Fix apache version number entry, bump modified date for apache as well.

Approved by:    portmgr

Make an initial attempt at covering all Mozilla/Firefox/Thunderbird
package names that we've had.  Similar changes need to be made to many
other entries, but let's use this one as a test subject first.

Approved by:    portmgr

Correct spelling of phpnuke package name.

Reported by:    Dan Langille
Approved by:    portmgr

Note BMP decoder flaws in Mozilla/Firefox/Thunderbird.

Approved by:    portmgr

Note stack buffer overflow in Mozilla mail.

Approved by:    portmgr

Document Mozilla/Firefox/Thunderbird heap buffer overflows.

Approved by:    portmgr

Correct the package name for phpMyAdmin.

Reported by:    Matthew Seaman <m.seaman@infracaninophile.co.uk>
Approved by:    portmgr

Add CERT Vulnerability Note references to xpm entry.

Approved by:    portmgr

Note two older vulnerabilities in PHP.

Submitted by:   Jon Passki <cykyc@yahoo.com>
Approved by:    portmgr

Note subversion information disclosure vulnerability.

Submitted by:   lev
Approved by:    portmgr

Add missing PORTEPOCH in a mozilla entry.
Correct package name in an apache entry.

Reported by:    Dan Langille <dan@langille.org>
Approved by:    portmgr

Forgot to add <modified> element for last commit.

Approved by:    portmgr

Add missing PORTEPOCH on one of the mozilla entries.

Noticed by:     Dan Langille <dan@langille.org>
Approved by:    portmgr

Document vulnerabilities in lha.

Reviewed by:    dinoex
Approved by:    portmgr

Lately it seems I like to use dashes in topics... but I should at
least be consistent with how many.  s/---/--/

Approved by:    portmgr

Document mysql buffer overflow.

Reported by:    ale
Approved by:    portmgr

Document Mozilla security icon spoofing vulnerability.

Approved by:    portmgr

Document Mozilla vulnerability involving NULL bytes in FTP URLs.

Also, correct s/firebird/firefox/ in a previously documented issue.

Approved by:    portmgr

Document Mozilla automatic file upload vulnerability.

Approved by:    portmgr

Document mozilla certificate import denial-of-service vulnerability.

Approved by:    portmgr

Note a file name disclosure issue in rssh.

Reported by:    leeym
Approved by:    portmgr

Add entry describe GNU Radius denial-of-service vulnerability.

Approved by:    portmgr

Add sudoedit vulnerability.

Approved by:    portmgr

In latest CVS entry, remove the reference to the exploit.  It does
not apply to any of these vulnerabilities, but to the previous CVS
vulnerability (CAN-2004-0396).

Approved by:    portmgr

Oh yeah, add affected FreeBSD versions for CVS issues.

Approved by:    portmgr

Update CVS entry with some details.

Approved by:    portmgr

Add an entry for the mod_proxy buffer overflow existant in apache13.

Approved by:    portmgr

Note some fixes for XPM image decoding vulnerabilities.

Submitted by:   lesi

Add references to Chris Evans's advisories while I'm at it.

Approved by:    portmgr

Update to gdk-pixbuf vulnerability to reflect the fixed version of gtk20.

Approved by:    portmgr( implicit)

Note that a patched version of webmin 1.150 is now available, thanks
to olengi@.

Submitted by:   olengi

Add a paragraph introducing the Webmin blockquote while I'm here.

Approved by:    portmgr

Note gdk-pixbuf image decoding issues.

Approved by:    portmgr

clement@ has patched Apache 2.

Approved by:    portmgr

Note CUPS printer queue browser denial-of-service.

Approved by:    portmgr

Note Apache 2 IPv6 address parsing bug.

Approved by:    portmgr

Note new libXpm vulnerabilities.

Approved by:    portmgr

I appear to have deleted a line at the last minute.  Restore it.

Approved by:    portmgr

Add mod_dav denial-of-service issue.

Approved by:    portmgr

Oops, forgot to note that the previous issue affects only the Apache 2.x
series.

Approved by:    portmgr

Add Apache 2 vulnerability concerning environmental variables in
configuration files.

Approved by:    portmgr

Repair three <freebsdpr> elements.  The content of these elements
must be e.g. "ports/46613", not just "46613".

Reported by:    Matthew Seaman <m.seaman@infracaninophile.co.uk>
Approved by:    portmgr

Note that some versions of OpenOffice have been corrected.

Approved by:    portmgr

Fix botched date entry and correct iDefense URL.

Approved by:    portmgr

Really add Samba 3 vulnerability.
Remove incorrect URL in mpg123 entry.

Approved by:    portmgr
URL noticed:    nectar

Correct version.  Note my last commit here was for mpg123 instead of
samba3.

Noticed by:     nectar
Approved by:    portmgr

- There is a WITHOUT_X11 version of ImageMagick that needs to be
  taken into account.
- Fix transposed characters in `isakmpd'.

Noticed by:     Dan Langille <dan@langille.org>

- Add CVE name reference for ImageMagick.
- Add webmin temporary file handling issue.
- Add OpenOffice temporary file handling issue.
- Widen the `KDE frame injection' issue to cover Mozilla, Firebird,
  Netscape, and Opera as well
- Add Mozilla/Firebird/Netscape SOAPParameter vulnerability
- Add Mozilla/Thunderbird/Netscape POP client vulnerability

Approved by:    portmgr

Update for recent Samba3 vulnerabilities.

Approved by:    portmgr

Adjust the affected version for imlib now that the 2nd instance of BMP
loader has been corrected.

The recent commit to the krb5 port brought the version to 1.3.4_1 but
did not correct one of the existing vulnerabilities.  Update the
affected range to compensate.

Note recent MIT Kerberos 5 vulnerabilities.

Document imlib2 BMP decoder bug.

Document BMP decoder bugs in imlib1 and ImageMagick.

Correct bogus date in mysql entry. (It should be YYYY-MM-DD, not
DD-MM-YYYY.)

Reported by:    robert@openbsd.org

Add more references (particularly CVE names) for issues affecting
SpamAssassin, tnftpd, ruby, mysql.

Place text taken from another source inside <blockquote cite="...">
for ruby issue.

correct/add some references

Document NSS SSLv2 server buffer overflow (already referenced in
portaudit.txt).

Document ripMIME decoding bug (already referenced in portaudit.txt).

Remove <modified/> from the gnomevfs vulnerability since it was the same
as <entry/> and it needed to be last anyway.

Suggested by:   nectar

Update the gnomevfs entry to reflect the fixed versions.

Add entry for moinmoin ACL bypass.

Note sanitize_path bug in rsync (already referenced in portaudit.txt).

Unsafe URI handling in gnome-vfs, MidnightCommander.

Document buffer overflows in SoX (already referenced in portaudit.txt).

Document cookie bug in Konqueror (already referenced in portaudit.txt).

- Fix "make validate" problem when textproc/xhtml-basic is
  installed by adding an SGML declaration and DTDDECL.
- Remove the --catalogs option for xmllint(1) in validate.sh.

Approved by:    nectar (maintainer)
PR:             ports/63035

Place port name in the description.

Suggested by:   eik

Add libxine vcd URL handling issue.

Add DoS in SpamAssassin.

Add <modified> date for previous commit.

fidogate-ds was also affected by the ``write files as `news' user''
issue.

Off-by-one error in courier-imap entry.

Noticed by:     oliver

Add a more useful reference for the Qt issue.

Add Qt heap overflow issue.

Add a security issue affected courier-imap when run with certain debug
flags.

Add fidogate issue.

Add an issue covering a vulnerability in mysqlhotcopy.

Reported by:    robert@openbsd.org

Cancel a VuXML entry for an Apache vulnerability that does not affect
FreeBSD.

Reminded by:    recent conversations :-)

cancelled 6fd9a1e9-efd3-11d8-9837-000c41e2cdad: does not affect FreeBSD
  <http://docs.FreeBSD.org/cgi/mid.cgi?20040817123651.GB930>

Add a pointer to Przemyslaw Frasunek's advisory.

For the lukemftpd/tnftpd issue, add a reference to NetBSD security
advisory now that it is available.

Note a vulnerability in lukemftpd/tnftpd.

multiple CVS vulnerabilities

Correct the version numbers and dates in the last entry.

Add an entry for:
  Ruby insecure file permissions in the CGI session management

Document a setgid "games" security issue in xonix.  Based on a VuXML
entry that was

Submitted by:   robert@OpenBSD.org

Correct the version number range affected for ja-samba.
Correct the version number range affected for Mozilla 1.8 alphas.

Problem hinted at by:   eik

Correct the version number range affected for Mozilla 1.8 alphas.

Problem hinted at by:   eik

While I'm here, add a CVE name reference and a couple of other relevant
Bugzilla links.  It is interesting that this security issue was reported
as early as 1999.  Also, replace the text plagiarized from the Secunia
advisory without attribution with a more helpful (maybe?) description of
the issue.

Format string vulnerability in jftpgw.

Informed by:    Robert Nagy <robert@openbsd.org>

Repair broken URL.

Noticed by:     simon

Add two issues covering three KDE advisories:  two temporary file
handling issues, and a KHTML issue.

The last commit should have changed the comparison tag from <le> to <lt>.

Update Gaim vulnerability (5b8f9a02-ec93-11d8-b913-000c41e2cdad) to indicate
that gaim-0.81_1 has a fix for this.

The MSN component of Gaim contains remotely exploitable buffer
overflows.

The Adobe Acrobat Reader can be coerced into executing arbitrary
commands on UNIX systems.

Under certain configurations of POPfile may allow an attacker to
retrieve files from the victim's machine.

Reported by:    Daniel Grund <mail@dgrund.de>

Correct version information syntax in a number of entries.  VuXML-using
tools are expected only to understand actual package names and version
numbers, not globs such as `foo-{bar,baz}' or `1.*'.

give the ImageMagick png vulnerability an own entry

f72ccf7c-e607-11d8-9b0a-000347a4fa7d is a duplicate of
6f955451-ba54-11d8-b88c-000d610a3b12, move references

add a reference for linux-png-1.0.x to 3a408f6f-9c52-11d8-9366-0020ed76ef5a

add ImageMagick to the list of png-vulnerable ports

correct typo