updated NEWS entry.
2005-01-14 03:27:08 +00:00
Niels Heinen
f94cafadeb
Upgrade to version 1.2.3 which contains a fix for the reported
...
format string issue.
Approved by: nectar (mentor)
2005-01-13 21:31:40 +00:00
Jacques Vidrine
e8c46b8370
For mod_access_referer issue:
...
- Correct spelling.
- `null' in `null pointer' should not be all caps
- Correct the secunia.com URL (it did not identify this particular bug)
2005-01-13 21:22:47 +00:00
Jacques Vidrine
1f1cc5eb48
Add references to Konqueror password disclosure bug: CVE name, CERT
...
Vulnerability Note, and KDE security advisory.
2005-01-13 21:13:51 +00:00
Pav Lucistnik
f1986a8d20
- Update to 1.0
...
PR: ports/76185
Submitted by: Wesley Shields <wxs@csh.rit.edu>
Approved by: Jonatan B <onatan@gmail.com> (maintained)
2005-01-13 20:54:12 +00:00
Jacques Vidrine
28e2f0f2d8
Update phpBB command execution entry references:
...
- Convert some <url>s into the appropriate <certvu> and <uscertta>
elements.
- Add CVE name
- Add a couple of mailing list posts
2005-01-13 20:52:52 +00:00
Jacques Vidrine
cfb20a0551
For the latest three Squid issues, add references to the Squid bug
...
tracking database. Also, rework the description of the empty ACL issue.
2005-01-13 20:42:56 +00:00
Jacques Vidrine
9432a91978
Add a better reference and description of the jabberd vulnerability.
2005-01-13 20:26:03 +00:00
Jacques Vidrine
6da0681826
Oops, add missing closing tag for Bugtraq ID which I recently added.
2005-01-13 20:04:06 +00:00
Jacques Vidrine
38b49a0040
Add CVE name for up-imapproxy issue.
2005-01-13 20:02:26 +00:00
Jacques Vidrine
519a1717d6
Add CVE names to greed buffer overflows issue. Re-indent <references>
...
children.
2005-01-13 19:53:32 +00:00