Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_5 09 Aug 2021 20:15:04 |
Cy Schubert (cy) |
security/vuxml: Document x11/cde local privilege escalation
Security: CVE-2020-2696, VU#308289 |
1.1_5 05 Aug 2021 23:00:59 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerability |
1.1_5 04 Aug 2021 08:29:40 |
Matthias Fechner (mfechner) |
security/vuxml: Security vulnerabilities for gitlab-ce |
1.1_5 04 Aug 2021 08:10:56 |
Bernard Spil (brnrd) |
security/vuxml: Mark MariaDB vulnerable |
1.1_5 03 Aug 2021 18:22:00 |
Li-Wen Hsu (lwhsu) Author: Thomas Morper |
security/vuxml: Add net-im/prosody CVE-2021-37601
PR: 257597 |
1.1_5 03 Aug 2021 18:19:14 |
Matthias Andree (mandree) |
security/vuxml: update fetchmail CVE-2021-36386 vuln
this vuln was a reintroduction of CVE-2008-2711 which got fixed in
fetchmail 6.3.9, when 6.3.17 refactored code.
- restrict range (>= 6.3.9 < 6.3.17 unaffected)
- add reference to old CVE-2008-2711
URL: https://www.fetchmail.info/fetchmail-SA-2021-01.txt
Security: cbfd1874-efea-11eb-8fe9-036bd763ff35
Security: CVE-2021-36386
Security: CVE-2008-2711 |
1.1_5 03 Aug 2021 17:17:22 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 92.0.4515.131
Obtained
from: https://chromereleases.googleblog.com/search/label/Stable%20updates |
1.1_5 02 Aug 2021 09:52:36 |
Dave Cottlehuber (dch) |
security/vuxml: document net/rabbitmq CVE-2021-22116
https://tanzu.vmware.com/security/cve-2021-22116 |
1.1_5 01 Aug 2021 21:57:10 |
Kevin Bowling (kbowling) |
security/vuxml: document tomcat CVE-2021-33037
PR: 257153 |
1.1_5 01 Aug 2021 21:52:40 |
Kevin Bowling (kbowling) |
security/vuxml: document tomcat CVE-2021-30640
PR: 257153 |
1.1_5 01 Aug 2021 21:42:39 |
Kevin Bowling (kbowling) |
security/vuxml: correct tomcat package name/versions
PR: 257153
Fixes: 9462edd84baf |
1.1_5 01 Aug 2021 21:35:55 |
Kevin Bowling (kbowling) |
security/vuxml: document tomcat CVE-2021-30639
PR: 257153 |
1.1_5 28 Jul 2021 21:36:56 |
Matthias Andree (mandree) |
security/vuxml: add fetchmail < 6.4.20 vuln
Security: cbfd1874-efea-11eb-8fe9-036bd763ff35
Security: CVE-2021-36386 |
1.1_5 27 Jul 2021 10:24:10 |
Li-Wen Hsu (lwhsu) Author: Yasuhiro Kimura |
security/vuxml: Document integer overflow vulnerability in redis
PR: 257325 |
1.1_5 27 Jul 2021 09:00:51 |
Li-Wen Hsu (lwhsu) Author: rob2g2 |
security/vuxml: Document dns/powerdns CVE-2021-36754
PR: 257435 |
1.1_5 24 Jul 2021 16:59:42 |
Craig Leres (leres) |
security/vuxml: Mark mosquitto >= 2.0.0, < 2.0.10 vulnerable as per:
https://github.com/eclipse/mosquitto/blob/d5ecd9f5aa98d42e7549eea09a71a23eef241f31/ChangeLog.txt
- If an authenticated client connected with MQTT v5 sent a malformed
CONNACK message to the broker a NULL pointer dereference occurred,
most likely resulting in a segfault.
PR: 255229
Reported by: Daniel Engberg |
1.1_5 23 Jul 2021 23:14:14 |
Guido Falsi (madpilot) |
security/vuxml: Document new pjsip vulnerability |
1.1_5 23 Jul 2021 21:21:10 |
Guido Falsi (madpilot) |
security/vuxml: Document new asterisk vulnerabilities |
1.1_5 21 Jul 2021 14:10:34 |
Rene Ladan (rene) |
security/vuxml: document Chromium < 92.0.4515.107 |
1.1_5 21 Jul 2021 13:40:45 |
Rene Ladan (rene) |
security/vuxml: fix `make validate' |
1.1_5 21 Jul 2021 10:31:00 |
Bernard Spil (brnrd) |
security/vuxml: Document cURL 7.77.0 vulnerabilities |
1.1_5 20 Jul 2021 08:55:32 |
Bernard Spil (brnrd) |
security/vuxml: Document MySQL vulnerabilities Jul2021 |
1.1_5 18 Jul 2021 21:27:11 |
Guangyuan Yang (ygy) Author: stb |
security/vuxml: Document vulnerabilities in www/gitea
PR: 257221
Approved by: lwhsu (mentor) |
1.1_5 18 Jul 2021 17:54:30 |
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Fix make validate after 069e58611c7933431ec82b0b9c119677e8d6cc21
Reported by: lwhsu
Approved by: delphij (ports-secteam) |
1.1_5 16 Jul 2021 20:31:59 |
Rene Ladan (rene) |
security/vuxml: document chromium < 91.0.4472.164
Obtained
from: https://chromereleases.googleblog.com/2021/07/stable-channel-update-for-desktop.html |
1.1_5 14 Jul 2021 17:26:34 |
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Document ruby vulnerability |
1.1_5 14 Jul 2021 16:10:51 |
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Fix make test
- Respect VUXML_FILE and VUXML_FLAT_FILE [1]
It allows run "make test" on read-only media (e.g. poudriere jail)
- Copy all vuln XML file to the test directory [2]
Since vuln.xml has been split into multiple XML files, all of them must be
copied to the test directory.
Without [1], the error message is as follows:
===> Testing for vuxml-1.1_5
xmllint -noent vuln.xml > vuln-flat.xml
/bin/sh: cannot create vuln-flat.xml: Read-only file system
*** Error code 2
Stop.
Without [2], the error message is as follows: (Only the first 15 lines of the commit message are shown above ) |
1.1_5 13 Jul 2021 12:01:52 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerability |
1.1_5 10 Jul 2021 12:51:01 |
Thomas Zander (riggs) |
security/vuxml: Document vulnerabilities in databases/mantis
PR: 257068
Reported by: Zoltan ALEXANDERSON BESSE <zab@zltech.eu> |
1.1_5 08 Jul 2021 06:49:57 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerability |
1.1_5 04 Jul 2021 20:55:52 |
Tobias C. Berner (tcberner) Author: Daniel Engberg |
security/vuxml: document vulnerabilities in graphics/exiv2
PR: 256803 |
1.1_5 03 Jul 2021 05:01:44 |
Matthias Andree (mandree) |
security/vuxml: document openexr < 3.0.5 vulns
Security: f2596f27-db4c-11eb-8bc6-c556d71493c9 |
1.1_5 02 Jul 2021 07:34:26 |
Matthias Fechner (mfechner) |
security/vuxml: Documented gitlab vulnerabilities. |
1.1_5 01 Jul 2021 07:30:09 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Let vuln-flat.xml depend on all vuln xml files
So it can get rebuilt when any of vuln xml file changed.
Approved by: ports-secteam (fluffy, implicitly) |
1.1_5 01 Jul 2021 07:28:36 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2021-06-30
Sponsored by: The FreeBSD Foundation |
1.1_5 30 Jun 2021 15:39:09 |
Juraj Lutter (otis) |
security/vuxml: Fix dovecot entry
Fix stray ">" character in a CVE URL. |
1.1_5 28 Jun 2021 15:01:36 |
Dave Cottlehuber (dch) |
security/vuxml: Add net/rabbitmq CVE-2021-22116 DoS vuln
Security: CVE-2021-22116
Sponsored by: SkunkWerks, GmbH |
1.1_5 28 Jun 2021 15:01:36 |
Dave Cottlehuber (dch) |
security/vuxml: Pet rabbitmq-c entry
make clean validate failed after rebased commit
fix package name error and indentation issues |
1.1_5 28 Jun 2021 15:01:36 |
Dave Cottlehuber (dch) |
security/vuxml: Pet puppetdb entry
make clean validate reports a missing stanza |
1.1_5 25 Jun 2021 20:46:55 |
Dave Cottlehuber (dch) |
security/vuxml: add entry for net/rabbitmq-c
Sponsored by: SkunkWerks, GmbH
Security: CVE-2019-18609
Differential Revision: https://reviews.freebsd.org/D30906 |
1.1_5 25 Jun 2021 20:03:01 |
Romain Tartière (romain) |
security/vuxml: Document CVE-2021-27021 |
1.1_5 25 Jun 2021 17:13:18 |
Mateusz Piotrowski (0mp) |
security/vuxml: Add another package for CVE-2021-3583
Also, fix a copy-paste error. py*-ansible-base are listed twice. The
second entry should list py*-ansible instead. |
1.1_5 25 Jun 2021 14:27:15 |
Mateusz Piotrowski (0mp) |
security/vuxml: Update Ansible's CVE-2021-3583
It turns out that it affects not only ansible-core, but also some other
ports. |
1.1_5 24 Jun 2021 18:50:15 |
Juraj Lutter (otis) |
security/vuxml: Fix mail/dovecot-pigeonhole vulnerable versions
Correct mail/dovecot-pigeonhole vulnerable versions to proper value. |
1.1_5 24 Jun 2021 10:30:56 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix CVS name for vid e4cd0b38-c9f9-11eb-87e1-08002750c711
This should fix vuxml.org build.
PR: 256789 |
1.1_5 24 Jun 2021 10:03:43 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Update the doc link and the comment of where to add new entry
Approved by: ports-secteam (implicitly) |
1.1_5 24 Jun 2021 09:59:09 |
Mateusz Piotrowski (0mp) |
security/vuxml: Document sysutils/py-ansible-core vulnerability
Security: CVE-2021-3583 |
1.1_5 23 Jun 2021 18:21:56 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix `make validate` to use the latest vuxml file
This is a follow up for 6954792fe916862afd25cf6ce961bd7062dfb21f
Approved by: ports-secteam (fluffy) |
1.1_5 23 Jun 2021 14:34:34 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Create 2021 entity
Let's create a new entity in the beginning of each year and append to it,
instead of massive copying in the end of each year. |
1.1_5 23 Jun 2021 10:00:10 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Fix version range of www/py-aiohttp
This also marks 3.7.4.p0 as fixed.
PR: 256219 |
1.1_5 22 Jun 2021 16:14:41 |
Juraj Lutter (otis) |
security/vuxml: Document mail/dovecot-pigeonhole vulnerability |
1.1_5 22 Jun 2021 16:14:41 |
Juraj Lutter (otis) |
security/vuxml: Document mail/dovecot vulnerabilities |
1.1_5 21 Jun 2021 20:34:11 |
Brad Davis (brd) |
security/vuxml: Fix range for www/nginx CVE-2021-23017
Reviewed by: garga
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_5 21 Jun 2021 16:20:13 |
Danilo G. Baio (dbaio) |
security/vuxml: Fix 'make validate'
While here, remove hyperlinks to simplify, they can be accessed through
the report's url. |
1.1_5 20 Jun 2021 01:31:15 |
Adam Weinberger (adamw) |
security/vuxml: Add entry for gitea < 1.14.3
PR: 256720 |
1.1_5 18 Jun 2021 11:01:23 |
Rene Ladan (rene) |
security/vuxml: Add www/chromium < 91.0.4472.114
Obtained
from: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html |
1.1_5 15 Jun 2021 15:48:20 |
Kevin Bowling (kbowling) |
security/vuxml: Document CVE-2021-29376 for irc/ircII
PR: 255492
Reported by: Andrew Gierth <andrew@tao11.riddles.org.uk> |
1.1_5 14 Jun 2021 07:15:01 |
Bernard Spil (brnrd) |
security/vuxml: Document Apache httpd vulns |
1.1_5 11 Jun 2021 10:50:26 |
Dmitry Marakasov (amdmi3) |
security/vuxml: document CVE-2021-33564 for rubygem-dragonfly |
1.1_5 10 Jun 2021 14:37:05 |
Rodrigo Osorio (rodrigo) |
security/vuxml: Document CVE-2020-35701 for net-mgmt/cacti |
1.1_5 10 Jun 2021 11:37:46 |
Rene Ladan (rene) |
security/vuxml: add Chromium < 91.0.4472.101
Obtained
from: https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html |
1.1_5 08 Jun 2021 19:30:08 |
Ashish SHUKLA (ashish) |
security/vuxml: Document CVE-2021-33896 in net-im/dino port |
1.1_5 06 Jun 2021 20:48:56 |
Matthew Seaman (matthew) |
security/vuxml: Document CVE-2021-3515 for databases/pglogical
A shell injection flaw was found in pglogical in versions before 2.3.4
and before 3.6.26. An attacker with CREATEDB privileges on a
PostgreSQL server can craft a database name that allows execution of
shell commands as the postgresql user when calling
pglogical.create_subscription(). |
1.1_5 06 Jun 2021 08:48:40 |
Kurt Jaeger (pi) Author: Simon Wright |
security/vuxml: add www/drupal7 CVE |
1.1_5 04 Jun 2021 18:29:52 |
Tobias C. Berner (tcberner) |
security/vuxml: document vulnerability in sysutils/polkit
Cedric Buissart reports:
The function `polkit_system_bus_name_get_creds_sync` is used to get the
uid and pid of the process requesting the action. It does this by
sending the unique bus name of the requesting process, which is
typically something like ":1.96", to `dbus-daemon`. These unique names
are assigned and managed by `dbus-daemon` and cannot be forged, so this
is a good way to check the privileges of the requesting process.
The vulnerability happens when the requesting process disconnects from
`dbus-daemon` just before the call to
`polkit_system_bus_name_get_creds_sync` starts. In this scenario, the
unique bus name is no longer valid, so `dbus-daemon` sends back an error (Only the first 15 lines of the commit message are shown above ) |
1.1_5 04 Jun 2021 09:59:47 |
Thomas Zander (riggs) |
security/vuxml: Document CVE-2021-33054 for www/sogo*.
PR: 256374
Reported by: rob2g2 <spam123@bitbert.com> |
1.1_5 04 Jun 2021 09:38:47 |
Fernando ApesteguÃa (fernape) |
security/vuxml: Add CVE-2020-8492 for lang/tauthon
PR: 256387
Reported by: olivier.freebsd@free.fr |
1.1_5 04 Jun 2021 09:32:50 |
Thomas Zander (riggs) |
security/vuxml: Document CVE-2021-28091 for security/lasso.
PR: 256373
Reported by: spam123@bitbert.com |
1.1_5 03 Jun 2021 23:17:28 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document lang/go vulnerabilities |
1.1_5 03 Jun 2021 11:26:09 |
Dmitry Marakasov (amdmi3) |
security/vuxml: document aiohttp CVE-2021-21330 |
1.1_5 02 Jun 2021 23:53:02 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 4.0.2 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v4.0.2
- Fix potential Undefined Behavior in decode_netbios_name() and
decode_netbios_name_type() BIFs. The latter has a possibility
of a remote heap-buffer-overread, making this a potential DoS
vulnerability.
- Add some extra length checking when parsing mobile ipv6 packets.
Due to the possibility of reading invalid headers from remote
sources, this is a potential DoS vulnerability. |
1.1_5 02 Jun 2021 18:41:43 |
Dmitry Marakasov (amdmi3) |
security/vuxml: add entry for PyYAML CVE-2020-14343
PR: 256220 |
1.1_5 02 Jun 2021 13:48:26 |
Ryan Steinmetz (zi) |
security/vuxml: Fix overly large entry that violates 'make validate' |
1.1_5 02 Jun 2021 13:48:26 |
Ryan Steinmetz (zi) |
security/vuxml: Document isc-dhcp44-* vulnerability
PR: 256377 |
1.1_5 01 Jun 2021 22:37:21 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities. |
1.1_5 01 Jun 2021 16:59:21 |
Jung-uk Kim (jkim) |
security/vuxml: Correct CVE entry for the x11/libX11 vulnerability |
1.1_5 01 Jun 2021 15:35:26 |
Sergey A. Osokin (osa) |
security/vuxml: document vulnerability in databases/redis
Security: CVE-2021-32625 |
1.1_5 01 Jun 2021 15:13:05 |
Jung-uk Kim (jkim) |
security/vuxml: Document vulnerability in x11/libX11
PR: 256034
Security: CVE-2021-31535 |
1.1_5 01 Jun 2021 03:02:51 |
Guangyuan Yang (ygy) Author: David O'Rourke |
security/vuxml: Document vulnerability in net-mgmt/prometheus2
PR: 255976
Security: CVE-2021-29622
Approved by: lwhsu (mentor) |
1.1_5 31 May 2021 20:55:37 |
Adriaan de Groot (adridg) |
security/vuxml: Document graphics/wayland <= 1.19.0 |
1.1_5 27 May 2021 05:17:36 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:12.libradius |
1.1_5 27 May 2021 05:17:36 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-21:11.smap |
1.1_5 26 May 2021 10:17:39 |
Rene Ladan (rene) |
vuln.xml: Document chromium < 91.0.4472.77
Obtained
from: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html |
1.1_5 26 May 2021 00:33:57 |
Danilo G. Baio (dbaio) |
security/vuxml: Document net/libzmq4 issues
PR: 255102
Reported by: Thomas Petig <thomas@petig.eu>
Security: CVE-2019-13132
Security: CVE-2020-15166 |
1.1_5 25 May 2021 15:40:21 |
Sergey A. Osokin (osa) |
security/vuxml: document vulnerability in www/nginx and www/nginx-devel
Security: CVE-2021-23017 |
1.1_5 24 May 2021 15:57:00 |
Palle Girgensohn (girgen) |
databases/pg_partman: arbitrary code execution
Security: CVE-2021-33204 |
1.1_5 24 May 2021 15:02:45 |
Tobias C. Berner (tcberner) |
security/vuxml: document vulnerability in texptroc/expat2
Security: CVE-2013-0340
PR: 256121 |
1.1_5 23 May 2021 14:44:41 |
Tobias C. Berner (tcberner) Author: Yasuhiro Kimura |
security/vuxml: document vulnerability in texptroc/libxml2
PR: 256093
Security: CVE-2021-3541 |
1.1_5 17 May 2021 15:11:08 |
Mateusz Piotrowski (0mp) |
security/vuxml: Add example cvename tag to template
Reviewed by: riggs
Approved by: riggs (ports secteam)
Differential Revision: https://reviews.freebsd.org/D30231 |
1.1_5 15 May 2021 09:12:15 |
Palle Girgensohn (girgen) |
databases/postgresql??-server: multiple security issues |
1.1_5 13 May 2021 19:44:55 |
Neel Chauhan (nc) Author: Thomas Morper |
security/vuxml: Add entry for net-im/prosody
PR: 255845, 255849 |
1.1_5 13 May 2021 14:43:16 |
Thierry Thomas (thierry) |
security/vuxml: declare vulnerabilities for ImageMagick6
PR: 255818 |
1.1_5 13 May 2021 14:43:16 |
Thierry Thomas (thierry) |
security/vuxml: declare vulnerabilities for ImageMagick7
PR: 255802 |
1.1_5 12 May 2021 10:09:17 |
Thierry Thomas (thierry) |
security/vuxml: add vunerabilities fixed in 8.2.0
PR: 255361 |
1.1_5 11 May 2021 18:11:58 |
Rene Ladan (rene) |
Document vulnerabilities in Chromium < 90.0.4430.212
Obtained
from: https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html |
1.1_5 11 May 2021 15:19:59 |
Neel Chauhan (nc) Author: Sascha Biberhofer |
security/vuxml: Add entry for net-im/py-matrix-synapse |
1.1_5 10 May 2021 12:35:14 |
Hajimu UMEMOTO (ume) |
security/vuxml: cyrus-imapd -- Remote authenticated users could bypass intended
access restrictions on c\ertain server annotations. |
1.1_5 08 May 2021 16:03:23 |
Christian Weisgerber (naddy) |
security/vuxml: Document FLAC out-of-bounds read |
1.1_5 08 May 2021 09:33:44 |
Matthias Andree (mandree) |
security/vuxml: add CVE #s for OpenEXR 2.5.4 fixes |
1.1_5 07 May 2021 09:52:53 |
Po-Chuan Hsieh (sunpoet) |
security/vuxml: Document rails vulnerability |