Current status

Number of commits found XX: 6166 (showing only 100 on this page)

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11  »  [Last Page]

security/linux-c7-nettle: mark vulnerable, too

See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254355#c14

PR:		254355
Reported by:	Graham Perrin <grahamperrin@gmail.com>

Add entry about recent Samba4* vulnerabilities:

CVE-2020-27840: An anonymous attacker can crash the Samba AD DC LDAP server by
sending easily crafted DNs as part of a bind request. More serious heap
corruption is likely also possible.
CVE-2021-20277: User-controlled LDAP filter strings against the AD DC LDAP
server may crash the LDAP server.

Security:	CVE-2020-27840
		CVE-2021-20277

vuln.xml: mention nettle < 3.7.2 ECDSA verify bugs

Security:	80f9dbd3-8eec-11eb-b9e8-3525f51429a0

security/vuxml: Document High OpenSSL vulnerabilities

 * While here, fix incorrect year in ec04f3d0-8cd9-11eb-bb9f-206a8a720317

security/vuxml: Document spamassassin CVE-2020-1946

PR:		254526
Security:	https://s.apache.org/ng9u9
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-1946

security/vuxml: Add entry for gitea < 1.13.6

PR:		254515
Submitted by:	maintainer

security/vuxml: Add entry for gitea < 1.13.5

PR:		254468
Submitted by:	maintainer

OpenSSH CVE-2021-28041 fixed in 8.4.p1_4,1.

Also add flavored package names.

Document OpenSSH CVE-2021-28041

PR:	254258
Submitted by:	Yasuhiro Kimura

Document gitlab vulnerability.

fixup PORTEPOCH for dnsmasq-devel

which used to be at 3 already earlier. Adjust vuxml entry accordingly.

Security:	CVE-2021-3448
Security:	5b72b1ff-877c-11eb-bd4f-2f1d57dafe46

fixup version range for dnsmasq[-devel] to 2.85.r1,1 not 2.85r1,1

Security:	5b72b1ff-877c-11eb-bd4f-2f1d57dafe46
Security:	CVE-2021-3448

vuxml: Add dnsmasq < 2.85 cache poisoning vulnerability.

This affects only certain dnsmasq configurations,
and use of dnsmasq with NetworkManager.

Security:	CVE-2021-3448

Document minio issue

security/vuxml: Document LibreSSL potential use-after-free

Document new vulnerabilities in www/chromium < 89.0.4389.90

Obtained
from:	https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html

Document CVE-2015-4645 in sysutils/squashfs-tools

Security:	CVE-2015-4645

security/vuxml: Fix www/gitea entry.

s/1.13.24/1.13.4

PR:	254130
Reported by:	clubok@gmx.net

security/vuxml: Document lang/go vulnerabilities

Document vulnerabilities in www/gitea < 1.13.4

PR:		254130
Submitted by:	stb AT lassitu DOT de (maintainer)

Document vulnerabilities in databases/mantis <2.24.4

PR:		252612
Submitted by:	Zoltan ALEXANDERSON BESSE <zab@zltech.eu>

security/vuxml: document Node.js February 2021 Security Releases

https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/

Sponsored by:	Miles AS

Document gitlab vulnerabilities.

Report new asterisk vulnerability.

Document new vulnerabilities in www/chromium < 89.0.4389.72

Obtained
from:	https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html

Document jasper vulnerability

- add CVE entries for saltstack

Fix the redis5 affected versions.

Document vault issue

security/vuxml: add FreeBSD SA-21:04.jail_remove

security/vuxml: add FreeBSD SA-21:06.xen

security/vuxml: add FreeBSD SA-21:05.jail_chdir

security/vuxml: add FreeBSD SA-21:03.pam_login_access

Document integer overflow on 32-bit systems (CVE-2021-21309):
o) databases/redis5
o) databases/redis
o) databases/redis-devel

security/vuxml: Mark zeek < 3.0.13 as vulnerable as per:

    https://github.com/zeek/zeek/releases/tag/v3.0.13

Fix ASCII Input reader's treatment of input files containing
null-bytes. An input file containing null-bytes could lead to a
buffer-over-read, crash Zeek, and be exploited to cause Denial of
Service.

Add vuxml entry for textproc/raptor2 CVE

PR:		251102

Connect vuln-2020.xml (2/2)

Document  Jenkins Security Advisory 2021-02-19

Sponsored by:	The FreeBSD Foundation

Report new asterisk vulnerabilities.

security/openssl-devel: Mark vulnerable CVE-2021-23841

MFH:		2021Q1
Security:	96a21236-707b-11eb-96d8-d4c9ef517024

Document rails vulnerability

Document new vulnerabilities in www/chromium < 88.0.4324.182

Obtained
from:	https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html

security/vuxml: Document OpenSSL 1.1.1i vulnerabilities

openexr/ilmbase < v2.5.5 security vulnerabilities

https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v2.5.5

Security:	98044aba-6d72-11eb-aed7-1b1b8a70cc8b

Document gitlab vulnerabilities.

Add security/vuxml entry for CVE-2021-21291 affecting www/oauth2-proxy < 7.0.0.

While I'm here, fix formatting for mod_dav_svn CVE-2020-17525 vuxml entry,

MFH:		2021Q1

Fix build.

Sponsored by:	Rubicon Communications, LLC ("Netgate")

 Document https://subversion.apache.org/security/CVE-2020-17525-advisory.txt.

security/vuxml: Add entry for gitea < 1.13.2

PR:		253295
Submitted by:	maintainer

Document new vulnerability in www/chromium < 88.0.4324.150

Obtained
from:	https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html

Document new vulnerabilities in www/chromium < 88.0.4324.146

Obtained
from:	https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop.html

Document gitlab-ce vulnerabilities.

Document minio issue

security/vuxml: add FreeBSD SA-21:02.xenoom

security/vuxml: add FreeBSD SA-21:01.fsdisclosure

security/vuxml: Document graphics/pngcheck vulnerability

PR:			253019
Approved by:		fernape (mentor)
Differential Revision:	https://reviews.freebsd.org/D28308

Document sudo CVE-2021-3156.

 * When invoked as sudoedit, the same set of command line options
   are now accepted as for "sudo -e".  The -H and -P options are
   now rejected for sudoedit and "sudo -e" which matches the sudo
   1.7 behavior.  This is part of the fix for CVE-2021-3156.

 * Fixed a potential buffer overflow when unescaping backslashes
   in the command's arguments.  Normally, sudo escapes special
   characters when running a command via a shell (sudo -s or sudo
   -i).  However, it was also possible to run sudoedit with the -s
   or -i flags in which case no escaping had actually been done,
   making a buffer overflow possible.  This fixes CVE-2021-3156.

PR:		253034
Reported by:	"Todd C. Miller" <Todd.Miller@sudo.ws> via mailing list
		emaste
Obtained from:	sudo

Document py-pysaml2 vulnerability

Document Jenkins Security Advisory 2021-01-26

Sponsored by:	The FreeBSD Foundation

Rework the entity declaration

when expanded they will look better (as when the file was not split)

While here cleanup some indentation

security/vuxml: Document mail/mutt vulnerability

Document mail/mutt vulnerability CVE-2021-3181

PR:		252931
Submitted by:	Derek Schrock <dereks@lifeofadishwasher.com>
Reported by:	Derek Schrock <dereks@lifeofadishwasher.com>
Reviewed by:	osa (mentor)
Approved by:	osa (mentor)
Differential Revision:	https://reviews.freebsd.org/D28308

Fix build.

Sponsored by:	Rubicon Communications, LLC ("Netgate")

security/vuxml: Add new MySQL vulnerabilities

Document new vulnerabilities in www/chromium < 88.0.4324.96

Obtained
from:	https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html

Document CVE-2020-15983 for games/chocolate-doom and games/crispy-doom

Made clear how to test now entries against the newly formatted file.

Fix build.

Yes, please do FIXME.

Sponsored by:	Rubicon Communications, LLC ("Netgate")

Added security vulnerability for rubygem-nokogiri.

Split vuln.xml file [2/2]

The vuln.xml file has grown a lot since 2003. To avoid having to unlock
the svn size limitation, the file is now split into 1 file per year up
to the current year + previous one. The split is made based on the date
when the entry has been added.

In order to achieve the split without breaking any consumer we use a standard
XML mechanism via the definition of entities.

While here add a new target make vuln-flat.xml which will expand the entities
in order to be able to regenerate a one uniq file if needed. This useful to for
example allow to test with pkg audit directly given the XML parser used in pkg
does not support custom entities.

The vuxml web site generator has been modified to ensure the vuln.xml file it
provides is the expanded version, so for consumers it is still only one single
file to download.

dns/dnsmasq-devel: mark stale name vulnerable, too

dnsmasq-devel isn't currently in ports, but if someone never
switched to dnsmasq, we should also flag the older dnsmasq-devel
vulnerable.

Security:	5b5cf6e5-5b51-11eb-95ac-7f9491278677

dns/dnsmasq < 2.83 vulnerabilities (buffer overflow, DNS cache poisoning)

Security:	5b5cf6e5-5b51-11eb-95ac-7f9491278677
Security:	CVE-2020-25684
Security:	CVE-2020-25685
Security:	CVE-2020-25686
Security:	CVE-2020-25681
Security:	CVE-2020-25682
Security:	CVE-2020-25683
Security:	CVE-2020-25687

security/vuxml: Document lang/go vulnerabilities

security/vuxml: Fix range of affected cloud-init versions

security/vuxml: Document vulnerability in cloud-init version 20.4

https://bugs.launchpad.net/cloud-init/+bug/1911680

Reported by:	Mina Galic <me@igalic.co>

Document CVE-2020-25074 and CVE-2020-15275 for www/moinmoin

Document ghostscript9-agpl-base vulnerability committed in r544907

PR:		248580
Requested by:	joneum (ports-secteam)
Reported by:	VVD <vvd@unislabs.com>
MFH:		2021Q1
Security:	CVE-2020-15900

security/vuxml: document Node.js January 2021 Security Releases

https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/

Sponsored by:	Miles AS

Document gitlab vulnerability.

Document integer overflow in wavpack (CVE-2020-35738).

Document Jenkins Security Advisory 2021-01-13

Sponsored by:	The FreeBSD Foundation

Document phpmyfaq vulnerability

Document sudo CVE-2021-23239.

Document cairosvg vulnerability

Document gitlab vulnerabilities.

Document new vulnerabilities in www/chromium < 87.0.4280.141

Obtained
from:	https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop.html

security/vuxml: add dovecot CVE-2020-24386

PR:		252415
Submitted by:	Evilham <contact@evilham.com>
Relnotes:	https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html

security/vuxml: Add entry for gitea < 1.13.1

PR:		252310
Submitted by:	maintainer

Document inspircd vulnerabilitiy

PR:		252291
Reported by:	Sadie Powell <sadie@witchery.services>

Document CVE-2020-0543 for Intel CPUs.

PR:		247197
Submitted by:	spam123@bitbert.com

Document new asterisk vulnerabilities.

Document vulns for powerdns and postsrsd

Reviewed by:	osa (mentor)
Approved by:	osa (mentor)
Differential Revision:	https://reviews.freebsd.org/D27706

Correct entries for mantis and libX11 (missing PORTEPOCH in package string).

PR:		251168
Submitted by:	zab@zltech.eu

Document vault issue

security/vuxml: Note FreeBSD 11.4 fix for CVE-2020-1971

Document jasper vulnerability

security/vuxml: Document net-im/py-matrix-synapse issue

PR:		251768
Submitted by:	contact@evilham.com
Security:	CVE-2020-26257

security/vuxml: Document p11-kit vulnerabilities

security/vuxml: Document Unbound/NSD vuln

security/vuxml: Update LibreSSL vuln

 * for 2020Q4 branch which is on 3.1

security/vuxml: Document LibreSSL vulnerability

Number of commits found XX: 6166 (showing only 100 on this page)

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11  »  [Last Page]

12 vulnerabilities affecting 72 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities

Last updated:
2021-03-28 22:40:29