Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.1_5 16 Mar 2022 07:42:27 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-22:02.wifi |
1.1_5 15 Mar 2022 22:45:57 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 99.0.4844.74
Obtained
from: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html |
1.1_5 15 Mar 2022 14:47:19 |
Bernard Spil (brnrd) |
security/vuxml: Document Apache 2.4.52 vulns |
1.1_5 10 Mar 2022 12:14:19 |
Dmitry Marakasov (amdmi3) |
security/vuxml: document CVE-2021-43518 for games/teeworlds |
1.1_5 10 Mar 2022 12:10:24 |
Dmitry Marakasov (amdmi3) |
security/vuxml: fix syntax broken in 8d55457
PR: 255948 |
1.1_5 09 Mar 2022 10:05:27 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_5 07 Mar 2022 17:23:07 |
Neel Chauhan (nc) Author: Mathias Monnerville |
security/vuxml: add CVE entries related to www/glpi
PR: 255948 |
1.1_5 05 Mar 2022 09:37:17 |
Guido Falsi (madpilot) |
security/vuxml: Report new asterisk vulnerabilities. |
1.1_5 02 Mar 2022 09:30:34 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 99.0.4844.51
Obtained
from: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html |
1.1_5 28 Feb 2022 12:29:37 |
Hajimu UMEMOTO (ume) |
security/vuxml: Document cyrus-sasl -- Fix off by one error |
1.1_5 27 Feb 2022 16:43:37 |
Florian Smeets (flo) |
security/vuxml: Document TYPO3 vulnerabilities
PR: 262196, 262197 |
1.1_5 26 Feb 2022 14:58:47 |
Thomas Zander (riggs) |
security/vuxml: Document grafana vulnerabilities
PR: 261892
Reported by: Boris Korzun <drtr0jan@yandex.ru>
Security: CVE-2022-21702
CVE-2022-21703
CVE-2022-21713 |
1.1_5 25 Feb 2022 01:55:24 |
Jason E. Hale (jhale) |
security/vuxml: Document CVE-2021-40530 for security/cryptopp |
1.1_5 24 Feb 2022 21:05:00 |
Christian Weisgerber (naddy) |
security/vuxml: document CVE-2021-0561 for audio/flac |
1.1_5 23 Feb 2022 02:34:42 |
Hajimu UMEMOTO (ume) |
security/vuxml: cyrus-sasl -- Escape password for SQL insert/update commands |
1.1_5 22 Feb 2022 14:21:52 |
Jan Beich (jbeich) |
security/vuxml: add CVE for seatd 0.6.[0-3] entry |
1.1_5 22 Feb 2022 13:46:41 |
Dmitry Marakasov (amdmi3) |
security/vuxml: py-tuf vulnerability |
1.1_5 21 Feb 2022 22:59:58 |
Jan Beich (jbeich) |
security/vuxml: mark seatd 0.6.[0-3] as vulnerable |
1.1_5 21 Feb 2022 00:25:59 |
Adriaan de Groot (adridg) |
security/vuxml: Qt5 vulnerability |
1.1_5 20 Feb 2022 13:18:29 |
Jason E. Hale (jhale) |
security/vuxml: Document CVE-2021-3756 for audio/libmysofa |
1.1_5 18 Feb 2022 09:36:07 |
Bernard Spil (brnrd) |
security/vuxml: MariaDB vulnerabilities |
1.1_5 18 Feb 2022 06:57:00 |
Guangyuan Yang (ygy) |
security/vuxml: Document lang/go vulnerabilities |
1.1_5 15 Feb 2022 15:35:03 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 98.0.4758.102
Obtained
from: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html |
1.1_5 15 Feb 2022 10:14:55 |
Bernard Spil (brnrd) |
security/vuxml: Add additional vuln for MariaDB |
1.1_5 14 Feb 2022 05:19:49 |
Koichiro Iwao (meta) |
security/vuxml: Fix affected version declaration
and add missing PORTEPOCH.
PR: 261856 |
1.1_5 13 Feb 2022 09:14:32 |
Kai Knoblich (kai) Author: Sascha Biberhofer |
security/vuxml: Document devel/py-twisted vulnerabilities
PR: 261791 |
1.1_5 12 Feb 2022 18:34:20 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document arbitrary command execution vulnerability in Zsh |
1.1_5 10 Feb 2022 16:00:36 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2022-02-09
Sponsored by: The FreeBSD Foundation |
1.1_5 10 Feb 2022 07:58:45 |
Bernard Spil (brnrd) |
security/vuxml: Document MariaDB vulnerabilities |
1.1_5 09 Feb 2022 02:32:47 |
Jung-uk Kim (jkim) |
security/vuxml: Add missing PORTEPOCH for x11/libX11
PR: 261804 |
1.1_5 08 Feb 2022 04:17:18 |
Koichiro Iwao (meta) |
security/vuxml: Document xrdp vulnerability
Security: fc2a9541-8893-11ec-9d01-80ee73419af3
Security: CVE-2022-23613
Sponsored by: HAW International |
1.1_5 04 Feb 2022 16:21:33 |
Matthias Fechner (mfechner) |
security/vuxml: Document gitlab vulnerabilities |
1.1_5 03 Feb 2022 14:02:33 |
Tobias Kortkamp (tobik) |
security/vuxml: Fix recent lang/rust entry
PR: 261449 |
1.1_5 02 Feb 2022 21:33:47 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 98.0.4758.80
Obtained
from: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html |
1.1_5 02 Feb 2022 12:48:15 |
Dave Cottlehuber (dch) |
security/vuxml: add h2o-devel vuln details
Security: CVE-2021-43848 |
1.1_5 02 Feb 2022 05:05:00 |
Philip Paeps (philip) |
security/vuxml: add FreeBSD SA-22:01.vt |
1.1_5 02 Feb 2022 01:47:37 |
Timur I. Bakeyev (timur) |
security/vuxml: Add a note about recent Samba vulnerabilities.
CVE-2021-43566
CVE-2021-44141
CVE-2021-44142
CVE-2022-0336
Security: CVE-2021-43566
CVE-2021-44141
CVE-2021-44142
CVE-2022-0336 |
1.1_5 31 Jan 2022 08:27:47 |
Bernard Spil (brnrd) |
security/vuxml: Document Rust vulnerability |
1.1_5 30 Jan 2022 00:12:57 |
Danilo G. Baio (dbaio) |
security/vuxml: Remove wrong cvename entry
From:
<vuln vid="7262f826-795e-11ec-8be6-d4c9ef517024">
<topic>MySQL -- Multiple vulnerabilities</topic>
<entry>2022-01-19</entry> |
1.1_5 29 Jan 2022 23:17:04 |
Danilo G. Baio (dbaio) |
security/vuxml: Document varnish cache vulnerability
PR: 261562
Security: CVE-2022-23959 |
1.1_5 28 Jan 2022 18:51:52 |
Matthias Andree (mandree) |
security/vuxml: document OpenEXR < 3.1.4 vuln
Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute
Security: b6ef8a53-8062-11ec-9af3-fb232efe4d2e
Security: CVE-2021-45942 |
1.1_5 28 Jan 2022 15:21:05 |
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL MIPS vulnerability |
1.1_5 27 Jan 2022 07:18:51 |
Fernando ApesteguÃa (fernape) |
security/vuxml: Add CVE-2022-0323 (www/phpmustache)
Following change in 4f0a5e1540c3..6901bf72b3b2
Reported by: Marc Veldman <marc@bumblingdork.com> (maintainer) |
1.1_5 26 Jan 2022 23:05:01 |
Adriaan de Groot (adridg) |
security/vuxml: notify polkit local-privilege-escalation
It was unclear if the actual explot would work on FreeBSD,
since there's no GNU libc which the payload would work on.
The following changes are / have been applied:
- fix in polkit from upstream (from Greg V)
- at kernel level, fixes to disallow argc==0 (from kevans, I think)
PR: 261482 |
1.1_5 26 Jan 2022 18:54:49 |
Dries Michiels (driesm) Author: Francois ten Krooden |
security/vuxml: Document security/strongswan CVE-2021-45079
PR: 261462 |
1.1_5 26 Jan 2022 04:44:03 |
Li-Wen Hsu (lwhsu) Author: Francois ten Krooden |
security/vuxml: Add CVE-2021-41990 and CVE-2021-41991 for security/strongswan
PR: 259267 |
1.1_5 23 Jan 2022 23:01:46 |
Cy Schubert (cy) |
security/vuxml: Document aide CVE-2021-45417
Document aide heap buffer overflow.
PR: 261407
Reported by: Yonas Yanfa <yonas.yanfa@gmail.com> |
1.1_5 20 Jan 2022 16:42:12 |
Rene Ladan (rene) |
security/vuxml: document www/chromium < 97.0.4692.99
Obtained
from: https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html |
1.1_5 19 Jan 2022 19:48:50 |
Bernard Spil (brnrd) |
security/vuxml: Document MySQL vulnerabilities |
1.1_5 16 Jan 2022 06:30:30 |
Thomas Zander (riggs) |
security/vuxml: Document Prosody XMPP server advisory 2022-01-13
PR: 261210
Reported by: thomas@beingboiled.info
Security: CVE-2022-0217 |
1.1_5 13 Jan 2022 18:40:54 |
Bernard Spil (brnrd) |
security/vuxml: Document WordPress vulnerabilities |
1.1_5 13 Jan 2022 11:46:14 |
Matthias Fechner (mfechner) |
security/vuxml: document www/gitlab-ce vulnerabilities |
1.1_5 13 Jan 2022 03:32:20 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document invalid pointer read vulnerability in ClamAV. |
1.1_5 12 Jan 2022 18:57:55 |
Li-Wen Hsu (lwhsu) |
security/vuxml: Document Jenkins Security Advisory 2022-01-12
Sponsored by: The FreeBSD Foundation |
1.1_5 09 Jan 2022 13:37:24 |
Thomas Zander (riggs) |
security/vuxml: Document vulnerabilities in net/uniparser before 0.9.6
PR: 261056
Security: CVE-2021-46141
CVE-2021-46142 |
1.1_5 06 Jan 2022 01:35:36 |
Wen Heping (wen) |
security/vuxml: Document django multiple vulnerabilities. |
1.1_5 05 Jan 2022 14:46:17 |
Fernando ApesteguÃa (fernape) |
security/vuxml: document routinator vulnerabilities |
1.1_5 05 Jan 2022 13:14:51 |
Rene Ladan (rene) |
security/vuxml: document www/chromium < 97.0.4692.71
While here add definitions for 2022, as this is the first vuxml commit
of the year. This cannot be done in its own commit because `make
validate` complains in that case (even with a 0-byte vuln-2022.xml).
Obtained
from: https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html |
1.1_5 31 Dec 2021 09:19:15 |
Bernard Spil (brnrd) |
security/vuxml: Document Roundcube vulnerability |
1.1_5 30 Dec 2021 19:00:00 |
Tijl Coosemans (tijl) |
security/vuxml: Document Mbed TLS advisory 2021-12
Security: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12 |
1.1_5 30 Dec 2021 03:24:47 |
Philip Paeps (philip) Author: Dan Mahoney |
security/vuxml: OpenDMARC 1.4.1 vulnerability
PR: 260594 |
1.1_5 30 Dec 2021 03:23:33 |
Philip Paeps (philip) Author: Dan Mahoney |
security/vuxml: OpenDMARC 1.3.2 vulnerabilities
PR: 240505 |
1.1_5 29 Dec 2021 17:55:31 |
Steve Wills (swills) |
security/vuxml: document minio issue |
1.1_5 27 Dec 2021 22:06:58 |
Thierry Thomas (thierry) |
security/vuxml: add an entrey for ReDoS in graphics/py-pillow
Security: CVE-2021-23437 |
1.1_5 27 Dec 2021 18:18:46 |
Romain Tartière (romain) |
security/vuxml: Document more Log4Shell vulnerabilities
With hat: opensearch |
1.1_5 21 Dec 2021 23:41:14 |
Don Lewis (truckman) |
security/vuxml: Document opengrok RCE CVE-2021-2322 |
1.1_5 21 Dec 2021 13:39:58 |
Wen Heping (wen) |
security/vuxml: Document mediawiki multiple vulnerabilities |
1.1_5 21 Dec 2021 07:15:20 |
Dave Cottlehuber (dch) |
security/vuxml: add graylog RCE via log4j CVE-2021-45046
Security: CVE-2021-45046
Sponsored by: SkunkWerks, GmbH |
1.1_5 20 Dec 2021 15:37:40 |
Bernard Spil (brnrd) |
security/vuxml: Document Apache httpd vulnerabilities |
1.1_5 18 Dec 2021 20:11:37 |
Matthew Seaman (matthew) |
security/vuxml: add two grafana security advisories
Moderate severity directory traversal vulnerabilities for .csv
(CVE-2021-43815) and .md (CVE-2021-43813) files.
PR: 260358, 260401
Reported by: Boris Kozun (maintainer), ohauer |
1.1_5 15 Dec 2021 07:00:52 |
Alexander Leidinger (netchild) |
security/vuxml: add serviio (log4j) |
1.1_5 15 Dec 2021 04:03:47 |
Neel Chauhan (nc) |
security/vuxml: Add provoxy vulnerability |
1.1_5 14 Dec 2021 19:11:53 |
Bernard Spil (brnrd) |
security/vuxml: Document OpenSSL 3.0 vulnerability |
1.1_5 14 Dec 2021 12:42:11 |
Alexander Leidinger (netchild) |
security/vuxml: add security/bastillion (log4j) |
1.1_5 14 Dec 2021 10:21:55 |
Rene Ladan (rene) |
security/vuxml: add www/chromium < 96.0.4664.110
Obtained
from: https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html |
1.1_5 13 Dec 2021 16:52:39 |
Ashish SHUKLA (ashish) |
security/vuxml: Document vulnerabilities in Matrix clients
Security: 0dcf68fa-5c31-11ec-875e-901b0e9408dc |
1.1_5 13 Dec 2021 16:48:00 |
Ashish SHUKLA (ashish) |
security/vuxml: Fix tab/spaces in openhab2, and solr entries
This was breaking make validate for the entry I am trying to add
While here also purge the likely accidentally added file vuln.xml.unexpanded
in 00bad07fd782 |
1.1_5 13 Dec 2021 13:50:20 |
Matthias Fechner (mfechner) |
security/vuxml: fixed solr entry, only version 8.11.1 will fix it
The fixed version is not released yet. |
1.1_5 13 Dec 2021 13:04:38 |
Alexander Leidinger (netchild) |
security/vuxml: fix Solr XML and add openhab (log4shell) |
1.1_5 13 Dec 2021 07:22:56 |
Matthias Fechner (mfechner) |
security/vuxml: added vulnerability entry for solr |
1.1_5 13 Dec 2021 05:28:28 |
Romain Tartière (romain) |
security/vuxml: Document OpenSearch might be vulnerable to Log4Shell
With hat: opensearch |
1.1_5 12 Dec 2021 00:46:03 |
Xin LI (delphij) Author: Boris Korzun |
security/vuxml: Document multiple vulnerabilities of grafana8
PR: ports/259638 |
1.1_5 11 Dec 2021 21:58:59 |
Carlo Strub (cs) |
security/vuxml: p7zip CVE-2018-10115
PR: 228239
Reported by: Dani <i.dani@outlook.com>
Security: CVE-2018-10115 |
1.1_5 11 Dec 2021 11:48:34 |
Dave Cottlehuber (dch) |
security/vuxml: document sysutils/graylog log4j vuln
Reported
by: https://github.com/Graylog2/graylog2-server/commit/d3e441f1126f0dc292e986879039a87c59375b2a
Security: CVE-2021-44228 |
1.1_5 10 Dec 2021 02:36:34 |
Guangyuan Yang (ygy) |
security/vuxml: Document lang/go vulnerabilities |
1.1_5 07 Dec 2021 20:59:33 |
Rene Ladan (rene) |
security/vuxml: document www/chromium < 96.0.4664.93
Obtained
from: https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html |
1.1_5 07 Dec 2021 08:05:25 |
Matthias Fechner (mfechner) |
security/vuxml: document gitlab vulnerabilities |
1.1_5 02 Dec 2021 13:58:50 |
Bernard Spil (brnrd) |
security/vuxml: Record NSS vulnerability |
1.1_5 01 Dec 2021 19:09:11 |
Matthias Andree (mandree) |
security/vuxml: mail/mailman < 2.1.38 CSRF vuln.
Security: CVE-2021-44227
Security: 0d6efbe3-52d9-11ec-9472-e3667ed6088e |
1.1_5 25 Nov 2021 01:54:25 |
Mateusz Piotrowski (0mp) |
security/vuxml: Mark java/bouncycastle as vulnerable where applicable
Some of the reported java/bouncycastle15 security issues affect the
legacy port of java/bouncycastle as well. Update vuxml.xml accordingly.
Sponsored by: Modirum MDPay
Sponsored by: Klara, Inc. |
1.1_5 24 Nov 2021 15:18:56 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document cookie prefix spoofing in rubygem-cgi |
1.1_5 24 Nov 2021 15:18:56 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document buffer overrun in rubygem-cgi |
1.1_5 24 Nov 2021 15:18:56 |
Yasuhiro Kimura (yasu) |
security/vuxml: Update affecting packages of
6916ea94-4628-11ec-bbe2-0800270512f4
This vulnerability also affects ruby ports. |
1.1_5 23 Nov 2021 16:53:00 |
Ashish SHUKLA (ashish) Author: Evilham |
security/vuxml: Document vulnerability in Matrix Synapse
PR: 259994
Reported by: Sascha Biberhofer <ports at skyforge dot at>
Security: 27aa2253-4c72-11ec-b6b9-e86a64caca56
Security: CVE-2021-41281 |
1.1_5 19 Nov 2021 09:47:50 |
Guangyuan Yang (ygy) Author: Robert Clausecker |
security/vuxml: Document archivers/advancecomp vulnerabilities
PR: 259534 |
1.1_5 16 Nov 2021 22:48:48 |
Rene Ladan (rene) |
security/vuxml: document www/chromium < 96.0.4664.45
Obtained
from: https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html |
1.1_5 15 Nov 2021 15:42:11 |
Yasuhiro Kimura (yasu) |
security/vuxml: Document denial of service vunlerability in rubygem-date |
1.1_5 15 Nov 2021 11:04:58 |
Bernard Spil (brnrd) |
security/vuxml: Mark roundcube vuln in quarterly |
1.1_5 13 Nov 2021 10:52:32 |
Matthias Andree (mandree) |
security/vuxml: also list mailman exim4/postfix pkgs
The initial commit 162e701a5982 omitted listing the
-exim4 and -postfix packages. Make up for that.
Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security: CVE-2021-43331
Security: CVE-2021-43332 |
1.1_5 13 Nov 2021 10:06:43 |
Matthias Andree (mandree) |
security/vuxml: document mail/mailman < 2.1.37 issues
- A potential XSS attack via the user options page has been reported by
Harsh Jaiswal. This is fixed. CVE-2021-43331 (LP: #1949401)
LP: A crafted URL to the user options page can execute arbitrary
javascript.
- A potential for for a list moderator to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-43332 (LP: #1949403)
LP: The CSRF token for the admindb page contains an encrypted version of
the list admin password which could potentially be cracked by a
moderator via an off-line brute force attack.
Security: 9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security: CVE-2021-43331
Security: CVE-2021-43332 |