# pkg audit
libidn2-2.2.0 is vulnerable:
libidn2 -- roundtrip check vulnerability
CVE: CVE-2019-12290
WWW:
https://vuxml.FreeBSD.org/freebsd/f04f840d-0840-11ea-8d66-75d3253ef913.html
Opening the link, I find:
GNU libidn2 *before* 2.2.0 fails...
Which is right?
Is 2.2.0
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=233475
>
> Bernhard Froehlich changed:
>
> What|Removed |Added
>
> Status|New |Closed
>
Please excuse the earlier blank mail- Android Gmail being moronic again :(
Hello all,
I've just been alerted to an issue with transmission, but only the daemon.
Basically, you can fool it into believing that a remote host is localhost, and
can therefore break in to it.
This is an issue if
___
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
Op 30-6-2017 om 18:23 schreef Carlos Jacobo Puga Medina:
I have submitted a patch to update libgcrypt to 1.7.8 (still pending
for an exp-run)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220382
You can grab the patch, apply and build the port.
Thanks Carlos, appreciate your support.
Hi,
> Enviar: viernes 30 de junio de 2017 a las 18:04
> De: "Jos Chrispijn" <bsdpo...@cloudzeeland.nl>
> Para: "FreeBSD Ports ML" <freebsd-ports@freebsd.org>, c...@freebsd.org
> Asunto: Vulnerability
>
> Dear port maintainer,
>
> Just to l
> On 30 Jun, 2017, at 10:04, Jos Chrispijn wrote:
>
> Dear port maintainer,
>
> Just to let you know that I ran into the following vulenerability report:
>
> libgcrypt-1.7.7 is vulnerable:
> libgcrypt -- side-channel attack on RSA secret keys
> CVE: CVE-2017-7526
>
Dear port maintainer,
Just to let you know that I ran into the following vulenerability report:
libgcrypt-1.7.7 is vulnerable:
libgcrypt -- side-channel attack on RSA secret keys
CVE: CVE-2017-7526
WWW:https://vuxml.FreeBSD.org/freebsd/ed3bf433-5d92-11e7-aa14-e8e0b747a45a.html
Could you send
On 2016-08-08 12:02, Bernard Spil wrote:
The CVE's mention MariaDB where applicable.
Added versions where these vulns were fixed for MariaDB. PerconaDB
follows the MySQL release numbering and has also received updates so I
added version checks there as well.
See
;>> >
>>> > Kubilay Kocak <ko...@freebsd.org> wrote:
>>> >
>>> >> Unfortunately you are yet one more example of a user that's been left in
>>> >> the lurch without information or recourse wondering (rightfully) how
>>> >> they can re
in
>> the lurch without information or recourse wondering (rightfully) how
>> they can resolve or mitigate this vulnerability. Our apologies.
>
> While we are that topic, I am wondering about that 14 days old warning, as
well:
>
>mariadb101-server-10.1.16 is vulnerable:
>M
the lurch without information or recourse wondering (rightfully) how
> >> they can resolve or mitigate this vulnerability. Our apologies.
> >
> > While we are that topic, I am wondering about that 14 days old warning, as
> > well:
> >
> > mariadb101-ser
On 6/08/2016 7:23 AM, Michael Grimm wrote:
> Hi —
>
> Kubilay Kocak <ko...@freebsd.org> wrote:
>
>> Unfortunately you are yet one more example of a user that's been left in
>> the lurch without information or recourse wondering (rightfully) how
>> they can re
On 06/08/2016 04:39, alphachi wrote:
> Any update doesn't still land on ports tree, but now "pkg audit -F" won't
> report graphics/tiff is vulnerable.
There has been a revised judgement about the gif2tiff program, in that
while it can be made to crash by a specially crafted gif file, that does
re 4.0.7 is affected, but
>> >>> apparently that version hasn't been released yet (according to
>> >>> http://www.remotesensing.org/libtiff/, the latest stable release is
>> still
>> >>> 4.0.6).
>> >>>
>> >>> Anyone know what's
ng.org/libtiff/, the latest stable release is
> still
> >>> 4.0.6).
> >>>
> >>> Anyone know what's going on? Is there a release upcoming to fix this?
> >
> > Yeah -- this vulnerability:
> >
> > https://vuxml.freebsd.org/freebsd/c17
Hi —
Kubilay Kocak <ko...@freebsd.org> wrote:
> Unfortunately you are yet one more example of a user that's been left in
> the lurch without information or recourse wondering (rightfully) how
> they can resolve or mitigate this vulnerability. Our apologies.
While we are t
ore 4.0.7 is affected, but
>>> apparently that version hasn't been released yet (according to
>>> http://www.remotesensing.org/libtiff/, the latest stable release is still
>>> 4.0.6).
>>>
>>> Anyone know what's going on? Is there a release upcoming to fix this?
&
>> http://www.remotesensing.org/libtiff/, the latest stable release is still
>> 4.0.6).
>>
>> Anyone know what's going on? Is there a release upcoming to fix this?
Yeah -- this vulnerability:
https://vuxml.freebsd.org/freebsd/c17fe91d-4aa6-11e6-a7bd-14dae9d210b8.html
Really doesn't help that they keep revising the fix, 3 releases in 6
days, latest version actually being 6.9.4-1 :(
On 10/05/2016 15:09, Stefan Bethke wrote:
Hey,
according to
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4=29588, a
release 6.9.4-0 should be out that improves
Hey,
according to
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4=29588, a
release 6.9.4-0 should be out that improves the situation significantly. It
appears that graphics/ImageMagick is at 6.9.3. It would be nice if people who
follow ImageMagick more closely than me could
On 05/15/15 07:11, George Mitchell wrote:
Nightly security report sez:
Checking for packages with security vulnerabilities:
Database fetched: Thu May 14 03:10:05 EDT 2015
apache-openoffice-4.1.1_9
[...]
And now Don Lewis has removed this erroneous entry from the data base of
:
Add a patch to fix the HWP filter vulnerability documented in
CVE-2015-1774 and
http://www.openoffice.org/security/cves/CVE-2015-1774.html
Approved by:mat (mentor)
MFH:2015Q2
Security: b13af778-f4fc-11e4-a95d-ac9e174be3af
Differential Revision: https
Hi,
A CVE-2014-0227 was released yesterday
about possibles DOS attacks on apache
tomcat. Updates are available on the
website[2].
Cheers,
- rodrigo
[1] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0227
[2] http://tomcat.apache.org/security-7.html
Hi!
A CVE-2014-0227 was released yesterday
about possibles DOS attacks on apache
tomcat. Updates are available on the
website[2].
ale@ updated the ports.
--
p...@opsec.eu+49 171 3101372 5 years to go !
___
Am 2013-06-14 06:19, schrieb RyōTa SimaMoto:
Hi,
portaudit rejects the latest version (1.6.12) of devel/dbus
because acceptable version is set too higher (1.16.12) than it.
http://portaudit.FreeBSD.org/4e9e410b-d462-11e2-8d57-080027019be0.html
___
Hi,
portaudit rejects the latest version (1.6.12) of devel/dbus
because acceptable version is set too higher (1.16.12) than it.
http://portaudit.FreeBSD.org/4e9e410b-d462-11e2-8d57-080027019be0.html
___
freebsd-ports@freebsd.org mailing list
this message in context:
http://freebsd.1045724.n5.nabble.com/Opera-vulnerability-marked-forbidden-instead-of-update-tp5763426p5765785.html
Sent from the freebsd-ports mailing list archive at Nabble.com.
___
freebsd-ports@freebsd.org mailing list
http
On Fri, 23 Nov 2012 09:00:59 + Matthew Seaman matt...@freebsd.org wrote:
On 23/11/2012 08:26, Matthieu Volat wrote:
I've noticed that www/opera was marked FORBIDDEN because of a security hole:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-head
The opera
Hello,
I've noticed that www/opera was marked FORBIDDEN because of a security hole:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-head
The opera software compagny advisory indeed mark this bug as high severity, and
mention that there is an update to fix it.
I am not
On 23/11/2012 08:26, Matthieu Volat wrote:
I've noticed that www/opera was marked FORBIDDEN because of a security hole:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-head
The opera software compagny advisory indeed mark this bug as high severity,
and mention that
On Friday 23 November 2012 03:00:59 Matthew Seaman wrote:
On 23/11/2012 08:26, Matthieu Volat wrote:
I've noticed that www/opera was marked FORBIDDEN because of a security
hole:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-h
ead
The opera software compagny
On Fri, 23 Nov 2012 09:00:59 +
Matthew Seaman matt...@freebsd.org wrote:
On 23/11/2012 08:26, Matthieu Volat wrote:
I've noticed that www/opera was marked FORBIDDEN because of a security hole:
http://www.freebsd.org/cgi/getmsg.cgi?fetch=614275+0+current/svn-ports-head
The opera
Doug Barton wrote on 15.02.2012 02:20:
So apparently we have a python vulnerability according to
http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html,
but I'm not seeing an upgrade to address it yet. Any idea when that will
happen?
Thanks,
Doug
Patch is there:
http
2012/2/15 Ruslan Mahmatkhanov cvs-...@yandex.ru
Doug Barton wrote on 15.02.2012 02:20:
So apparently we have a python vulnerability according to
http://portaudit.FreeBSD.org/**b4f8be9e-56b2-11e1-9fb7-**
003067b2972c.htmlhttp://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html
wen heping wrote on 15.02.2012 14:16:
2012/2/15 Ruslan Mahmatkhanovcvs-...@yandex.ru
Doug Barton wrote on 15.02.2012 02:20:
So apparently we have a python vulnerability according to
http://portaudit.FreeBSD.org/**b4f8be9e-56b2-11e1-9fb7-**
003067b2972c.htmlhttp://portaudit.FreeBSD.org
2012/2/15 Ruslan Mahmatkhanov cvs-...@yandex.ru
wen heping wrote on 15.02.2012 14:16:
2012/2/15 Ruslan Mahmatkhanovcvs-...@yandex.ru**
Doug Barton wrote on 15.02.2012 02:20:
So apparently we have a python vulnerability according to
http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1
So apparently we have a python vulnerability according to
http://portaudit.FreeBSD.org/b4f8be9e-56b2-11e1-9fb7-003067b2972c.html,
but I'm not seeing an upgrade to address it yet. Any idea when that will
happen?
Thanks,
Doug
--
It's always a long day; 86400 doesn't fit into a short
] Advisory: sudo 1.8 Format String Vulnerability
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111224
Thunderbird/9.0.1
Hi,
FYI, see attached.
cheers,
joernchen
--
joernchen ~ Phenoelit
joernc...@phenoelit.de ~ C776 3F67 7B95 03BF 5344
http://www.phenoelit.de ~ A46A 7199 8B7B
I'm going to be traveling from 3/8 through 3/9. If anyone can get to
this before I return please feel free to commit as necessary.
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any
I question the vulnerability. I don't think it applies. the alert is
from 2006, and there isn't a POC I have tested against php52- 5.2.17
with nulls in it that seems to trigger anything but 404 errors.
(please don't try on ours... this is not a challenge. but if you have a
POC, let me know
Hi,
On Thu, Mar 3, 2011 at 12:09 PM, Andrea Venturoli m...@netfence.it wrote:
Hello.
As you probably know, it looks like php52 is vulnerable:
Affected package: php52-5.2.17
Type of problem: php -- NULL byte poisoning.
Reference:
, the procedure above would have to be put into a
shell script for a willing commiter to repeat. Every time this
vulnerability comes up at ports@ or emulation@, some commitor ask
for a (trusted) rpm to fix it. Thus, there might be one.
There was another person doing something similar too. I got
That mail go unanswered (at least as far as the mailing list archive
goes). Probably, the procedure above would have to be put into a shell
script for a willing commiter to repeat. Every time this vulnerability
comes up at ports@ or emulation@, some commitor ask for a (trusted) rpm
to fix it. Thus
On Mon, Feb 14, 2011 at 8:45 AM, Tom Uffner t...@uffner.com wrote:
would a src-rpm verifiably generated from the Fedora 10 src-rpm (or
the pango project tarball) and the RHEL 5 patch solve this? I may not
have a Reputation, but I've been around since 4.1BSD and a search
of the tree and the PRs
://lists.freebsd.org/pipermail/freebsd-emulation/2010-December/008264.html
That mail go unanswered (at least as far as the mailing list archive
goes). Probably, the procedure above would have to be put into a shell
script for a willing commiter to repeat. Every time this vulnerability
comes up
is there any point in trying to update linux-f10-pango to address this
vulnerability?
Affected package: linux-f10-pango-1.22.3_1
Type of problem: pango -- integer overflow.
Reference:
http://portaudit.FreeBSD.org/4b172278-3f46-11de-becb-001cc0377035.html
I realize that I can install it w
Am 13.02.2011 22:53, schrieb Tom Uffner:
is there any point in trying to update linux-f10-pango to address this
vulnerability?
Affected package: linux-f10-pango-1.22.3_1
Type of problem: pango -- integer overflow.
Reference:
http://portaudit.FreeBSD.org/4b172278-3f46-11de-becb-001cc0377035
On one of the servers I manage, portaudit claims:
portaudit
Affected package: apr-0.9.19.0.9.19
Type of problem: apr -- multiple vulnerabilities.
Reference:
http://portaudit.FreeBSD.org/eb9212f7-526b-11de-bbf2-001b77d09812.html
Following the above links, I find that apr1.3.5.1.3.7 is involved.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/28/10 07:29, Andrea Venturoli wrote:
On one of the servers I manage, portaudit claims:
portaudit
Affected package: apr-0.9.19.0.9.19
Type of problem: apr -- multiple vulnerabilities.
Reference:
On 2010-Feb-08 18:05:43 -0800, Paul Pathiakis pathia...@yahoo.com wrote:
/usr/ports/x11-toolkits/linux-f10-pango still has a security
vulnerability and means that no one can build the linux port to
install linux-f10-flashplugin. Not good. Please fix asap.
FreeBSD is maintained by volunteers
. It is
enterprise class.
Ending my rant
Paul
From: Peter Jeremy peterjer...@acm.org
To: Paul Pathiakis pathia...@yahoo.com
Cc: po...@freebsd.org
Sent: Tue, February 9, 2010 2:56:33 PM
Subject: Re: linux-f10-pango security vulnerability
On 2010-Feb-08 18:05:43 -0800, Paul
Hi,
/usr/ports/x11-toolkits/linux-f10-pango still has a security vulnerability and
means that no one can build the linux port to install linux-f10-flashplugin.
Not good. Please fix asap.
Thank you!
Paul Pathiakis
___
freebsd-ports
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 8 Feb 2010 21:05, pathiaki2@ wrote:
Hi,
/usr/ports/x11-toolkits/linux-f10-pango still has a security vulnerability and
means that no one can build the linux port to install linux-f10-flashplugin.
Not good. Please fix asap.
Thank you
On Tue, 9 Feb 2010 01:00, jhell@ wrote:
On Mon, 8 Feb 2010 21:05, pathiaki2@ wrote:
Hi,
/usr/ports/x11-toolkits/linux-f10-pango still has a security vulnerability
and means that no one can build the linux port to install
linux-f10-flashplugin. Not good. Please fix asap.
Thank you
Synopsis: lang/php5: PHP session.save_path vulnerability
Responsible-Changed-From-To: freebsd-ports-ale
Responsible-Changed-By: miwi
Responsible-Changed-When: Sat Sep 19 18:35:31 UTC 2009
Responsible-Changed-Why:
over to php maintainer
http://www.freebsd.org/cgi/query-pr.cgi?pr=138698
The following reply was made to PR ports/138698; it has been noted by GNATS.
From: Maciej =?ISO-8859-2?Q?Andzi=F1ski?= andzi...@volt.iem.pw.edu.pl
To: Miroslav Lachman 000.f...@quip.cz
Cc: bug-follo...@freebsd.org
Subject: Re: ports/138698: lang/php5: PHP session.save_path vulnerability
Date: Sun
Old Synopsis: PHP session.save_path vulnerability
New Synopsis: lang/php5: PHP session.save_path vulnerability
Responsible-Changed-From-To: freebsd-www-freebsd-ports
Responsible-Changed-By: remko
Responsible-Changed-When: Thu Sep 10 10:24:18 UTC 2009
Responsible-Changed-Why:
reassign to ports
The following reply was made to PR ports/138698; it has been noted by GNATS.
From: Miroslav Lachman 000.f...@quip.cz
To: bug-follo...@freebsd.org, andzi...@volt.iem.pw.edu.pl
Cc:
Subject: Re: ports/138698: lang/php5: PHP session.save_path vulnerability
Date: Thu, 10 Sep 2009 13:14:32 +0200
I
The following reply was made to PR ports/138698; it has been noted by GNATS.
From: Maciej Andzinski andzi...@volt.iem.pw.edu.pl
To: Miroslav Lachman 000.f...@quip.cz
Cc: bug-follo...@freebsd.org
Subject: Re: ports/138698: lang/php5: PHP session.save_path vulnerability
Date: Thu, 10 Sep 2009 13:58
The following reply was made to PR ports/138698; it has been noted by GNATS.
From: Miroslav Lachman 000.f...@quip.cz
To: bug-follo...@freebsd.org, andzi...@volt.iem.pw.edu.pl
Cc:
Subject: Re: ports/138698: lang/php5: PHP session.save_path vulnerability
Date: Thu, 10 Sep 2009 20:49:14 +0200
session.save_path vulnerability
Date: Thu, 10 Sep 2009 20:49:14 +0200
Yes, it is clear now and with owner root, it works.
I propose to make this optional, as somebody has /tmp
optimized for better speed (another disk device, flash
device, RAM disk etc.) but not /var/lib/php5. And FreeBSD
(Resending, I did not see it posted earlier)
ffmpeg has 3 announced vulnerabilities in this past month.
Here is the latest...
09.6.23 CVE: Not Available
Platform: Cross Platform
Title: FFmpeg libavformat/4xm.c Remote Code Execution
Description: FFmpeg is an application used to record, convert,
Hello, Doug.
I hope, you've already seen patch for BINDx, that close critical
vulnerability.
Could you register it in your FreeBSD-port(s)?
http://www.isc.org/index.pl?/sw/bind/index.php
===
Index: inet_network.c
diff -u inet_network.c:1.5 inet_network.c:1.6
--- inet_network.c:1.5 Wed Apr 27 04
Dennis Yusupoff wrote:
Hello, Doug.
I hope, you've already seen patch for BINDx, that close critical
vulnerability.
Could you register it in your FreeBSD-port(s)?
That change is included in the versions of BIND already in the ports.
Doug
--
This .signature sanitized for your
Xin LI wrote:
This is for BIND8...
Yeah, that too. :) No one should be running BIND 8 BTW, just in case
that news has escaped your notice.
Doug
--
This .signature sanitized for your protection
___
freebsd-ports@freebsd.org mailing list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Doug Barton wrote:
| Dennis Yusupoff wrote:
| Hello, Doug.
|
| I hope, you've already seen patch for BINDx, that close critical
| vulnerability.
| Could you register it in your FreeBSD-port(s)?
|
| That change is included in the versions of BIND
Доброго время суток, Doug!
DB Dennis Yusupoff wrote:
Hello, Doug.
I hope, you've already seen patch for BINDx, that close critical
vulnerability.
Could you register it in your FreeBSD-port(s)?
DB That change is included in the versions of BIND already in the ports.
DB This is for BIND8
Xin LI wrote:
Doug Barton wrote:
| Dennis Yusupoff wrote:
| Hello, Doug.
|
| I hope, you've already seen patch for BINDx, that close critical
| vulnerability.
| Could you register it in your FreeBSD-port(s)?
|
| That change is included in the versions of BIND already in the ports.
Any plan
On Wed, 2 Aug 2006 13:46:04 +0330
Babak Farrokhi [EMAIL PROTECTED] wrote:
Hi,
Awstats-devel (which has solved this security issue) is in GNATS
waiting for submission (PR ports/100162).
If nothing bad happens once again, I plan to dedicate all the upcoming
weekend for committing the PRs I
mail# pwd
/usr/ports/www/awstats
mail# make fetch
=== awstats-6.5_1,1 is forbidden: Command Injection Vulnerability.
*** Error code 1
Stop in /usr/ports/www/awstats.
please fix !! thank you !
--
Regards.
Chevy
___
freebsd-ports@freebsd.org mailing
To: freebsd-ports@freebsd.org
Subject: Re: awstats-6.5_1,1 is forbidden: Command Injection
Vulnerability.
On Wed, 2 Aug 2006 17:17:16 +0800
chevy [EMAIL PROTECTED] mentioned:
mail# pwd
/usr/ports/www/awstats
mail# make fetch
=== awstats-6.5_1,1 is forbidden: Command Injection
-freebsd-
[EMAIL PROTECTED] On Behalf Of Stanislav Sedov
Sent: Wednesday, August 02, 2006 12:57 PM
To: freebsd-ports@freebsd.org
Subject: Re: awstats-6.5_1,1 is forbidden: Command Injection
Vulnerability.
On Wed, 2 Aug 2006 17:17:16 +0800
chevy [EMAIL PROTECTED] mentioned:
mail# pwd
Sergey Matveychuk wrote:
Good. There is three patches there.
I'll test if they fix the vulnerabilities.
FYI The fixes was committed.
--
Dixi.
Sem.
___
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
Sergey Matveychuk wrote:
Sergey Matveychuk wrote:
Good. There is three patches there.
I'll test if they fix the vulnerabilities.
FYI The fixes was committed.
Thanks a lot for the work Sergey!
--
Kind regards,
Remko Lodder ** [EMAIL PROTECTED]
FreeBSD
On Sun, 30 Jul 2006 17:47:33 +0200
Frank Steinborn [EMAIL PROTECTED] wrote:
Shaun Amott wrote:
On Fri, Jul 28, 2006 at 03:03:43PM +1000, Joel Hatton wrote:
FYI, Red Hat released an advisory today about a vulnerability in Ruby. So
far it doesn't appear in the VuXML, but am I correct
On 2006.07.30 17:47:33 +0200, Frank Steinborn wrote:
Shaun Amott wrote:
On Fri, Jul 28, 2006 at 03:03:43PM +1000, Joel Hatton wrote:
FYI, Red Hat released an advisory today about a vulnerability in Ruby. So
far it doesn't appear in the VuXML, but am I correct in presuming
Dear Sirs,
CVE report is very unpleasant: Multiple unspecified vulnerabilities.
Secunia has more professional report.
RedHat is only vendor who released updates, but they are binary. So,
there is no known fix now.
Following information maybe help you:
78 matches
Mail list logo