- Report a XSS vulnerability in net-mgmt/cacti port

- fix german wordpress name

- Document wordpress -- multiple vulnerabilities

Mark php5-gd 5.2.11_2 as safe.

- Note that CVE-2009-3546 has been fixed in graphics/gd.

Noticed by:     N.J. Mann <njm@njm.me.uk>

- Fix previous commit

- Document HTML-Parser denial of service

Document remote buffer overflow vulnerability in gd.

Document typo3 multiple vulnerabilities.

Notified by:    Wennrich, Markus <Markus Wennrich f-i-ts de>

Add an entry for VideoLAN-SA-0901, about multimedia/vlc.

- Document KDE -- multiple vulnerabilities

Reported by:    Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Fix previous entry

Add two opera vulnerabilities

PR:             140101
Submitted by:   Arjan van Leeuwen

- Fix latest entrys

Document vulnerability in net-p2p/ctorrent < 3.3.2_2 (CVE-2009-1759).

PR:             ports/139635
Submitted by:   Eygene Ryabinkin
Security:       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1759

- Fix linux-opera vuxml entry (it uses different version numbering scheme) [1]
- Add entry for opera-devel as well.

PR:             ports/140038 [1]
Submitted by:   Sato Kuro <poyopoyo@puripuri.plala.or.jp> [1]

- Document mozilla -- multiple vulnerabilities

Approved by:    miwi (secteam)

- Fix discovery date of a recent entry

- Document elinks < 0.11.4 buffer overflow vulnerability.

Add CVE reference provided by author via maintainer for the squidguard
issue.

Apply vendor fixes 20091015 and 20091019 to fix multiple vulnerabilities
of squidGuard 1.4.

Requested by:   maintainer
Security:       692ab645-bf5d-11de-849b-00151797c2d4

- Add an entry for Xpdf -- Multiple Vulnerabilities.

- Document django -- denial-of-service attack

- Document phpmyadmin -- XSS and SQL injection vulnerabilities

- Document php5 multiple security vulnerabilities.

PR:             ports/139196
Submitted by:   Mark Foster <mark@foster.cc>

- Document virtualbox -- privilege escalation

Add FreeBSD-SA-09:14.devfs to the VuXML list.

Hat:    secteam
Facilitated by: Snow B.V.

Add FreeBSD-SA-09:13.pipe to the VuXML list.

Hat:    secteam
Facilitated by: Snow B.V.

- linux-f10-pango is affected by 4b172278-3f46-11de-becb-001cc0377035 too.

Reported by:    "Edward Sanford Sutton, III" <mirror176@cox.net>

- Document mybb -- multiple vulnerabilities

PR:             based on 139197

- Document drupal -- Multiple Vulnerabilities

Submitted by:   Nick Hillard (based on)
Feature safe:   yes

- Rework latest horde-base entry (ee23aa09-a175-11de-96c0-0011098ad87f)

Feature safe:   yes

Fix a formatting issue.

Pointy hat to:          myself
Noticed by:             miwi
Feature safe:           Yes

Fix build.

Feature safe:   yes

Document a security problem in fwbuilder/libfwbuilder 3.0.4 - 3.0.6.
Generated iptables scripts when used to generate static routing
configurations have a security issue.

Feature safe:   Yes

Document "bugzilla" - two SQL injections, sensitive data exposure.

Feature safe:   yes

Adding an entry for three vulnerabilities fixed in the latest Horde
framework (i.e. the port www/horde-base).

- Fix formatting.
- Add link to the debian security advisory.
- Fix the description to be the actual citation from the official sources
  instead of some wild interpretation.  We do not know for sure if remote
  code execution is possible at all and from looking to the source code it
  seems unlikely as the buffer undeflown is allocated on the heap.  Moreover,
  it is not clear if this is exploitable in the default install.

Discussed with: az

Document nginx DoS condition.

Submitted by:   az@ (via IRC)

Add cvename and bid for cyrus-imapd potential buffer overflow
in Sieve.

Add ikiwiki vulnerability.

- Cleanup previous commit

- Add xapian-omega cross-scripting vulnerability

- Document mozilla firefox -- Multiple Vulnerabilities

Fix xml broke by my previous commit.

Document cyrus-imapd potential buffer overflow vulnerability in Sieve.

- Document silc-toolkit format string vulnerabilities. Unfortunately little
  information is provided publicly.

- Mark seamonkey as safe

- Update latest Opera entry,
        * add missing linux-opera
        * fix topic

- Fix vuxml build

Pointyhat to:   me

- Fix vuxml build

Pointyhat to:   itetcu

Add an atry for opera < 10.00

PR:             138449
Submitted by:   maintainer

- Fix cvenames

- Document dnsmasq -- TFTP server remote code injection vulnerability

PR:             138418 (based on)
Submitted by:   Matthias Andree <matthias.andree@gmx.de>

- I cannot confirm these vulns can be affected to 1.3.x and 2.0.x
  lines.  Limit this entry to 2.2.x until confirmed.

Add apache-2.2.12 fixes.

- Mark thunderbird 2.0.0.23 and higher as safe

Approved by:    secteam (miwi)

- Document pidgin, libpurple, and finch memory corruption.

PR:             ports/137997
Submitted by:   Armin Pirkovitsch <armin@frozen-zone.org>

- Document NUL byte problem in gnutls and gnutls-devel
- Document multiple vulnerabilities in older versions[1]

Note:  These have all been fixed with the exception of the NUL byte problem
in gnutls-devel.

PR:             [1]: ports/134785
Submitted by:   [1]: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Reviewed by:    miwi

- memcached -- memcached stats maps Information Disclosure Weakness

PR:             134206
Submitted by:   Mark Foster <mark___foster.cc>

- Update latest wordpress entry
   * add wordpress-mu which was also affected
- Mark latest fetchmail entry as safe

Document remote admin password reset vulnerability in wordpress <= 3.8.3

Reviewed by:    simon

- Document fetchmail -- improper SSL certificate subject verification

Fix typo in affected version number for vid
739b94a4-838b-11de-938e-003048590f9e

Submitted by:   Roberto Nunnari <robi@nunnisoft.ch> (Private eMail)
Reviewed by:    simon

- Fix improper formatting reported by miwi

- Add additioinal reference url for vid 739b94a4-838b-11de-938e-003048590f9e
reported by miwi

Reviewed by:    miwi

Document com_mailto Timeout Issue in www/joomla15

Cleanup whitespace and XML format using 'make tidy' and a bit manual
editing.

When running the tidy target:
- Pipe ouput into vuln.xml.tidy instead of stdout.
- Don't hide what command we are running so it's clear where the tidy
  version of the output went.

Various affects fixes to the last 3 Mozilla/Firefox entries to make then
match correctly against package names.  In particular the port name
instead of package name was used in a couple of places.  For Seamonkey
and Thunderbird where no known fixes exist don't include a fixed
version.

- Update previous subversion entry,
  add missing p5-subversion and py-subversion

- Fix latest firefox entry.

Reported by:    b.f <bf1793@gmail.com>

Document subversion -- heap overflow vulnerability.

Add a few CVE names to the 'squid -- several remote denial of service
vulnerabilities' entry.

Document bugzilla -- product name information leak.

- Mark squid 3.1.0.12 as safe

- Document mozilla -- multiple vulnerabilities

- Add bind9-sdb-ldap and bind9-sdb-postgresql to recent BIND DoS.

Reviewed by:    miwi

- Document silc-client and silc-irssi-plugin format string vulnerability.

Reviewed by:    miwi

Mark mail/squirrelmail-multilogin-plugin as FORBIDDEN and add the
corresponding entry in VuXML.

Security:       VuXML: 0d0237d0-7f68-11de-984d-0011098ad87f

- White space fixes and correct the entry date in
  vid 83725c91-7c7e-11de-9672-00e0815b8da8

s/package/system/ for vid fbc8413f-2f7a-11de-9a3f-001b77d09812.

Reviewed by:    remko
Approved by:    secteam (remko)

- Document BIND DoS in base and ports.

Reviewed by:    remko
Approved by:    secteam (remko)

- Close tag

- Document Mono XML Signature HMAC Truncation Spoofing

Document squid remote denial of service vulnerabilities.

Submitted by:   Thomas-Martin Seck <tmseck@web.de>
PR:             ports/137184

Fix security advsory with patches from Ubuntu project.
http://vuxml.FreeBSD.org/c444c8b7-7169-11de-9ab7-000c29a67389.html

PR:     ports/136891
Submitted by:   wxs@
Reviewed by:    simon@
Approved by:    itetcu@ (mentor)

- Fix a typo

- Document firefox35 -- corrupt JIT state after deep return from native function

- Document isc-dhcp*-client stack overflow.

- Tweak nagios version information a bit for the command injection
  vulnerability. Patches for net-mgmt/nagios and net-mgmt/nagios2 coming
  shortly.

- Document drupal -- multiple vulnerabilities

Submitted by:   Nick Hilliard (based on)

- Mark linux-firefox 3.0.11 and higher as safe

Approved by:    secteam (miwi)

- Document remote command execution in net-mgmt/nfsen

PR:             ports/136070
Submitted by:   Bjoern Engels <engels@openit.de>

- Add syslog-ng package to the list of vulnerable versions for the chroot
  vulnerability.

- Add newly created CVE for nagios command injection vulnerability.
- Add the other two nagios packages to the list.
- Add modified entry accordingly.

Document phpMyAdmin XSS vulnerability

- Document nagios command injection vulnerability.

- s/secunia reports/Secnuia reports/
- Fix whitespace

Approved by:    secteam (miwi)

- Document tor-devel DNS resolution issue.

PR:             ports/135925
Submitted by:   bf <bf1783@gmail.com>

- Document cscope -- multiple buffer overflows

PR:             135097
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>