Document squirrelmail vulnerabilities.

correct version number for mailman password generation issue

Document vulnerability in set-user-ID sympa application.

Another older mailman vulnerability, somewhat minor

Add year-old mailman vulnerability, that seems to not have been
previously documented here.

document Apache Jakarta Tomcat 5.x XSS issue

Mark samba-2.2.12.j1.0beta1_2 as safe from "samba -- integer overflow
vulnerability".

Reminded by:    NAKAJI Hiroyuki <nakaji@jp.freebsd.org>

- Update to 3.5.8 (including XSS problem fix).

Submitted by:   Toshiya SAITOH <toshiya@saitoh.nu>
PR:             ports/81520

Remove a forgotten :.

Spotted by:             simon

Document the following issues:

o freeradius -- sql injection and denial of service vulnerability
o ppxp -- local root exploit
o oops -- format string vulnerability

Approved by:    simon

Fix entry dates for latest squid entries.

Reword the cdrdao entry, this includes comments from Simon which i overlooked.

Forgotten by:   remko
Spotted by:     simon

- Update Squid to 2.5.STABLE10

PR:             ports/81213
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

Document cdrdao -- unspecified privilege escalation vulnerability.

Approved by:            simon

Document two gaim issues.

Add FreeBSD-SA-05:09.htt.

$EDITOR should not be quoted.  It might be "emacsclient -a vi" or
something.

MAINTAINER -> security@FreeBSD.org

Update some leafnode references.
Add new leafnode vulnerability.

PR:             ports/80724
Submitted by:   Matthias Andree <matthias.andree@gmx.de>

Document two new vulnerabilities in mozilla/firefox.

Document mozilla -- code execution via javascript: IconURL vulnerability.

Document some vulnerabilities in groff.
- pic2graph and eqn2graph are vulnerable to symlink attack through temporary
files
- groffer uses temporary files unsafely

PR:             ports/80671
Submitted by:   KOMATSU Shinichiro

- gnu-radius exploitation was fixed in maintenance release 1.2.94
  as reported in
http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities

PR:             ports/80558 (follow-up)
Submitted by:   Vsevolod Stakhov <vsevolod@highsecure.ru>

. Update the version for the jar(1) vulnerability so that 1.2.2p11_4 is
  no longer considered vulnerable.  Adjust the modified date for the entry.

Document sharutils -- unshar insecure temporary file creation

Approved by:            simon

Document rsnapshot -- local privilege escalation

Approved by:    simon

coppermine -- IP spoofing and XSS vulnerability

. Correct the range of vulnerable jdk14 ports for the jar(1) vulnerability
  and update the modified time for the entry.

Document ImageMagick -- ReadPNMImage() heap overflow vulnerability.

Bump modified date for last commit.

. Adjust ranges so that jdk-1.3.1p9_5 is no longer marked as vulnerable to
  the jar(1) vulnerability but is still marked vulnerable to the browser
  plugin vulnerability (although the plugin is no longer built by default).

Document mplayer & libxine -- MMS and Real RTSP buffer overflow
vulnerabilities.

Document some older vulnerabilities in GAIM.

Document kdewebdev -- kommander untrusted code execution vulnerability.

Fix a typo in the kdelibs - kimgio entry.

junkbuster -- heap corruption vulnerability and configuration modification
vulnerability

Approved by:            simon

Document kdelibs -- kimgio input validation errors.

Mark latest openoffice 1.1 as fixed wrt. openoffice -- DOC document
heap overflow vulnerability.

Informed by:    maho

Document gld -- format string and buffer overflow vulnerabilities

Document remote buffer overflow in ftp/axel.

Document firefox -- PLUGINSPAGE privileged javascript execution (also
from the < 1.0.3 batch).

Document jdk - jar directory traversal vulnerability.

Approved by:    simon

Document several mozilla/firefox issues.

Mark wget >= 1.10.a1 safe from the "wget -- multiple vulnerabilities"
entry.

Info provided by:       sf

Document openoffice -- DOC document heap overflow vulnerability.

Fix and document insecure temporary file handling in portupgrade.

Security:       CAN-2005-0610
Security:      
http://vuxml.FreeBSD.org/22f00553-a09d-11d9-a788-0001020eed82.html
Approved by:    erwin (mentor), maintainer timeout
OK'ed by:       portmgr
Reviewed by:    nectar

Document three GAIM vulnerabilities.

Document an old PHP issue.

Document squid -- DoS on failed PUT/POST requests vulnerability.

Submitted by:   Devon H. O'Dell <dodell@offmyserver.com> (original version)

- Fix closing tag on the entry I just touched.

Pointed out by: still Chimera
Blaming:        too much bear earlier tonight

- Add <modified> to the entry I just touched

Prodded by:     Chimera

- CAN-2005-0133 is fixed in clamav-devel-20050408

PR:             ports/79688
Submitted by:   Renato Botelho <freebsd@galle.com.br>

Bump modified date for entry modified last commit.

add CVE name to latest vuln of Cyrus IMAPd.

Add an entry for a XSS vulnerabilty fixed in horde-3.0.4.

Document wu-ftpd -- remote globbing DoS vulnerability.

Add CVE name to hashash entry.

Document hashcash format string vulnerability.

Document clamav -- zip handling DoS vulnerability.

Approved by:    portmgr (blanket, VuXML)

Document Wine information disclosure.

Based on an entry that was
Submitted by:   Devon H. O'Dell <dodell@offmyserver.com>
Approved by:    portmgr (blanket, VuXML)

Document the most serious of the recently disclosed
Mozilla/Firefox/Thunderbird vulnerabilities.

Based on entries that were
Submitted by:   Devon H. O'Dell <dodell@offmyserver.com>
Approved by:    portmgr (blanket, VuXML)

Document Sylpheed buffer overflow.

Reminded by:    netchild
Approved by:    portmgr (blanket, VuXML)

Document xv -- filename handling format string vulnerability.

Approved by:    portmgr (implicit, VuXML)

Document kdelibs -- local DCOP denial of service vulnerability.

Approved by:    portmgr (implicit, VuXML)

Mark grip port as fixed for recent vulnerability.

Requested by:   ahze

Document phpmyadmin -- increased privilege vulnerability.

Note that recent Quake2-LNX is fixed.

Recent mysql snapshot import fixed several vulnerabilities.

Document ethereal -- multiple protocol dissectors vulnerabilities.

Document "grip -- CDDB response multiple matches buffer overflow
vulnerability".

Update references for latest MySQL entry:

- Use bid tag for Bugtraq ID reference.
- Add CVE names.

Document multiple mysql remote vulnerabilities.

Add an entry about rxvt-unicode bufer overflow.

Document two phpMyAdmin issues.

Document libexif -- buffer overflow vulnerability.

Fix invalid date.

Noticed by:     Kang Liu <liukang@bjut.edu.cn>

Add <modified> date for recent commit to phpbb vulnerability.

Forgotten by:   delphij

While here, add msgids for recent phpbb addition.

Document a low risk HTML injection (configuration bypass)
vulnerability [1] of phpBB.

(maintainer contacted and is preparing a fix)

[1] http://marc.theaimsgroup.com/?l=bugtraq&m=110987231502274

Add bugtraq bug ID for phpbb vulnerability.

Submitted by:   Kang LIU <liukang bjut edu cn>

Document two phpnuke vulnerabilities, and a Linux RealPlayer
vulnerability.

Based on entries that were
Submitted by:   Devon H. O'Dell <dodell@sitetronics.com>

- Document ImageMagick -- format string vulnerability.
- Fix typo on older tiff entry.

Document the privilege escalation vulnerability in uim.

Fix typo in linux-tiff version number for
http://vuxml.freebsd.org/8f86d8b5-6025-11d9-a9e7-0001020eed82.html

Reported by:    Ian Moore <no-spam@swiftdsl.com.au>

Document lighttpd information disclosure bug.

This entry is based on one that was
Submitted by:   Devon H. O'Dell <dodell@offmyserver.com>

Fix typo in linux-tiff version number for
http://vuxml..freebsd.org/fc7e6a42-6012-11d9-a9e7-0001020eed82.html

Reported by:    Ian Moore <no-spam@swiftdsl.com.au>

Document latest phpBB critical security vulnerabilities.

Submitted by:   Kang LIU <liukang bjut edu cn>

Correct the linux-tiff version number for several entries.

Reported by:    netchild

Document curl -- authentication buffer overflow vulnerability.

- Document cyrus-imapd -- multiple buffer overflow vulnerabilities. [1]
- Use bid tag for a reference in sup entry.

Advice from:    ume [1]

Document format string vulnerabilities in net/sup.

- Just use mozilla in title for last entry for consistency.
- Document mozilla -- insecure temporary directory vulnerability.

Update list of affected mozilla/firefox ports by the web browsers --
window injection vulnerabilities entry.

Document mozilla & firefox -- arbitrary code execution vulnerability.

Submitted by:   Devon H. O'Dell <dodell@sitetronics.com> (original version)

Improve the description of the latest phpBB information disclosure
bugs.

Submitted by:   delphij (in part)

Document a format string vulnerability in mkbold-mkitalic.

Reviewed by:    simon

Add CVE names for wget.

De-confuse latest AWStats entry: rewrite description, and add relevant
references.  There were so many bugs, it was hard to keep them straight
(^_^).

Format the <topic> of the most recent entry so that it is more
consistent with other entries.

Document latest phpbb vulnerabilities.

Discussed with: phpbb maintainer

Add more references to recent putty vulnerability.