aboutsummaryrefslogtreecommitdiff
path: root/security
Commit message (Collapse)AuthorAgeFilesLines
* Update to 5.74.Anton Berezin2012-11-262-3/+3
| | | | | | | | | Changes: http://cpansearch.perl.org/src/MSHELOR/Digest-SHA-5.74/Changes Feature safe: yes Notes: svn path=/head/; revision=307781
* Update to 1.5.3 release.Alex Dupre2012-11-262-10/+5
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=307771
* - Update backports patch to 20121114Florian Smeets2012-11-251-7/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Bump PORTREVISION Changes: - CVE-2006-7243 PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function Secuity 3761df02-0f9c-11e0-becc-0022156e8794 fixed by check in fopen functions for strlen(filename) != filename_len - CVE-2012-4388 The sapi_header_op function in main/SAPI.c does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, this vulnerability exists because of an incorrect fix for CVE-2011-1398. - Timezone database updated to version 2012.9 (2012i) PR: ports/173685 Submitted by: Svyatoslav Lempert <svyatoslav.lempert@gmail.com> Approved by: maintainer Feature safe: yes Notes: svn path=/head/; revision=307747
* Add entries for the following advisories:Wesley Shields2012-11-251-0/+91
| | | | | | | | | | | FreeBSD-SA-12:08.linux FreeBSD-SA-12:07.hostapd FreeBSD-SA-12:06.bind Feature safe: yes Notes: svn path=/head/; revision=307733
* - Update to 0.8.7.1Steve Wills2012-11-244-16/+37
| | | | | | | | | | | | | | | | - Fix installation so it doesn't overwrite your config files every time you upgrade the port - Fix some space/tab issues to make portlint happy - Use dirrmtry in a few places because some people have their own custom filters, actions, etc. PR: ports/171708 Submitted by: Mark Felder <feld@feld.me> Approved by: Christoph Theis <theis@gmx.at> (maintainer) Feature safe: yes Notes: svn path=/head/; revision=307702
* - Remove hardcoded dependency on security/gpg. Instead, add OPTIONS to allowJase Thew2012-11-231-2/+18
| | | | | | | | | | | | choice of GnuPG version. PR: ports/172323 Approved by: jadawin (perl@) Feature safe: yes Notes: svn path=/head/; revision=307682
* - opera -- execution of arbitrary codeDirk Meyer2012-11-221-0/+34
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=307666
* update to 0.2.4.6-alphaBrendan Fabeny2012-11-222-8/+11
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=307645
* Update to 3.0.8, unbreak with utmpx.David Thiel2012-11-213-4/+19
| | | | | | | Feature safe: Yes Notes: svn path=/head/; revision=307624
* Document new vulnerability in www/lighttpd 1.4.31Martin Matuska2012-11-211-0/+32
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=307616
* - Update firefox and thunderbird to 17.0Florian Smeets2012-11-201-0/+119
| | | | | | | | | | | | | | | | | | - Update seamonkey to 2.14 - Update ESR ports and libxul to 10.0.11 - support more h264 codecs when using GSTREAMER with YouTube - Unbreak firefox-esr, thunderbird-esr and libxul on head >= 1000024 [1] - Buildsystem is not python 3 aware, use python up to 2.7 [2] PR: ports/173679 [1] Submitted by: swills [1], demon [2] In collaboration with: Jan Beich <jbeich@tormail.org> Security: d23119df-335d-11e2-b64c-c8600054b392 Approved by: portmgr (beat) Feature safe: yes Notes: svn path=/head/; revision=307606
* update to 0.2.3.25Brendan Fabeny2012-11-204-39/+73
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=307588
* Update to 20121120Renato Botelho2012-11-202-3/+3
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=307585
* - Update to 0.14Frederic Culot2012-11-192-8/+7
| | | | | | | | | | - Add LICENSE (Artistic 1 & GPL 1) Changes: http://search.cpan.org/dist/Crypt-OpenSSL-DSA/Changes Feature safe: yes Notes: svn path=/head/; revision=307559
* - Update to 2.31Frederic Culot2012-11-192-8/+4
| | | | | | | | Changes: http://search.cpan.org/dist/Crypt-CBC/Changes Feature safe: yes Notes: svn path=/head/; revision=307556
* - Update to 0.22Frederic Culot2012-11-192-9/+4
| | | | | | | | Changes: http://search.cpan.org/dist/RadiusPerl/Changes Feature safe: yes Notes: svn path=/head/; revision=307555
* horde4 update:Martin Matuska2012-11-194-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | archivers/pear-Horde_Compress 1.0.7 -> 1.0.8 databases/pear-Horde_Db 1.2.1 -> 1.2.2 deskutils/horde4-groupware 4.0.8 -> 4.0.9 deskutils/horde4-kronolith 3.0.17 -> 3.0.18 deskutils/horde4-mnemo 3.0.6 -> 3.0.7 deskutils/horde4-nag 3.0.8 -> 3.0.9 devel/pear-Horde_Alarm 1.0.7 -> 1.0.8 devel/pear-Horde_Cache 1.0.5 -> 1.0.6 devel/pear-Horde_Core 1.9.2 -> 1.9.3 devel/pear-Horde_Date 1.0.11 -> 1.0.12 devel/pear-Horde_Nls 1.1.6 -> 1.1.7 mail/horde4-imp 5.0.23 -> 5.0.24 mail/horde4-ingo 2.0.9 -> 2.0.10 mail/horde4-turba 3.0.15 -> 3.0.16 mail/horde4-webmail 4.0.8 -> 4.0.9 mail/pear-Horde_Imap_Client 1.5.5 -> 1.5.11 mail/pear-Horde_Mime 1.6.1 -> 1.6.2 mail/pear-Horde_Mime_Viewer 1.0.8 -> 1.0.9 security/pear-Horde_Auth 1.4.9 -> 1.4.10 security/pear-Horde_Secret 1.0.2 -> 1.0.4 textproc/pear-Horde_Text_Filter 1.1.5 -> 1.1.6 www/horde4-ansel 2.0.1 -> 2.0.2 www/horde4-base 4.0.15 -> 4.0.16 www/horde4-wicked 1.0.1 -> 1.0.2 www/pear-Horde_Browser 1.0.8 -> 1.0.9 www/pear-Horde_Service_Weather 1.1.2 -> 1.1.3 www/pear-Horde_SessionHandler 1.0.5 -> 1.0.6 Feature safe: yes Notes: svn path=/head/; revision=307554
* - Fix copy and paste error in latest weechat entryJase Thew2012-11-181-1/+2
| | | | | | | | | (81826d12-317a-11e2-9186-406186f3d89d) Feature safe: yes Notes: svn path=/head/; revision=307535
* - Document new vulnerability in irc/weechat and irc/weechat-develJase Thew2012-11-181-0/+33
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=307534
* - Update to 1.3.4Ryan Steinmetz2012-11-182-3/+3
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=307528
* - Update to 1.77Philippe Audeoud2012-11-162-8/+4
| | | | | | | | | - Changelog: http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.77/Changes Feature safe: yes Notes: svn path=/head/; revision=307478
* * Fix build against libcli 0.9.6Tom Judge2012-11-162-1/+27
| | | | | | | | | | * Make dependance on ActiveMQ off by default. Feature safe: yes Approved by: eadler (mentor) Notes: svn path=/head/; revision=307471
* Add CONFLICTS.Matthias Andree2012-11-151-0/+2
| | | | | | | | Suggested by: ketas's ports conflicts checker Feature safe: yes Notes: svn path=/head/; revision=307470
* - Update to 1.9.0Sofian Brabez2012-11-153-4/+7
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=307461
* - bugzilla security updates to version(s)Olli Hauer2012-11-141-0/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 3.6.11, 4.0.8, 4.2.4 Summary ======= The following security issues have been discovered in Bugzilla: * Confidential product and component names can be disclosed to unauthorized users if they are used to control the visibility of a custom field. * When calling the 'User.get' WebService method with a 'groups' argument, it is possible to check if the given group names exist or not. * Due to incorrectly filtered field values in tabular reports, it is possible to inject code which can lead to XSS. * When trying to mark an attachment in a bug you cannot see as obsolete, the description of the attachment is disclosed in the error message. * A vulnerability in swfstore.swf from YUI2 can lead to XSS. Feature safe: yes Security: CVE-2012-4199 https://bugzilla.mozilla.org/show_bug.cgi?id=731178 CVE-2012-4198 https://bugzilla.mozilla.org/show_bug.cgi?id=781850 CVE-2012-4189 https://bugzilla.mozilla.org/show_bug.cgi?id=790296 CVE-2012-4197 https://bugzilla.mozilla.org/show_bug.cgi?id=802204 CVE-2012-5475 https://bugzilla.mozilla.org/show_bug.cgi?id=808845 http://yuilibrary.com/support/20121030-vulnerability/ Notes: svn path=/head/; revision=307425
* - Update to version 2.1.5Pawel Pekala2012-11-133-50/+67
| | | | | | | | | | | | | - Add LICENSE - Convert to optionsNG - Don't overwrite user modified config PR: ports/172058 Submitted by: KATO Tsuguru <tkato432@yahoo.com> Feature safe: yes Notes: svn path=/head/; revision=307388
* - Update recent weechat entry (e02c572f-2af0-11e2-bb44-003067b2972c)Jase Thew2012-11-131-1/+4
| | | | | | | | | | - Document assigned CVE Identifier - Document workaround for vulnerable versions Feature safe: yes Notes: svn path=/head/; revision=307387
* Document vulnerabilities in two typo3 components.Rene Ladan2012-11-121-0/+38
| | | | | | | | Obtained from: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/ Feature safe: yes Notes: svn path=/head/; revision=307348
* Update pkg-descr to current project statePawel Pekala2012-11-121-10/+9
| | | | | | | | | PR: ports/173445 Submitted by: Jr Aquino <tanawts@gmail.com> (maintainer) Feature safe: yes Notes: svn path=/head/; revision=307346
* Mark IGNORE on ${OSVERSION} >= 1000024 where the script got added to the baseEmanuel Haupt2012-11-121-6/+8
| | | | | | | | | system. Feature safe: yes Notes: svn path=/head/; revision=307339
* Fix typo.Guido Falsi2012-11-121-1/+1
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=307335
* - Update to 2.7.1Guido Falsi2012-11-121-0/+27
| | | | | | | | | | | | | - Convert to new options framework - Document US-CERT VU#268267 - Trim Makefile headers PR: ports/173226 Submitted by: Hirohisa Yamaguchi <umq@ueo.co.jp> (maintainer) Feature safe: yes Notes: svn path=/head/; revision=307334
* - Update MASTER_SITES and WWW: linePawel Pekala2012-11-104-29/+37
| | | | | | | | | | | | | - Support CFLAGS properly - Add MAKE_JOBS_SAFE - Don't install license file twice PR: ports/172064 Submitted by: KATO Tsuguru <tkato432@yahoo.com> Feature safe: yes Notes: svn path=/head/; revision=307298
* - Add LICENSEPawel Pekala2012-11-103-25/+26
| | | | | | | | | | | | | - Add MAKE_JOBS_SAFE - Support PORTEXAMPLES - Replace patch with REINPLACE_CMD PR: ports/172063 Submitted by: KATO Tsuguru <tkato432@yahoo.com> Feature safe: yes Notes: svn path=/head/; revision=307297
* - Add LICENSEPawel Pekala2012-11-106-94/+15
| | | | | | | | | | | | - Switch to PLIST_FILES, PORTDOCS - Remove bunch of patches, replaced by REINPLACE_CMD PR: ports/172062 Submitted by: KATO Tsuguru <tkato432@yahoo.com> Feature safe: yes Notes: svn path=/head/; revision=307295
* - Add LICENSEPawel Pekala2012-11-102-13/+11
| | | | | | | | | | | - Switch to PLIST_FILES PR: ports/172061 Submitted by: KATO Tsuguru <tkato432@yahoo.com> Feature safe: yes Notes: svn path=/head/; revision=307293
* - Improve latest ruby entry slightlySteve Wills2012-11-101-2/+2
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=307286
* - Modify recent e02c572f-2af0-11e2-bb44-003067b2972c entryJase Thew2012-11-101-5/+8
| | | | | | | | | | | | - Add constraints to vulnerable versions - Add additional references - Improve topic - Correct description Feature safe: yes Notes: svn path=/head/; revision=307282
* Apply an upstream patch that fixes a security holeEitan Adler2012-11-101-0/+30
| | | | | | | | | | | | | | when receiving a special colored message. The maintainer was contacted but due to the nature of the issue apply the patch ASAP. Approved by: secteam-ports (swills) Security: e02c572f-2af0-11e2-bb44-003067b2972c Feature safe: yes Notes: svn path=/head/; revision=307263
* - Update lang/ruby19 to 1.9.3p327Steve Wills2012-11-101-0/+35
| | | | | | | | | | - Document security issue in earlier versions Security: 5e647ca3-2aea-11e2-b745-001fd0af1a4c Feature safe: yes Notes: svn path=/head/; revision=307261
* - clarification that ASF reported issue for:Jason Helfman2012-11-091-2/+4
| | | | | | | | | | - 152e4c7e-2a2e-11e2-99c7-00a0d181e71d - 4ca26574-2a2c-11e2-99c7-00a0d181e71d Feature safe: yes Notes: svn path=/head/; revision=307259
* - document tomcat vulnerabilitiesJason Helfman2012-11-091-0/+76
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=307247
* - Update to 0.4.3Bryan Drewery2012-11-093-7/+10
| | | | | | | | | - Trim header Feature safe: yes Notes: svn path=/head/; revision=307240
* Update latest version and document security issuesEitan Adler2012-11-091-0/+32
| | | | | | | | | | PR: ports/173487 Submitted by: Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp> Security: 4b8b748e-2a24-11e2-bb44-003067b2972c Feature safe: yes Notes: svn path=/head/; revision=307221
* - fix MASTER_SITESPietro Cerutti2012-11-081-1/+1
| | | | | | | | | Reported by: PH (via beat@) Approved by: portmgr@ (implicit) Feature safe: yes Notes: svn path=/head/; revision=307170
* - Update to 1.2.0Jason E. Hale2012-11-083-10/+6
| | | | | | | | | | | | | | While here: - Trim Makefile header - Fix capitalization and spacing in COMMENT and pkg-descr PR: ports/173466 Submitted by: John Chen <johnpupu@gmail.com> Approved by: makc, avilla (mentors, implicit) Feature safe: yes Notes: svn path=/head/; revision=307168
* - fix mtree by avoiding to install a .in CMake configure filePietro Cerutti2012-11-081-0/+4
| | | | | | | | | Reported by: PH (via beat@) Approved by: portmgr@ (implicit) Feature safe: yes Notes: svn path=/head/; revision=307159
* Document new vulnerabilities in www/chromium < 23.0.1271.64Rene Ladan2012-11-071-0/+66
| | | | | | | | Obtained from: http://googlechromereleases.blogspot.nl/search/label/Stable%20updates Feature safe: yes Notes: svn path=/head/; revision=307128
* Update to 4.42.Tom Judge2012-11-072-4/+3
| | | | | | | | | | | | Changes: http://clamtk.sourceforge.net/CHANGES Feature safe: yes Approved by: eadler (mentor) Notes: svn path=/head/; revision=307114
* Document opera vulnerabilitiesChris Rees2012-11-061-0/+42
| | | | | | | Feature safe: yes Notes: svn path=/head/; revision=307094
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-06 17:12:29 +0000