www/kanboard: update 1.0.29 -> 1.0.31
irc/quassel: update 0.12.3 -> 0.12.4
Document remote denial of service in quassel
Looks good. Thanks Carlos!
devel/pcre: add USES= cpe
www/tomee: update 1.7.2 -> 1.7.4
Document Xen Security Advisories (XSAs 173, 175, 176, 178, 179, and 180).
Update wnpa-sec-2016-12 through wnpa-sec-2016-18 with CVE assignment for
Update wnpa-sec-2016-19 through wnpa-sec-2016-27 with CVE assignment for
Document wnpa-sec-2016-29 through wnpa-sec-2016-37 for issues fixed in
Add fixed entries for Python 2.7, 3.4, 3.5 for urllib vulnerability.
Update earlier openvswitch entry with version fixed in ports
Document multiple security advisories for Moodle
www/h2o: update 2.0.0 -> 2.0.1
Fix date from r417994 (2016 not 2015)
Document authorization logic vulnerability in Apache Hive
devel/artifactory: update 4.8.2 -> 4.9.0
games/minecraft-server: update 1.9.4 -> 1.10.2
Document SQLite3 tempdir selection vulnerability
chinese/wordpress-zh_CN: update 4.5.2 -> 4.5.3
biology/diamond: update 0.8.6 -> 0.8.9
graphics/p5-Image-ExifTool: update 10.15 -> 10.20
UPDATING: Normalize entries missing the trailing colon
Please update with an associated MOVED entry (grep for Duplicate in that file as an example)
mail/davmail: simplify find flags from update in 417509
Document remote denial of service via FileUpload component in Tomcat
We don't want to duplicate the existing py-requests port when we do this. Take a look at and note that port just uses this along with a few additional statements to set the correct things that are different from the master port. Please adjust this submission to mirror this.
Approved but I would just recommend clarifying this in the commit message:
Looks good. Thank you Carlos.
devel/gitblit: update 1.7.1 -> 1.8.0
mail/davmail: update 4.6.1 -> 4.7.2
sysutils/py-salt: update 2016.3.0 -> 2016.3.1
net-mgmt/lldpd: update 0.9.2 -> 0.9.4
japanese/wordpress: update 4.5.2 -> 4.5.3
german/wordpress: update 4.5.2 -> 4.5.3
www/wordpress: update 4.5.2 -> 4.5.3
Document Wordpress vulnerabilities fixed in 4.5.3
New port: devel/sonarqube
lang/php70: update 7.0.7 -> 7.0.8
lang/php56: update 5.6.22 -> 5.6.23
lang/php55: update 5.5.36 -> 5.5.37
Docment security issues fixed in PHP 7.0.8, 5.6.23, and 5.5.37
www/linux-*-flashplugin: update 11.2r202.577 -> 11.2r202.626
Document Flash vulnerabilities in Adobe Security Bulletins APSB16-10,
www/squid-devel: update 4.0.10 -> 4.0.11
www/codeigniter: update 3.0.4 -> 3.0.6
MFH: r416328 r416557 (partial, leave out USES=mysql conversion) r416989
www/drupal7: update 7.43 -> 7.44
Document Drupal vulnerabilities
security/botan110: update 1.10.12 -> 1.10.13
Document multiple issues in Botan
This port looks fine but an equivalent CONFLICT in net/py-uritemplate will be required as well for. Unless these ports can co-exist please update the patch to include the other CONFLICT fix.
The change looks fine. However it applies odd through Phabricator. I think Phabricator should reflect a 'D' for the deleted patch rather than just the 'M M' for property changes and the doesn't fully remove the file. Ensure shows it as deleted and if it doesn't before committing.
Apply patch from upstream for cross-site scripting vulnerability
Document cross-site scripting CVE in Roundcube
Fill in <freebsdpr> tag on last entry; I staged it prior to opening the PR
Document two expat CVEs reported by upstream
textproc/expat2: address two CVEs reported by upstream
lang/groovy: update 2.4.6 -> 2.4.7
Please welcome Torsten Zühlsdorff (tz@) as a new ports committer!
sysutils/fusefs-ntfs: pass MAINTAINER to submitter
www/h2o: update 1.7.3 -> 2.0.0
Document OpenAFS vulnerabilities in 1.6.16 and 1.6.17
Fixup invalid nginx version from r416222; it needed a PORTEPOCH to be valid.
MFH: r412446 r412447 r412449 r412450 r412534 r412535 r412555 r412588 r412645
Document ikiwiki XSS vulnerability
Assign submitter as maintainer by request
MFH: r415304 r415818 r415970 r415971 r415972
lang/php55: update 5.5.35 -> 5.5.36 [1] plus minor fixups
lang/php56: update 5.6.21 -> 5.6.22 [1] plus minor fixup