FreeBSD Monitor
2015-03-31 16:10:20
Add vulnerability for devel/osc.

Security: CVE-2015-0778
PR: 198876
Submitted by: [email protected]
2015-03-31 15:53:43
Mark as broken: too creative (sorry I could not find a better term)

Use custom, broken and creative way to create a non compliant rc script named
after a non conventional scheme
Create users a custom way instead of using the dedicated framework (actually
duplicate creation of the user)
2015-03-31 15:45:31
- Update to 2.068

2015-03-31 15:45:16
- Update to 1.1.75

2015-03-31 15:45:10
- Update to 2.7.4

2015-03-31 15:42:56
Update to 2.02.

2015-03-31 15:36:35
Remove useless execution of script
Simplify Makefile and make it respects the common framework variable
Fix plist
2015-03-31 15:23:53
Remove useless execution of script
Simplify Makefile and make it respects the comme framework variable
2015-03-31 15:05:20
Remove useless pkg-install script
Cleanup makefile (option helpers)
Fix MASTER option
2015-03-31 15:02:59
Enhance the error message when running from a jail without devfs.

Sponsored by: Absolight
2015-03-31 14:51:30
Document GNU cpio vulnerabilities CVE-2014-9112 and CVE-2015-1197.
2015-03-31 14:44:16
Make it build with LibreSSL. [1]
While there, catch up with new options behaviors.

PR: 198491 [1]
Submitted by: Bernard Spil [1]
Sponsored by: Absolight
2015-03-31 14:29:26
CVE-2014-9112: Heap-based buffer overflow in the process_copy_in
function allows remote attackers to cause a denial of service via
a large block value in a cpio archive.
Fix from a series of upstream commits by Sergey Poznyakoff.

CVE-2015-1197: cpio, when using the --no-absolute-filenames option,
allows local users to write to arbitrary files via a symlink attack
on a file in an archive.
Fix from Vitezslav Cizek after 3.5 years of gestation in the SUSE
bug tracker.

PR: 198954
Obtained from: Debian