Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_6 10 Dec 2022 18:42:38 |
Thomas Zander (riggs) |
security/vuxml: Make `make validate` pass again |
1.1_6 10 Dec 2022 14:07:46 |
Koichiro Iwao (meta) |
security/vuxml: Document multiple xrdp vulnerabilities
Obrained from: https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.21 |
1.1_6 08 Dec 2022 15:02:31 |
Wen Heping (wen) |
security/vuxml: Document python3[7-9] multiple vulnerabilities |
1.1_6 07 Dec 2022 14:54:30 |
Wen Heping (wen) |
security/vuxml: Document python310 multiple vulnerabilities |
1.1_6 07 Dec 2022 14:25:15 |
Wen Heping (wen) |
security/vuxml: Document python-3.11 vulnerabilities |
1.1_6 06 Dec 2022 21:14:44 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_6 06 Dec 2022 15:13:19 |
Yasuhiro Kimura (yasu) |
security/vuxml: Adjust range of 84ab03b6-6c20-11ed-b519-080027f5fec9
Vulnerability of Ruby 3.2 is fixed with 3.2.0-rc1. |
1.1_6 03 Dec 2022 11:50:10 |
Rene Ladan (rene) |
security/vuxml: add www/*chromium < 108.0.5359.94
Obtained
from: https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html |
1.1_6 01 Dec 2022 14:03:36 |
Rodrigo Osorio (rodrigo) |
security/vuxml: Record rpm4 vulnerability.
Add multiple CVE fixed in latest rpm4 version.
PR: 267291 |
1.1_6 01 Dec 2022 11:28:32 |
Fernando ApesteguĂa (fernape) |
security/vuxml: Record grafana9 vulnerability.
Add privilege escalation for CVE-2022-31097.
PR: 268078 |
1.1_6 01 Dec 2022 05:18:14 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_6 30 Nov 2022 12:14:44 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 108.0.5359.71
Obtained
from: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html |
1.1_6 25 Nov 2022 10:16:29 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 107.0.5304.121
Obtained
from: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html |
1.1_6 25 Nov 2022 01:57:40 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document HTTP response splitting vulnerability in rubygem-cgi |
1.1_6 24 Nov 2022 18:09:45 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.4 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.4
This release fixes the following potential DoS vulnerabilities:
- A specially-crafted series of HTTP 0.9 packets can cause Zeek
to spend large amounts of time processing the packets.
- A specially-crafted FTP packet can cause Zeek to spend large
amounts of time processing the command.
- A specially-crafted IPv6 packet can cause Zeek to overflow memory
and potentially crash.
Reported by: Tim Wojtulewicz |
1.1_6 24 Nov 2022 16:14:42 |
Fernando ApesteguĂa (fernape) |
security/vuxml: Add multiple CVEs for advancecomp
PR: 267937 |
1.1_6 22 Nov 2022 03:53:57 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerability for security/tailscale |
1.1_6 18 Nov 2022 21:57:50 |
Nuno Teixeira (eduardo) |
security/vuxml: Document Apache Tomcat vulnerability
* CVE-2022-42252 Apache Tomcat - Request Smuggling
PR: 266984 |
1.1_6 17 Nov 2022 19:07:10 |
Cy Schubert (cy) |
security/vuxml: Add the krb5 1.19 vulnerable range |
1.1_6 15 Nov 2022 19:27:34 |
Rene Ladan (rene) |
security/vuxml: re-organize port
- move vuln-YYYY.xml files into vuln/ as just YYYY.xml
- this prevents problems with the new check_files hook when 2023 arrives. |
1.1_5 15 Nov 2022 18:27:45 |
Cy Schubert (cy) |
security/vuxml: Document CVE-2022-42898
Document MIT krb5 Security Advisory 2022-001: integer overflow
vulnerabilities in PAC parsing |
1.1_5 13 Nov 2022 00:18:39 |
Nuno Teixeira (eduardo) Author: Boris Korzun |
security/vuxml: Document Grafana multiple vulnerabilities
* CVE-2022-31123 - Plugin signature bypass
* CVE-2022-31130 - Data source and plugin proxy endpoints leaking
authentication tokens to some destination plugins
* CVE-2022-39201 - Data source and plugin proxy endpoints leaking
authentication tokens to some destination plugins
* CVE-2022-39229 - Improper authentication
* CVE-2022-39306 - Privilege escalation
* CVE-2022-39307 - Username enumeration
* CVE-2022-39328 - Privilege escalation (Critical)
https://grafana.com/blog/2022/10/12/grafana-security-releases-new-versions-with-fixes-for-cve-2022-39229-cve-2022-39201-cve-2022-31130-cve-2022-31123/
https://grafana.com/blog/2022/11/08/security-release-new-versions-of-grafana-with-critical-and-moderate-fixes-for-cve-2022-39328-cve-2022-39307-and-cve-2022-39306/
PR: 267728 |
1.1_5 12 Nov 2022 13:43:56 |
Danilo G. Baio (dbaio) |
security/vuxml: Add devel/ipython issue
PR: 265082 |
1.1_5 11 Nov 2022 15:26:34 |
Florian Smeets (flo) |
security/vuxml: Document phpMyFAQ vulnerabilities |
1.1_5 10 Nov 2022 00:07:24 |
Danilo G. Baio (dbaio) |
security/vuxml: Add varnish cache security issues |
1.1_5 09 Nov 2022 10:55:59 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 107.0.5304.110
Obtained
from: https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html |
1.1_5 09 Nov 2022 01:08:16 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.3 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.3
This release fixes the following potential DoS vulnerabilities:
- Fix an issue where a specially-crafted FTP packet can cause Zeek
to spend large amounts of time attempting to search for valid
commands in the data stream.
- Fix a possible overflow in the Zeek dictionary code that may
lead to a memory leak.
- Fix an issue where a specially-crafted packet can cause Zeek to
spend large amounts of time reporting analyzer violations. (Only the first 15 lines of the commit message are shown above ) |
1.1_5 08 Nov 2022 16:30:57 |
Fernando ApesteguĂa (fernape) |
security/vuxml: register darkhttpd DoS vulnerability
PR: 267507
Reported by: Henrich Hartzer <henrichhartzer@tuta.io>
Security: CVE-2020-25691 |
1.1_5 08 Nov 2022 00:18:23 |
Cy Schubert (cy) |
security/vuxml: Document sudo CVE-2022-43995
Document a potential out-of-bounds write for passwords smaller than
eight bytes when crypt() is used.
PR: 267617
Security: CVE-2022-43995 |
1.1_5 05 Nov 2022 06:05:05 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_5 04 Nov 2022 08:51:02 |
Emmanuel Vadot (manu) |
security/vuxml: Document pixman heap overflow
Document CVE-2022-44638
Sponsored by: Beckhoff Automation GmbH & Co. KG |
1.1_5 02 Nov 2022 17:29:02 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerability |
1.1_5 01 Nov 2022 17:22:42 |
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL 3.0 vulnerabilities |
1.1_5 30 Oct 2022 18:14:10 |
Bernard Spil (brnrd) |
security/vuxml: Document Q4 MySQL vulnerabilities |
1.1_5 28 Oct 2022 18:02:52 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 107.0.5304.87
Obtained
from: https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html |
1.1_5 25 Oct 2022 23:54:44 |
Timur I. Bakeyev (timur) |
security/vuxml: add entry for CVE-2022-3437
There is a limited write heap buffer overflow in the GSSAPI unwrap_des()
and unwrap_des3() routines of Heimdal (included in Samba). |
1.1_5 25 Oct 2022 20:05:50 |
Rene Ladan (rene) |
security/vuxml: Add www/*chromium < 107.0.5304.68
Obtained
from: https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html |
1.1_5 23 Oct 2022 13:35:49 |
Thomas Zander (riggs) Author: Pau Amma |
security/vuxml: Document vulnerability in libudisks
PR: 267281
Reviewed by: riggs |
1.1_5 21 Oct 2022 10:14:20 |
Florian Smeets (flo) |
security/vuxml: Document vulnerabilities in phpmyfaq |
1.1_5 20 Oct 2022 11:00:58 |
Wen Heping (wen) |
security/vuxml: Document Python multiple vulnerabilities |
1.1_5 19 Oct 2022 13:53:38 |
Sergey A. Osokin (osa) |
security/vuxml: document nginx vulnerabilities
Document CVE-2022-41741, CVE-2022-41742 |
1.1_5 18 Oct 2022 18:13:21 |
Renato Botelho (garga) |
security/vuxml: Document git vulnerabilities
Document CVE-2022-39253 and CVE-2022-39260
Sponsored by: Rubicon Communications, LLC ("Netgate") |
1.1_5 18 Oct 2022 07:53:34 |
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL 3.0 vuln |
1.1_5 15 Oct 2022 22:22:08 |
Nuno Teixeira (eduardo) Author: Stefan Bethke |
security/vuxml: Document Gitea vulnerabilities
PR: 267106 |
1.1_5 12 Oct 2022 20:01:26 |
Nuno Teixeira (eduardo) |
security/vuxml: Format 0d1d2c1 text |
1.1_5 12 Oct 2022 19:37:18 |
Nuno Teixeira (eduardo) |
security/vuxml: Fix malformed CVE
Fix malformed cvename entry by removing this tag since there is no CVE
for this security issue committed in 0d1d2c1 |
1.1_5 12 Oct 2022 12:33:28 |
Nuno Teixeira (eduardo) |
security/vuxml: Add mail/roundcube-thunderbird_labels vulnerabilities
PR: 266986 |
1.1_5 12 Oct 2022 10:23:11 |
Rene Ladan (rene) |
security/vuxml: add www/*chromium < 106.0.5249.119
Obtained
from: https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html |
1.1_5 11 Oct 2022 05:26:58 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document multiple vulnerabilities in Samba |
1.1_5 10 Oct 2022 12:21:57 |
Fernando ApesteguĂa (fernape) Author: rob2g2 |
security/strongswan: Document DOS vulnerability
ChangeLog:
https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html
PR: 266938
Reported by: rob2g2-freebsd@bitbert.com
Security: CVE-2022-40617 |
1.1_5 07 Oct 2022 15:45:00 |
Fernando ApesteguĂa (fernape) Author: Jaap Akkerhuis |
net/routinator: Add net/routinator CVE
Recent versions of Routinator contain a problem that causes Routinator to
exit if it encounters invalid data in RRDP snapshot or delta files.
Details: https://nlnetlabs.nl/downloads/routinator/CVE-2022-3029.txt
PR: 266865
Reported by: jaap@NLnetLabs.nl |
1.1_5 07 Oct 2022 01:43:31 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Improve the description of c2a89e8f-44e9-11ed-9215-00e081b7aa2d
Suggested by: joneum |
1.1_5 06 Oct 2022 12:57:04 |
Wen Heping (wen) |
security/vuxml: Document Django multiple vulnerabilities |
1.1_5 06 Oct 2022 01:38:02 |
Dan Langille (dvl) |
security/vuxml: Fix broken tags |
1.1_5 05 Oct 2022 20:14:48 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2022-09-21
Sponsored by: The FreeBSD Foundation |
1.1_5 04 Oct 2022 20:57:19 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_5 04 Oct 2022 06:07:19 |
Fernando ApesteguĂa (fernape) |
security/vuxml: Add devel/zydis buffer overflow
CVE-2021-41253 devel/zydis buffer overflow vulnerability.
PR: 266766
Reported by: Martin Filla <freebsd@sysctl.cz> (maintainer) |
1.1_5 02 Oct 2022 02:00:34 |
Wen Heping (wen) |
security/vuxml: Document mediawiki multiple vulnerabilities |
1.1_5 30 Sep 2022 20:50:47 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 106.0.5249.91
Obtained from:
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html |
1.1_5 30 Sep 2022 16:11:14 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab-ce vulnerabilities |
1.1_5 29 Sep 2022 05:35:45 |
Fernando ApesteguĂa (fernape) |
security/vuxml: Document unbound vulnerability
PR: 266654
Reported by: Herbert J. Skuhra <herbert@gojira.at>
Security: CVE-2022-3204 |
1.1_5 28 Sep 2022 16:00:59 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerabilities for Matrix clients |
1.1_5 27 Sep 2022 19:43:48 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 106.0.5249.61
Obtained
from: https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html |
1.1_5 27 Sep 2022 04:17:13 |
Tobias C. Berner (tcberner) |
security/vuxml: document vulnerability in expat < 2.4.9
Rhodri James discovered a heap use-after-free vulnerability in the
doContent function in Expat, an XML parsing C library, which could
result in denial of service or potentially the execution of arbitrary
code, if a malformed XML file is processed.
https://www.debian.org/security/2022/dsa-5236
https://nvd.nist.gov/vuln/detail/CVE-2022-40674
Security: CVE-2022-40674 |
1.1_5 26 Sep 2022 10:17:05 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document exposure of sensitive information in cache manager of
squid |
1.1_5 22 Sep 2022 07:32:04 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document potential remote code execution vulnerability in redis |
1.1_5 21 Sep 2022 14:25:34 |
Nuno Teixeira (eduardo) Author: Boris Korzun |
security/vuxml: Document Grafana vulnerabilies
PR: 266530 |
1.1_5 19 Sep 2022 23:50:54 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.2 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.2
The potential DoS vulnerabilities include:
- Fix a possible overflow and crash in the ICMP analyzer when
receiving a specially crafted packet
- Fix a possible overflow and crash in the IRC analyzer when
receiving a specially crafted packet
- Fix a possible overflow and crash in the SMB analyzer when
receiving a specially crafted packet
- Fix two possible crashes when converting IP headers for output
via the raw_packet event
Reported by: Tim Wojtulewicz |
1.1_5 16 Sep 2022 20:57:40 |
Romain Tartière (romain) |
security/vuxml: Document vulnerability in PuppetDB |
1.1_5 14 Sep 2022 20:47:02 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 105.0.5195.125
Obtained
from: https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html |
1.1_5 12 Sep 2022 12:56:53 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerability for net-im/dendrite |
1.1_5 11 Sep 2022 14:03:23 |
Dmitri Goutnik (dmgk) Author: Stefan Bethke |
security/vuxml: Document Gitea vulnerabilities
PR: 266359 |
1.1_5 08 Sep 2022 00:22:51 |
Wen Heping (wen) |
security/vuxml: Document python multiple vulnerabilities |
1.1_5 07 Sep 2022 12:36:51 |
Dmitri Goutnik (dmgk) |
security/vuxml: Document Go vulnerabilities |
1.1_5 03 Sep 2022 11:30:39 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 105.0.5195.102
Obtained from:
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html |
1.1_5 01 Sep 2022 22:21:10 |
Ashish SHUKLA (ashish) |
security/vuxml: Unbreak vuxml build
Fix malformed CVE entry which I added in 46eb6e07f37e2. Thanks to dbaio@
for pointing it out. |
1.1_5 01 Sep 2022 21:55:10 |
Neel Chauhan (nc) Author: Ralf van der Enden |
dns/powerdns-recursor: Add VUXML entry |
1.1_5 01 Sep 2022 12:00:54 |
Nuno Teixeira (eduardo) |
security/vuxml: Document Grafana vulnerabilities
- vuxml: CVE-2022-31176 - Unauthorized file disclosure
PR: 266128 |
1.1_5 31 Aug 2022 22:37:41 |
Ashish SHUKLA (ashish) |
security/vuxml: Document Matrix clients' vulnerabilities |
1.1_5 31 Aug 2022 10:33:41 |
Rene Ladan (rene) |
security/vuxml: document www/chromium < 105.0.5195.52
Obtained
from: https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html |
1.1_5 31 Aug 2022 06:04:38 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-22:13.zlib |
1.1_5 30 Aug 2022 18:45:20 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab-ce vulnerabilities |
1.1_5 26 Aug 2022 23:50:45 |
Craig Leres (leres) |
security/vuxml: Mark zeek < 5.0.1 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v5.0.1
The potential DoS vulnerabilities include:
- Fix a possible overflow and crash in the ARP analyzer when
receiving a specially crafted packet.
- Fix a possible overflow and crash in the Modbus analyzer when
receiving a specially crafted packet.
- Fix two possible crashes when converting IP headers for output
via the raw_packet event.
- Fix an abort related to an error related to the ordering of
record fields when processing DNS EDNS headers via events
Reported by: Tim Wojtulewicz |
1.1_5 25 Aug 2022 19:56:02 |
Ashish SHUKLA (ashish) |
security/vuxml: update Dendrite vulnerability
- add CVE information |
1.1_5 25 Aug 2022 15:56:42 |
Bernard Spil (brnrd) |
security/vuxml: Document MariaDB vulnerabilities |
1.1_5 23 Aug 2022 05:05:01 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerability |
1.1_5 20 Aug 2022 01:24:38 |
Wen Heping (wen) |
security/vuxml: Document drupal9 multiple vulnerabilities |
1.1_5 17 Aug 2022 08:34:12 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 104.0.5112.101
Obtained
from: https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html |
1.1_5 15 Aug 2022 13:57:01 |
Ashish SHUKLA (ashish) |
security/vuxml: Document dendrite vulnerability |
1.1_5 14 Aug 2022 17:00:29 |
Nuno Teixeira (eduardo) |
security/vuxml: Document Apache Tomcat vulnerability
CVE-2022-34305 Apache Tomcat - XSS in examples web application
PR: 265821
Approved by: riggs (ports-secteam) |
1.1_5 12 Aug 2022 09:15:01 |
Guido Falsi (madpilot) |
security/vuxml: Document xfce4-tumbler vulnerability.
The vulnerability details are undisclosed at present. |
1.1_5 10 Aug 2022 21:30:06 |
Danilo G. Baio (dbaio) |
security/vuxml: Document varnish cache vulnerability |
1.1_5 10 Aug 2022 10:20:09 |
Philip Paeps (philip) |
security/vuxml: correct entry for FreeBSD SA-22:10.aio
The vulnerability reported in FreeBSD-SA-22:10.aio was corrected on the
stable/13 branch before releng/13.1 was created. Consequently, FreeBSD
13.1-RELEASE-p0 is not affected. |
1.1_5 10 Aug 2022 10:20:08 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-22:12.lib9p |
1.1_5 10 Aug 2022 10:20:08 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-22:11.vm |
1.1_5 10 Aug 2022 09:53:28 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-22:10.aio |
1.1_5 10 Aug 2022 09:53:28 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-22:09.elf |
1.1_5 10 Aug 2022 09:04:11 |
Rodrigo Osorio (rodrigo) |
security/vuxml: Document rsync client-side arbitrary file write vulnerability
PR: 265633 |
1.1_5 09 Aug 2022 09:07:27 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document double free vulnerability in GnuTLS |
1.1_5 08 Aug 2022 20:35:27 |
Santhosh Raju (fox) |
security/vuxml: Document wolfSSL multiple vulnerabilities. |