Add modified for django entry.

Noticed by:	remko@

Add CVE entries for f01292a0-db3c-11e1-a84b-00e0814cab4e.

Document Apache 2.2.x insecure handling of LD_LIBRARY_PATH.
Add patch[1] to address problem to apache port.

[1]:
http://svn.apache.org/viewvc/httpd/httpd/trunk/support/envvars-std.in?view=log&pathrev=1296428

Approved by:	apache@ (pgollucci@)
Obtained from:	Apache SVN

- Document django -- multiple vulnerabilities

- Update net/isc-dhcp41-server to 4.1-ESV-R6 [1]
- Document vulnerabilities in net/isc-dhcp41-server
- Cleanup formatting in vuxml

PR:		ports/170245 [1]
Submitted by:	Douglas Thrift <douglas@douglasthrift.net> (maintainer) [1]
Security:	c7fa3618-d5ff-11e1-90a2-000c299b62e1

Fix build.

- security update bugzilla
  new Versions: 3.6.10, 4.0.7, 4.2.2

  4.2.2

  This release fixes two security issues. See the Security Advisory for details.

  In addition, the following important fixes/changes have been made in this
release:

  o A regression introduced in Bugzilla 4.0 caused some login names to be
ignored
    when entered in the CC list of bugs. (Bug 756314)
  o Some queries could trigger an invalid SQL query if strings entered by the
user
    contained leading or trailing whitespaces. (Bug 760075)
  o The auto-completion form for keywords no longer automatically selects the
    first keyword in the list when the field is empty. (Bug 764517)

- Whitespace only fixes.

Please care more about formating.

- Update to 3.2.13
- Cleanup whitespace
- Document vulnerability in dns/nsd (CVE-2012-29789)

PR:		ports/170208
Submitted by:	Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
Security:	17f369dc-d7e7-11e1-90a2-000c299b62e1

- Update Rails and friends to 3.2.7
- Add vuxml entry for Rails 3.2.6 [1]

Reviewed by:	zi [1]

Security update to 0.11

ChangeLog:

0.11    2012-07-03  Alex Vandiver
	* Obfuscate passwords in RT's System Configuration page
	* Set an empty CurrentUser on failure, instead of removing it entirely

0.10_01 2012-02-23  Thomas Sibley
	* Escape usernames in filter values so special characters don't die

0.10 2012-02-17  Thomas Sibley
     * Silence confusing log messages when $ExternalInfoPriority is empty

0.09_03 2012-01-27	 Thomas Sibley

- Document vulnerabilities in net/isc-dhcp42-server

Heavy DNSSEC Validation Load Can Cause a "Bad Cache" Assertion Failure
in BIND9

High numbers of queries with DNSSEC validation enabled can cause an
assertion failure in named, caused by using a "bad cache" data structure
before it has been initialized.

CVE: CVE-2012-3817
Posting date: 24 July, 2012

/ is not allowed in package name, fix the entry by removing the
databases/ prefix.

- Document activerecord security issues

- update to 5.3.15
- document php vulnerabilities

Security:	http://www.vuxml.org/freebsd/bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89.html

Fix nit:
	blockquote citations should be listed as a reference as citation isn't user
visible.

Document nsd vulnerability

The referenced PR contains a fix that bumps PORTREVISION, so the entry will
not match fixed versions.

PR:		ports/170024
Obtained from:	http://www.nlnetlabs.nl/downloads/CVE-2012-2978.txt
Security:	CVE-2012-2978

The changelog indicates the bug can be found in versions prior to 1.2.1

Fix nit: references section should include urls used in citation.

Document buffer overflow in jpeg-turbo

PR:		ports/169963
Submitted by:	Denis E Podolskiy <bytestore@yandex.ru>
Security:	CVE-2012-2806

Document dokuwiki XSS vulnerability.

- Document puppet security issue

Obtained from:
http://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes#2.7.18

openx reported a new security issue but does not provide any details: inform
users of this.

Document asterisk vulnerabilities.

- Document typo3 4.5.x, 4.6.x and 4.7.x XSS vulnerability

Security:      
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-003/

Document phplist SQL injection and XSS.

Submitted by:   Krzysztof Stryjek <wtp@bsdserwis.com>

Document vulnerabilities for www/chromium < 20.0.1132.43

Obtained from: 
http://googlechromereleases.blogspot.nl/search/label/Stable%20updates

- Document recent FreeBSD SA's for 2012: SA-12:04.sysret, SA-12:03.bind,
SA-12:02.crypt, SA-12:01.openssl

Reviewed by:    wxs

- update to 2.6

PyCrypto before 2.6 does not produce appropriate prime numbers when using an
ElGamal
scheme to generate a key, which reduces the signature space or public key space
and
makes it easier for attackers to conduct brute force attacks to obtain the
private key.

PR:     ports/169146
Approved by:    portmgr

- Remove PORTEPOCH for de-wordpress and zh-wordpress

- fix range for f5f00804-a03b-11e1-a284-0023ae8e59f0
- add url
- adjust modified accordingly

PR:     ports/169152
Submitted by:   Trond.Endrestol@ximalas.info

- fix spelling of `php-fpm' in entry description

- fix package name

Submitted by:   scheidell@ (me)

- Add entry for www/joomla25, needs min version 2.5.5

Submitted by:   scheidell@ (me)

Fix some nits:
        - cvename gets automatically expanded to the MITRE url

- Document recent vulnerabilities in security/clamav: CVE-2012-1419,
CVE-2012-1457, CVE-2012-1458, CVE-2012-1459

Document asterisk vulnerability.

Add vuxml for older version of graphics/ImageMagick.

PR:             ports/166686 (related to)
Submitted by:   4721@hushmail.com (the vuxml, via irc)

Update 55587adb-b49d-11e1-8df1-0004aca374af with more information.

Document mantis vulnerabilities. The information is a bit light on details
but I'm unable to track down better.

PR:             ports/168984
Submitted by:   Dan Langille <dan@langille.org>

Update to 11.1.r202.236 and inform community of security issues

Security:       38195f00-b215-11e1-8132-003067b2972c

Correct names for BIND 9.6.x and BIND 9.7.x.

Fix my previous commit by adding a accidentally removed <p>.

Remove unnecesarry <p> tags from 47f13540-c4cb-4971-8dc6-28d0dabfd9cd.

Fix some nits:
        - Improve wording of Sympa vuln description
        - The url used as a citation for the description must also be a
reference for the user.

- Document mozilla -- multiple vulnerabilities

- Document the last quagga vulnerability

Document sympa vulnerability

Fix some nits:
        The url in the cite attribute must appear as a reference

Upgrade to 9.6-ESV-R7-P1, 9.7.6-P1, 9.8.3-P1, and 9.9.1-P1, the latest
from ISC. These patched versions contain a critical bugfix:

  Processing of DNS resource records where the rdata field is zero length
  may cause various issues for the servers handling them.

  Processing of these records may lead to unexpected outcomes. Recursive
  servers may crash or disclose some portion of memory to the client.
  Secondary servers may crash on restart after transferring a zone
  containing these records. Master servers may corrupt zone data if the
  zone option "auto-dnssec" is set to "maintain". Other unexpected
  problems that are not listed here may also be encountered.

All BIND users are strongly encouraged to upgrade.

Add the quoted url as a reference for nut.

Requested by:   eadler

- Fix formating in previous entrys

- better define ranges for a8864f8f-aa9e-11e1-a284-0023ae8e59f0 and add another
vendor note

- Address postgresql*-servers for crypt vulnerability (CVE-2012-2143)

http://www.postgresql.org/about/news/1397/

With hat: pgsql

Add an entry for CVE-2012-2944 in sysutils/nut.

Fix some nits:
        The url in the cite attribute must appear as a reference
        References should be sorted

Document asterisk vulnerabilities.

Document vulnerabilities before www/chromium 19.0.1084.52 (the port is safe).

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3103-3115]

Make validate target remove the tidy file if it passes.

Approved by:    chimera@

Correct spelling mistake, FreeSD -> FreeBSD

Reviewed by:    nox

- document security issue for haproxy

PR:     ports/165035
Submitted by:   jgh@
Security:       CVE-2012-2391

Document RT vulnerabilities.

(I'm only committing this as matthew is still waiting for mentor approval, and
we found it important enough to commit it right now)

Submitted by:   matthew

- inspircd 1.2.9 is not vulnerable

PR:     ports/167975
Spotted by: feld@feld.me

Add an entry for mail/sympa < 6.1.11 (CVE-2012-2352)

Add www/foswiki < 1.1.5 entry (CVE-2012-1004)

- Correct b8ae4659-a0da-11e1-a294-bcaec565249c entry [1]
- Formating and cleanup

Submitted by:   Neal Dias <ndias@cisco.com> [1]

Document and fix a off-by-one vulnability in libxml2.

Obtained from:  libxml upstream
Security:       b8ae4659-a0da-11e1-a294-bcaec565249c

- fix date in 725ab25a-987b-11e1-a2ef-001fd0af1a4c

- revert unintentional date change in aa71daaa-9f8c-11e1-bd0a-0082a0c18826
- update date in f5f00804-a03b-11e1-a284-0023ae8e59f0
- adjust dates in 3d55b961-9a2e-11e1-a2ef-001fd0af1a4c
a1d0911f-987a-11e1-a2ef-001fd0af1a4c for ordering

- Update inspircd to 2.0.5 [1]
- document CVE-2012-1836 [2]

PR:     ports/167975
Submitted by:   maintainer, feld@feld.me [1], jgh@ [2]
Security:       CVE-2012-1836

Fix some nits:
        The url in the cite attribute must appear as a reference
        The CVE automatically gets expanded to a url so the mitre url is not
needed

- fix spelling in b3435b68-9ee8-11e1-997c-002354ed89bc

Versions 3.2.0 and earlier of the pidgin-otr plugin contain
a format string security flaw. This flaw could potentially be
exploited by a remote attacker to cause arbitrary code to be
executed on the user's machine.

The flaw is in pidgin-otr, not in libotr. Other applications
that use libotr are not affected.

Document sudo netmask vulnerability. Patch for port forthcoming.

- Security update OpenSSL 1.0.1c

Document vulnerabilities for www/chromium < 19.0.1084.46

Security:       CVE-2011-[3083-3097], CVE-2011-[3099-3100]

- Document vulnerability in net/socat (CVE-2012-0219)

Fix pivotx vuln.xml

- 59b68b1e-9c78-11e1-b5e0-000c299b62e1 also applies to lang/php52

- Document recent vulnerabilities in PHP (CVE-2012-2311 and CVE-2012-2329)

Add an entry for CVE-2012-2214 for an XMPP crash in libpurple.

- Document CVE-2012-2274 for port www/pivotx

PR:             ports/167819
Submitted by:   Fumiyuki Shimizu <fumifumi at abacustech.jp>
Security:       CVE-2012-2274

Belated VuXML entry for recent NVIDIA Unix driver arbitrary system memory
access vulnerability.

Reviewed by:    eadler, delphij
Security:       CVE-2012-0946

- Add entry for rubygem-mail

Revert my "correction" for php52. All the 5.2.x still affected to NULL
poison bug. Just tested both latest 5.2 and 5.3 with the script from here:
https://bugs.php.net/bug.php?id=39863
Sorry.

Mark php52 >= 5.2.15 as not vulnerable to NULL byte poisoning [1]. This problem
was fixed in 5.3.4 and 5.2.15 simultaneously.

[1] http://www.vuxml.org/freebsd/3761df02-0f9c-11e0-becc-0022156e8794.html

Reported by:     Svyatoslav Lempert <svyatoslav.lempert at gmail dot com>

- Add entry for www/node

- Add entry for p5-Config-IniFiles

Add references for the portupgrade advisory. Some code actually expects content
in this section.

Reported by:    dvl
Reviewed by:    wxs,zi

Unbreak vuln.xml format.
While here fix a long line.

Pointyhat:      scheidell

- Account for repocopy of php5 -> php53
- Account for php52 backport fix
- Add entry for php54 (which will be named php5)

Submitted by:   scheidell@ (me)

- Third time the charm. remove extra (

Submitted by:   scheidell@ (me)

- All versions of PHP between 2004 release and May 3rd, 2012 are vulnerable to
cmdarg attacks
- Note:  PHP 5.2.12 and 5.4.2 were created to address this issue, but did not.
- See WWW: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
- An additional, unreleased version is needed.

Submitted by:   scheidell@ (me)
Obtained from:  WWW:www.php.net/archive/2012.php#id2012-05-03-1
Security:       CVE-2012-1823

Fix PHP entry to match the actual package name

Submitted by:   simon

- Document www/webcalendar-devel - multiple vulnerabilities

Requested by:   eadler, Hanno Boeck <hanno@hboeck.de>

Document vulnerabilities in www/chromium < 18.0.1025.168

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3078-3081], CVE-2012-1521

- Document vulnerability in lang/php5

Document samba incorrect permission checks vulnerability.

Inform users that ports-mgmt/portupgrade-devel had unchecked distinfo

- Document vulnerability in net-mgmt/net-snmp (CVE-2012-2141)