Fix typo in previous revision.

- Cleanup, Formating

add CVE-2009-2347 tiff

Document linux-flashplugin -- multiple vulnerabilities.

Reviewed by:    tmclaugh

- Cleanup / Whitespace fixes

Remove empty package in previous revision.

- report FAX3 decoder buffer overrun

Document sudo secure path vulnerability. We are not vulnerable to this by
default but a user could build sudo with SUDO_SECURE_PATH defined or turn
it on in sudoers.

- Update to 3.0.1

PR:             ports/147195
Submitted by:   Pavel Pankov <pankov_p@mail.ru> (maintainer)

- Document two mediawiki security vulnerabilities

Approved by:    delphij@(ports-security override)

- Document multiple redmine vulnerabilities

Approved by:    miwi (secteam), beat (co-mentor)
Security:       http://www.redmine.org/news/39

Updated tomcat entry (CVE-2010-1157) with fixed version information.
This makes sure that the correct older versions are marked vulnerable

Approved by:    itetcu (mentor, implicit)
Security:      
http://www.vuxml.org/freebsd/3383e706-4fc3-11df-83fb-0015587e2cc1.html

- Added 109 missing CVE names to 60 VuXML entries
- Fixed Tomcat55 entry to mark current PORTREVISION vulnerable

PR:             ports/146418
Approved by:    itetcu (mentor, implicit)
Security:       http://people.freebsd.org/~niels/vuxml/

Added wireshark (DoS) and piwik (XSS) issues

Approved by:    itetcu (mentor, implicit)
Security:       http://www.wireshark.org/security/wnpa-sec-2010-03.html
Security:       http://www.wireshark.org/security/wnpa-sec-2010-04.html
Security:       http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/

Added spamass-milter remote command execution vulnerability

Approved by:    itetcu (mentor, implicit)
Security:       CVE-2010-1132
Security:      
http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html

- Added mediawiki and lxr vulnerabilities
- Fixed vlc topic format (lower case, portname first)

PR:             ports/146337
Approved by:    itetcu (mentor, implicit)
Security:      
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
Security:      
http://sourceforge.net/mailarchive/message.php?msg_name=E1NS2s4-0001PE-F2%403bkjzd1.ch3.sourceforge.com

Added 38 missing CVE names to 24 VuXML entries
(256 CVE names to go)

Approved by:    itetcu (mentor, implicit)
Security:       http://people.freebsd.org/~niels/vuxml/

Added 34 missing CVE names to 24 VuXML entries
(294 CVE names to go)

Approved by:    miwi (secteam)
Security:       http://people.freebsd.org/~niels/vuxml/

- VideoLAN has released 1.0.6 to address serveral vulnerabilities they discoverd
while working towards the 1.1.0 release. These vulnerabilities could potentially
allow for a specially crafted file to execute code.

PR:             ports/146099
Submitted by:   Joseph S. Atkinson <jsa@wickedmachine.net> (maintainer)

- fix version for apache+mod_ssl

- fix info for apache+mod_ssl

Mark kdebase3 as safe now.

- Documented multiple Joomla! vulnerabilities
- Added new reference to the recent cacti issue

Approved by:    remko (secteam)
Security:       http://developer.joomla.org/security/

Documented vulnerabilities in moodle, tomcat55, tomcat66 and cacti

PR:             ports/146021
PR:             ports/146022
Approved by:    remko (secteam)
Security:       http://seclists.org/bugtraq/2010/Apr/200
Security:       http://docs.moodle.org/en/Moodle_1.9.8_release_notes
Security:       http://www.bonsai-sec.com/en/research/vulnerability.php

Documented emacs movemail vulnerability and marked the seperate
mail/movemail port vulnerable to an old format string vulnerability.

Approved by:    remko (secteam)
Security:       http://www.ubuntu.com/usn/USN-919-1

Added krb5 double free vulnerability

Approved by:    remko (secteam)
Security:       http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt
Security:       CVE-2010-1320

Documented the following vulnerabilities:
- png: libpng decompression denial of service
- e107: code execution and XSS vulnerabilities
- pidgin: multiple remote denial of service vulnerabilities
- fetchmail: denial of service vulnerability

PR:             ports/145885
PR:             ports/145857
Approved by:    remko (secteam)
Security:       CVE-2010-0996
Security:       CVE-2010-0997
Security:       CVE-2010-1167
Security:       CVE-2010-0277
Security:       CVE-2010-0420
Security:       CVE-2010-0423
Security:       CVE-2010-0205

Documented the following vulnerabilities:
- curl: libcurl buffer overflow vulnerability
- irssi: multiple vulnerabilities
- ejabberd: queue overload denial of service vulnerability

Approved by:    remko (secteam)
Security:       http://curl.haxx.se/docs/adv_20100209.html
Security:       http://support.process-one.net/browse/EJAB-1173
Security:       http://xforce.iss.net/xforce/xfdb/57790
Security:       http://xforce.iss.net/xforce/xfdb/57791

- Added three krb5 vulnerabilities
- Fixed indent on mahara entry
- Fixed title of KDM entry

Approved by:    remko (secteam)
Security:       http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt
Security:       http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-002.txt
Security:       http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt

Document mahara sql injection vulnerability

Approved by:    remko (secteam)
Security:       http://www.debian.org/security/2010/dsa-2030

Correct CVE entry. The advisory from Todd[0] says CVE 2010-0426, which is
the entry assigned to the original sudoedit vulnerability[1]. The new
one (CVE-2010-1163) was just assigned. I believe the one assigned by CVE
folks is the proper one to use.

[0]: http://sudo.ws/sudo/alerts/sudoedit_escalate2.html
[1]: 018a84d0-2548-11df-b4a3-00e0815b8da8

- Document sudo privilege escalation bug. This is similar to
  018a84d0-2548-11df-b4a3-00e0815b8da8.

- Do not match x11/kdebase4 in latest KDM vulnerability.

Approved by:    tabthorpe (mentor)

- Document KDM local privilege escalation vulnerability.

Approved by:    tabthorpe (mentor), delphij (secteam)

- Document dojo - cross-site scripting and other vulnerabilities
- Document ZendFramework - security issues in bundled Dojo library

Approved by:    secteam (remko)
Security:      
http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
Security:       http://framework.zend.com/security/advisory/ZF2010-07

- Document firefox -- Re-use of freed object due to scope confusion

Submitted by:   Florian Smeets <flo AT smeets.im>
Approved by:    miwi

- Document mozilla -- multiple vulnerabilities

Approved by:    delphij

Document postgresql bitsubstr overflow vulnerability

Document a buffer overflow in gtar's rmt client functionality.

- Document firefox -- WOFF heap corruption due to integer overflow

Approved by:    miwi

Updated the xzgv entry: 0.9 version (now in portstree) is not vulnerable

Approved by:    itetcu (mentor), miwi (secteam)
Security:      
http://www.vuxml.org/freebsd/a813a219-d2d4-11da-a672-000e0c2e438a.html
Security:       http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml

- Fix build

- Document mozilla -- multiple vulnerabilities
- Fix a typo

Approved by:    miwi

Document eGroupware vulnerabilities.

Submitted by:   wenheping

- Document drupal -- multiple vulnerabilities

Feature safe:   yep

- Document sudo privilege escalation vulnerability when using
  pseudo-command sudoedit

Feature safe:   yes

Attempt to properly take care of the ooo3 -RC and -devel ports too (doh!)

Feature safe:   yes

- Document thunderbird3 vulnerabilities

Approved by:    miwi
Feature safe:   yes

Document openoffice -- multiple vulnerabilities

Reviewed by:    delphij
Feature safe:   yes

- Document mozilla -- multiple vulnerabilities

Approved by:    miwi (secteam)
Feature safe:   yes

Document lighttpd remote DoS vulnerability.

Reported by:    Dan Rowe <dan dracosplace com>
Feature safe:   yes

Update www/squid and www/squid30 to address Squid HTCP Packet Processing
NULL Pointer Dereference vulnerability (SQUID-2010:2)

Document linux-flashplugin -- multiple vulnerabilities.

Reviewed by:    miwi

Add CVE-2010-0414 and CVE-2010-0422 for gnome-screensaver.

Reviewed by:    miwi@

Fix range for fetchmail CVE-2010-0562.

Approved by: miwi@ (mentor)

Add CVE-2010-0562 entry for mail/fetchmail.

Approved by: miwi (mentor).

Document wireshark lwres buffer overflow vulnerability.

Reported by:    Andreas <akoga hawaii edu>

Document "otrs" - SQL injection.

- add the rest of the apache 1.3.x packages to the list
  that are vulnerable
- add a missing ) to the <topic>

Reviewed by:    secteam (miwi)

- document chunk-size integer overflow in apache 1.3.x

- remove extraneou '>' as reported by make tidy

- Mark squid30 now as safe

- Update 296ecb59-0f6b-11df-8bab-0019996bc1f7 entry and makr squid3* as safe

Security patch for Squid advisory 2010:1, denial of service.

Submitted by:   maintainer (Thomas-Martin Seck <tmseck web de>)

Document "bugzilla" - information leak.

- Correct fixed version from previous entry

- Document irc-ratbox -- multiple vulnerabilities

PR:             based on 143242
Submitted by:   moggie <moggie@elasticmind.net>

- Document thunderbird3 vulnerabilities

Reviewed by:    miwi

Document dokuwiki multiple vulnerabilities.

- Added entry for multiple vulnerabilities in www/zend-framework
- Cleaned up some entries reported by "make tidy"

Reviewed by:    secteam (delphij via email)
Approved by:    secteam (delphij via email)
Security:       http://framework.zend.com/security/advisory/ZF2010-06
Security:       http://framework.zend.com/security/advisory/ZF2010-05
Security:       http://framework.zend.com/security/advisory/ZF2010-04
Security:       http://framework.zend.com/security/advisory/ZF2010-03
Security:       http://framework.zend.com/security/advisory/ZF2010-02
Security:       http://framework.zend.com/security/advisory/ZF2010-01
Security:       http://framework.zend.com/security/advisory/ZF2009-02
Security:       http://framework.zend.com/security/advisory/ZF2009-01

Document powerdns-recursor multiple vulnerabilities.

Document pear-Net_Ping and pear-Net_Traceroute arbitrary command execution
vulnerability.

Bump copyright year to 2010

- Document drupal -- multiple cross-site scripting

- Document sysutils/fuser privileges check vulnerability.

Document monkey remote DoS vulnerability.

- Fix a typo (s/opensll/openssl)

Reported by:    pluknet <pluknet@gmail.com>

Document php multiple vulnerabilities.

Sponsored by:   iXsystems, Inc.

Document PostgreSQL multiple vulnerabilities.

Sponsored by:   iXsystems, Inc.

Add tptest pwd remote buffer overflow vulnerability.

Submitted by:   Mark Foster <mark foster cc>
PR:             ports/131938

- Document mozilla -- multiple vulnerabilities

Make the problem more visible by choosing a more descriptive subject.

Document freeradius remote packet of death exploit (CVE 2009-3111)

Submitted by:   "Danilo G. Baio" <dbaio bs2 com br>
PR:             ports/141318

- Mark Seamonkey 2.0 as safe

Reviewed by:    miwi

- Mark linux-firefox-devel as safe

Reviewed by:    miwi

- Fix build

- Document pligg -- Cross-Site Scripting and Cross-Site Request Forgery

- Document piwik -- php code execution

Requested by:   wen

- Fix previous entrys (formating etc)

- Document dovecot insecure directory permissions

Document linux-flashplugin -- multiple vulnerabilities.

Reviewed by:    miwi

- Document ruby 1.9.1 heap overflow vulnerability.

Document session fixation vulnerability in RequestTracker < 3.8.6

Reviewed by:    simon@, wxs@

- Add two CVE entries for expat2.

- Document opera -- multiple vulnerabilities

Request by:     itetcu

Fix the libtool entry to include 2.2.6a as vulnerable.

Document libtool vulnerability.

Reviewed by:    miwi@

- Cleanup (whitespaces/tabs)

document: libvorbis -- multiple vulnerabilities

Document "bugzilla" - information leak.