Document com_mailto Timeout Issue in www/joomla15

Cleanup whitespace and XML format using 'make tidy' and a bit manual
editing.

When running the tidy target:
- Pipe ouput into vuln.xml.tidy instead of stdout.
- Don't hide what command we are running so it's clear where the tidy
  version of the output went.

Various affects fixes to the last 3 Mozilla/Firefox entries to make then
match correctly against package names.  In particular the port name
instead of package name was used in a couple of places.  For Seamonkey
and Thunderbird where no known fixes exist don't include a fixed
version.

- Update previous subversion entry,
  add missing p5-subversion and py-subversion

- Fix latest firefox entry.

Reported by:    b.f <bf1793@gmail.com>

Document subversion -- heap overflow vulnerability.

Add a few CVE names to the 'squid -- several remote denial of service
vulnerabilities' entry.

Document bugzilla -- product name information leak.

- Mark squid 3.1.0.12 as safe

- Document mozilla -- multiple vulnerabilities

- Add bind9-sdb-ldap and bind9-sdb-postgresql to recent BIND DoS.

Reviewed by:    miwi

- Document silc-client and silc-irssi-plugin format string vulnerability.

Reviewed by:    miwi

Mark mail/squirrelmail-multilogin-plugin as FORBIDDEN and add the
corresponding entry in VuXML.

Security:       VuXML: 0d0237d0-7f68-11de-984d-0011098ad87f

- White space fixes and correct the entry date in
  vid 83725c91-7c7e-11de-9672-00e0815b8da8

s/package/system/ for vid fbc8413f-2f7a-11de-9a3f-001b77d09812.

Reviewed by:    remko
Approved by:    secteam (remko)

- Document BIND DoS in base and ports.

Reviewed by:    remko
Approved by:    secteam (remko)

- Close tag

- Document Mono XML Signature HMAC Truncation Spoofing

Document squid remote denial of service vulnerabilities.

Submitted by:   Thomas-Martin Seck <tmseck@web.de>
PR:             ports/137184

Fix security advsory with patches from Ubuntu project.
http://vuxml.FreeBSD.org/c444c8b7-7169-11de-9ab7-000c29a67389.html

PR:     ports/136891
Submitted by:   wxs@
Reviewed by:    simon@
Approved by:    itetcu@ (mentor)

- Fix a typo

- Document firefox35 -- corrupt JIT state after deep return from native function

- Document isc-dhcp*-client stack overflow.

- Tweak nagios version information a bit for the command injection
  vulnerability. Patches for net-mgmt/nagios and net-mgmt/nagios2 coming
  shortly.

- Document drupal -- multiple vulnerabilities

Submitted by:   Nick Hilliard (based on)

- Mark linux-firefox 3.0.11 and higher as safe

Approved by:    secteam (miwi)

- Document remote command execution in net-mgmt/nfsen

PR:             ports/136070
Submitted by:   Bjoern Engels <engels@openit.de>

- Add syslog-ng package to the list of vulnerable versions for the chroot
  vulnerability.

- Add newly created CVE for nagios command injection vulnerability.
- Add the other two nagios packages to the list.
- Add modified entry accordingly.

Document phpMyAdmin XSS vulnerability

- Document nagios command injection vulnerability.

- s/secunia reports/Secnuia reports/
- Fix whitespace

Approved by:    secteam (miwi)

- Document tor-devel DNS resolution issue.

PR:             ports/135925
Submitted by:   bf <bf1783@gmail.com>

- Document cscope -- multiple buffer overflows

PR:             135097
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document cscope -- buffer overflow

PR:             based on 135097
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Fix a typo from previous commit

Document joomla -- multiple vulnerabilities

Approved by:    wxs (mentor)

- Document pidgin -- multiple vulnerabilities

PR:             135239 (based on)
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document git-daemon DoS.

- Fix the latest ruby entry: 1.9 branch is not vulnerable.

- Document ruby denial of sevice vulnerability in BigDecimal.

- Fix firefox3 version in da185955-5738-11de-b857-000f20797ede

Approved by:    miwi (secteam)

- Document mozilla  -- multiple vulnerabilities

Approved by:    miwi (secteam)

- Add some more cve to the previous entry

- Fix previous entry

Document DOS in apr-util xml(expat) processing

Submitted by:       Eygene Ryabinkin <rea-fbsd@codelabs.ru>

Document dokuwiki local File Inclusion with register_globals on vulnerability.

- Document openssl -- denial of service in DTLS implementation

PR:             based on 134653
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document eggdrop -- denial of service vulnerability

- Document wireshark -- Denial of Service in the PCNFSD dissector

PR:             135061 (based on)
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Add more infos for libsndfile entry

- Document libsndfile -- multiple vulnerabilities

- Document slim -- local disclosure of X authority magic cookie

- Cleanup previous entry

Unbreak file by removing double <vuxml> tag.

Add CVE information for NTP stack overflow.

PR:             134755
Submitted by:   Mark Foster <mark@foster.cc>
Security:       CVE-2009-0159 and CVE-2009-1252

- Fix 5ed2f96b-33b7-4863-8c6b-540d22344424
   * Remove duplicte url
   * Fix safe version
   * Bump modified date

- Bump modified date for previous commit.

- Add CVE information for nsd overflow.
- s/over flow/overflow/ for the same entry.

Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru> (private mail)

- Document imap-uw -- University of Washington IMAP c-client Remote Format
  String Vulnerability (submitted back in Feb 2009)

PR:             ports/131939
Submitted by:   Mark Foster <mark@foster.cc>

- Document dns/nsd and dns/nsd2 one-byte overflow (both are already fixed
  in ports). Still need a CVE entry but there is not one assigned yet.

Add entries of libxine vulnerabilities fixed in version 1.1.16.2 and 1.1.16.3.

PR:             ports/132593
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document php -- ini database truncation inside dba_replace() function

PR:             129459 (based on)
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document libwmf -- embedded GD library Use-After-Free vulnerability

PR:             based on 134246

- Document libwmf -- Integer Overflow Vulnerability

PR:             based on 134246

- Document moinmoin -- cross-site scripting vulnerabilities

- Rework previus entry

- Document mod_perl -- cross site scripting in Apache::Status

- Small cleanup
  * fix spelling
  * fix tabs/whitespaces
  * add more references to the latest drual entry

- Fix formating

Document drupal -- cross-site scripting vulnerability.

Submitted by:   Nick Hilliard <nick foobar org>

- Document cyrus-sasl -- buffer overflow vulnerability

- Document moinmoin -- multiple cross site scripting vulnerabilities

PR:             based on 134467

- Document ghostscript8 -- Buffer Overflow Vulnerability

PR:             133331 (baesed on)

- Cleanup

- Added a referece to the latest pango entry
(4b172278-3f46-11de-becb-001cc0377035)

- Document pango buffer overflow vulnerability.

Document the recent Wireshark vulnerabilities.

PR:             134245
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Add CVE entry for quagga vulnerability.

Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru> (private mail)

- add CUPS 1.3.10
PR:             134247

- add SA-09:08.openssl
PR:             133156

- Document quagga DoS.

PR:             ports/134248
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Reviewed by:    miwi

- Mark flock 2.0 as safe

Approved by:    miwi (mentor)

- Cleanup previous entry

- Document openfire -- Password Changes Security Bypass

PR:             134207
Submitted by:   Mark Foster <mark@foster.cc>

- Document drupal -- cross site scripting

- CVE-2007-3387 has been fixed in pdftohtml 0.39_3.

- Document mozilla  -- multiple vulnerabilities

Document the recent poppler vulnerabilities fixed in 0.10.6.

PR:             133838
Submitted by:   Mark Foster <mark@foster.cc>
Approved by:    portmgr (implicit)

- Rework previus entry (xpdf -- multiple vulnerabilities)
        * fix typos
        * added more information about security issues
        * added more reference sites

Approved by:    portmgr (secteam blanked)

- Document xpdf -- multiple vulnerabilities

Approved by:    portmgr (erwin)

- Document freetype2 -- multiple vulnerabilities

Approved by:    portmgr (secteam blanked)

- Document ejabberd cross-site scripting vulnerability.

PR:             ports/132800
Submitted by:   Mark Foster <mark@foster.cc>
Reviewed by:    miwi
Approved by:    portmgr (secteam blanket, explicitly miwi)

- Document ziproxy -- Multiple HTTP Proxy HTTP Host Header Incorrect Relay
Behavior Vulnerability

Approved by:    portmgr (secteam blanked)

- Document phpmyadmin -- insufficient output sanitizing when generating
configuration file

Approved by:    portmgr (secteam blanked)

- Document drupal6-cck -- cross-site scripting

PR:             133550
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document pivot-weblog -- file deletion vulnerability

Fix the roundcube version of CVE-2009-0413, should be 0.2.1,1 and not 0.2.1.

Pointy Hat To:  miwi

Document phpmyadmin: insufficient output sanitizing when generating
configuration file.