- Document pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability

Reviewed by:    tabthorpe

Document the cURL redirection security bypass - CVE-2009-0037.
I'll update the ftp/curl port itself ASAP.

PR:             132299
Reported by:    Mark Foster <mark@foster.cc> (the PR),
                Daniel Bond <db@danielbond.org> (e-mail)

Bump the modified date for the previous Firefox change.

Requested by:   miwi

Correct the Firefox 2.0 version for the recent Firefox vulnerabilities.

- Add CVE entries for last lighttpd security issue.

Reported by:    Eygene Ryabinkin <rea-fbsd___codelabs.ru>

- Update to 1.7.5
- Added UPDATING entry about incompatibility between 1.7.4 and 1.7.5
- Added vuln.xml entry for local file inclusion vulnerability in <1.7.5
- Added maintainer mode target in ZF Makefile to speed up fixups of
  pkg-plist output from genplist

Security:       cf495fd4-fdcd-11dd-9a86-0050568452ac
Security:       http://framework.zend.com/issues/browse/ZF-5748
Security:      
http://weierophinney.net/matthew/archives/206-Zend-Framework-1.7.5-Released-Important-Note-Regarding-Zend_View.html

- Document dia -- remote command execution vulnerability

Reviewed by:    miwi

- Document pycrypto -- ARC2 module buffer overflow

PR:             based on 131689
Submitted by:   Mark Foster <mark@foster.cc>

Update the latest firefox vulnerability ranges.

Minor whitespace nits.

- Update previous entry
   * remove duplicate bid entry
   * add more referens
   * fix whitespaces

Document Varnish 2.0 DoS.

PR:             ports/131690
Submitted by:   Mark Foster <mark@foster.cc>

- Document tor -- multiple vulnerabilites

- Fix portaudit conflict with www/firefox and www/firefox3
- Mark www/firefox and www/linux-firefox FORBIDDEN

Discussion by:  simon/stas
With hat:       secteam

- Fix latest firefox entry

- Document firefox -- multiple vulnerabilities

- document codeigniter -- arbitrary script execution in the new
                          Form Validationclass

- Document pyblosxom -- atom flavor multiple XML injection vulnerabilities

Reviewed by:    miwi

- Document typo3 -- cross-site scripting and information disclosure

- Update latest squid* entry
        Add CVE-2009-0478

Submitted by:   jadawin

- Update ruby vuxml entries due to ruby19 version bump.

- Document amaya -- multiple buffer overflow vulnerabilities

PR:             based on 131508
Submitted by:   Mark Foster <mark@foster.cc>

- Document websvn -- multiple vulnerabilities

PR:             based on 130934
Submitted by:   Mark Foster <mark@foster.cc>

- Document phplist -- local file inclusion vulnerability

PR:             based on 130932

- Document squid -- remote denial of service vulnerability

PR:             based on 131431

- Fix topic s/typo/typo3

- Document typo3 -- Multiple Vulnerabilities

- Fix previous entry

Security update for sudo to 1.6.9p20 for CVE 2009-0034

Changes:
- Only use the cached supplementory group vector when matching groups
  for the invoking user. (security)
- When setting the umask, use the union of the user's umask and the
  default value set in sudoers so that we never lower the user's umask
  when running a command.
- Sudo now operates in the C locale again when doing a match against
  sudoers.

PR:             131446
Submitted by:   Eygene Ryabinkin
Security:       vid:13d6d997-f455-11dd-8516-001b77d09812

- Fix a typo (s/drual/drupal)

- Cleanup

- Document drupal -- multible vulnerabilities

Update php5-gd entry.

- Document perl -- Directory Permissions Race Condition

PR:             based on 129317

- Rework ganglia entry
  * Fix topic
  * Fix discovery and entry day

- Set modified for b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e entry
- more cleanup

- Document moinmoin -- multiple cross site scripting vulnerabilities

- Cleanup previous entry
        * remove whitespaces
        * sort bid/cvename/url

Upgrade Ganglia to 3.1.1 plus a fix for CVE-2009-0241.

PR:             ports/129822, ports/131067
Submitted by:   Mark Foster <mark at foster dot cc> (vuxml)
Security:       vid:b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e

- Document Tor -- Unspecified Memory Corruption Vulnerability

- Cleanup
        * Fix whitespaces/ Tabs
        * Sort <bid>/<cvename>/<url>

- Rewording 2ffb1b0d-ecf5-11dd-abae-00219b0fc4d (glpi -- SQL Injection)
- Add more reference sites

Document glpi -- SQL Injection vulnerabilty

PR:             ports/131011
Submitted by:   Mathias Monnerville <mathias@monnerville.com>

- Document openfire -- multiple vulnerabilities

PR:             ports/130606
Submitted by:   Mark Foster <mark foster.cc>

Update information about 9fff8dc8-7aa7-11da-bf72-00123f589060
and 651996e0-fe07-11d9-8329-000e0c2e438a, newer versions of
apache+ipv6 has the problems fixed.

Submitted by:   sumikawa

- Document two old ipsec-tools DoS

PR:             ports/129468
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document directory traversal bug in teamspeak server

PR:             ports/130608
Submitted by:   Mark Foster <mark@foster.cc>

- Document graphics/optipng buffer overflow

PR:             ports/129072
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document old gitweb privilege escalation vulnerability.

PR:             ports/130600
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

Document vulnerability in older versions of GNU tar.

PR:             130602
Submitted by:   Mark Foster <mark@foster.cc>

- Mark net-mgmt/nagios2 as secure

- Document mplayer -- vulnerability in STR files processor

PR:             based on 130573

- Cleanup previous entry
- Add more references

- Add missing blockquote and linewrap properly

- Document cgiwrap XSS vulnerability

PR:             ports/130277
Submitted by:   Eric W. Bates <ericx@vineyard.net>

- Document nagios -- web interface privilege escalation vulnerability

- Document pdfjam -- insecure temporary files

PR:             based on 130028

- Document verlihub -- insecure temporary file usage and arbitrary command
execution

- Document mysql -- empty bit-string literal denial of service

PR:             based on 129978
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Fix discovery date

- Document mysql multiple vulnerabilities:

        * mysql -- renaming of arbitrary tables by authenticated users
        * mysql -- remote Denial of Service via malformed password packet
        * mysql -- privilege escalation and overwrite of the system table
information

PR:             based on 130025
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document imap-uw -- imap c-client buffer overflow

PR:             130013
Submitted by:   Mark Foster <mark@foster.cc>
Approved by:    maintainer timeout

- Fix a small typo

- Document imap-uw -- local buffer overflow vulnerabilities

PR:             128923
Submitted by:   Mark Foster <mark@foster.cc>
Approved by:    maintainer timeout

- Document libcdaudio -- remote buffer overflow and code execution

- Mark xterm 238 safe

Import latest FreeBSD-SA's so that we are up to date again.

- Document xterm vulnerability.

- Document PHP gd library vulnerability.

- Update awstats entry (also affect www/awstats-devel)

- Fix the affected version of awstats

- Document awstats -- multiple XSS vulnerabilities

PR:             ports/129957
Submitted by:   Eygene Ryabinkin <rea-fbsd _at\ codelabs.ru>
Approved by:    Alex Samorukov (maintainer)
Security:       http://secunia.com/advisories/31519

- Cleanup (fix whitespaces, typos)

- Completely fix CVE-2005-0448

PR:             ports/129301
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

Bump copyright year.

- Document vim -- multiple vulnerabilities in the netrw module

PR:             ports/129137
Submitted by:   Eygene Ryabinkin <rea-fbsd codelabs.ru>

Add vinagre -- format string vulnerability entry.

PR:             ports/129959
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

Document twiki - multiple vulnerabilities

Add entry for roundcube.

Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document mysql -- MyISAM table privileges security bypass vulnerability for
symlinked paths

- Document mplayer -- twinvq processing buffer overflow vulnerability

Reported by:    Thomas Zander <riggs@rrr.de> (mplayer maintainer)

- ampache -- insecure temporary file usage

- Small cleanup for the last cups-base entry
  * CVE-2008-5184 was fixed in 1.3.8.
  * CVE-2008-1722 does not related to anything in this entry;
  * PNG buffer overflow is really CVE-2008-5286.

Reported by:    Eygene Ryabinkin <rea-fbsd@codelabs.ru>
No Cookies for: miwi

- Document opera -- multiple vulnerabilities

- Document mediawiki -- multiple vulnerabilities

- Fix make validate

- document drupal -- Multiple vulnerabilities

- Document mozilla -- multiple vulnerabilities

- Fix a small typo

- Document phpmyadmin -- cross-site request forgery vulnerability

- Document php5 -- potential magic_quotes_gpc vulnerability

Reviewed by:    miwi

- Fix a typo

Reported by:    Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document wireshark --  SMTP Processing Denial of Service Vulnerability

- Document php -- multiple vulnerabilities

- Document mgetty+sendfax -- symlink attack via insecure temporary files

PR:             based on 129471
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document dovecot-managesieve -- Script Name Directory Traversal Vulnerability

PR:             based on 129303
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

Document habari -- Cross-Site Scripting Vulnerability

PR:             129475
Submitted by:   Ayumi M <ayu@dahlia.commun.jp>

- Add 32545 to the latest vlc entry.

- Document vlc -- arbitrary code execution in the RealMedia processor

- S/secunia/Secunia