aboutsummaryrefslogtreecommitdiffstats
path: root/security
Commit message (Collapse)AuthorAgeFilesLines
* I suck. (Correct a typo that would have been readily detected ifnectar2004-10-221-1/+1
| | | | I would have run `make validate' before committing.)
* Add CVE name for cabextract issue.nectar2004-10-221-0/+2
|
* Fix a copy/paste typo in last commit.simon2004-10-221-1/+1
|
* Document DoS in Apache 2 SSL handling.simon2004-10-221-0/+37
| | | | Approved by: nectar
* Mark deprecated due to no maintainer and unpatched denial-of-servicenectar2004-10-221-0/+3
| | | | | vulnerability: http://vuxml.freebsd.org/b7cb488c-8349-11d8-a41f-0020ed76ef5a.html
* Note that xpm has been fixed.nectar2004-10-221-2/+8
| | | | Also, it appears that Motif itself is affected, so add related packages.
* - bump PORTREVISION after update dependency.leeym2004-10-211-0/+1
| | | | | PR: 72961 Submitted by: Matt <matt@xtaz.net>
* add procmail into dependency list.leeym2004-10-211-1/+2
| | | | | Noticed by: kris Submitted by: Matt <matt@xtaz.net>
* - Fix OPTIONS handlingpav2004-10-211-2/+2
|
* Update entry regarding INN 2.4.x buffer overflow:nectar2004-10-211-2/+3
| | | | | | | | | - The email archive referenced is no longer available. Use marc.theaimsgroup.com archive instead. - Note that only 2.4.x versions are affected (earlier ones are not). Reported by: leeym
* Document remote command execution vulnerability in phpMyAdmin.simon2004-10-211-0/+32
| | | | Approved by: nectar
* - don't delete the virus database on deinstalldinoex2004-10-211-2/+2
| | | | | (sync with clamav-devel) Approved by: Rob Evers
* Update 1.3.4 --> 1.3.5cy2004-10-2120-196/+16
|
* Document insecure directory handling in cabextract.simon2004-10-211-0/+24
| | | | Approved by: nectar
* - Update to 1.1 (final). For changes since 1.1-beta see the ChangeLogmarius2004-10-219-119/+159
| | | | | | | | | | | | | | | | | | | | | | | in the DOCSDIR. - Rename the start script from antivir-milter.sh to avmilter.sh to be consistent with naming of the rest of the installed AntiVir Milter files and directories. - Now that AntiVir Milter supports using a different location from /etc for the ignore, scan and warn config files no longer install them in the EXAMPLESDIR but in PREFIX/etc/avmilter (i.e. install as sample files, copy over when not already existent, etc.). - Change the location of the AntiVir Milter config file (avmilter.conf) but not that of the scan engine (antivir.conf; shared between different AntiVir products) from PREFIX/etc to PREFIX/etc/avmilter in order to have all AntiVir Milter config files in one place but don't directly populate PREFIX/etc with them. If you had previously changed PREFIX/etc/avmilter.conf you have to bring over your changes to PREFIX/etc/avmilter/avmilter.conf but note that some variables have been renamed. If you used ignore, scan and/or warn files in /etc you can now move them to PREFIX/etc/avmilter. Approved by: netchild
* Chase the Gaim 1.0.2 upgrade.marcus2004-10-212-2/+2
|
* Update to DAT 4400jeh2004-10-212-3/+3
|
* Base if the last update was successful on the dontents of file_id.diz,jeh2004-10-211-2/+2
| | | | | | | since that is in the .tar and will only update after a successful download and extract Submitted By: Steven Guerin
* Fix code so it is favored by both GCCs (2.x and 3.x), and unbreak the build.danfe2004-10-2012-4/+454
| | | | | Approved by: fjoe (mentor, implicit) maintainer timeout
* - Update to 0.0.14pav2004-10-202-3/+3
| | | | | PR: ports/72823 Submitted by: Ports Fury
* - Update to 0.0.18pav2004-10-203-8/+23
| | | | | PR: ports/72824 Submitted by: Ports Fury
* - Update to 20041019sergei2004-10-202-3/+3
| | | | | | | | | W32/Netsky.AH@mm W32/Korgo.AB W32/Mydoom.AF PR: ports/72890 Submitted by: Tim Bishop (maintainer)
* Set correct entry date for the a2ps issue.simon2004-10-201-1/+1
| | | | | Noticed by: nectar Pointy hat to: simon
* Document insecure command line argument handling in a2ps.simon2004-10-201-0/+41
| | | | Approved by: nectar
* Document a vulnerability in ifmail. (There does not existnectar2004-10-201-0/+25
| | | | | | | an appropriate public reference yet--- this entry should be updated when the port is updated.) Reported by: Niels Heinen <niels.heinen@ubizen.com>
* - update to version 3.75eik2004-10-205-22/+7
| | | | + updated OS fingerprint database
* Document a vulnerability in imwheel.nectar2004-10-191-0/+35
|
* Add CVE names for FreeRADIUS vulnerabilities.nectar2004-10-191-1/+6
|
* Updated to 0.7askv2004-10-194-7/+7
|
* Document NTLM authentication vulnerability in squidjosef2004-10-191-0/+26
| | | | Approved by: nectar
* Document a SQL command injection in Cacti.simon2004-10-191-0/+26
| | | | | | | The status of the PHP configuration option magic_quotes_gpc was confirmed by: ale Approved by: nectar
* - update to 0.80 releaseeik2004-10-182-3/+3
| | | | | PR: 72810 Submitted by: Rob Evers <rob@dokus.debank.tv> (maintainer)
* Document a format string vulnerability in the apache13 mod_ssl proxysimon2004-10-181-0/+46
| | | | | | support. Approved by: nectar
* - Change a few uses of <url> into <mlist>.simon2004-10-171-3/+3
| | | | | | | | OK'ed by: nectar Additional comment to the Tor entry from v. 1.302, it was: Submitted by: rik <freebsd-security@rikrose.net> (original version)
* - Quick update to 0.0.8.1, bugfix release, because 0.0.8 was removedpav2004-10-174-6/+6
| | | | | | from distsite Reported by: Dead Microprocessor <dead.microprocessor@gmail.com>
* - Update to 1.8.12 and unbreak on 5.xpav2004-10-162-8/+4
| | | | | PR: ports/72750 Submitted by: David Thiel <lx@redundancy.redundancy.org> (maintainer)
* Add clamassassinleeym2004-10-164-0/+46
| | | | | | | | | | | Clamassassin is a simple virus filter wrapper for ClamAV for use in procmail filters and similiar applications. Clamassassin's interface is similiar to that of spamassassin, making it easy to implement for those familiar with that tool. Clamassassin is designed with an emphasis on security, robustness and simplicity. PR: 72698 Submitted by: Matt <matt@xtaz.net>
* - Document remote DoS and loss of anonymity in Tor.simon2004-10-161-1/+35
| | | | | | - Update a Samba entry with new information about vulnerable versions. Approved by: nectar
* [1]:oliver2004-10-167-234/+154
| | | | | | | | | | | | | | | | | | - Remove USE_GMAKE (builds okay here with BSD make) - Clean up portions of main Makefile (don't need post/pre) - Add %%PREFIX%% man page patches - Add patch for ipv6_missing.h; removes EAI_MEMORY re-definition warnings, and is more FreeBSD-focused - Support 'oidentd_conf' rc.subr variable for those who want to be able to specify a configuration file. Also update the 'required_files' code to work with this too... [2]: - make it work with FreeBSD-5 in combination with option --reply PR: ports/71378 [1] Submitted By: Jeremy Chadwick <freebsd@jdc.parodius.com> [1] Noted By: Markus Hästbacka <midian@ihme.org> [2]
* Update to 2.4.2.1krion2004-10-162-3/+3
| | | | | PR: ports/72740 Submitted by: maintainer
* Kill off automake18, switching to automake19. Requiem Mors Pacem.ade2004-10-161-1/+2
|
* - Don't clobber portsentry.ignore on upgradepav2004-10-162-2/+4
| | | | | PR: ports/72689 Requested by: Alex de Kruijff <freebsd@akruijff.dds.nl>
* - pwauth must have a SUID bitclement2004-10-151-0/+1
|
* - Reduce dependency with perl-5.8.kuriyama2004-10-151-6/+11
| | | | - Remove bogus space.
* -Update to 2.1.3.mezz2004-10-1512-12/+565
| | | | | | | -Fix handling of default configuration files (nessusd.conf and nessusd.rules) PR: ports/71899 Submitted by: Udo Schweigert <udo.schweigert@siemens.com> (maintainer)
* Update to 0.3.4.marcus2004-10-152-3/+3
| | | | | PR: 72679 Submitted by: maintainer
* lesstif has been upgraded to a version that is not affected by thenectar2004-10-151-1/+1
| | | | libXpm vulnerability.
* Recommit my changes from 1.298 which was accidently removed in 1.299.simon2004-10-151-2/+3
| | | | Pointy hat to: josef (who also noticed the problem)
* Document two seperate security vulnerabilities injosef2004-10-151-3/+52
| | | | | | icecast1 and icecast2. Approved by: nectar
* Change the Xerces-C++ entry to match the xerces-c2 port.simon2004-10-151-2/+3
| | | | Noticed by: nectar
* Update to DAT 4399jeh2004-10-152-3/+3
|
* - bump PORTREVISIONclsung2004-10-142-1/+2
| | | | | | | | - -d option only works as a daemon now. - remove it from startup script and wait for future release. - Noticed by <richard AT boysoncom dot com> Approved by: co-mentor (vanilla)
* - update to 0.80rc4eik2004-10-1411-147/+121
| | | | | | | | | | | + JPEG comment exploit (MS04-028) detection *** IMPORTANT *** The configruration file for the clamd daemon has changed from /usr/local/etc/clamav.conf to /usr/local/etc/clamd.conf. PR: 72203 Approved by: Rob Evers <revers@infraqon.nl> (maintainer)
* Add security/pwauth 2.2.8,clement2004-10-147-0/+105
| | | | A Unix Web Authenticator.
* Upgrade to 2.1.2.vanilla2004-10-143-15/+6
| | | | | PR: ports/71907 Submitted by: maintainer
* Upgrade to 2.0.2vanilla2004-10-149-801/+144
| | | | | PR: ports/71263 Submitted by: maintainer
* Upgrade to 2.0.2.vanilla2004-10-149-381/+351
| | | | | PR: ports/71262 Submitted by: maintainer
* - drop maintainershipdinoex2004-10-143-3/+3
|
* - add a line why this port existdinoex2004-10-142-1/+3
| | | | - drop maintainership
* - update to 0.9.6clsung2004-10-145-26/+24
| | | | | | | - use configure file since 0.8 - lots of options move from rc_sub to conf file Approved by: co-mentor (vanilla)
* Document vulnerability in freeradius.josef2004-10-141-0/+26
| | | | Approved by: nectar
* - Document DoS in Xerces-C++.simon2004-10-141-1/+31
| | | | | | - Fix typo in a mozilla entry. Approved by: nectar
* It turns out that lesstif has libXpm sneakily embedded. There are atnectar2004-10-141-1/+5
| | | | | | | least three files with this comment at the top: * This file contains most of the source files of Xpm, concatenated and with * the public names changed (to have an _LtXpm prefix).
* Document XSS in wordpress.simon2004-10-141-0/+24
| | | | Approved by: nectar
* Document integer overflows in libtiff.nectar2004-10-141-0/+25
|
* - Document a CUPS local information disclosure.simon2004-10-141-0/+32
| | | | | | - Note the impact of the sharutils buffer overflows. Approved by: nectar
* Document a vulnerability in Zinf (freeamp).josef2004-10-141-0/+27
| | | | Approved by: nectar
* Update to DAT 4398jeh2004-10-142-3/+3
|
* - Update to 20041012pav2004-10-142-3/+3
| | | | | PR: ports/72562 Submitted by: Tim Bishop <tim@bishnet.net> (maintainer)
* - Update to 4.4.7pav2004-10-142-3/+3
| | | | | PR: ports/72561 Submitted by: Tim Bishop <tim@bishnet.net> (maintainer)
* Document libtiff RLE decoder issues.nectar2004-10-141-0/+26
|
* Update to 1.33krion2004-10-132-3/+3
| | | | | PR: ports/72597 Submitted by: maintainer
* - update to version 3.71-PRE1eik2004-10-132-8/+15
|
* Update to version 1.5markus2004-10-132-5/+5
| | | | | PR: ports/72452 Submitted by: Frank J. Laszlo <laszlof@vonostingroup.com> (maintainer)
* The sharutils buffer overflows has been fixed in sharutils 4.2.1_2.simon2004-10-131-1/+1
|
* - Update to 1.0.21sergei2004-10-132-9/+17
| | | | | | - Make security/libtasn1 and security/opencdk into optional dependencies, enabled by knobs: WITH_LIBTASN1 and WITH_OPENCDK, respectively. Default to using their included versions
* Use libtool 15arved2004-10-131-1/+1
|
* Adjust patch.lofi2004-10-131-3/+3
|
* Update: security/samhain 1.8.10b -> 1.8.11edwin2004-10-132-8/+8
| | | | | | | | | | | | | | | | | | | | | | | Updating the Samhain integrity checking system from 1.8.10b to 1.8.11. Code changes include: o for files in the IgnoreAll policy, there are no warnings (anymore) about 'no such user/group' and/or non-printable filenames o there is a new option HardlinkOffset=... to specify an offset from the canonical hardlink count for a directory o ... and a new option AddOKChars=... to modify the set of characters in a filename for which a warning (about obscure/non-printable) filename is issued. Port changes: Turn off kernel integrity checking by default - building this into packages wouldn't work anyhow, since it would only work with an identical kernel as on the build cluster. PR: ports/71169 Submitted by: David Thiel <lx@redundancy.redundancy.org>
* - add USE_GCC=2.95 and unbreak this portleeym2004-10-131-4/+4
| | | | | | | | - remove redundant statement PR: 72127 Submitted by: leeym Approved by: maintainer timeout
* Document a vulnerability in sharutils.simon2004-10-131-0/+31
| | | | Approved by: nectar
* Document 2 DoS attacks possible againstjosef2004-10-131-0/+27
| | | | | | | | | older versions of mail-notifier. Based on the security advisories mentioned in the reference links. Approved by: nectar
* - Update to 1.1.3leeym2004-10-134-15/+11
| | | | | | | | | - Add USE_GETOPT_LONG - Replace pkg-plist with PLIST_FILES and PORTDOCS PR: 71742 Submitted by: leeym Approved by: maintainer timeout
* ale@ reports that the only ports affected are php[45], php[45]-cgi,nectar2004-10-121-124/+2
| | | | and mod_php[45].
* Note squid SNMP DoS. Based on an entry that wasnectar2004-10-121-0/+32
| | | | Submitted by: Thomas-Martin Seck <tmseck@netcologne.de>
* add WITH_AUTHDAEMON option to allow use of courier authdaemond.ume2004-10-121-0/+4
| | | | | PR: ports/72093 Submitted by: Marcin Gryszkalis
* Update to version 0.3.6krion2004-10-124-22/+5
| | | | | PR: ports/72328 Submitted by: Ports Fury
* Update to 4397jeh2004-10-122-3/+3
|
* Update to 1.4mat2004-10-122-3/+12
| | | | Add docs
* Update to 1.1.8.linimon2004-10-122-3/+3
| | | | | | | | | Note to maintainer: your mailer is apparently changing tabs to spaces. For short patches like this, it's possible to work around it; for longer patches, it won't work at all. PR: ports/71680 Submitted by: bugghy <bugghy at rootshell dot be> ( maintainer)
* - Upgrade to 2.2.0 [1]sergei2004-10-124-44/+45
| | | | | | | | | - Prevent local.rules from being clobbered [2] - Revive OPTIONS - the time has come... ;) PR: ports/70332 [1], ports/70814 [2] Submitted by: Linh Pham <question+freebsdpr@closedsrc.org> [1], Jez Hancock <jez.hancock@munk.nu> [2]
* - Explicitly specify prefix for iconv and gettext librariessergei2004-10-122-3/+11
| | | | | | | | | | to link properly in case PREFIX != LOCALBASE - Add optional missing files (*.mo) - Add USE_ICONV - Bump PORTREVISION PR: ports/72274 (partly) Submitted by: leeym
* Update to 1.1.7.linimon2004-10-122-3/+3
| | | | | PR: ports/71353 Submitted by: Dan Pelleg <daniel+hunch dot pelleg dot org> (maintainer)
* Add an entry for a XSS vulnerability fixed in IMP-3.2.6.thierry2004-10-121-0/+1
|
* - new option WITH_OPENSSH_CHROOTdinoex2004-10-124-48/+124
| | | | Submitted by: KANAI Makoto
* - cleanup patchesdinoex2004-10-1210-42/+42
| | | | (only context changed)
* - add patch to support AES-192-CBC and AES-256-CBCdinoex2004-10-121-0/+210
| | | | | | | | | to the crypto engine (assuming your card supports them). This make the Hifn cards much more useful as AES-256 is the default encryption for many client applications. Submitted by: Spike Ilacqua Obtained from: OpenBSD
* [MAINTAINER UPDATE] security/freebsd-updateedwin2004-10-122-0/+12
| | | | | | | | | | | | | | If `freebsd-update cron` fails due to a lack of internet connection, two emails will be sent -- one with the error message from fetch(1), and the other from freebsd-update reporting that patches could not be downloaded. This patch corrects this mis-behaviour and causes a single email to be sent in such an event; this will be included in a future version of the distfile. PR: ports/72310 Submitted by: Colin Percival <cperciva@daemonology.net>
* The documented xv vulnerabilities were fixed by dinoex@nectar2004-10-121-1/+2
| | | | Approved by: portmgr
* Note that the image decoding vulnerabilities in gdk-pixbuf have beennectar2004-10-121-2/+5
| | | | | | | fixed. Reported by: marcus Approved by: portmgr
* Document older cyrus-sasl bug affecting DIGEST-MD5.nectar2004-10-121-0/+23
| | | | | Submitted by: simon Approved by: portmgr
* Update the description of and list of packages affected by the PHP filenectar2004-10-121-14/+134
| | | | | | | upload processing bug. Submitted by: Jon Passki <cykyc@yahoo.com> Approved by: portmgr
* Update to 0.5.6lofi2004-10-122-3/+3
| | | | | PR: ports/72537 Submitted by: Jose M Rodriguez <josemi@freebsd.jazztel.es>
* Update to 1.9.11lofi2004-10-123-4/+4
| | | | | PR: ports/72535 Submitted by: Jose M Rodriguez <josemi@freebsd.jazztel.es>
* Update to 0.9.9lofi2004-10-122-3/+3
| | | | | PR: ports/72534 Submitted by: Jose M Rodriguez <josemi@freebsd.jazztel.es>
* Update to 0.6.7lofi2004-10-122-3/+3
| | | | | PR: ports/72533 Submitted by: Jose M Rodriguez <josemi@freebsd.jazztel.es>
* Update to 2.31.marcus2004-10-126-6/+18
| | | | | PR: 71985 Submitted by: maintainer
* - Update to 0.0.8pav2004-10-126-14/+16
| | | | | PR: ports/72086 Submitted by: rik <freebsd-security@rikrose.net> (maintainer)
* - Update to 2.0pav2004-10-124-5/+36
| | | | | | | - Add gmp dependency on FreeBSD 5.x PR: ports/72172 Submitted by: Marcus Grando <marcus@corp.grupos.com.br>
* - Update to 1.34pav2004-10-122-8/+6
| | | | | | | - Please portlint PR: ports/72036 Submitted by: Daan van de Linde <daan@xs4all.nl>
* - Update to 2.4.0pav2004-10-122-3/+3
| | | | | PR: ports/71896 Submitted by: Olivier Tharan <olive@oban.frmug.org> (maintainer)
* Fix build with bind9 in the base system.marcus2004-10-111-3/+8
| | | | | Reported by: pointyhat via kris Approved by: portmgr (implicit)
* Fix build on ia64krion2004-10-101-3/+8
| | | | | | PR: ports/71741 Submitted by: maintainer Approved by: portmgr (implicit)
* fix http://vuxml.freebsd.org/92268205-1947-11d9-bc4a-000c41e2cdad.htmlume2004-10-092-1/+17
| | | | | | Reported by: nectar Approved by: portmgr (krion) Obtained from: https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/lib/common.c#rev1.104
* Document unsafe use of environmental variable SASL_PATH in cyrus-sasl.nectar2004-10-091-0/+31
| | | | Approved by: portmgr
* Mark IGNORE because the package somehow includes a dangling symlink, i.e.kris2004-10-071-0/+2
| | | | | | it is incomplete. Approved by: portmgr (self)
* Fix the code so GCC 3.4.2 likes it better, and unbreak.danfe2004-10-062-7/+10
| | | | | Reported by: kris Approved by: portmgr (krion), fjoe (mentor, implicit)
* Add some more apache ports.trhodes2004-10-061-2/+14
| | | | | | Fix two errors found by nectar. Approved by: portmgr
* Add imp3 issue, add apache13-ssl issue, correct a tag.trhodes2004-10-061-2/+31
| | | | Approved by: portmgr
* Note that older packages of bmon were dangerously installed set-user-ID.nectar2004-10-051-0/+25
| | | | Approved by: portmgr
* Document GnuTLS denial-of-service (already mentioned in portaudit'snectar2004-10-051-0/+39
| | | | | | database). Approved by: portmgr
* Record another PHP vulnerability.nectar2004-10-051-0/+45
| | | | Approved by: portmgr
* Record another PHP security issue.nectar2004-10-051-1/+50
| | | | Approved by: portmgr
* Note that xv should not be used.nectar2004-10-051-0/+40
| | | | Approved by: portmgr
* Note a symlink vulnerability in getmail.nectar2004-10-051-0/+28
| | | | | Submitted by: Shane Kinney <mod6@freebsdhackers.net> Approved by: portmgr
* Fill in empty topic from previous commit.nectar2004-10-051-1/+1
| | | | | Noticed by: Shane Kinney <mod6@freebsdhackers.net> Approved by: portmgr
* Record FreeBSD-SA-04:15.syscons.nectar2004-10-051-0/+38
| | | | Approved by: portmgr
* Add missing PORTEPOCH for samba.nectar2004-10-041-1/+1
| | | | | Noticed by: dinoex Approved by: portmgr
* Note racoon certificate verification bug.nectar2004-10-041-0/+26
| | | | | Submitted by: Jon Passki <cykyc@yahoo.com> Approved by: portmgr
* Note distcc IP address ACL bug.nectar2004-10-031-1/+27
| | | | | Submitted by: Jon Passi <cykyc@yahoo.com> Approved by: portmgr
* Remove a duplicate entry.nectar2004-10-031-56/+5
| | | | | Submitted by: Jon Passki <cykyc@yahoo.com> Approved by: portmgr
* Correct the version number for latest Mozilla entry.nectar2004-10-011-4/+4
| | | | | | (cut-n-paste damage) Approved by: portmgr
* Document the last few of the relatively recent Mozilla vulnerabilities.nectar2004-10-011-0/+110
| | | | Approved by: portmgr
* Correct mangled CVE name: s/8983/0903/nectar2004-10-011-1/+2
| | | | Approved by: portmgr
* Add another two older vulnerabilities affecting Mozilla & co.nectar2004-10-011-8/+161
| | | | | | | | | Continue to try hard to cover past package names: - I missed el-linux-mozillafirebird previously. - Move all the `obsolete' package names into one place for clarity. Approved by: portmgr
* Don't forget `ja-samba' also.nectar2004-10-011-0/+1
| | | | Approved by: portmgr
* Note samba file disclosure vulnerability.nectar2004-10-011-0/+31
| | | | Approved by: portmgr
* Increase USE_GCC to 3.4 for those ports which compile with it.kris2004-09-302-2/+2
| | | | Approved by: portmgr
* Fix apache version number entry, bump modified date for apache as well.trhodes2004-09-301-2/+2
| | | | Approved by: portmgr
* BROKEN on 5.x: Does not compilekris2004-09-291-0/+4
| | | | Approved by: portmgr (self)
* BROKEN on 5.x: Does not compilekris2004-09-291-1/+7
| | | | Approved by: portmgr (self)
* Make an initial attempt at covering all Mozilla/Firefox/Thunderbirdnectar2004-09-291-9/+36
| | | | | | | package names that we've had. Similar changes need to be made to many other entries, but let's use this one as a test subject first. Approved by: portmgr
* Correct spelling of phpnuke package name.nectar2004-09-281-1/+2
| | | | | Reported by: Dan Langille Approved by: portmgr
* Note BMP decoder flaws in Mozilla/Firefox/Thunderbird.nectar2004-09-281-0/+48
| | | | Approved by: portmgr
* Note stack buffer overflow in Mozilla mail.nectar2004-09-281-1/+41
| | | | Approved by: portmgr
* Document Mozilla/Firefox/Thunderbird heap buffer overflows.nectar2004-09-281-0/+57
| | | | Approved by: portmgr
* Correct the package name for phpMyAdmin.nectar2004-09-281-1/+2
| | | | | Reported by: Matthew Seaman <m.seaman@infracaninophile.co.uk> Approved by: portmgr
* Correct another typo. :-(kris2004-09-281-1/+1
| | | | | | Spotted by: eik Approved by: portmgr (self) XL pointy hat to: self
* Correct typo in previouskris2004-09-281-1/+1
| | | | | Approved by: portmgr (self) Pointy hat to: self
* Now builds on amd64kris2004-09-281-2/+2
| | | | Approved by: portmgr (self)
* Add CERT Vulnerability Note references to xpm entry.nectar2004-09-271-1/+3
| | | | Approved by: portmgr
* Note two older vulnerabilities in PHP.nectar2004-09-271-0/+111
| | | | | Submitted by: Jon Passki <cykyc@yahoo.com> Approved by: portmgr
* Note subversion information disclosure vulnerability.nectar2004-09-271-0/+36
| | | | | Submitted by: lev Approved by: portmgr
* Add missing PORTEPOCH in a mozilla entry.nectar2004-09-271-3/+5
| | | | | | | Correct package name in an apache entry. Reported by: Dan Langille <dan@langille.org> Approved by: portmgr
* BROKEN on 5.x: Does not compilekris2004-09-264-1/+19
| | | | Approved by: portmgr (self)
* BROKEN: Does not buildkris2004-09-261-0/+2
| | | | Approved by: portmgr (self)
* BROKEN on 5.x: Does not compilekris2004-09-261-1/+7
| | | | Approved by: portmgr (self)
* Forgot to add <modified> element for last commit.nectar2004-09-251-0/+1
| | | | Approved by: portmgr
* Add missing PORTEPOCH on one of the mozilla entries.nectar2004-09-251-1/+1
| | | | | Noticed by: Dan Langille <dan@langille.org> Approved by: portmgr
* Document vulnerabilities in lha.nectar2004-09-231-0/+41
| | | | | Reviewed by: dinoex Approved by: portmgr
* Lately it seems I like to use dashes in topics... but I should atnectar2004-09-231-19/+19
| | | | | | least be consistent with how many. s/---/--/ Approved by: portmgr
* Document mysql buffer overflow.nectar2004-09-231-0/+27
| | | | | Reported by: ale Approved by: portmgr
* Update to pam_alreadyloggedin-0.3 to unbreak. There should be nogreen2004-09-232-12/+4
| | | | | | | | | visible changes. This work was done by Jeremie Le Hen; thanks! Submitted by: Jeremie Le Hen <jeremie@le-hen.org> Approved by: portmgr
* Document Mozilla security icon spoofing vulnerability.nectar2004-09-231-0/+39
| | | | Approved by: portmgr
* Document Mozilla vulnerability involving NULL bytes in FTP URLs.nectar2004-09-231-1/+46
| | | | | | Also, correct s/firebird/firefox/ in a previously documented issue. Approved by: portmgr
* Document Mozilla automatic file upload vulnerability.nectar2004-09-221-3/+28
| | | | Approved by: portmgr
* Document mozilla certificate import denial-of-service vulnerability.nectar2004-09-221-0/+48
| | | | Approved by: portmgr
* Note a file name disclosure issue in rssh.nectar2004-09-221-0/+38
| | | | | Reported by: leeym Approved by: portmgr
* - replace "@dirrm ..." with "@unexec rmdir ..."leeym2004-09-221-1/+1
| | | | | | | | (p5-IO-INET6 will install files in SITE_PERL/PERL_ARCH/auto/IO/Socket/INET6) PR: 70640 Submitted by: leeym Approved by: portmgr (marcus)
* Add entry describe GNU Radius denial-of-service vulnerability.nectar2004-09-211-0/+36
| | | | Approved by: portmgr
* Add sudoedit vulnerability.nectar2004-09-211-0/+24
| | | | Approved by: portmgr
* In latest CVS entry, remove the reference to the exploit. It doesnectar2004-09-201-1/+0
| | | | | | | not apply to any of these vulnerabilities, but to the previous CVS vulnerability (CAN-2004-0396). Approved by: portmgr
* Oh yeah, add affected FreeBSD versions for CVS issues.nectar2004-09-201-1536/+1534
| | | | Approved by: portmgr
* Update CVS entry with some details.nectar2004-09-201-13/+31
| | | | Approved by: portmgr
* Add an entry for the mod_proxy buffer overflow existant in apache13.trhodes2004-09-201-0/+25
| | | | Approved by: portmgr
* Update to 1.6.8p1mharo2004-09-192-4/+4
| | | | | Submitted by: many people Approved by: portsmgr (marcus)
* - unbreak this port on 5.xleeym2004-09-192-9/+27
| | | | | | PR: 71853 Submitted by: leeym Approved by: portmgr (marcus)
* BROKEN on 5.x: Does not compilekris2004-09-194-4/+28
| | | | Approved by: portmgr (self)
* Note some fixes for XPM image decoding vulnerabilities.nectar2004-09-181-4/+16
| | | | | | | | Submitted by: lesi Add references to Chris Evans's advisories while I'm at it. Approved by: portmgr
* BROKEN on 5.x: Does not compilekris2004-09-181-1/+7
| | | | Approved by: portmgr (self)
* BROKEN: Broken pkg-plistkris2004-09-181-0/+2
| | | | Approved by: portmgr (self)
* Update to gdk-pixbuf vulnerability to reflect the fixed version of gtk20.marcus2004-09-171-1/+2
| | | | Approved by: portmgr( implicit)
* Note that a patched version of webmin 1.150 is now available, thanksnectar2004-09-161-2/+4
| | | | | | | | | | to olengi@. Submitted by: olengi Add a paragraph introducing the Webmin blockquote while I'm here. Approved by: portmgr
* Note gdk-pixbuf image decoding issues.nectar2004-09-161-0/+36
| | | | Approved by: portmgr
* clement@ has patched Apache 2.nectar2004-09-161-3/+3
| | | | Approved by: portmgr
* Note CUPS printer queue browser denial-of-service.nectar2004-09-161-0/+24
| | | | Approved by: portmgr
* Note Apache 2 IPv6 address parsing bug.nectar2004-09-151-0/+28
| | | | Approved by: portmgr
* Note new libXpm vulnerabilities.nectar2004-09-151-0/+46
| | | | Approved by: portmgr
* I appear to have deleted a line at the last minute. Restore it.nectar2004-09-151-0/+1
| | | | Approved by: portmgr
* Add mod_dav denial-of-service issue.nectar2004-09-151-0/+28
| | | | Approved by: portmgr
* Oops, forgot to note that the previous issue affects only the Apache 2.xnectar2004-09-151-1/+1
| | | | | | series. Approved by: portmgr
* Add Apache 2 vulnerability concerning environmental variables innectar2004-09-151-0/+34
| | | | | | configuration files. Approved by: portmgr
* Repair three <freebsdpr> elements. The content of these elementsnectar2004-09-151-3/+3
| | | | | | | must be e.g. "ports/46613", not just "46613". Reported by: Matthew Seaman <m.seaman@infracaninophile.co.uk> Approved by: portmgr
* Note that some versions of OpenOffice have been corrected.nectar2004-09-151-1/+2
| | | | Approved by: portmgr
* Fix botched date entry and correct iDefense URL.trhodes2004-09-141-2/+2
| | | | Approved by: portmgr
* Really add Samba 3 vulnerability.trhodes2004-09-141-1/+26
| | | | | | | Remove incorrect URL in mpg123 entry. Approved by: portmgr URL noticed: nectar
* Correct version. Note my last commit here was for mpg123 instead oftrhodes2004-09-141-1/+1
| | | | | | | samba3. Noticed by: nectar Approved by: portmgr
* - There is a WITHOUT_X11 version of ImageMagick that needs to benectar2004-09-141-2/+221
| | | | | | | | | | | | | | | | | taken into account. - Fix transposed characters in `isakmpd'. Noticed by: Dan Langille <dan@langille.org> - Add CVE name reference for ImageMagick. - Add webmin temporary file handling issue. - Add OpenOffice temporary file handling issue. - Widen the `KDE frame injection' issue to cover Mozilla, Firebird, Netscape, and Opera as well - Add Mozilla/Firebird/Netscape SOAPParameter vulnerability - Add Mozilla/Thunderbird/Netscape POP client vulnerability Approved by: portmgr
* Update for recent Samba3 vulnerabilities.trhodes2004-09-141-0/+27
| | | | Approved by: portmgr
* - Update to 1.0.20, fixing GnuTLS certificate chain verification DoSsergei2004-09-103-6/+5
| | | | | | | | | | | vulnerability (portaudit ID: 84ab58cf-e4ac-11d8-9b0a-000347a4fa7d), described in the following advisories: - http://www.hornik.sk/SA/SA-20040802.txt - http://secunia.com/advisories/12156 PR: ports/71502 Submitted by: Koop Mast <kwm@rainbow-runner.nl> Approved by: portmgr (eik, marcus)
* Typo-fix in a commentbrueffer2004-09-091-1/+1
| | | | Approved by: portmgr (krion)
* - star-devel: privilege escalationeik2004-09-092-1/+7
| | | | | | | | - multi-gnome-terminal: information leak - usermin: remote shell command injection and insecure installation - mpg123: layer 2 decoder buffer overflow Approved by: portmgr (implicit)
* - XSS vulnerability in phpGroupWare wiki moduleeik2004-09-072-8/+42
| | | | | | - add some references Approved by: portmgr (implicit)
* managed to break this just in time for the ports freeze.arved2004-09-041-2/+0
| | | | | Submitted by: lofi, eik Approved by: portmgr (eik)
* multiple vulnerabilities in LHAeik2004-09-041-0/+36
|
* Nuke the gnupg sigchecking code. There are bugs and I don't have the timearved2004-09-042-16/+0
| | | | | | | to work on this now. PR: 66417 Submitted by: Lupe Christoph <lupe@lupe-christoph.de>
* grrrr... left the test case intacteik2004-09-041-1/+1
|
* - update to version 0.5.9eik2004-09-043-14/+34
| | | | (first attempts to check the base system for vulnerabilities)
* - add some referenceseik2004-09-043-8/+142
| | | | | | | | | | - extend ImageMagick entry - squid ntlm authentication helper DoS - multiple vpopmail vulnerabilities - first attempts to check the base system for vulnerabilities: + cvs server code + zlib DoS - BSD license portaudit.xml
* Fix build when using ccacheeik2004-09-041-1/+31
| | | | | PR: 71343 Submitted by: Michael Johnson <ahze@ahze.net>
* Update to 3.23.0. This release of super fixes a potential root exploit:obrien2004-09-044-17/+12
| | | | | | | http://xforce.iss.net/xforce/xfdb/16458 PR: 71328 Submitted by: Piet Delport <pjd@point45.com>
* Add CONFLICTS with openvpn-develvs2004-09-043-0/+6
| | | | | PR: ports/71337 Submitted by: maintainer
* - update to 0.19.clsung2004-09-032-3/+3
| | | | Approved by: vanilla (co-mentor)
* Implement a "mgrate" facility that lets one migrate/overwrite the LDAPmarcus2004-09-032-8/+59
| | | | | | | | | | | | | | | | | | userPassword field of the user being authenticated. The PAM and LDAP usernames must be the same. This makes "pam_ldap migrate" similar to "pam_smbpass migrate". This has been submitted to PADL in http://bugzilla.padl.com/show_bug.cgi?id=178. [1] Allow pam_ldap to change user passwords under certain circumstances. This has been submitted to PADL in http://bugzilla.padl.com/show_bug.cgi?id=177. [2] All of this is documented further at http://www.iem.pw.edu.pl/~wielebap/ldap/pam_ldap/pam_ldap_doc.pdf. PR: 71289 [1] 71287 [2] Submitted by: Pawel Wieleba <wielebap@iem.pw.edu.pl>
* Fix the bus error on startup in -CURRENT and 5.x-BETA. It turns outroam2004-09-022-1/+32
| | | | | | | | | | | | | that the OpenSSL ENGINE code is, well, somewhat less than stellar, especially in combo with malloc's 'j' option. Even without it, though, there are some problems that I don't have time to look into right now. So, disable the OpenSSL ENGINE activation on FreeBSD 5.x, unless the WITH_STUNNEL_SSL_ENGINE knob is turned on. Also, while I'm here, fix the CONFIGURE_TARGET so the GNU configure script does not complain quite so loudly. Bump PORTREVISION for the functionality change (well, I guess you could say "not working" -> "working" is a functionality change ;)
* - Update to 20040826 snapshotvs2004-09-024-93/+46
| | | | | | | | | - Fix fetching - Fix -pthread/-lc_r issue for good (courtesy of bsd.autotools.mk, who'd have guessed...) PR: ports/71168 Submitted by: Rob Evers (maintainer), me
* Adjust the affected version for imlib now that the 2nd instance of BMPnectar2004-09-021-1/+2
| | | | loader has been corrected.
* - Update to 0.44pav2004-09-022-5/+3
| | | | | PR: ports/71249 Submitted by: Luiz Eduardo Roncato Cordeiro <cordeiro@nic.br> (maintainer)
* Update to DAT 4389jeh2004-09-022-4/+3
|
* Fix MIT krb5 Security Advisory 2004-002: double-free vulnerabilitiescy2004-09-0212-4/+128
| | | | | | in KDC and libraries Heads-up by: nectar
* The recent commit to the krb5 port brought the version to 1.3.4_1 butnectar2004-09-021-1/+1
| | | | | did not correct one of the existing vulnerabilities. Update the affected range to compensate.
* Fix MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service.cy2004-09-018-0/+56
| | | | Heads-up by: nectar
* - update to 0.7clsung2004-09-012-3/+3
| | | | | | | | | | | | | - From ChangeLog - Added support for ESMTP [Andreas Steinmetz] - Fixed crash when too many connections established - Announce ourselves as 'clamsmtp' in EHLO/HELO responses which fixes 'loopback' problems with certain versions of Postfix 1.x - Better IO performance under heavy load - Fixed most warnings when compiled with -Wall - Fixed other minor bugs Approved by: vanilla (co-mentor)
* Note recent MIT Kerberos 5 vulnerabilities.nectar2004-09-011-0/+74
|
* - update to version 3.70 (birthday edition, try the verbose mode)eik2004-09-012-9/+3
|
* Document imlib2 BMP decoder bug.nectar2004-08-311-0/+27
|
* Document BMP decoder bugs in imlib1 and ImageMagick.nectar2004-08-311-0/+50
|
* Update to 1.2.6.osa2004-08-316-58/+58
| | | | | | Utilize DOCSDIR and DATADIR macros. Approved by: kuriyama (maintainer)
* Update to 1.7.1.marcus2004-08-312-3/+3
|
* samba printer change notification request DoSeik2004-08-311-0/+1
|
* Update to 0.3.3.marcus2004-08-313-3/+11
| | | | | PR: 71156 Submitted by: maintainer
* Update to KDE 3.3lofi2004-08-316-190/+56
|
* Correct bogus date in mysql entry. (It should be YYYY-MM-DD, notnectar2004-08-301-2/+2
| | | | | | DD-MM-YYYY.) Reported by: robert@openbsd.org
* Add more references (particularly CVE names) for issues affectingnectar2004-08-301-8/+24
| | | | | | | SpamAssassin, tnftpd, ruby, mysql. Place text taken from another source inside <blockquote cite="..."> for ruby issue.
* Fix location of pkg-config data.vs2004-08-302-1/+12
| | | | | | PR: ports/69149 Submitted by: Konstantin Oznobihin Approved by: maintainer timeout
* correct/add some referenceseik2004-08-301-35/+48
|
* add some references, add ru-gaimeik2004-08-301-2/+4
|
* multiple vulnerabilities in gaimeik2004-08-301-4/+4
|
* I have been having a problem since the update to use update.ini insteadjeh2004-08-302-10/+23
| | | | | of readme.txt of flipping between two version of DAT. 'update_dat' now compares the current value with the new one, before updating.
* security bug in rscsi client codeeik2004-08-301-0/+4
| | | | Submitted by: marius
* Update to 2.30.marcus2004-08-304-6/+6
| | | | | PR: 71092 Submitted by: maintainer
* - Update to 1.1.7pav2004-08-304-17/+26
| | | | | PR: ports/71119 Submitted by: bugghy <bugghy@rootshell.be> (maintainer)
* Remove -P option from tar. This patch has already been incorporatedlinimon2004-08-291-0/+1
| | | | | | | into the upstream sources. PR: ports/70806 Submitted by: SANETO Takanori <sanewo at ba2 dot so-net dot ne dot jp>
* Add opieprintmharo2004-08-295-17/+40
| | | | output postscript with 100 OPIE passwords credit card sized
* Patch the default installation locations to be FreeBSD-friendly. Bumplinimon2004-08-2816-2/+201
| | | | | | | portrevision. Users should take care when upgrading. PR: ports/70424 Submitted by: Jean Milanez Melo <jmelo at freebsdbrasil dot com dot br> (maintainer)
* Add WWW line.linimon2004-08-281-0/+2
|
* Document NSS SSLv2 server buffer overflow (already referenced innectar2004-08-272-1/+37
| | | | portaudit.txt).
* Document ripMIME decoding bug (already referenced in portaudit.txt).nectar2004-08-272-2/+38
|
* Update to 0.41mat2004-08-273-5/+6
| | | | | | PR: 70258 Submitted by: skv Approved by: maintainer timeout
* Argh. Duplicate entry for "Scorched 3D server chat box format string ↵eik2004-08-271-2/+1
| | | | vulnerabilty"
generated by cgit (git 2.34.1) at 2025-01-10 11:38:55 +0800