| Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
| Commit | Credits | Log message |
|---|
1.1_6
23 Mar 2023 18:05:12
     |
Jan Beich (jbeich)  |
security/vuxml: mark libXpm < 3.5.15 as vulnerable |
1.1_6
23 Mar 2023 15:01:09
|
Ashish SHUKLA (ashish) |
security/vuxml: Remove empty cvename tag in jenkins entry |
1.1_6
23 Mar 2023 13:54:03
|
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerability for security/tailscale
PR: 270406 |
1.1_6
22 Mar 2023 09:12:58
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 111.0.5563.110
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop_21.html |
1.1_6
21 Mar 2023 08:01:05
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document denial-of-serviece vulnerability in redis |
1.1_6
20 Mar 2023 09:10:32
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in curl |
1.1_6
16 Mar 2023 19:44:47
|
Florian Smeets (flo) |
security/vuxml: Document phpmyadmin vulnerabilities |
1.1_6
12 Mar 2023 18:31:09
|
Fernando Apesteguía (fernape) |
security/vuxml: Autofill CVE information
The `newentry` target accepts an optional parameter CVE_ID.
When provided, the newentry.sh script tries to retrieve information from the
NVD and MITRE databases and fill the template accordingly.
The script needs `textproc/jq` and warns the user and exists if it is not found.
How to use it:
make newentry CVE_ID=CVE-2022-39282
Note that this is just a helper. *YOU HUMAN* have to check that the information
is correct.
Reviewed by: tcberner, jlduran_gmail.com, mat
Differential Revision: https://reviews.freebsd.org/D38894 |
1.1_6
11 Mar 2023 09:12:55
|
Jochen Neumeister (joneum) |
security/vuxml: Document Apache httpd vulnerabilities
Sponsored by: Netzkommune GmbH |
1.1_6
10 Mar 2023 08:30:56
|
Don Lewis (truckman) |
security/vuxml: fix typo in the openoffice entry
Fix a typo in the openoffice devel version value in the latest
openoffice entry. |
1.1_6
09 Mar 2023 17:46:35
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 111.0.5563.64
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/03/stable-channel-update-for-desktop.html
Differential Revision: https://reviews.freebsd.org/D38992 |
1.1_6
09 Mar 2023 16:35:07
|
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2023-03-08
Sponsored by: The FreeBSD Foundation |
1.1_6
09 Mar 2023 07:56:23
|
Fernando Apesteguía (fernape)
Author: Zoltan ALEXANDERSON BESSE |
security/vuxml: databases/mantis <2.25.6 CVEs
CVE-2023-22476 and CVE-2022-31129
ChangeLog:
https://mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=2.25.6
PR: 270039
Reported by: zab@zltech.eu |
1.1_6
08 Mar 2023 14:44:44
|
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerability |
1.1_6
08 Mar 2023 01:17:01
|
Don Lewis (truckman) |
security/vuxml: openoffice 2022 vulnerabilities
Belatedly document Apache OpenOffice vulnerabilities from 2022. The
port was broken at the time. |
1.1_6
06 Mar 2023 05:26:54
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document possible DoS vulnerability in rack |
1.1_6
05 Mar 2023 01:02:16
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in curl |
1.1_6
04 Mar 2023 07:04:51
|
Eugene Grosbein (eugen) |
security/vuxml: document strongSwan certificate verification vulnerability
Security: 3f9b6943-ba58-11ed-bbbd-00e0670f2660 |
1.1_6
03 Mar 2023 19:53:11
|
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab-ce vulnerabilities |
1.1_6
03 Mar 2023 10:46:53
|
Fernando Apesteguía (fernape)
Author: Boris Korzun |
security/vuxml: document grafana{8,9} CVEs
* CVE-2023-0507 - Stored XSS in geomap panel plugin via attribution (High)
* CVE-2023-0594 - Stored XSS in TraceView panel (High)
* CVE-2023-22462 - Stored XSS in text panel plugin
PR: 269903
Reported by: drtr0jan@yandex.ru |
1.1_6
01 Mar 2023 01:54:52
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in redis |
1.1_6
27 Feb 2023 15:08:46
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in Emacs |
1.1_6
25 Feb 2023 09:01:24
|
Jan Beich (jbeich)
Author: Tom Hukins |
security/vuxml: correct "vulnerabilities" spelling
Closes: https://github.com/freebsd/freebsd-ports/pull/164 |
1.1_6
24 Feb 2023 13:36:11
|
Fernando Apesteguía (fernape) |
security/vuxml: document vulnerabilities for net/freerdp
CVE-2022-39282 and CVE-2022-39283.
PR: 269667
Reported by: grahamperrin@freebsd.org |
1.1_6
23 Feb 2023 06:17:11
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 110.0.5481.177
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/02/stable-channel-desktop-update_22.html |
1.1_6
21 Feb 2023 22:37:24
|
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.7 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.7
This release fixes the following potential DoS vulnerabilities:
- Receiving DNS responses from async DNS requests (via the
lookup_addr, etc BIF methods) with the TTL set to zero could
cause the DNS manager to eventually stop being able to make new
requests.
- Specially-crafted FTP packets with excessively long usernames,
passwords, or other fields could cause log writes to use large
amounts of disk space.
- The find_all and find_all_ordered BIF methods could take extremely
large amounts of time to process incoming data depending on the
size of the input.
Reported by: Tim Wojtulewicz |
1.1_6
21 Feb 2023 20:57:38
|
Koop Mast (kwm) |
security/vuxml: Document libde265 vulnabilities.
PR: 269382
Reported by: diizzy@ |
1.1_6
21 Feb 2023 11:37:19
|
Renato Botelho (garga) |
security/vuxml: Document recent git CVEs
Document CVEs fixed by devel/git 2.39.1 and 2.39.2:
CVE-2022-41903
CVE-2022-23521
CVE-2023-22490
CVE-2023-23946
PR: 269655
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_6
20 Feb 2023 09:34:49
|
Florian Smeets (flo)
Author: Stefan Bethke |
security/vuxml: Add gitea vulnerabilities
PR: 269707 |
1.1_6
19 Feb 2023 18:12:33
|
Thomas Zander (riggs) |
security/vuxml: Document vulnerable x/net/http2 module in traefik |
1.1_6
19 Feb 2023 11:01:41
|
Robert Clausecker (fuz) |
security/vuxml: document log4j vulnerability in sysutils/rundeck3
PR: 261748
Reported by: ruben@verweg.com
Approved by: flo (mentor)
Differential Revision: https://reviews.freebsd.org/D38636 |
1.1_6
18 Feb 2023 17:33:09
|
Fernando Apesteguía (fernape)
Author: Tom Hukins |
security/vuxml: Add www/minio vulnerability
CVE-2022-24842: unprivileged users can create service accounts for admin users.
PR: 268656
Reported by: adam@omega.org.uk
Obtained from: https://github.com/freebsd/freebsd-ports/pull/158 |
1.1_6
16 Feb 2023 04:09:33
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in ClamAV |
1.1_6
15 Feb 2023 19:06:01
|
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_6
14 Feb 2023 13:55:02
|
Wen Heping (wen) |
security/vuxml: Fix typo in my previous commit
Reported by: dan@langille.org(via email) |
1.1_6
14 Feb 2023 12:03:59
|
Wen Heping (wen) |
security/vuxml: Document Django multiple vulnerabilities |
1.1_6
13 Feb 2023 14:13:53
|
Tijl Coosemans (tijl) |
security/vuxml: Document GNUTLS-SA-2020-07-14
Security: https://gnutls.org/security-new.html#GNUTLS-SA-2020-07-14 |
1.1_6
12 Feb 2023 20:57:44
|
Florian Smeets (flo) |
security/vuxml: Document phpmyfaq vulnerabilities |
1.1_6
10 Feb 2023 20:49:46
|
Robert Nagy (rnagy) |
security/vuxml: add www/*chromium < 110.0.5481.77
Approved by: rene (mentor)
Obtained
from: https://chromereleases.googleblog.com/2023/02/stable-channel-update-for-desktop.html |
1.1_6
09 Feb 2023 15:05:24
|
Palle Girgensohn (girgen) |
security/vuxml: update PostgreSQL CVE-2022-41862
The problem is with libpq, part of the postgresql-client packages. |
1.1_6
09 Feb 2023 15:00:48
|
Palle Girgensohn (girgen) |
security/vuxml: add entry for PostgreSQL CVE-2022-41862 |
1.1_6
09 Feb 2023 10:16:46
|
Fernando Apesteguía (fernape)
Author: Boris Korzun |
security/vuxml: Record grafana{8,9} vulnerabilities
CVE-2022-39324 and CVE-2022-23552 |
1.1_6
08 Feb 2023 18:01:14
|
Bernard Spil (brnrd) |
security/vuxml: Document LibreSSL vulnerability |
1.1_6
08 Feb 2023 04:18:57
|
Koichiro Iwao (meta) |
security/vuxml: Fix affected version of tightvnc
Forgot to include PORTREVISION.
Reported by: jbeich |
1.1_6
08 Feb 2023 03:34:57
|
Jan Beich (jbeich) |
security/vuxml: mark xorg-server < 21.1.7,1 as vulnerable |
1.1_6
08 Feb 2023 02:29:38
|
Koichiro Iwao (meta) |
security/vuxml: Document TightVNC multiplevulnerability |
1.1_6
07 Feb 2023 19:53:59
|
Bernard Spil (brnrd) |
security/vuxml: Document new OpenSSL vulnerabilities |
1.1_6
06 Feb 2023 01:25:30
|
Wen Heping (wen) |
security/vuxml: Document django multiple vulnerabilities |
1.1_6
05 Feb 2023 14:34:45
|
Fernando Apesteguía (fernape) |
security/vuxml: Fix kafka version
Use 3.3.2 since we don't have the 3.4.x branch.
Fixes: 37508462426c3674c0b32cc7e8cb38dbafc2ecd5 |
1.1_6
04 Feb 2023 19:27:58
|
Fernando Apesteguía (fernape) |
security/vuxml: Register net/kafka stack overflow vulnerability
CVE-2020-36518
PR: 269170 |
1.1_6
04 Feb 2023 19:04:32
|
Fernando Apesteguía (fernape) |
security/vuxml: Register sysutils/node_exporter vulnerability
CVE-2022-46146
Note that in
https://cgit.freebsd.org/ports/commit/?id=8b5d2b9a9ec7985158a814e2cdf9022d785b9090
three CVEs are mentioned: CVE-2022-27191 CVE-2022-27664 CVE-2022-46146
However, according to: https://github.com/prometheus/node_exporter/pull/2488
node_exported is not really affected by those Go vulnerabilities. However
the dependencies were bumped anyway. |
1.1_6
03 Feb 2023 13:38:45
|
Koichiro Iwao (meta)
Author: Tom Hukins |
security/vuxml: fix a typo
Pull Request: https://github.com/freebsd/freebsd-ports/pull/155 |
1.1_6
02 Feb 2023 20:49:55
|
Florian Smeets (flo) |
security/vuxml: Belatedly record vulnerabilities fixed in asterisk 18.15.1 |
1.1_6
02 Feb 2023 13:57:36
|
Nicola Vitale (nivit) |
security/vuxml: Add audio/py-spotipy <= 2.22.0
Security: CVE-2023-23608 |
1.1_6
01 Feb 2023 19:04:19
|
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.6 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.6
This release fixes the following potential DoS vulnerabilities:
- A missing field in the SMB FSControl script-land record could
cause a heap buffer overflow when receiving packets containing
those header types.
- Receiving a series of packets that start with HTTP/1.0 and then
switch to HTTP/0.9 could cause Zeek to spend a large amount of
time processing the packets.
- Receiving large numbers of FTP commands sequentially from the
network with bad data in them could cause Zeek to spend a large
amount of time processing the packets, and generate a large
amount of events.
Reported by: Tim Wojtulewicz |
1.1_6
01 Feb 2023 05:02:56
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6
30 Jan 2023 11:28:30
|
Nuno Teixeira (eduardo) |
security/vuxml: Document CVE-2021-42835 for
multimedia/plexmediaserver{-plexpass} < 1.25.0
PR: 269226
Reported by: grahamperrin |
1.1_6
30 Jan 2023 10:26:13
|
Fernando Apesteguía (fernape) |
security/vuxml: add net-mgmt/prometheus basic authentication bypass
CVE-2022-46146
PR: 269153
Reported by: dor.bsd@xm0.uk (maintainer) |
1.1_6
25 Jan 2023 11:35:34
|
Rene Ladan (rene) |
security/vuxml: add www/*chromium < 109.0.5414.119
Obtained
from: https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop_24.html |
1.1_6
25 Jan 2023 08:11:56
|
Nuno Teixeira (eduardo) |
security/vuxml: Document CVE-2018-21232 for devel/re2c < 2.0
PR: 269147
Reported by: grahamperrin |
1.1_6
24 Jan 2023 20:37:23
|
Florian Smeets (flo)
Author: Stefan Bethke |
security/vuxml: Record gitea vulnerability
PR: 269131 |
1.1_6
24 Jan 2023 06:46:41
|
Fernando Apesteguía (fernape)
Author: Ralf van der Enden |
security/vuxml: register dns/powerdns-recursor vulnerability
CVE-2023-22617
PR: 269116 |
1.1_6
23 Jan 2023 13:20:06
|
Fernando Apesteguía (fernape) |
security/vuxml: register net/krill DoS vulnerability
CVE-2023-0158
PR: 269050 |
1.1_6
23 Jan 2023 13:08:45
|
Fernando Apesteguía (fernape) |
security/vuxml: register www/awstats vulnerability
PR: 269051 |
1.1_6
23 Jan 2023 12:55:09
|
Fernando Apesteguía (fernape) |
security/vuxml: register net/eternalterminal vulnerabilities
CVE-2022-48257 and CVE-2022-48258
PR: 269079 |
1.1_6
23 Jan 2023 12:42:21
|
Fernando Apesteguía (fernape) |
security/vuln: Fix file
It didn't pass `make validate`. |
1.1_6
21 Jan 2023 22:42:45
|
Alan Somers (asomers) |
security/vuxml: register shells/fish vulnerability
Arbitrary code execution if the attacker can convince the user to cd to
a directory the attacker controls.
CVE-2022-20001
PR: 263506 |
1.1_6
21 Jan 2023 21:48:04
|
Bernard Spil (brnrd) |
security/vuxml: Document 2023Q1 MySQL vulns |
1.1_6
20 Jan 2023 22:06:35
|
Florian Smeets (flo) |
security/vuxml: Document vulnerabilities in phpmyfaq |
1.1_6
19 Jan 2023 02:29:32
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in rack |
1.1_6
18 Jan 2023 04:42:20
|
Yasuhiro Kimura (yasu) |
security/vuxml: Add redis6 as affecting package to
5fa68bd9-95d9-11ed-811a-080027f5fec9 |
1.1_6
17 Jan 2023 20:16:54
|
Bernard Spil (brnrd) |
security/vuxml: Document www/apache24 vulnerabilities |
1.1_6
17 Jan 2023 00:39:26
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in redis |
1.1_6
16 Jan 2023 13:28:27
|
Fernando Apesteguía (fernape) |
security/vuxml: register security/keycloak vulnerability
Two Xstream related CVEs that might cause a DoS attack:
* CVE-2022-40151
* CVE-2022-41966
PR: 268939 |
1.1_6
14 Jan 2023 13:05:20
|
Rene Ladan (rene) |
security/vuxml: add security/tor < 0.4.7.13 for TROVE-2022-002
Obtained from: https://gitlab.torproject.org/tpo/core/tor/-/issues/40730 |
1.1_6
13 Jan 2023 15:56:28
|
Dan Langille (dvl) |
security/vuxml: Correct range for devel/viewvc-devel
Changing a - to a . in the version
PR: 268754 |
1.1_6
13 Jan 2023 01:29:00
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document arbitary shell command execution vulnerability in Emacs |
1.1_6
11 Jan 2023 17:48:22
|
Fernando Apesteguía (fernape) |
security/vuxml: cassandra3 multiple vulnerabilities
CVE-2022-42003
CVE-2022-4200
CVE-2022-25857
CVE-2019-2684
CVE-2020-7238
CVE-2022-24823
CVE-2021-44521
CVE-2015-0886
PR: 267624 |
1.1_6
11 Jan 2023 15:38:34
|
Jan Beich (jbeich) |
security/vuxml: mark xorg-server < 21.1.5,1 as vulnerable |
1.1_6
11 Jan 2023 12:38:13
|
Matthias Fechner (mfechner) |
security/vuxml: document gitlab-ce vulnerabilities |
1.1_6
10 Jan 2023 19:46:56
|
Rene Ladan (rene) |
security/vuxml: add www/*chromium < 109.0.5414.74
Obtained
from: https://chromereleases.googleblog.com/2023/01/stable-channel-update-for-desktop.html |
1.1_6
09 Jan 2023 10:15:47
|
Li-Wen Hsu (lwhsu)
Author: Michael Glaus |
security/vuxml: Fix `make validate`
PR: 268837 |
1.1_6
09 Jan 2023 10:11:42
|
Li-Wen Hsu (lwhsu)
Author: Michael Glaus |
security/vuxml: Add 2023 to the main XML file
PR: 268837 |
1.1_6
05 Jan 2023 19:34:06
|
Fernando Apesteguía (fernape) |
security/vuxml: Add net-mgmt/cacti vulnerability
A command injection vulnerability allows an unauthenticated user to execute
arbitrary code on a server running Cacti, if a specific data source was selected
for any monitored device.
PR: 268742 |
1.1_6
05 Jan 2023 19:08:43
|
Dan Langille (dvl) |
security/vuxml: amend entry adding CVE-2023-22456 in devel/viewvc-devel
PR: 268754
Security: CVE-2023-22456 |
1.1_6
05 Jan 2023 17:28:58
|
Dan Langille (dvl) |
security/vuxml: add an entry for CVE-2023-22464 in devel/viewvc-devel
Security: CVE-2023-22464 |
1.1_6
03 Jan 2023 11:12:27
|
Thierry Thomas (thierry) |
security/vuxml: add an entry for CVE-2022-4170 in x11/rxvt-unicode
Security: CVE-2022-4170 |
1.1_6
02 Jan 2023 03:37:26
|
Li-Wen Hsu (lwhsu)
Author: Stefan Bethke |
security/vuxml: Document Gitea multiple vulnerabilities
PR: 268667 |
1.1_6
29 Dec 2022 13:11:38
|
Wen Heping (wen) |
security/vuxml: Remove the uncorrect <cvsname> line in my previous commit |
1.1_6
29 Dec 2022 11:22:22
|
Nuno Teixeira (eduardo) |
security/vuxml: Document Webtrees vulnerability
PR: 267466 |
1.1_6
29 Dec 2022 03:42:17
|
Wen Heping (wen) |
security/vuxml: Document mediawiki multiple vulnerabilities |
1.1_6
28 Dec 2022 00:06:50
|
Ben Woods (woodsb02) |
security/vuxml: Document Netdata multiple vulnerabilities |
1.1_6
24 Dec 2022 15:48:09
|
Nuno Teixeira (eduardo) |
security/vuxml: Document FreeRDP multiple vulnerabilities
PR: 268539 |
1.1_6
23 Dec 2022 08:38:15
|
Nuno Teixeira (eduardo)
Author: Stefan Bethke |
security/vuxml: Document Gitea multiple vulnerabilities
PR: 268512 |
1.1_6
23 Dec 2022 04:03:22
|
Graham Perrin (grahamperrin) |
VuXML: fix typo in 2021 entry for accountsservice
Fixes: d227a2fea96e Document accountsservice vulnerability
Approved by: ports-secteam (riggs)
Differential revision: https://reviews.freebsd.org/D37721 |
1.1_6
17 Dec 2022 09:22:47
|
Wen Heping (wen) |
security/vuxml: Document typo3 multiple vulnerabilities |
1.1_6
14 Dec 2022 10:13:11
|
Rene Ladan (rene) |
security/vuxml: add www/*chromium < 108.0.5359.124
Obtained
from: https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop_13.html |
1.1_6
14 Dec 2022 01:32:19
|
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in cURL. |
1.1_6
13 Dec 2022 18:51:16
|
Florian Smeets (flo) |
security/vuxml: Document vulnerabilities in phpmyfaq |
1.1_6
10 Dec 2022 18:42:39
|
Thomas Zander (riggs) |
security/vuxml: Document vulnerabilities in net/traefik |
As an Amazon Associate I earn from qualifying purchases.
