Commit graph

6468 commits

Author SHA1 Message Date
Edwin Groothuis
f31e29e939 Update: security/osiris 4.0.6 -> 4.0.8
Updating the Osiris integrity checker to 4.0.8. From changelog:

	FIXED:

	: updated copyrights.
	: cli stat of editor incorrect.
	: utilities.c, escape filename bug in octal handling.
	: fixed memory leak in regex file filter hs_regfree missing.

	FEATURES:

	: port of host.conf config keyword from the 4.1 branch.

PR:		ports/76481
Submitted by:	David Thiel <lx@redundancy.redundancy.org>
2005-01-19 23:09:50 +00:00
Josef El-Rayes
ff26f95ce8 Document security issue in irc/konversation.
Pointed out by:	markus
2005-01-19 20:47:31 +00:00
James E. Housley
a86ce286af Update to DAT 4420 2005-01-19 19:03:08 +00:00
Jacques Vidrine
924065316b Correct several instances where the "msgid" attribute content had an
extraneous trailing greater-than character ">", e.g.

   <mlist msgid="some-message@id>">some-url</mlist>

These were probably the result of off-by-one errors during
cut-and-paste.
2005-01-19 16:39:29 +00:00
Jacques Vidrine
6a7487d98c Eliminate character entity references. They are technically fine of
course, but I prefer to use the UTF-8 character directly: it makes
grep'ing and the like easier.
2005-01-19 16:19:14 +00:00
Jacques Vidrine
82f5dbf866 Update entries with 12 new CVE name references. 2005-01-19 14:13:08 +00:00
Edwin Groothuis
85e001db7c Fix date (was YYYY-MM-DD, now 2005-01-19)
Thanks for Chimera@#bsdports
2005-01-19 11:52:27 +00:00
Edwin Groothuis
b7487cecbb squid -- no sanity check of usernames in squid_ldap_auth
(My first attempt to update this thing. Hope all goes fine!)

PR:		ports/76364
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de>
2005-01-19 11:05:02 +00:00
Jacques Vidrine
6be5377970 Add CONFLICTS due to libexec/ftpd.
PR:		ports/76235
Approved by:	ache, sumikawa (maintainers for wu-ftpd*)
2005-01-18 20:55:05 +00:00
Simon L. B. Nielsen
a8bfb30c11 Document remote DoS in CUPS.
Heads-ups by:	Hilko Meyer <hilko.meyer@gmx.de>
Description by:	nectar
2005-01-18 20:25:52 +00:00
Jacques Vidrine
8f0e289b8b During last year's bumpercrop of vulnerabilities in libtiff, a 2004 CVE
name was assigned to what was actually a much older (circa March 2002)
denial-of-service issue.  Document it, since occassionally the CVE name
crops up and then I wonder why we missed it.
2005-01-18 17:47:15 +00:00
Jacques Vidrine
d0c1fddd87 Document exploitable vulnerabilities in zgv and xzgv. 2005-01-18 17:23:23 +00:00
Jacques Vidrine
410c998edc Document bug in Mozilla-based software that may leave downloaded files
or attachments world-readable.
2005-01-18 16:59:56 +00:00
Bruce M Simpson
1d195d2edf Fix plist, unmark broken. 2005-01-18 16:20:05 +00:00
Simon L. B. Nielsen
bb8192991e Add more references to exim entry. 2005-01-18 16:02:38 +00:00
Jacques Vidrine
31c0747eb2 pdflib contains libtiff, and thus is affected by several vulnerabilities
that affected libtiff.
2005-01-18 15:23:49 +00:00
Simon L. B. Nielsen
e26b4b8713 Document remote command execution vulnerability in awstats. 2005-01-18 12:29:58 +00:00
Simon L. B. Nielsen
534539b497 Document security vulnerability in ImageMagick. 2005-01-18 01:02:45 +00:00
Brooks Davis
500e4184ff Update to a new version of the none ciper patch. The previous version
mistakenly allowed ssh to switch to the none ciper for interactive
sessions which could pose a security risk.  The new version corrects
this.  This code was only enabled when WANT_NONE_CIPHER was set in the
make environment.  Bump portrevision in this case.
2005-01-17 19:12:43 +00:00
Simon L. B. Nielsen
44af68883a Update "cups-base -- HPGL buffer overflow vulnerability" entry to
reflect the fix in the latest port version.
2005-01-17 17:44:12 +00:00
Jacques Vidrine
ee01ad1757 Spelling corrections. 2005-01-17 17:20:57 +00:00
Jacques Vidrine
1affd53e40 Regarding CUPS lppasswd entry: Add the CVE names for each issue inline
with the excerpt from Bernstein's message.  Note that the third issue
does not effect users of FreeBSD 4.6 or later.
2005-01-17 13:42:10 +00:00
Volker Stolz
f2f6e04584 Update to 2.0.5
PRs:		ports/76295, ports/76296
Submitted by:	maintainer
2005-01-17 13:10:31 +00:00
Simon L. B. Nielsen
e5f3dcd988 Document two vulnerabilities in CUPS.
Heads up by:	Hilko Meyer <hilko.meyer@gmx.de>
2005-01-16 23:15:54 +00:00
Simon L. B. Nielsen
358108a09d Document mysqlaccess insecure temporary file creation. 2005-01-16 20:46:56 +00:00
Simon L. B. Nielsen
480696d0aa Document buffer overflow vulnerability in unrtf. 2005-01-16 18:47:48 +00:00
Simon L. B. Nielsen
1f5a4a6873 Correct recent squid entry: WCCP is in fact enabled by default.
Submitted by:	Thomas-Martin Seck <tmseck@netcologne.de> (squid maintainer)
2005-01-16 17:18:52 +00:00
Adam Weinberger
64c8363c8f Remove leftover directory.
PORTREVISION bump.
2005-01-16 04:27:22 +00:00
Adam Weinberger
9228b95a5d Use a vendor-provided method for preventing gnomesu-pam installation. 2005-01-16 04:14:24 +00:00
Kirill Ponomarev
6d05e7c2be Fix plist. 2005-01-15 08:33:34 +00:00
Joe Marcus Clarke
dfc758a497 Adjust the CONFLICTS to appease portlint. 2005-01-14 21:58:03 +00:00
Adam Weinberger
a2b7ea043b Instruct 4.x users to append the sample gnomesu-pam to /etc/pam.conf,
not put it into /etc/pam.d.
2005-01-14 19:57:27 +00:00
Adam Weinberger
d345e22d12 Extra super OMFG-I'd-be-screwed-without-you thanks to marcus for the
sleuthing here.

- Stop libgnomesu from causing 4.x machines to catch fire and break
  all your dishes.

- Don't install stuff into /etc/pam.d by default.

- Install example "gnomesu-pam"s, and include a pkg-message explaining
  what to do with them (HINT: copy the appropriate one into /etc/pam.d
  and name it gnomesu-pam).

- Fix a double-free.

With these fixes, the gnomeu binary in libgnomesu provides a much more
comprehensive GNOME su frontend, and the Great Red Eye of Adamwdor is
now turned towards sysutils/gnomesu.
2005-01-14 19:25:56 +00:00
Bruce M Simpson
3074e4d23e Update to 0.9.4. 2005-01-14 15:08:23 +00:00
Niels Heinen
c3129ccd66 Fixed build error that occurs when libsavi is installed and added
ONLY_FOR_ARCHS since this port is for i386 only (reported by Kris)

Approved by:	nectar (mentor), maintainer
2005-01-14 14:04:38 +00:00
Bruce M Simpson
7d44797014 Fix package. 2005-01-14 13:05:30 +00:00
Volker Stolz
d39ff399eb - Update to 0.2.9
- mark non-working on sparc64 architecture
- nuke plist while here

PR:		ports/76037
Submittd by:	maintainer
2005-01-14 08:27:28 +00:00
Joe Marcus Clarke
b03bcc8e62 With my portmgr hat on, mark this port IGNORE on 4.X as it will corrupt
your PAM configuration, and cause subsequent logins to fail.  The
maintainer has been notified.
2005-01-14 08:13:57 +00:00
Adam Weinberger
12f26b1c73 Fix build on >4.x. 2005-01-14 05:01:25 +00:00
Adam Weinberger
5b72979390 Author rerolled distfile with an updated NEWS entry. 2005-01-14 03:27:08 +00:00
Niels Heinen
f94cafadeb Upgrade to version 1.2.3 which contains a fix for the reported
format string issue.

Approved by:	nectar (mentor)
2005-01-13 21:31:40 +00:00
Jacques Vidrine
e8c46b8370 For mod_access_referer issue:
- Correct spelling.
- `null' in `null pointer' should not be all caps
- Correct the secunia.com URL (it did not identify this particular bug)
2005-01-13 21:22:47 +00:00
Jacques Vidrine
1f1cc5eb48 Add references to Konqueror password disclosure bug: CVE name, CERT
Vulnerability Note, and KDE security advisory.
2005-01-13 21:13:51 +00:00
Pav Lucistnik
f1986a8d20 - Update to 1.0
PR:		ports/76185
Submitted by:	Wesley Shields <wxs@csh.rit.edu>
Approved by:	Jonatan B <onatan@gmail.com> (maintained)
2005-01-13 20:54:12 +00:00
Jacques Vidrine
28e2f0f2d8 Update phpBB command execution entry references:
- Convert some <url>s into the appropriate <certvu> and <uscertta>
  elements.
- Add CVE name
- Add a couple of mailing list posts
2005-01-13 20:52:52 +00:00
Jacques Vidrine
cfb20a0551 For the latest three Squid issues, add references to the Squid bug
tracking database.  Also, rework the description of the empty ACL issue.
2005-01-13 20:42:56 +00:00
Jacques Vidrine
9432a91978 Add a better reference and description of the jabberd vulnerability. 2005-01-13 20:26:03 +00:00
Jacques Vidrine
6da0681826 Oops, add missing closing tag for Bugtraq ID which I recently added. 2005-01-13 20:04:06 +00:00
Jacques Vidrine
38b49a0040 Add CVE name for up-imapproxy issue. 2005-01-13 20:02:26 +00:00
Jacques Vidrine
519a1717d6 Add CVE names to greed buffer overflows issue. Re-indent <references>
children.
2005-01-13 19:53:32 +00:00