Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_6 23 Mar 2023 18:05:12 |
Jan Beich (jbeich) |
security/vuxml: mark libXpm < 3.5.15 as vulnerable |
1.1_6 23 Mar 2023 15:01:09 |
Ashish SHUKLA (ashish) |
security/vuxml: Remove empty cvename tag in jenkins entry |
1.1_6 23 Mar 2023 13:54:03 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerability for security/tailscale
PR: 270406 |
1.1_6 22 Mar 2023 09:12:58 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 111.0.5563.110
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html |
1.1_6 21 Mar 2023 08:01:05 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document denial-of-serviece vulnerability in redis |
1.1_6 20 Mar 2023 09:10:32 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in curl |
1.1_6 16 Mar 2023 19:44:47 |
Florian Smeets (flo) |
security/vuxml: Document phpmyadmin vulnerabilities |
1.1_6 12 Mar 2023 18:31:09 |
Fernando Apesteguía (fernape) |
security/vuxml: Autofill CVE information
The `newentry` target accepts an optional parameter CVE_ID.
When provided, the newentry.sh script tries to retrieve information from the
NVD and MITRE databases and fill the template accordingly.
The script needs `textproc/jq` and warns the user and exists if it is not found.
How to use it:
make newentry CVE_ID=CVE-2022-39282
Note that this is just a helper. *YOU HUMAN* have to check that the information
is correct.
Reviewed by: tcberner, jlduran_gmail.com, mat
Differential Revision: https://reviews.freebsd.org/D38894 |
1.1_6 11 Mar 2023 09:12:55 |
Jochen Neumeister (joneum) |
security/vuxml: Document Apache httpd vulnerabilities
Sponsored by: Netzkommune GmbH |
1.1_6 10 Mar 2023 08:30:56 |
Don Lewis (truckman) |
security/vuxml: fix typo in the openoffice entry
Fix a typo in the openoffice devel version value in the latest
openoffice entry. |
1.1_6 09 Mar 2023 17:46:35 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 111.0.5563.64
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html
Differential Revision: https://reviews.freebsd.org/D38992 |
1.1_6 09 Mar 2023 16:35:07 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2023-03-08
Sponsored by: The FreeBSD Foundation |
1.1_6 09 Mar 2023 07:56:23 |
Fernando Apesteguía (fernape) Author: Zoltan ALEXANDERSON BESSE |
security/vuxml: databases/mantis <2.25.6 CVEs
CVE-2023-22476 and CVE-2022-31129
ChangeLog:
https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.25.6
PR: 270039
Reported by: zab@zltech.eu |
1.1_6 08 Mar 2023 14:44:44 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerability |
1.1_6 08 Mar 2023 01:17:01 |
Don Lewis (truckman) |
security/vuxml: openoffice 2022 vulnerabilities
Belatedly document Apache OpenOffice vulnerabilities from 2022. The
port was broken at the time. |
1.1_6 06 Mar 2023 05:26:54 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document possible DoS vulnerability in rack |
1.1_6 05 Mar 2023 01:02:16 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in curl |
1.1_6 04 Mar 2023 07:04:51 |
Eugene Grosbein (eugen) |
security/vuxml: document strongSwan certificate verification vulnerability
Security: 3f9b6943-ba58-11ed-bbbd-00e0670f2660 |
1.1_6 03 Mar 2023 19:53:11 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab-ce vulnerabilities |
1.1_6 03 Mar 2023 10:46:53 |
Fernando Apesteguía (fernape) Author: Boris Korzun |
security/vuxml: document grafana{8,9} CVEs
* CVE-2023-0507 - Stored XSS in geomap panel plugin via attribution (High)
* CVE-2023-0594 - Stored XSS in TraceView panel (High)
* CVE-2023-22462 - Stored XSS in text panel plugin
PR: 269903
Reported by: drtr0jan@yandex.ru |
1.1_6 01 Mar 2023 01:54:52 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in redis |
1.1_6 27 Feb 2023 15:08:46 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in Emacs |
1.1_6 25 Feb 2023 09:01:24 |
Jan Beich (jbeich) Author: Tom Hukins |
security/vuxml: correct "vulnerabilities" spelling
Closes: https://github.com/freebsd/freebsd-ports/pull/164 |
1.1_6 24 Feb 2023 13:36:11 |
Fernando Apesteguía (fernape) |
security/vuxml: document vulnerabilities for net/freerdp
CVE-2022-39282 and CVE-2022-39283.
PR: 269667
Reported by: grahamperrin@freebsd.org |
1.1_6 23 Feb 2023 06:17:11 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 110.0.5481.177
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html |
1.1_6 21 Feb 2023 22:37:24 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.7 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.7
This release fixes the following potential DoS vulnerabilities:
- Receiving DNS responses from async DNS requests (via the
lookup_addr, etc BIF methods) with the TTL set to zero could
cause the DNS manager to eventually stop being able to make new
requests.
- Specially-crafted FTP packets with excessively long usernames,
passwords, or other fields could cause log writes to use large
amounts of disk space.
- The find_all and find_all_ordered BIF methods could take extremely
large amounts of time to process incoming data depending on the
size of the input.
Reported by: Tim Wojtulewicz |
1.1_6 21 Feb 2023 20:57:38 |
Koop Mast (kwm) |
security/vuxml: Document libde265 vulnabilities.
PR: 269382
Reported by: diizzy@ |
1.1_6 21 Feb 2023 11:37:19 |
Renato Botelho (garga) |
security/vuxml: Document recent git CVEs
Document CVEs fixed by devel/git 2.39.1 and 2.39.2:
CVE-2022-41903
CVE-2022-23521
CVE-2023-22490
CVE-2023-23946
PR: 269655
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_6 20 Feb 2023 09:34:49 |
Florian Smeets (flo) Author: Stefan Bethke |
security/vuxml: Add gitea vulnerabilities
PR: 269707 |
1.1_6 19 Feb 2023 18:12:33 |
Thomas Zander (riggs) |
security/vuxml: Document vulnerable x/net/http2 module in traefik |
1.1_6 19 Feb 2023 11:01:41 |
Robert Clausecker (fuz) |
security/vuxml: document log4j vulnerability in sysutils/rundeck3
PR: 261748
Reported by: ruben@verweg.com
Approved by: flo (mentor)
Differential Revision: https://reviews.freebsd.org/D38636 |
1.1_6 18 Feb 2023 17:33:09 |
Fernando Apesteguía (fernape) Author: Tom Hukins |
security/vuxml: Add www/minio vulnerability
CVE-2022-24842: unprivileged users can create service accounts for admin users.
PR: 268656
Reported by: adam@omega.org.uk
Obtained from: https://github.com/freebsd/freebsd-ports/pull/158 |
1.1_6 16 Feb 2023 04:09:33 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in ClamAV |
1.1_6 15 Feb 2023 19:06:01 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_6 14 Feb 2023 13:55:02 |
Wen Heping (wen) |
security/vuxml: Fix typo in my previous commit
Reported by: dan@langille.org(via email) |
1.1_6 14 Feb 2023 12:03:59 |
Wen Heping (wen) |
security/vuxml: Document Django multiple vulnerabilities |
1.1_6 13 Feb 2023 14:13:53 |
Tijl Coosemans (tijl) |
security/vuxml: Document GNUTLS-SA-2020-07-14
Security: https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14 |
1.1_6 12 Feb 2023 20:57:44 |
Florian Smeets (flo) |
security/vuxml: Document phpmyfaq vulnerabilities |
1.1_6 10 Feb 2023 20:49:46 |
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 110.0.5481.77
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html |
1.1_6 09 Feb 2023 15:05:24 |
Palle Girgensohn (girgen) |
security/vuxml: update PostgreSQL CVE-2022-41862
The problem is with libpq, part of the postgresql-client packages. |
1.1_6 09 Feb 2023 15:00:48 |
Palle Girgensohn (girgen) |
security/vuxml: add entry for PostgreSQL CVE-2022-41862 |
1.1_6 09 Feb 2023 10:16:46 |
Fernando Apesteguía (fernape) Author: Boris Korzun |
security/vuxml: Record grafana{8,9} vulnerabilities
CVE-2022-39324 and CVE-2022-23552 |
1.1_6 08 Feb 2023 18:01:14 |
Bernard Spil (brnrd) |
security/vuxml: Document LibreSSL vulnerability |
1.1_6 08 Feb 2023 04:18:57 |
Koichiro Iwao (meta) |
security/vuxml: Fix affected version of tightvnc
Forgot to include PORTREVISION.
Reported by: jbeich |
1.1_6 08 Feb 2023 03:34:57 |
Jan Beich (jbeich) |
security/vuxml: mark xorg-server < 21.1.7,1 as vulnerable |
1.1_6 08 Feb 2023 02:29:38 |
Koichiro Iwao (meta) |
security/vuxml: Document TightVNC multiplevulnerability |
1.1_6 07 Feb 2023 19:53:59 |
Bernard Spil (brnrd) |
security/vuxml: Document new OpenSSL vulnerabilities |
1.1_6 06 Feb 2023 01:25:30 |
Wen Heping (wen) |
security/vuxml: Document django multiple vulnerabilities |
1.1_6 05 Feb 2023 14:34:45 |
Fernando Apesteguía (fernape) |
security/vuxml: Fix kafka version
Use 3.3.2 since we don't have the 3.4.x branch.
Fixes: 37508462426c3674c0b32cc7e8cb38dbafc2ecd5 |
1.1_6 04 Feb 2023 19:27:58 |
Fernando Apesteguía (fernape) |
security/vuxml: Register net/kafka stack overflow vulnerability
CVE-2020-36518
PR: 269170 |
1.1_6 04 Feb 2023 19:04:32 |
Fernando Apesteguía (fernape) |
security/vuxml: Register sysutils/node_exporter vulnerability
CVE-2022-46146
Note that in
https://cgit.freebsd.org/ports/commit/?id=8b5d2b9a9ec7985158a814e2cdf9022d785b9090
three CVEs are mentioned: CVE-2022-27191 CVE-2022-27664 CVE-2022-46146
However, according to: https://github.com/prometheus/node_exporter/pull/2488
node_exported is not really affected by those Go vulnerabilities. However
the dependencies were bumped anyway. |
1.1_6 03 Feb 2023 13:38:45 |
Koichiro Iwao (meta) Author: Tom Hukins |
security/vuxml: fix a typo
Pull Request: https://github.com/freebsd/freebsd-ports/pull/155 |
1.1_6 02 Feb 2023 20:49:55 |
Florian Smeets (flo) |
security/vuxml: Belatedly record vulnerabilities fixed in asterisk 18.15.1 |
1.1_6 02 Feb 2023 13:57:36 |
Nicola Vitale (nivit) |
security/vuxml: Add audio/py-spotipy <= 2.22.0
Security: CVE-2023-23608 |
1.1_6 01 Feb 2023 19:04:19 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.6 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.6
This release fixes the following potential DoS vulnerabilities:
- A missing field in the SMB FSControl script-land record could
cause a heap buffer overflow when receiving packets containing
those header types.
- Receiving a series of packets that start with HTTP/1.0 and then
switch to HTTP/0.9 could cause Zeek to spend a large amount of
time processing the packets.
- Receiving large numbers of FTP commands sequentially from the
network with bad data in them could cause Zeek to spend a large
amount of time processing the packets, and generate a large
amount of events.
Reported by: Tim Wojtulewicz |
1.1_6 01 Feb 2023 05:02:56 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6 30 Jan 2023 11:28:30 |
Nuno Teixeira (eduardo) |
security/vuxml: Document CVE-2021-42835 for
multimedia/plexmediaserver{-plexpass} < 1.25.0
PR: 269226
Reported by: grahamperrin |
1.1_6 30 Jan 2023 10:26:13 |
Fernando Apesteguía (fernape) |
security/vuxml: add net-mgmt/prometheus basic authentication bypass
CVE-2022-46146
PR: 269153
Reported by: dor.bsd@xm0.uk (maintainer) |
1.1_6 25 Jan 2023 11:35:34 |
Rene Ladan (rene) |
security/vuxml: add www/*chromium < 109.0.5414.119
Obtained
from: https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html |
1.1_6 25 Jan 2023 08:11:56 |
Nuno Teixeira (eduardo) |
security/vuxml: Document CVE-2018-21232 for devel/re2c < 2.0
PR: 269147
Reported by: grahamperrin |
1.1_6 24 Jan 2023 20:37:23 |
Florian Smeets (flo) Author: Stefan Bethke |
security/vuxml: Record gitea vulnerability
PR: 269131 |
1.1_6 24 Jan 2023 06:46:41 |
Fernando Apesteguía (fernape) Author: Ralf van der Enden |
security/vuxml: register dns/powerdns-recursor vulnerability
CVE-2023-22617
PR: 269116 |
1.1_6 23 Jan 2023 13:20:06 |
Fernando Apesteguía (fernape) |
security/vuxml: register net/krill DoS vulnerability
CVE-2023-0158
PR: 269050 |
1.1_6 23 Jan 2023 13:08:45 |
Fernando Apesteguía (fernape) |
security/vuxml: register www/awstats vulnerability
PR: 269051 |
1.1_6 23 Jan 2023 12:55:09 |
Fernando Apesteguía (fernape) |
security/vuxml: register net/eternalterminal vulnerabilities
CVE-2022-48257 and CVE-2022-48258
PR: 269079 |
1.1_6 23 Jan 2023 12:42:21 |
Fernando Apesteguía (fernape) |
security/vuln: Fix file
It didn't pass `make validate`. |
1.1_6 21 Jan 2023 22:42:45 |
Alan Somers (asomers) |
security/vuxml: register shells/fish vulnerability
Arbitrary code execution if the attacker can convince the user to cd to
a directory the attacker controls.
CVE-2022-20001
PR: 263506 |
1.1_6 21 Jan 2023 21:48:04 |
Bernard Spil (brnrd) |
security/vuxml: Document 2023Q1 MySQL vulns |
1.1_6 20 Jan 2023 22:06:35 |
Florian Smeets (flo) |
security/vuxml: Document vulnerabilities in phpmyfaq |
1.1_6 19 Jan 2023 02:29:32 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in rack |
1.1_6 18 Jan 2023 04:42:20 |
Yasuhiro Kimura (yasu) |
security/vuxml: Add redis6 as affecting package to
5fa68bd9-95d9-11ed-811a-080027f5fec9 |
1.1_6 17 Jan 2023 20:16:54 |
Bernard Spil (brnrd) |
security/vuxml: Document www/apache24 vulnerabilities |
1.1_6 17 Jan 2023 00:39:26 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in redis |
1.1_6 16 Jan 2023 13:28:27 |
Fernando Apesteguía (fernape) |
security/vuxml: register security/keycloak vulnerability
Two Xstream related CVEs that might cause a DoS attack:
* CVE-2022-40151
* CVE-2022-41966
PR: 268939 |
1.1_6 14 Jan 2023 13:05:20 |
Rene Ladan (rene) |
security/vuxml: add security/tor < 0.4.7.13 for TROVE-2022-002
Obtained from: https://gitlab.torproject.org/tpo/core/tor/-/issues/40730 |
1.1_6 13 Jan 2023 15:56:28 |
Dan Langille (dvl) |
security/vuxml: Correct range for devel/viewvc-devel
Changing a - to a . in the version
PR: 268754 |
1.1_6 13 Jan 2023 01:29:00 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document arbitary shell command execution vulnerability in Emacs |
1.1_6 11 Jan 2023 17:48:22 |
Fernando Apesteguía (fernape) |
security/vuxml: cassandra3 multiple vulnerabilities
CVE-2022-42003
CVE-2022-4200
CVE-2022-25857
CVE-2019-2684
CVE-2020-7238
CVE-2022-24823
CVE-2021-44521
CVE-2015-0886
PR: 267624 |
1.1_6 11 Jan 2023 15:38:34 |
Jan Beich (jbeich) |
security/vuxml: mark xorg-server < 21.1.5,1 as vulnerable |
1.1_6 11 Jan 2023 12:38:13 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab-ce vulnerabilities |
1.1_6 10 Jan 2023 19:46:56 |
Rene Ladan (rene) |
security/vuxml: add www/*chromium < 109.0.5414.74
Obtained
from: https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html |
1.1_6 09 Jan 2023 10:15:47 |
Li-Wen Hsu (lwhsu) Author: Michael Glaus |
security/vuxml: Fix `make validate`
PR: 268837 |
1.1_6 09 Jan 2023 10:11:42 |
Li-Wen Hsu (lwhsu) Author: Michael Glaus |
security/vuxml: Add 2023 to the main XML file
PR: 268837 |
1.1_6 05 Jan 2023 19:34:06 |
Fernando Apesteguía (fernape) |
security/vuxml: Add net-mgmt/cacti vulnerability
A command injection vulnerability allows an unauthenticated user to execute
arbitrary code on a server running Cacti, if a specific data source was selected
for any monitored device.
PR: 268742 |
1.1_6 05 Jan 2023 19:08:43 |
Dan Langille (dvl) |
security/vuxml: amend entry adding CVE-2023-22456 in devel/viewvc-devel
PR: 268754
Security: CVE-2023-22456 |
1.1_6 05 Jan 2023 17:28:58 |
Dan Langille (dvl) |
security/vuxml: add an entry for CVE-2023-22464 in devel/viewvc-devel
Security: CVE-2023-22464 |
1.1_6 03 Jan 2023 11:12:27 |
Thierry Thomas (thierry) |
security/vuxml: add an entry for CVE-2022-4170 in x11/rxvt-unicode
Security: CVE-2022-4170 |
1.1_6 02 Jan 2023 03:37:26 |
Li-Wen Hsu (lwhsu) Author: Stefan Bethke |
security/vuxml: Document Gitea multiple vulnerabilities
PR: 268667 |
1.1_6 29 Dec 2022 13:11:38 |
Wen Heping (wen) |
security/vuxml: Remove the uncorrect <cvsname> line in my previous commit |
1.1_6 29 Dec 2022 11:22:22 |
Nuno Teixeira (eduardo) |
security/vuxml: Document Webtrees vulnerability
PR: 267466 |
1.1_6 29 Dec 2022 03:42:17 |
Wen Heping (wen) |
security/vuxml: Document mediawiki multiple vulnerabilities |
1.1_6 28 Dec 2022 00:06:50 |
Ben Woods (woodsb02) |
security/vuxml: Document Netdata multiple vulnerabilities |
1.1_6 24 Dec 2022 15:48:09 |
Nuno Teixeira (eduardo) |
security/vuxml: Document FreeRDP multiple vulnerabilities
PR: 268539 |
1.1_6 23 Dec 2022 08:38:15 |
Nuno Teixeira (eduardo) Author: Stefan Bethke |
security/vuxml: Document Gitea multiple vulnerabilities
PR: 268512 |
1.1_6 23 Dec 2022 04:03:22 |
Graham Perrin (grahamperrin) |
VuXML: fix typo in 2021 entry for accountsservice
Fixes: d227a2fea96e Document accountsservice vulnerability
Approved by: ports-secteam (riggs)
Differential revision: https://reviews.freebsd.org/D37721 |
1.1_6 17 Dec 2022 09:22:47 |
Wen Heping (wen) |
security/vuxml: Document typo3 multiple vulnerabilities |
1.1_6 14 Dec 2022 10:13:11 |
Rene Ladan (rene) |
security/vuxml: add www/*chromium < 108.0.5359.124
Obtained
from: https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html |
1.1_6 14 Dec 2022 01:32:19 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in cURL. |
1.1_6 13 Dec 2022 18:51:16 |
Florian Smeets (flo) |
security/vuxml: Document vulnerabilities in phpmyfaq |
1.1_6 10 Dec 2022 18:42:39 |
Thomas Zander (riggs) |
security/vuxml: Document vulnerabilities in net/traefik |