aboutsummaryrefslogtreecommitdiffstats
path: root/security/vuxml
Commit message (Collapse)AuthorAgeFilesLines
* Document the following items:remko2005-09-181-0/+60
| | | | | | | o apache -- Certificate Revocation List (CRL) off-by-one vulnerability o squirrelmail -- _$POST variable handling allows for various attacks Reviewed by: simon
* - Add an entry on possible DOS condition regarding NTLM in squidpav2005-09-161-0/+28
| | | | | PR: ports/86179 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>
* Document X11 server -- pixmap allocation vulnerability.lesi2005-09-151-0/+33
| | | | Reviewed by: simon
* Document unzip -- permission race vulnerability. [1]remko2005-09-141-1/+35
| | | | | | Update the recent htdig entry with it's corrected version. Reviewed by: simon [1]
* Document firefox & mozilla -- buffer overflow vulnerability.simon2005-09-111-0/+97
| | | | Prodded by: pav
* Mark the latest version of cups-base fixed for "xpdf -- disk fill DoSlawrance2005-09-071-2/+2
| | | | vulnerability"
* Add forgotten </package> line.remko2005-09-041-0/+1
| | | | Spotted by: simon
* Mark b2evolution prior to 0.9.0.12_2 vulnerable to the XML_RPC remote php ↵remko2005-09-041-1/+5
| | | | | | code injection vulnerability. Inspired by: pav's commit, updating the port.
* Document htdig -- cross site scripting vulnerability.remko2005-09-041-0/+29
| | | | Reviewed by: simon
* - Document two squid security related issues.sem2005-09-041-0/+55
| | | | | PR: ports/85688 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (squid maintainer)
* Document bind9 -- denial of service.remko2005-09-041-0/+44
| | | | | | | Also merge the FreeBSD-SA-05:12.bind9 advisory in the entry. [1] Suggested by: simon [1] Reviewed by: simon
* Document bind -- buffer overrun vulnerabilityremko2005-09-041-0/+28
|
* Add a more or less bogus reference section to the last entry, to make itsimon2005-09-021-0/+7
| | | | | | | a valid entry. The reference simply references the VuXML entry itself, but at least it fixes the build for now. Missed by: simon
* Document stack overflow vulnerabilities in games/urban.jylefort2005-09-021-0/+22
| | | | Approved by: simon
* Mark latest evolution port version as fixed wrt. evolution -- remotesimon2005-08-301-1/+2
| | | | format string vulnerabilities.
* Add entry for fswiki's vuln.kuriyama2005-08-291-0/+22
|
* Dante 1.1.15 is no longer affected by the fd_set bitmap index overflow.niels2005-08-291-2/+5
| | | | | | Updated the version in VuXML (was 0). Approved by: nectar (mentor)
* - Fill out part of the std. VuXML template missed in the last entry.simon2005-08-291-2/+3
| | | | | | | - Mark acroread 7.0.1 as fixed for acroread -- XML External Entity vulnerability. [1] Reported by: Sverre H. Huseby [1]
* Document evolution -- remote format string vulnerabilities.simon2005-08-281-0/+43
| | | | Approved by: portmgr (blanket, VuXML)
* Document pam_ldap -- authentication bypass vulnerability.simon2005-08-281-0/+32
| | | | Approved by: portmgr (blanket, VuXML)
* Mark phpgroupware as vulnerable to pear-XML_RPC -- remote PHP codesimon2005-08-281-1/+6
| | | | | | | injection vulnerability. Reported by: olgeni Approved by: portmgr (blanket, VuXML)
* Document pcre -- regular expression buffer overflow.simon2005-08-271-0/+29
| | | | Approved by: portmgr (blanket, VuXML)
* Mark latest awstats port as fixed for awstats -- arbitrary codesimon2005-08-241-1/+2
| | | | | | execution vulnerability. Approved by: portmgr (blanket, VuXML)
* Document mail/elm remote buffer overflow vulnerability.sem2005-08-241-0/+34
| | | | | | PR: ports/85225 Submitted by: Kevin Day <toasty@dragondata.com> (elm maintainer) Approved by: portmgr (blanket, VuXML)
* Document four vulnerabilities in openvpn:remko2005-08-191-0/+123
| | | | | | | | | | * openvpn -- multiple TCP clients connecting with the same certificate at the same time can crash the server * openvpn -- denial of service: malicious authenticated &quot;tap&quot; client can deplete server virtual memory * openvpn -- denial of service: undecryptable packet from authorized client can disconnect unrelated clients * openvpn -- denial of service: client certificate validation can disconnect unrelated clients Approved by: portsmgr (blanket VuXML) Submitted by: Matthias Andree <matthias dot andree at gmx dot de>
* Also mark phpAdsNew as affected by "pear-XML_RPC -- remote PHP codesimon2005-08-181-1/+6
| | | | | | injection vulnerability". Approved by: portmgr (blanket, VuXML)
* Add the fixed version so that people do not get a stale portaudit when the ↵remko2005-08-181-7/+7
| | | | | | | | | update is there. Also fix some indentation that i overlooked. Noticed by: simon (both of the items) Approved by: portsmgr (blanket VuXML)
* Document tor -- diffie-hellman handshake flaw.remko2005-08-181-0/+31
| | | | | Submitted by: Michal Bartkowiak <michal at nonspace dot net> Approved by: portsmgr (blanket VuXML)
* gpdf has been fixed for "xpdf -- disk fill DoS vulnerability", mark itsimon2005-08-171-0/+4
| | | | | | as such. Approved by: portmgr (blanket, VuXML)
* Add eGroupWare to the list of packages affected by "pear-XML_RPC --simon2005-08-171-0/+6
| | | | | | remote PHP code injection vulnerability". Approved by: portmgr (blanket, VuXML)
* Document acroread -- plug-in buffer overflow vulnerability.simon2005-08-171-0/+42
| | | | Approved by: portmgr (blanket, VuXML)
* Add phpmyfaq and drupal to the "pear-XML_RPC -- remote PHP codesimon2005-08-161-1/+15
| | | | | | | | | | injection vulnerability" entry since they contain an embedded version of pear-XML_RPC. Fix typo in body of the latest xpdf entry (note: no modified date bump as this is a minor typo fix which does change <affects>). Approved by: portmgr (blanket, VuXML)
* Document pear-XML_RPC -- remote PHP code injection vulnerability.simon2005-08-151-0/+36
| | | | | Submitted by: hrs Approved by: portmgr (blanket, VuXML)
* Document awstats -- arbitrary code execution vulnerability.simon2005-08-151-0/+45
| | | | Approved by: portmgr (blanket, VuXML)
* After further examination it turns out that gnugadu does not includesimon2005-08-131-2/+1
| | | | | | | | | | | | | | libgadu, at least not any in any current version, and from looking at the gnugadu code there is no direct indication that this code should actually be vulnerable to the other libgadu vulnerabilities. [1] The gaim part of libgadu -- multiple vulnerabilities was fixed in 1.4.0_1. [2] Polish translation clue: pjd [1] General clue by: markus [2] Not enough checking: simon Approved by: portmgr (blanket, VuXML)
* Remove pl-gnugadu2 and kadu from being affected by libgadu -- multiplesimon2005-08-121-5/+0
| | | | | | | vulnerabilities, since it turns out that they use libgadu from the ekg port. Approved by: portmgr (blanket, VuXML)
* Document libgadu -- multiple vulnerabilities.simon2005-08-121-0/+78
| | | | Approved by: portmgr (blanket, VuXML)
* Document gaim -- AIM/ICQ away message buffer overflow and gaim --simon2005-08-121-0/+65
| | | | | | AIM/ICQ non-UTF-8 filename crash. Approved by: portmgr (blanket, VuXML)
* Remove pdftohtml from the list of packages affected by xpdf -- disksimon2005-08-121-4/+0
| | | | | | | fill DoS vulnerability, since it includes xpdf 2, which should not be affected. Approved by: portmgr (blanket, VuXML)
* Document xpdf -- disk fill DoS vulnerability.simon2005-08-121-0/+45
| | | | Approved by: portmgr (blanket, VuXML)
* Mark apache 1.3.33_2 as fixed for apache -- http request smuggling.simon2005-08-111-2/+3
| | | | Approved by: portmgr (blanket, VuXML)
* Document gforge -- XSS and email flood vulnerabilities.simon2005-08-091-0/+46
| | | | Approved by: portmgr (blanket, VuXML)
* Document postnuke -- multiple vulnerabilities.simon2005-08-081-0/+47
| | | | Approved by: portmgr (blanket, VuXML)
* Document mambo -- multiple vulnerabilities.simon2005-08-051-0/+41
| | | | Approved by: portmgr (blanket, VuXML)
* Correct the ranges for the IPSec advisory and the devfs advisory.remko2005-08-051-3/+3
| | | | | | Also correct proper ranges for the zlib advisory. Approved by: portsmgr (blanket VuXML)
* Document some recent FreeBSD advisories:remko2005-08-051-0/+105
| | | | | | | | o devfs -- ruleset bypass. o zlib -- buffer overflow vulnerability. o ipsec -- Incorrect key usage in AES-XCBC-MAC. Approved by: portsmgr (blanket VuXML)
* Add some more entries to the apache -- http smuggling vulnerability.remko2005-08-041-2/+14
| | | | | | PR: ports/84312 Submitted by: Dmitry A Grigorovich <odip at bionet dot nsc dot ru> Approved by: portsmgr (blanket VuXML)
* Document proftpd -- format string vulnerabilities.simon2005-08-041-0/+37
| | | | Approved by: portmgr (blanket, VuXML)
* Note that the fix for gnupg -- OpenPGP symmetric encryptionsimon2005-08-041-0/+9
| | | | | | | vulnerability in gnupg is not complete (see entry for details). Discussed with: nectar Approved by: portmgr (blanket, VuXML)
* Mark p5-Crypt-OpenPGP, pgp, and pgpin as vulnerable to gnupg --simon2005-08-031-0/+7
| | | | | | | OpenPGP symmetric encryption vulnerability. Reminded by: nectar Approved by: portmgr (blanket, VuXML)
* Mark latest gdal version as fixed for all tiff vulnerabilities.simon2005-08-021-9/+24
|
* Added nbsmtp format string vulnerability.niels2005-08-011-0/+28
| | | | Approved by: nectar (mentor)
* Mark latest the linux-tiff and pdflib ports safe from latest tiffsimon2005-08-011-1/+8
| | | | | | vulnerability. Thanks to lawrance and netchild for fast fixes.
* Document sylpheed -- MIME-encoded file name buffer overflowsimon2005-07-311-0/+31
| | | | vulnerability.
* Document phpmyadmin -- cross site scripting vulnerability.simon2005-07-311-0/+30
|
* Document gnupg -- OpenPGP symmetric encryption vulnerability.simon2005-07-311-0/+37
| | | | Note: this is mainly a theoretical vulnerability.
* Bump entry date.remko2005-07-311-1/+1
| | | | | Forgotten by: remko Spotted by: simon
* Document vim -- vulnerabilities in modeline handling: glob, expand.remko2005-07-311-0/+36
| | | | Discussed with: nectar, simon
* Document that ekg -- insecure temporary file creation was fixed insimon2005-07-311-1/+2
| | | | | | 1.6r2,1. Noted by: Michal Kalkowski
* Add pdflib-perl, fractorama, gdal, iv, ivtools, ja-iv, ja-libimg,simon2005-07-311-3/+56
| | | | | paraview to recent libtiff vulnerabilities since they contain (and compile) an embedded version of libtiff...
* Change MAINTAINER address for ports maintained by the Security Team tosimon2005-07-311-1/+1
| | | | | | secteam@ instead of security@ to make it more clear that the ports are not maintained by the freebsd-security@ mailing list. Both addresses go to the same people.
* Document tiff -- buffer overflow vulnerability.simon2005-07-301-0/+39
|
* - Misc. markup/whitespace fixes.simon2005-07-301-39/+23
| | | | | | | - Collapse a few package entries from the latest apache entry (still matches same package names, is just shorter markup-wise). - Use standard topic style for jaberd entry. - Fix entry date for jaberd entry.
* Document jabberd vulnerabilities that were fixed by the latest update.vsevolod2005-07-301-0/+37
| | | | Approved by: perky (mentor)
* Be consistent and use the same title for the latest etherealsimon2005-07-301-1/+1
| | | | vulnerabilities as used for previous entries.
* Document opera -- image dragging vulnerability and opera -- downloadsimon2005-07-301-0/+78
| | | | dialog spoofing vulnerability.
* Document ethereal -- multiple vulnerabilities.simon2005-07-301-0/+71
|
* - Fix apache 2.1 range for CAN-2005-2088 entry which prevents apache 2.0 fromclement2005-07-281-1/+4
| | | | | | | upgrading. Pointyhat to: clement, remko Reviewed by: erwin
* Mark apache+mod_ssl-1.3.33+2.8.22_1 as not vulnerable in the latest Apache ↵remko2005-07-281-1/+2
| | | | entry.
* There must be an curse. s/il/li/.remko2005-07-281-7/+7
| | | | Noticed by: nectar
* Update my latest Apache entry to make clear that this only affects certainremko2005-07-281-1/+12
| | | | | | | | installations (when Apache is used as a HTTP proxy in combination with some web servers). I didn't make that clear in the first commit. Requested by: nectar Discussed with: clement
* Document apache -- http request smuggling.remko2005-07-271-0/+64
| | | | | Requested by: clement Glanced at by: clement
* Set modified date in entry for previous commit.erwin2005-07-261-0/+1
| | | | Cluebat swung by: simon
* Note that the fd_set vulnerability in net/bld was fixed in 0.3.3erwin2005-07-261-1/+4
| | | | | Prodded by: garga Glanced at by: remko
* Document clamav -- multiple remote buffer overflows.hrs2005-07-251-0/+46
|
* - Document isc-dhcpd -- format string vulnerabilities (oldersimon2005-07-231-1/+37
| | | | | | | vulnerabilty). [1] - Use standard title format for latest egroupware entry. Reminded by: Panagiotis Christias [1]
* Add entry for eGroupWare's recent vulnerabilities.kuriyama2005-07-231-0/+31
|
* Document denial of service attack in fetchmail 6.5.2.1.barner2005-07-221-0/+30
| | | | | Reported by: Matthias Andree <matthias.andree@gmx.de> Reviewed by: simon
* Update phppgadmin entry to note that it was fixed in 3.5.4 and add asimon2005-07-221-1/+4
| | | | | | few references while here anyway. Prodded by: Tobias Roth (I think :-) )
* Document dnrd -- remote buffer and stack overflow vulnerabilities.simon2005-07-221-0/+33
|
* Fix typo in last commitsimon2005-07-211-1/+1
| | | | Noticed by: Matthias Andree <matthias.andree@gmx.de>
* Add more references to latest fetchmail entry [1] and sort referencessimon2005-07-211-1/+4
| | | | | | while here anyway. Submitted by: Matthias Andree <matthias.andree@gmx.de> [1]
* Document an issue with the LDAP backend provided by PowerDNS.trhodes2005-07-211-0/+30
|
* Document fetchmail -- remote root/code injection from malicious POP3simon2005-07-211-0/+28
| | | | | | server. Submitted by: Matthias Andree <matthias.andree@gmx.de>
* o add kdebase (kate) vulnarability.mich2005-07-191-0/+33
| | | | Reviewed by: simon
* Add CVE names to recent bugzilla entry.simon2005-07-181-0/+3
|
* - Document firefox & mozilla -- multiple vulnerabilities.simon2005-07-161-1/+126
| | | | | - Minor style nit in drupal entry: Use port name (i.e. lower case) as first part of the title.
* Add an entry for the drupal vulnerabilities.erwin2005-07-161-0/+27
|
* Fixed incorrect newsfetch and mnogosearch affected package versionsniels2005-07-151-2/+2
| | | | Approved by: nectar (mentor)
* Markup fixed version of net-snmp problem.kuriyama2005-07-131-1/+2
|
* Correct a typo: s/lemote/remote/remko2005-07-101-1/+1
| | | | Spotted by: simon
* Document the following vulnerabilities:remko2005-07-101-0/+159
| | | | | | | | | | phpSysInfo -- cross site scripting vulnerability mysql-server -- insecure temporary file creation net-snmp -- fixproc insecure temporary file creation phpbb -- multiple vulnerabilities shtool -- insecure temporary file creation Approved by: simon
* Document phppgadmin -- "formLanguage" local file inclusion vulnerability.simon2005-07-091-0/+34
|
* Document pear-XML_RPC -- information disclosure vulnerabilities.simon2005-07-091-0/+31
|
* Document ekg -- insecure temporary file creation.simon2005-07-091-0/+29
|
* Document bugzilla -- multiple vulnerabilities.simon2005-07-091-0/+40
|
* Document nwclient -- multiple vulnerabilities (old issues).simon2005-07-091-0/+41
| | | | | | PR: ports/82101 Submitted by: niels Noticed by: Derik van Zuetphen <dz@426.ch>
* Add CAN reference to recent phpbb vulnerability.simon2005-07-071-0/+2
|
* Document acroread -- insecure temporary file creation.simon2005-07-071-0/+40
|
* Document two calmav vulnerabilities.simon2005-07-071-0/+87
|
* - Add FreeBSD-SA-05:16.zlib.simon2005-07-071-17/+51
| | | | | - Fix ranges for recent security advisories, a bunch of <le> really should have been <lt>.
* Document acroread -- buffer overflow vulnerability.simon2005-07-071-0/+41
|
* Document net-snmp -- remote DoS vulnerability.simon2005-07-061-0/+29
|
* Document cacti -- multiple vulnerabilities.simon2005-07-061-0/+63
| | | | Prodded by: Babak Farrokhi <babak@farrokhi.net>
* - Add another reference to bzip2 -- denial of service and permissionsimon2005-07-061-0/+68
| | | | | race vulnerabilities. - Document two cases of wordpress -- multiple vulnerabilities.
* Document the following issues:hrs2005-07-031-0/+61
| | | | | - phpbb -- remote PHP code execution vulnerability - pear-XML_RPC -- arbitrary remote code execution
* Add certvu reference to kernel -- TCP connection stall denial of servicesimon2005-07-031-0/+2
| | | | vulnerability.
* Add FreeBSD-SA-05:13.ipfw, FreeBSD-SA-05:14.bzip2, andsimon2005-06-301-0/+142
| | | | FreeBSD-SA-05:15.tcp.
* Document ethereal -- multiple protocol dissectors vulnerabilities.simon2005-06-251-0/+131
|
* Document tor -- information disclosure.hrs2005-06-241-0/+29
|
* Document linux-realplayer -- RealText parsing heap overflow.hrs2005-06-241-0/+31
|
* Document ruby -- arbitrary command execution on XMLRPC server.hrs2005-06-231-0/+33
|
* - net/cacti - potential SQL injection and cross site scripting attackssem2005-06-211-0/+24
|
* Document three opera issues.simon2005-06-211-0/+109
|
* Document sudo -- local race condition vulnerability.simon2005-06-211-0/+34
|
* Add another reference to the latest tcpdump issue.simon2005-06-211-0/+2
|
* - Add entry for trac -- file upload/download vulnerability.simon2005-06-211-10/+61
| | | | | | | | - Improve the last couple of entries a bit: - Whilespace cleanup. - Use standard topic format (port name first, then description starting with lower case). - Make sure SpamAssasin entry also match other 3.0.3 port revisions.
* - razor-agents DoS vulnerabilitiessem2005-06-201-0/+29
| | | | | PR: ports/82414 Submitted by: dawnshade <h-k@mail.ru>
* Fix year in <discovery> and <entry>.hrs2005-06-191-2/+2
| | | | | Noticed by: nectar Pointy hat to: hrs
* Document SpamAssassin -- Denial of service vulnerability.hrs2005-06-191-0/+36
|
* Document squirrelmail -- Several cross site scripting vulnerabilities.hrs2005-06-191-0/+33
|
* Document acroread -- XML External Entity vulnerability.hrs2005-06-191-0/+29
|
* Use standard topic format for gzip vulnerability.simon2005-06-181-1/+2
|
* Document FreeBSD-SA-05:11.gzip.simon2005-06-181-0/+55
|
* Document SA-05:10.tcpdump.simon2005-06-181-0/+41
|
* Document two vulnerabilities in Gaim.simon2005-06-181-0/+62
|
* Document an older, more serious gallery vulnerability.nectar2005-06-181-0/+25
|
* Document XSS vulnerabilities in gallery.nectar2005-06-181-0/+30
|
* Document KDE kstars vulnerability.nectar2005-06-181-0/+40
|
* Document fd_set overruns reported by 3APA3A.nectar2005-06-181-0/+49
|
* Document leafnode -- denial of service vulnerability.simon2005-06-091-0/+33
| | | | Submitted by: Matthias Andree <matthias.andree@gmx.de>
* Document a directory traversal issue in older GForge versions.nectar2005-06-041-0/+30
|
* Document an authentication bypass vulnerability in imap-uw.nectar2005-06-041-0/+27
|
* Document squid denial-of-service vulnerabilities.nectar2005-06-041-0/+29
|
* Document a remote denial-of-service vulnerability in racoon.nectar2005-06-041-0/+27
|
* Document integer overflows in xli.nectar2005-06-041-0/+26
|
* Document arbitrary command execution vulnerabilities in xli andnectar2005-06-041-0/+35
| | | | xloadimage.
* Add new CVE names for yamt entry.nectar2005-06-041-0/+2
|
* Correct and improve recent xli entry:nectar2005-06-041-5/+15
| | | | | | | | * It actually affected xloadimage and xli * A slightly better topic than just "buffer overflows" * More refererences * Fix the version number for xli... it is still vulnerable as of this writing
* Correct recently added yamt entry:nectar2005-06-041-6/+19
| | | | | | * This is not CAN-2004-1302, which was documented much earlier * Try to explain the issue * Add the only public reference to the issue I can find
* Buffer overflow in xli.trhodes2005-06-031-0/+24
|
* Fix breakage I caused.trhodes2005-06-031-1/+1
|
* Note buffer overflows and directory transversal issues in audio/ymat.trhodes2005-06-031-0/+25
|
* Update entry for FreeStyle Wiki:nectar2005-06-021-6/+14
| | | | | | | * <topic> style: ASCII em-dash "--" for separator * replace quoted text with more informative excerpt from a Secunia advisory * add CVE name
* Document vulnerabilities in XView library.nectar2005-06-021-0/+31
|
* document a vulnerability in xtrlocknectar2005-06-021-0/+27
|
* Document vulnerabilities reported in the Red Hat 7.1 libraries.nectar2005-06-021-0/+36
|
* Document squirrelmail vulnerabilities.nectar2005-06-021-0/+59
|
* correct version number for mailman password generation issuenectar2005-06-011-1/+1
|
* Document vulnerability in set-user-ID sympa application.nectar2005-06-011-0/+28
|
* Another older mailman vulnerability, somewhat minornectar2005-06-011-0/+38
|
* Add year-old mailman vulnerability, that seems to not have beennectar2005-06-011-0/+32
| | | | previously documented here.
* document Apache Jakarta Tomcat 5.x XSS issuenectar2005-06-011-0/+25
|
* Mark samba-2.2.12.j1.0beta1_2 as safe from "samba -- integer overflowsimon2005-05-291-1/+6
| | | | | | vulnerability". Reminded by: NAKAJI Hiroyuki <nakaji@jp.freebsd.org>
* - Update to 3.5.8 (including XSS problem fix).kuriyama2005-05-291-0/+28
| | | | | Submitted by: Toshiya SAITOH <toshiya@saitoh.nu> PR: ports/81520
* Remove a forgotten :.remko2005-05-221-1/+1
| | | | Spotted by: simon
* Document the following issues:remko2005-05-221-0/+94
| | | | | | | | o freeradius -- sql injection and denial of service vulnerability o ppxp -- local root exploit o oops -- format string vulnerability Approved by: simon
* Fix entry dates for latest squid entries.simon2005-05-201-5/+4
|
* Reword the cdrdao entry, this includes comments from Simon which i overlooked.remko2005-05-201-4/+4
| | | | | Forgotten by: remko Spotted by: simon
* - Update Squid to 2.5.STABLE10pav2005-05-191-0/+58
| | | | | PR: ports/81213 Submitted by: Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
* Document cdrdao -- unspecified privilege escalation vulnerability.remko2005-05-191-0/+28
| | | | Approved by: simon
* Document two gaim issues.simon2005-05-141-0/+69
|
* Add FreeBSD-SA-05:09.htt.nectar2005-05-141-0/+50
|
* $EDITOR should not be quoted. It might be "emacsclient -a vi" ornectar2005-05-131-1/+1
| | | | something.
* MAINTAINER -> security@FreeBSD.orgnectar2005-05-131-1/+1
|
* Update some leafnode references.nectar2005-05-131-3/+45
| | | | | | | Add new leafnode vulnerability. PR: ports/80724 Submitted by: Matthias Andree <matthias.andree@gmx.de>
* Document two new vulnerabilities in mozilla/firefox.simon2005-05-121-0/+183
|
* Document mozilla -- code execution via javascript: IconURL vulnerability.simon2005-05-121-0/+100
|
* Document some vulnerabilities in groff.okazaki2005-05-091-0/+55
| | | | | | | | - pic2graph and eqn2graph are vulnerable to symlink attack through temporary files - groffer uses temporary files unsafely PR: ports/80671 Submitted by: KOMATSU Shinichiro
* - gnu-radius exploitation was fixed in maintenance release 1.2.94sem2005-05-031-1/+2
| | | | | | | as reported in http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities PR: ports/80558 (follow-up) Submitted by: Vsevolod Stakhov <vsevolod@highsecure.ru>
* . Update the version for the jar(1) vulnerability so that 1.2.2p11_4 isglewis2005-05-031-2/+3
| | | | no longer considered vulnerable. Adjust the modified date for the entry.
* Document sharutils -- unshar insecure temporary file creationremko2005-05-011-0/+30
| | | | Approved by: simon
* Document rsnapshot -- local privilege escalationremko2005-05-011-0/+31
| | | | Approved by: simon
* coppermine -- IP spoofing and XSS vulnerabilitybrooks2005-05-011-0/+35
|
* . Correct the range of vulnerable jdk14 ports for the jar(1) vulnerabilityglewis2005-04-291-2/+2
| | | | and update the modified time for the entry.
* Document ImageMagick -- ReadPNMImage() heap overflow vulnerability.simon2005-04-281-0/+30
|
* Bump modified date for last commit.simon2005-04-281-1/+2
|
* . Adjust ranges so that jdk-1.3.1p9_5 is no longer marked as vulnerable toglewis2005-04-281-2/+3
| | | | | the jar(1) vulnerability but is still marked vulnerable to the browser plugin vulnerability (although the plugin is no longer built by default).
* Document mplayer & libxine -- MMS and Real RTSP buffer overflowsimon2005-04-261-0/+61
| | | | vulnerabilities.
* Document some older vulnerabilities in GAIM.simon2005-04-261-0/+66
|
* Document kdewebdev -- kommander untrusted code execution vulnerability.simon2005-04-231-0/+33
|
* Fix a typo in the kdelibs - kimgio entry.remko2005-04-231-1/+1
|
* junkbuster -- heap corruption vulnerability and configuration modification ↵remko2005-04-231-0/+41
| | | | | | vulnerability Approved by: simon
* Document kdelibs -- kimgio input validation errors.simon2005-04-221-0/+35
|
* Mark latest openoffice 1.1 as fixed wrt. openoffice -- DOC documentsimon2005-04-201-1/+2
| | | | | | heap overflow vulnerability. Informed by: maho
* Document gld -- format string and buffer overflow vulnerabilitiesremko2005-04-191-0/+37
|
* Document remote buffer overflow in ftp/axel.naddy2005-04-171-0/+31
|
* Document firefox -- PLUGINSPAGE privileged javascript execution (alsosimon2005-04-171-0/+44
| | | | from the < 1.0.3 batch).
* Document jdk - jar directory traversal vulnerability.remko2005-04-171-0/+55
| | | | Approved by: simon
* Document several mozilla/firefox issues.simon2005-04-171-0/+303
|
* Mark wget >= 1.10.a1 safe from the "wget -- multiple vulnerabilities"simon2005-04-161-2/+5
| | | | | | entry. Info provided by: sf
* Document openoffice -- DOC document heap overflow vulnerability.simon2005-04-141-0/+74
|
* Fix and document insecure temporary file handling in portupgrade.simon2005-04-121-0/+51
| | | | | | | | Security: CAN-2005-0610 Security: http://vuxml.FreeBSD.org/22f00553-a09d-11d9-a788-0001020eed82.html Approved by: erwin (mentor), maintainer timeout OK'ed by: portmgr Reviewed by: nectar
* Document three GAIM vulnerabilities.simon2005-04-111-0/+103
|
* Document an old PHP issue.simon2005-04-111-0/+42
|
* Document squid -- DoS on failed PUT/POST requests vulnerability.simon2005-04-101-0/+28
| | | | Submitted by: Devon H. O'Dell <dodell@offmyserver.com> (original version)
* - Fix closing tag on the entry I just touched.pav2005-04-101-1/+1
| | | | | Pointed out by: still Chimera Blaming: too much bear earlier tonight
* - Add <modified> to the entry I just touchedpav2005-04-101-0/+1
| | | | Prodded by: Chimera
* - CAN-2005-0133 is fixed in clamav-devel-20050408pav2005-04-101-1/+1
| | | | | PR: ports/79688 Submitted by: Renato Botelho <freebsd@galle.com.br>
* Bump modified date for entry modified last commit.simon2005-04-061-0/+1
|
* add CVE name to latest vuln of Cyrus IMAPd.ume2005-04-061-0/+1
|
* Add an entry for a XSS vulnerabilty fixed in horde-3.0.4.thierry2005-04-061-0/+38
|
* Document wu-ftpd -- remote globbing DoS vulnerability.simon2005-04-051-0/+40
|
* Add CVE name to hashash entry.simon2005-04-031-0/+2
|
* Document hashcash format string vulnerability.naddy2005-04-031-0/+29
|
* Document clamav -- zip handling DoS vulnerability.simon2005-03-271-0/+30
| | | | Approved by: portmgr (blanket, VuXML)
* Document Wine information disclosure.nectar2005-03-241-0/+43
| | | | | | Based on an entry that was Submitted by: Devon H. O'Dell <dodell@offmyserver.com> Approved by: portmgr (blanket, VuXML)
* Document the most serious of the recently disclosednectar2005-03-241-0/+117
| | | | | | | | Mozilla/Firefox/Thunderbird vulnerabilities. Based on entries that were Submitted by: Devon H. O'Dell <dodell@offmyserver.com> Approved by: portmgr (blanket, VuXML)
* Document Sylpheed buffer overflow.nectar2005-03-241-0/+31
| | | | | Reminded by: netchild Approved by: portmgr (blanket, VuXML)
* Document xv -- filename handling format string vulnerability.simon2005-03-221-0/+31
| | | | Approved by: portmgr (implicit, VuXML)
* Document kdelibs -- local DCOP denial of service vulnerability.simon2005-03-221-0/+37
| | | | Approved by: portmgr (implicit, VuXML)
* Mark grip port as fixed for recent vulnerability.simon2005-03-191-1/+2
| | | | Requested by: ahze
* Document phpmyadmin -- increased privilege vulnerability.simon2005-03-161-0/+30
|
* Note that recent Quake2-LNX is fixed.danfe2005-03-161-1/+5
|
* Recent mysql snapshot import fixed several vulnerabilities.ale2005-03-151-5/+9
|
* Document ethereal -- multiple protocol dissectors vulnerabilities.simon2005-03-151-0/+46
|
* Document "grip -- CDDB response multiple matches buffer overflowsimon2005-03-151-0/+29
| | | | vulnerability".
* Update references for latest MySQL entry:simon2005-03-151-1/+4
| | | | | - Use bid tag for Bugtraq ID reference. - Add CVE names.
* Document multiple mysql remote vulnerabilities.ale2005-03-141-0/+43
|
* Add an entry about rxvt-unicode bufer overflow.thierry2005-03-131-0/+27
|
* Document two phpMyAdmin issues.simon2005-03-091-0/+82
|
* Document libexif -- buffer overflow vulnerability.simon2005-03-091-0/+27
|
* Fix invalid date.nectar2005-03-071-2/+2
| | | | Noticed by: Kang Liu <liukang@bjut.edu.cn>
* Add <modified> date for recent commit to phpbb vulnerability.nectar2005-03-071-2/+4
| | | | | | Forgotten by: delphij While here, add msgids for recent phpbb addition.
* Document a low risk HTML injection (configuration bypass)delphij2005-03-051-0/+31
| | | | | | | | vulnerability [1] of phpBB. (maintainer contacted and is preparing a fix) [1] http://marc.theaimsgroup.com/?l=bugtraq&m=110987231502274
* Add bugtraq bug ID for phpbb vulnerability.delphij2005-03-051-0/+1
| | | | Submitted by: Kang LIU <liukang bjut edu cn>
* Document two phpnuke vulnerabilities, and a Linux RealPlayernectar2005-03-051-0/+109
| | | | | | | vulnerability. Based on entries that were Submitted by: Devon H. O'Dell <dodell@sitetronics.com>
* - Document ImageMagick -- format string vulnerability.simon2005-03-041-1/+33
| | | | - Fix typo on older tiff entry.
* Document the privilege escalation vulnerability in uim.nobutaka2005-03-021-0/+33
|
* Fix typo in linux-tiff version number fornectar2005-03-011-2/+2
| | | | | | http://vuxml.freebsd.org/8f86d8b5-6025-11d9-a9e7-0001020eed82.html Reported by: Ian Moore <no-spam@swiftdsl.com.au>
* Document lighttpd information disclosure bug.nectar2005-03-011-0/+33
| | | | | This entry is based on one that was Submitted by: Devon H. O'Dell <dodell@offmyserver.com>
* Fix typo in linux-tiff version number fornectar2005-02-281-1/+1
| | | | | | http://vuxml..freebsd.org/fc7e6a42-6012-11d9-a9e7-0001020eed82.html Reported by: Ian Moore <no-spam@swiftdsl.com.au>
* Document latest phpBB critical security vulnerabilities.delphij2005-02-281-0/+31
| | | | Submitted by: Kang LIU <liukang bjut edu cn>
* Correct the linux-tiff version number for several entries.nectar2005-02-281-8/+20
| | | | Reported by: netchild
* Document curl -- authentication buffer overflow vulnerability.simon2005-02-281-0/+50
|
* - Document cyrus-imapd -- multiple buffer overflow vulnerabilities. [1]simon2005-02-281-1/+43
| | | | | | - Use bid tag for a reference in sup entry. Advice from: ume [1]
* Document format string vulnerabilities in net/sup.hrs2005-02-271-0/+33
|
* - Just use mozilla in title for last entry for consistency.simon2005-02-271-1/+77
| | | | - Document mozilla -- insecure temporary directory vulnerability.
* Update list of affected mozilla/firefox ports by the web browsers --simon2005-02-271-5/+14
| | | | window injection vulnerabilities entry.
* Document mozilla & firefox -- arbitrary code execution vulnerability.simon2005-02-261-0/+87
| | | | Submitted by: Devon H. O'Dell <dodell@sitetronics.com> (original version)
* Improve the description of the latest phpBB information disclosurenectar2005-02-251-5/+16
| | | | | | bugs. Submitted by: delphij (in part)
* Document a format string vulnerability in mkbold-mkitalic.hrs2005-02-241-0/+24
| | | | Reviewed by: simon
* Add CVE names for wget.nectar2005-02-241-0/+3
|
* De-confuse latest AWStats entry: rewrite description, and add relevantnectar2005-02-231-13/+22
| | | | | references. There were so many bugs, it was hard to keep them straight (^_^).
* Format the <topic> of the most recent entry so that it is morenectar2005-02-231-1/+1
| | | | consistent with other entries.
* Document latest phpbb vulnerabilities.delphij2005-02-231-0/+47
| | | | Discussed with: phpbb maintainer
* Add more references to recent putty vulnerability.simon2005-02-231-0/+4
|
* The mod_dosevasive port was upgraded.nectar2005-02-231-1/+3
|
* Nit:nectar2005-02-231-26/+6
| | | | | | | | | | | | | - In most recent `unace' entry, replace HTML entity with the Unicode character. We do not use HTML entities so that a VuXML document may be processed without using the DTD. (We also avoid character entity references for more natural grep'ing, sed'ing, and editor searching.) Corrections: - An invalid UUID was assigned to a FreeRADIUS vulnerability, and went undetected since last October. (>_<) Correct it. - A bnc vulnerability was duplicated. Cancel the older, less informative entry and update the newer entry.
* Document unace-1.2b vulnerabilities: buffer overflows, directory traversal.naddy2005-02-221-0/+32
|
generated by cgit (git 2.34.1) at 2025-01-19 14:16:04 +0800