security/vuxml: Document vulnerabilities in net/uniparser before 0.9.6

PR:		261056
Security:	CVE-2021-46141
		CVE-2021-46142

security/vuxml: Document django multiple vulnerabilities.

security/vuxml: document routinator vulnerabilities

security/vuxml: document www/chromium < 97.0.4692.71

While here add definitions for 2022, as this is the first vuxml commit
of the year.  This cannot be done in its own commit because `make
  validate` complains in that case (even with a 0-byte vuln-2022.xml).

Obtained
from:	https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html

security/vuxml: Document Roundcube vulnerability

security/vuxml: Document Mbed TLS advisory 2021-12

Security:	https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2021-12

security/vuxml: OpenDMARC 1.4.1 vulnerability

PR:		260594

security/vuxml: OpenDMARC 1.3.2 vulnerabilities

PR:		240505

security/vuxml: document minio issue

security/vuxml: add an entrey for ReDoS in graphics/py-pillow

Security:	CVE-2021-23437

security/vuxml: Document more Log4Shell vulnerabilities

With hat:	opensearch

security/vuxml: Document opengrok RCE CVE-2021-2322

security/vuxml: Document mediawiki multiple vulnerabilities

security/vuxml: add graylog RCE via log4j CVE-2021-45046

Security:       CVE-2021-45046
Sponsored by:	SkunkWerks, GmbH

security/vuxml: Document Apache httpd vulnerabilities

security/vuxml: add two grafana security advisories

Moderate severity directory traversal vulnerabilities for .csv
(CVE-2021-43815) and .md (CVE-2021-43813) files.

PR:		260358, 260401

Reported by:	Boris Kozun (maintainer), ohauer

security/vuxml: add serviio (log4j)

security/vuxml: Add provoxy vulnerability

security/vuxml: Document OpenSSL 3.0 vulnerability

security/vuxml: add security/bastillion (log4j)

security/vuxml: add www/chromium < 96.0.4664.110

Obtained
from:	https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html

security/vuxml: Document vulnerabilities in Matrix clients

Security:	0dcf68fa-5c31-11ec-875e-901b0e9408dc

security/vuxml: Fix tab/spaces in openhab2, and solr entries

This was breaking make validate for the entry I am trying to add

While here also purge the likely accidentally added file vuln.xml.unexpanded
in 00bad07fd782

security/vuxml: fixed solr entry, only version 8.11.1 will fix it

The fixed version is not released yet.

security/vuxml: fix Solr XML and add openhab (log4shell)

security/vuxml: added vulnerability entry for solr

security/vuxml: Document OpenSearch might be vulnerable to Log4Shell

With hat:	opensearch

security/vuxml: Document multiple vulnerabilities of grafana8

PR:		ports/259638

security/vuxml: p7zip CVE-2018-10115

PR:		228239
Reported by:	Dani <i.dani@outlook.com>
Security:	CVE-2018-10115

security/vuxml: document sysutils/graylog log4j vuln

Reported
by:	https://github.com/Graylog2/graylog2-server/commit/d3e441f1126f0dc292e986879039a87c59375b2a
Security:	CVE-2021-44228

security/vuxml: Document lang/go vulnerabilities

security/vuxml: document www/chromium < 96.0.4664.93

Obtained
from:	https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html

security/vuxml: document gitlab vulnerabilities

security/vuxml: Record NSS vulnerability

security/vuxml: mail/mailman < 2.1.38 CSRF vuln.

Security:	CVE-2021-44227
Security:	0d6efbe3-52d9-11ec-9472-e3667ed6088e

security/vuxml: Mark java/bouncycastle as vulnerable where applicable

Some of the reported java/bouncycastle15 security issues affect the
legacy port of java/bouncycastle as well. Update vuxml.xml accordingly.

Sponsored by:	Modirum MDPay
Sponsored by:	Klara, Inc.

security/vuxml: Document cookie prefix spoofing in rubygem-cgi

security/vuxml: Document buffer overrun in rubygem-cgi

security/vuxml: Update affecting packages of
6916ea94-4628-11ec-bbe2-0800270512f4

This vulnerability also affects ruby ports.

security/vuxml: Document vulnerability in Matrix Synapse

PR:		259994
Reported by:	Sascha Biberhofer <ports at skyforge dot at>
Security:	27aa2253-4c72-11ec-b6b9-e86a64caca56
Security:	CVE-2021-41281

security/vuxml: Document archivers/advancecomp vulnerabilities

PR:		259534

security/vuxml: document www/chromium < 96.0.4664.45

Obtained
from:	https://chromereleases.googleblog.com/2021/11/stable-channel-update-for-desktop.html

security/vuxml: Document denial of service vunlerability in rubygem-date

security/vuxml: Mark roundcube vuln in quarterly

security/vuxml: also list mailman exim4/postfix pkgs

The initial commit 162e701a5982 omitted listing the
-exim4 and -postfix packages. Make up for that.

Security:       9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security:       CVE-2021-43331
Security:       CVE-2021-43332

security/vuxml: document mail/mailman < 2.1.37 issues

- A potential XSS attack via the user options page has been reported by
  Harsh Jaiswal.  This is fixed.  CVE-2021-43331 (LP: #1949401)

LP: A crafted URL to the user options page can execute arbitrary
    javascript.

- A potential for for a list moderator to carry out an off-line brute force
  attack to obtain the list admin password has been reported by Andre
  Protas, Richard Cloke and Andy Nuttall of Apple.  This is fixed.
  CVE-2021-43332 (LP: #1949403)

LP: The CSRF token for the admindb page contains an encrypted version of
    the list admin password which could potentially be cracked by a
    moderator via an off-line brute force attack.

Security:	9d7a2b54-4468-11ec-8532-0d24c37c72c8
Security:	CVE-2021-43331
Security:	CVE-2021-43332

security-vuxml: Add URL for PostgreSQL release notes

security/vuxml: Document latest PostgreSQL vulnerability

* CVE-2021-23214
* CVE-2021-23222

security/vuxml: Document latest Puppet issues

* CVE-2021-27023
* CVE-2021-27025

security/vuxml: Document latest Samba security issues.

* CVE-2020-25717
* CVE-2020-25718
* CVE-2020-25719
* CVE-2020-25721
* CVE-2020-25722
* CVE-2016-2124
* CVE-2021-3738
* CVE-2021-23192

security/vuxml: Update latest MySQL entry

 * Mark MariaDB vulnerable
 * Add list of CVE's

security/vuxml: Document net/pyrad security issues

PR:		259332

security/vuxml: Document lang/go vulnerabilities

security/vuxml: Document Jenkins Security Advisory 2021-11-04

Sponsored by:	The FreeBSD Foundation

security/vuxml: Document security issues in gitlab <= 1.15.5

PR:		259548

security/vuxml: Document gitlab vulnerabilities

security/vuxml: add www/chromium < 95.0.4638.69

Obtained
from:	https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html

security/vuxml: fix openssl-devel-3.0.0-alpha12 package version

security/vuxml: Document possible RCE vulnerability in fail2ban.

Differential Revision:	https://reviews.freebsd.org/D32575

security/vuxml: Document snapshot authentication bypass vulnerability in Grafana

PR:		258962
Differential Revision:	https://reviews.freebsd.org/D32667

security/vuxml: document minio issue

security/vuxml: two mail/mailman < 2.1.35 vulns

Security:	CVE-2021-42096
Security:	CVE-2021-42097
Security:	8d65aa3b-31ce-11ec-8c32-a14e8e520dc7

security/vuxml: add www/chromium < 95.0.4638.54

Obtained
from:	https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_19.html

security/vuxml: Document 2021Q4 MySQL vulnerabilities

security/vuxml: document Node.js October 2021 Security Releases

https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/

Sponsored by:	Miles AS

security/vuxml: Update OpenSSH CVE-2021-41617 fix for quarterly commit

security/vuxml: Document OpenSSH CVE-2021-41617

security/vuxml: add CouchDB CVE details

while here, appease `make validate` indentation

Security:	https://docs.couchdb.org/en/stable/cve/2021-38295.html
Sponsored by:	SkunkWerks, GmbH

security/vuxml: topic format consistency

Reformat to be consistent with other entries.

security/vuxml: update editors/openoffice-{4,devel} latest entry

Add info about three just announced CVEs.

security/vuxml: Document Ansible vulnerability

Security:	CVE-2021-3620

security/vuxml: Document editors/openoffice-{4,devel} vulnerability

security/vuxml: Document lang/go vulnerability

security/vuxml: document www/chromium < 94.0.4606.81

Obtained
from:	https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop.html

security/vuxml: Only apache24 2.4.49 and 2.4.50 are vulnerable

security/vuxml: Fix version range of 9bad457e-b396-4452-8773-15bec67e1ceb

Sponsored by:	The FreeBSD Foundation

security/vuxml: Document Jenkins Security Advisory 2021-10-06

Sponsored by:	The FreeBSD Foundation

security/vuxml: Only apache24 2.4.49 is vulnerable

security/vuxml: document multiple issues with databases/redis-devel

security/vuxml: document multiple issue with databases/redis{,5,6}

PR:	258935

security/vuxml: Document Apache httpd vulnerability

security/vuxml: Document bacula-web vulnerabilities

security/vuxml: Document mediawiki's multiple vulnerabilities

security/vuxml: add www/chromium < 94.0.4606.71

Obtained
from:	https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html

security/vuxml: Document gitlab vulnerabilities

security/vuxml: Fix entry 7062bce0-1b17-11ec-9d9d-0022489ad614

This should also fix vuxml build.

PR:		258802
Sponsored by:	The FreeBSD Foundation

security/vuxml: document archivers/ha vulnerabilities

security/vuxml: document recent nexus2-oss vulnerabilities

PR:	252564

security/vuxml: Fix range on latest cURL vuln

Submitted by:	yasu
PR:		258586

security/vuxml: Fix double CVE- in latest httpd entry

security/vuxml: add www/webkit2-gtk3

PR:		255528
Obtained from:	https://webkitgtk.org/security/WSA-2021-0005.html

security/vuxml: add www/chromium < 94.0.4606.61

Obtained
from:	https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_24.html

security/vuxml: Fix missing <name> field

I wasn't able to see my mistake based on the error "make validate"
gave me:

    Traceback (most recent call last):
      File
"/usr/local/poudriere/ports/current-patched/security/vuxml/files/extra-validation.py",
line 99, in <module>
	if (re_invalid_package_name.search(name.text) is not None):
    TypeError: expected string or bytes-like object
    *** Error code 1

Thanks to Dan for the pointy hat save.

Reported by:	Dan Langille

security/vuxml: Mark zeek < 4.0.4 as vulnerable as per:

    https://github.com/zeek/zeek/releases/tag/v4.0.4

 - Paths from log stream make it into system() unchecked, potentially
   leading to commands being run on the system unintentionally.
   This requires either bad scripting or a malicious package to be
   installed, and is considered low severity.

 - Fix potential unbounded state growth in the PIA analyzer when
   receiving a connection with either a large number of zero-length
   packets, or one which continues ack-ing unseen segments. It is
   possible to run Zeek out of memory in these instances and cause
   it to crash. Due to the possibility of this happening with packets
   received from the network, this is a potential DoS vulnerability.

security/vuxml: Document mod_auth_mellon vulnerability

security/vuxml: document Node.js August 2021 Security Releases (2)

https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases2/

Sponsored by:	Miles AS

security/vuxml: document Node.js August 2021 Security Releases

https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/

Sponsored by:	Miles AS

security/vuxml: document Node.js July 2021 Security Releases (2)

https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/

Sponsored by:	Miles AS

security/vuxml: document Node.js July 2021 Security Releases

https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/

Sponsored by:	Miles AS

security/vuxml: add chromium < 94.0.4606.54

Obtained
from:	https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html