aboutsummaryrefslogtreecommitdiffstats
path: root/security
Commit message (Expand)AuthorAgeFilesLines
* Use libtool 15arved2004-10-131-1/+1
* Adjust patch.lofi2004-10-131-3/+3
* Update: security/samhain 1.8.10b -> 1.8.11edwin2004-10-132-8/+8
* - add USE_GCC=2.95 and unbreak this portleeym2004-10-131-4/+4
* Document a vulnerability in sharutils.simon2004-10-131-0/+31
* Document 2 DoS attacks possible againstjosef2004-10-131-0/+27
* - Update to 1.1.3leeym2004-10-134-15/+11
* ale@ reports that the only ports affected are php[45], php[45]-cgi,nectar2004-10-121-124/+2
* Note squid SNMP DoS. Based on an entry that wasnectar2004-10-121-0/+32
* add WITH_AUTHDAEMON option to allow use of courier authdaemond.ume2004-10-121-0/+4
* Update to version 0.3.6krion2004-10-124-22/+5
* Update to 4397jeh2004-10-122-3/+3
* Update to 1.4mat2004-10-122-3/+12
* Update to 1.1.8.linimon2004-10-122-3/+3
* - Upgrade to 2.2.0 [1]sergei2004-10-124-44/+45
* - Explicitly specify prefix for iconv and gettext librariessergei2004-10-122-3/+11
* Update to 1.1.7.linimon2004-10-122-3/+3
* Add an entry for a XSS vulnerability fixed in IMP-3.2.6.thierry2004-10-121-0/+1
* - new option WITH_OPENSSH_CHROOTdinoex2004-10-124-48/+124
* - cleanup patchesdinoex2004-10-1210-42/+42
* - add patch to support AES-192-CBC and AES-256-CBCdinoex2004-10-121-0/+210
* [MAINTAINER UPDATE] security/freebsd-updateedwin2004-10-122-0/+12
* The documented xv vulnerabilities were fixed by dinoex@nectar2004-10-121-1/+2
* Note that the image decoding vulnerabilities in gdk-pixbuf have beennectar2004-10-121-2/+5
* Document older cyrus-sasl bug affecting DIGEST-MD5.nectar2004-10-121-0/+23
* Update the description of and list of packages affected by the PHP filenectar2004-10-121-14/+134
* Update to 0.5.6lofi2004-10-122-3/+3
* Update to 1.9.11lofi2004-10-123-4/+4
* Update to 0.9.9lofi2004-10-122-3/+3
* Update to 0.6.7lofi2004-10-122-3/+3
* Update to 2.31.marcus2004-10-126-6/+18
* - Update to 0.0.8pav2004-10-126-14/+16
* - Update to 2.0pav2004-10-124-5/+36
* - Update to 1.34pav2004-10-122-8/+6
* - Update to 2.4.0pav2004-10-122-3/+3
* Fix build with bind9 in the base system.marcus2004-10-111-3/+8
* Fix build on ia64krion2004-10-101-3/+8
* fix http://vuxml.freebsd.org/92268205-1947-11d9-bc4a-000c41e2cdad.htmlume2004-10-092-1/+17
* Document unsafe use of environmental variable SASL_PATH in cyrus-sasl.nectar2004-10-091-0/+31
* Mark IGNORE because the package somehow includes a dangling symlink, i.e.kris2004-10-071-0/+2
* Fix the code so GCC 3.4.2 likes it better, and unbreak.danfe2004-10-062-7/+10
* Add some more apache ports.trhodes2004-10-061-2/+14
* Add imp3 issue, add apache13-ssl issue, correct a tag.trhodes2004-10-061-2/+31
* Note that older packages of bmon were dangerously installed set-user-ID.nectar2004-10-051-0/+25
* Document GnuTLS denial-of-service (already mentioned in portaudit'snectar2004-10-051-0/+39
* Record another PHP vulnerability.nectar2004-10-051-0/+45
* Record another PHP security issue.nectar2004-10-051-1/+50
* Note that xv should not be used.nectar2004-10-051-0/+40
* Note a symlink vulnerability in getmail.nectar2004-10-051-0/+28
* Fill in empty topic from previous commit.nectar2004-10-051-1/+1
* Record FreeBSD-SA-04:15.syscons.nectar2004-10-051-0/+38
* Add missing PORTEPOCH for samba.nectar2004-10-041-1/+1
* Note racoon certificate verification bug.nectar2004-10-041-0/+26
* Note distcc IP address ACL bug.nectar2004-10-031-1/+27
* Remove a duplicate entry.nectar2004-10-031-56/+5
* Correct the version number for latest Mozilla entry.nectar2004-10-011-4/+4
* Document the last few of the relatively recent Mozilla vulnerabilities.nectar2004-10-011-0/+110
* Correct mangled CVE name: s/8983/0903/nectar2004-10-011-1/+2
* Add another two older vulnerabilities affecting Mozilla & co.nectar2004-10-011-8/+161
* Don't forget `ja-samba' also.nectar2004-10-011-0/+1
* Note samba file disclosure vulnerability.nectar2004-10-011-0/+31
* Increase USE_GCC to 3.4 for those ports which compile with it.kris2004-09-302-2/+2
* Fix apache version number entry, bump modified date for apache as well.trhodes2004-09-301-2/+2
* BROKEN on 5.x: Does not compilekris2004-09-291-0/+4
* BROKEN on 5.x: Does not compilekris2004-09-291-1/+7
* Make an initial attempt at covering all Mozilla/Firefox/Thunderbirdnectar2004-09-291-9/+36
* Correct spelling of phpnuke package name.nectar2004-09-281-1/+2
* Note BMP decoder flaws in Mozilla/Firefox/Thunderbird.nectar2004-09-281-0/+48
* Note stack buffer overflow in Mozilla mail.nectar2004-09-281-1/+41
* Document Mozilla/Firefox/Thunderbird heap buffer overflows.nectar2004-09-281-0/+57
* Correct the package name for phpMyAdmin.nectar2004-09-281-1/+2
* Correct another typo. :-(kris2004-09-281-1/+1
* Correct typo in previouskris2004-09-281-1/+1
* Now builds on amd64kris2004-09-281-2/+2
* Add CERT Vulnerability Note references to xpm entry.nectar2004-09-271-1/+3
* Note two older vulnerabilities in PHP.nectar2004-09-271-0/+111
* Note subversion information disclosure vulnerability.nectar2004-09-271-0/+36
* Add missing PORTEPOCH in a mozilla entry.nectar2004-09-271-3/+5
* BROKEN on 5.x: Does not compilekris2004-09-264-1/+19
* BROKEN: Does not buildkris2004-09-261-0/+2
* BROKEN on 5.x: Does not compilekris2004-09-261-1/+7
* Forgot to add <modified> element for last commit.nectar2004-09-251-0/+1
* Add missing PORTEPOCH on one of the mozilla entries.nectar2004-09-251-1/+1
* Document vulnerabilities in lha.nectar2004-09-231-0/+41
* Lately it seems I like to use dashes in topics... but I should atnectar2004-09-231-19/+19
* Document mysql buffer overflow.nectar2004-09-231-0/+27
* Update to pam_alreadyloggedin-0.3 to unbreak. There should be nogreen2004-09-232-12/+4
* Document Mozilla security icon spoofing vulnerability.nectar2004-09-231-0/+39
* Document Mozilla vulnerability involving NULL bytes in FTP URLs.nectar2004-09-231-1/+46
* Document Mozilla automatic file upload vulnerability.nectar2004-09-221-3/+28
* Document mozilla certificate import denial-of-service vulnerability.nectar2004-09-221-0/+48
* Note a file name disclosure issue in rssh.nectar2004-09-221-0/+38
* - replace "@dirrm ..." with "@unexec rmdir ..."leeym2004-09-221-1/+1
* Add entry describe GNU Radius denial-of-service vulnerability.nectar2004-09-211-0/+36
* Add sudoedit vulnerability.nectar2004-09-211-0/+24
* In latest CVS entry, remove the reference to the exploit. It doesnectar2004-09-201-1/+0
* Oh yeah, add affected FreeBSD versions for CVS issues.nectar2004-09-201-1536/+1534
* Update CVS entry with some details.nectar2004-09-201-13/+31
* Add an entry for the mod_proxy buffer overflow existant in apache13.trhodes2004-09-201-0/+25
* Update to 1.6.8p1mharo2004-09-192-4/+4
* - unbreak this port on 5.xleeym2004-09-192-9/+27
* BROKEN on 5.x: Does not compilekris2004-09-194-4/+28
* Note some fixes for XPM image decoding vulnerabilities.nectar2004-09-181-4/+16
* BROKEN on 5.x: Does not compilekris2004-09-181-1/+7
* BROKEN: Broken pkg-plistkris2004-09-181-0/+2
* Update to gdk-pixbuf vulnerability to reflect the fixed version of gtk20.marcus2004-09-171-1/+2
* Note that a patched version of webmin 1.150 is now available, thanksnectar2004-09-161-2/+4
* Note gdk-pixbuf image decoding issues.nectar2004-09-161-0/+36
* clement@ has patched Apache 2.nectar2004-09-161-3/+3
* Note CUPS printer queue browser denial-of-service.nectar2004-09-161-0/+24
* Note Apache 2 IPv6 address parsing bug.nectar2004-09-151-0/+28
* Note new libXpm vulnerabilities.nectar2004-09-151-0/+46
* I appear to have deleted a line at the last minute. Restore it.nectar2004-09-151-0/+1
* Add mod_dav denial-of-service issue.nectar2004-09-151-0/+28
* Oops, forgot to note that the previous issue affects only the Apache 2.xnectar2004-09-151-1/+1
* Add Apache 2 vulnerability concerning environmental variables innectar2004-09-151-0/+34
* Repair three <freebsdpr> elements. The content of these elementsnectar2004-09-151-3/+3
* Note that some versions of OpenOffice have been corrected.nectar2004-09-151-1/+2
* Fix botched date entry and correct iDefense URL.trhodes2004-09-141-2/+2
* Really add Samba 3 vulnerability.trhodes2004-09-141-1/+26
* Correct version. Note my last commit here was for mpg123 instead oftrhodes2004-09-141-1/+1
* - There is a WITHOUT_X11 version of ImageMagick that needs to benectar2004-09-141-2/+221
* Update for recent Samba3 vulnerabilities.trhodes2004-09-141-0/+27
* - Update to 1.0.20, fixing GnuTLS certificate chain verification DoSsergei2004-09-103-6/+5
* Typo-fix in a commentbrueffer2004-09-091-1/+1
* - star-devel: privilege escalationeik2004-09-092-1/+7
* - XSS vulnerability in phpGroupWare wiki moduleeik2004-09-072-8/+42
* managed to break this just in time for the ports freeze.arved2004-09-041-2/+0
* multiple vulnerabilities in LHAeik2004-09-041-0/+36
* Nuke the gnupg sigchecking code. There are bugs and I don't have the timearved2004-09-042-16/+0
* grrrr... left the test case intacteik2004-09-041-1/+1
* - update to version 0.5.9eik2004-09-043-14/+34
* - add some referenceseik2004-09-043-8/+142
* Fix build when using ccacheeik2004-09-041-1/+31
* Update to 3.23.0. This release of super fixes a potential root exploit:obrien2004-09-044-17/+12
* Add CONFLICTS with openvpn-develvs2004-09-043-0/+6
* - update to 0.19.clsung2004-09-032-3/+3
* Implement a "mgrate" facility that lets one migrate/overwrite the LDAPmarcus2004-09-032-8/+59
* Fix the bus error on startup in -CURRENT and 5.x-BETA. It turns outroam2004-09-022-1/+32
* - Update to 20040826 snapshotvs2004-09-024-93/+46
* Adjust the affected version for imlib now that the 2nd instance of BMPnectar2004-09-021-1/+2
* - Update to 0.44pav2004-09-022-5/+3
* Update to DAT 4389jeh2004-09-022-4/+3
* Fix MIT krb5 Security Advisory 2004-002: double-free vulnerabilitiescy2004-09-0212-4/+128
* The recent commit to the krb5 port brought the version to 1.3.4_1 butnectar2004-09-021-1/+1
* Fix MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service.cy2004-09-018-0/+56
* - update to 0.7clsung2004-09-012-3/+3
* Note recent MIT Kerberos 5 vulnerabilities.nectar2004-09-011-0/+74
* - update to version 3.70 (birthday edition, try the verbose mode)eik2004-09-012-9/+3
* Document imlib2 BMP decoder bug.nectar2004-08-311-0/+27
* Document BMP decoder bugs in imlib1 and ImageMagick.nectar2004-08-311-0/+50
* Update to 1.2.6.osa2004-08-316-58/+58
* Update to 1.7.1.marcus2004-08-312-3/+3
* samba printer change notification request DoSeik2004-08-311-0/+1
* Update to 0.3.3.marcus2004-08-313-3/+11
* Update to KDE 3.3lofi2004-08-316-190/+56
* Correct bogus date in mysql entry. (It should be YYYY-MM-DD, notnectar2004-08-301-2/+2
* Add more references (particularly CVE names) for issues affectingnectar2004-08-301-8/+24
* Fix location of pkg-config data.vs2004-08-302-1/+12
* correct/add some referenceseik2004-08-301-35/+48
* add some references, add ru-gaimeik2004-08-301-2/+4
* multiple vulnerabilities in gaimeik2004-08-301-4/+4
* I have been having a problem since the update to use update.ini insteadjeh2004-08-302-10/+23
* security bug in rscsi client codeeik2004-08-301-0/+4
* Update to 2.30.marcus2004-08-304-6/+6
* - Update to 1.1.7pav2004-08-304-17/+26
* Remove -P option from tar. This patch has already been incorporatedlinimon2004-08-291-0/+1
* Add opieprintmharo2004-08-295-17/+40
* Patch the default installation locations to be FreeBSD-friendly. Bumplinimon2004-08-2816-2/+201
* Add WWW line.linimon2004-08-281-0/+2
* Document NSS SSLv2 server buffer overflow (already referenced innectar2004-08-272-1/+37
* Document ripMIME decoding bug (already referenced in portaudit.txt).nectar2004-08-272-2/+38
* Update to 0.41mat2004-08-273-5/+6
* Argh. Duplicate entry for "Scorched 3D server chat box format string vulnerab...eik2004-08-271-2/+1
* Mozilla / NSS S/MIME DoS vulnerability & Scorched 3D server chat box format s...eik2004-08-271-0/+2
* Remove <modified/> from the gnomevfs vulnerability since it was the samemarcus2004-08-271-1/+0
* Update the gnomevfs entry to reflect the fixed versions.marcus2004-08-271-2/+3
* Add entry for moinmoin ACL bypass.trhodes2004-08-271-0/+28
* Note sanitize_path bug in rsync (already referenced in portaudit.txt).nectar2004-08-272-1/+32
* Unsafe URI handling in gnome-vfs, MidnightCommander.nectar2004-08-271-0/+38
* Document buffer overflows in SoX (already referenced in portaudit.txt).nectar2004-08-272-1/+30
* Document cookie bug in Konqueror (already referenced in portaudit.txt).nectar2004-08-272-1/+45
* Update to 2.1.1sem2004-08-274-17/+26
* The tarball was rerolled because of security fix.sem2004-08-271-2/+2
* - Update to 0.6.6pav2004-08-272-4/+4
* Add missed file in pkg-plistsem2004-08-271-0/+1
* Update to 2.1.2sem2004-08-2710-15/+728
* support building nmap-3.59a5 WITH_PRERELEASE=yeseik2004-08-262-0/+6
* - Update to 1.4.0clsung2004-08-265-31/+60
* I forgot to change filename, which md5 info is correct for 0.6.clsung2004-08-261-2/+2
* Update to DAT 4388jeh2004-08-262-3/+3
* Update to 20040825vs2004-08-262-3/+3
* - Fix "make validate" problem when textproc/xhtml-basic ishrs2004-08-254-9/+12
* Remove libxine issue which is now documented in the FreeBSD VuXMLnectar2004-08-251-1/+0
* update to 3.9.2. Fixes a remote exploitable buffer overflow:eik2004-08-253-5/+4
* nss library SSL remote buffer overfloweik2004-08-251-0/+1
* multiple buffer overflows in xveik2004-08-251-2/+3
* - update to 0.6clsung2004-08-252-3/+3
* - Removed now-unneeded patchsergei2004-08-241-11/+0
* - Update to 1.0sergei2004-08-242-10/+10
* Konqueror cross-domain cookie injectioneik2004-08-241-0/+1
* handle some duplicateseik2004-08-243-2/+71
* Place port name in the description.trhodes2004-08-241-1/+2
* fix "too many open files" error when using the -r flageik2004-08-242-2/+2
* Add libxine vcd URL handling issue.nectar2004-08-241-0/+39
* Add DoS in SpamAssassin.nectar2004-08-231-0/+30
* Add <modified> date for previous commit.nectar2004-08-231-0/+1
* fidogate-ds was also affected by the ``write files as `news' user''nectar2004-08-231-0/+4
* Off-by-one error in courier-imap entry.nectar2004-08-231-1/+1
* Add a more useful reference for the Qt issue.nectar2004-08-231-0/+1
* Add Qt heap overflow issue.nectar2004-08-231-0/+31
* Add a security issue affected courier-imap when run with certain debugnectar2004-08-231-0/+26
* Add fidogate issue.nectar2004-08-231-0/+26
* Add an issue covering a vulnerability in mysqlhotcopy.nectar2004-08-231-0/+32
* Cancel a VuXML entry for an Apache vulnerability that does not affectnectar2004-08-231-42/+1
* Fix CC, CFLAGSarved2004-08-231-0/+1
* Revert previous commit, I lost the race with arved who fixed the port.kris2004-08-221-6/+1
* that should fix the build on freebsd-6oliver2004-08-221-1/+19
* Fix the WITHOUT_ knobs to be compliant with the GNOME frameworksem2004-08-212-12/+10
* a2ps: Possible execution of shell commands as local user.eik2004-08-211-1/+2
* Delete files forgotten in last repocopyeik2004-08-219-152/+0
* cancelled 6fd9a1e9-efd3-11d8-9837-000c41e2cdad: does not affect FreeBSDeik2004-08-211-27/+1
* BROKEN on 5.x: Does not compile with gcc 3.4.2kris2004-08-211-1/+6
* Fix build with gcc 3.4arved2004-08-211-2/+10
* Update to 1.1.6sem2004-08-202-3/+3
* correct topic of eda0ade6-f281-11d8-81b0-000347a4fa7deik2004-08-201-1/+1
* QT 3.x BMP (and possibly other graphics formats) heap-based overfloweik2004-08-201-0/+1
* Update to 1.6.8mharo2004-08-204-21/+9
* My territory, suggested by ijliao. :pclsung2004-08-203-3/+3
* Add revelation, a password manager for the GNOME 2 desktop. It stores allmarcus2004-08-205-0/+123
* Update to 1.25mat2004-08-193-29/+67
* potential security flaws in mod_ssleik2004-08-191-4/+6
* Update to DAT 4387jeh2004-08-192-3/+3
* patch-kmpstat.c is not necessary anymore.sumikawa2004-08-192-28/+0
* - update to 3.9p1dinoex2004-08-1812-126/+92
* Update to 1.27krion2004-08-182-3/+3
* Upgrade to 20040818a.sumikawa2004-08-184-6/+6
* Add a pointer to Przemyslaw Frasunek's advisory.nectar2004-08-181-0/+1
* For the lukemftpd/tnftpd issue, add a reference to NetBSD securitynectar2004-08-181-0/+1
* Note a vulnerability in lukemftpd/tnftpd.nectar2004-08-181-0/+47
* Don't require a particular version of libexpat. Use sh(1)'s `echo *'mi2004-08-182-3/+3
* multiple CVS vulnerabilitieseik2004-08-171-0/+51
* move a800386e-ef7e-11d8-81b0-000347a4fa7d to xmleik2004-08-173-9/+36
* Correct the version numbers and dates in the last entry.knu2004-08-171-4/+4
* Add an entry for:knu2004-08-171-0/+30
* Document a setgid "games" security issue in xonix. Based on a VuXMLnectar2004-08-171-0/+30
* - Fix build with gcc 3.4pav2004-08-172-5/+14
* Update to 2.29.marcus2004-08-176-8/+10
* Upgrade to 2.1.0.vanilla2004-08-176-47/+51
* ruby CGI::Session insecure file creationeik2004-08-161-1/+2