Document opera -- URL parsing heap overflow vulnerability.

Approved by:    portmgr (secteam blanket)

Minor correction to last commit; the NVIDIA driver version 1.0.8762
was also affected, so mark it as such.

Approved by:            portmgr (secteam blanket)

Update entry for nvidia-driver -- arbitrary root code execution
vulnerability:

- Add new info about vulnerable versions from NVIDIA.
- Add workaround.
- Add more references.
- Remove suggestion to move to "nv" driver now that we have a simpler
  workaround.

Approved by:            portmgr (secteam blanket)
Parts submitted by:     mnag

Document asterisk -- remote heap overwrite vulnerability

Approved by:            portmgr (VuXML blanket)
Submitted by:           Thomas Sandford
Facilitated by:         Snow B.V.

Some style changes to the plone entry.

Previous commit was also reviewed by myself.

Approved by:            portmgr (Blanket VuXML)
Facilitated by:         Snow B.V.

- Add a entry for www/plone

Approved by:    portmgr (erwin)

Document:
  drupal -- HTML attribute injection
  drupal -- cross site request forgeries
  drupal -- multiple XSS vulnerabilities

Submitted by:   brooks
Reviewed by:    remko
Approved by:    portmgr (erwin)

Document "ingo -- local arbitrary shell command execution"

Submitted by:   thierry
Reviewed by:    remko
Approved by:    portmgr (erwin)

Update php -- _ecalloc Integer Overflow Vulnerability entry with
details from Steffan Essers advisory about the implications of this
issue.  The advisory was not public when this issue was initially
fixed.

Approved by:    portmgr (secteam blanket)

Mark multimedia/win32-codecs as not-vulnerable after the quicktime codecs
were optional. The quicktime codecs are still vulnerable though, but we
rely on the conditional FORBIDDEN statement in the ports Makefile for this.

Approved by:    portmgr (self), secteam (simon)

Document "nvidia-driver -- arbitrary root code execution vulnerability".

Note that I haven't actually had time to make a test system to reproduce
this on FreeBSD, but due to the nature of this issue and that there is a
PoC exploit in the advisory, I'm adding this entry due to "better safe
than sorry"...

Approved by:    portmgr (secteam blanket)

- Mark php open_basedir fixed

Reviewed by:    secteam (simon)
Approved by:    portmgr (secteam blanket)

- clamav -- CHM unpacker and PE rebuilding vulnerabilities

Approved by:    portmgr (mnag with secteam hat)

- Add some references

Reviewed by:    secteam (simon)
Approved by:    portmgr (secteam blanket)

- Document temporary file symlink privilege escalation in tkdiff
- Correct Javier's name spelling in an old advisory

Reviewed by:    secteam (simon)
Approved by:    portmgr (secteam blanket)

- Document multiple remote file inclusion vulnerabilities in vtiger

Reviewed by:    secteam (simon)
Approved by:    portmgr (secteam blanket)

- Document heap overflow in the KML engine in google-earth

Reviewed by:    secteam (simon)
Approved by:    portmgr (implicit)

devel/cscope was fixed in version 15.6 so use lt instead of le.

Submitted by:   joerg
Pointyhat to:   erwin
Approved by:    portmgr (self)

Mark zgv as fixed wrt. "zgv, xzgv -- heap overflow vulnerability".

- Add php-suhosin to edabe438-542f-11db-a5ae-00508d6a62df
  as per original advisory

Discussed with: ale

- Fix python package naming in 6afa87d3-764b-11d9-b0e7-0000e249a0a2

Reported by:    simon

Update versions affected by python -- buffer overrun in repr() for
unicode strings:

- Python 2.5.c2 was already fixed (verified in upstream SVN).
- Python 2.4 port just got the fix.
- I can't find any trace of python23, python22, and python-devel ever
  having existed as package names, so I removed them.
- Add python+ipv6.  I don't really know if it contained the
  problematic unicode code, but better safe than sorry.

Fix whitespace in openssh -- multiple vulnerabilities entry, which I
originally missed.

Update vuxml id 5a39a22e-5478-11db-8f1a-000a48049292
- Fixed in version 1.1.13.8.1

Remove mono-devel and mono-svn from 5a39a22e-5478-11db-8f1a-000a48049292
- These are packages from BSD#'s (my project) development repo.  Don't even
  give the impression that FreeBSD is supporting security updates for an
  outside project.

- Remove an empty url (a typo)

- Document User-Agent XSS Vulnerability in torrentflux

- Document buffer overrun in repr() for unicode strings in python

devel/cscope was fixed in version 15.6

Glanced at by:  remko

- Document _ecalloc Integer Overflow Vulnerability in php5

- Update an old mambo advisory and document its new vulnerabilities

- Add linux-curl to a curl advisory and tweak versions a bit

- Add ja-lynx* to a lynx advisory

- chinese/tin was also vulnerable

- Document buffer overflow vulnerabilities in tin

- Use >0 for unpatched vulnerabilities

Submitted by:   simon

- Document slapd acl selfwrite Security Issue in openldap

- Document "System.CodeDom.Compiler" Insecure Temporary Creation in mono

- Document open_basedir Race Condition Vulnerability in php

- Document NULL byte injection vulnerability in phpbb

- Add references and use earlier discovery date in
fffa9257-3c17-11db-86ab-00123ffe8333

- Add CVE names to 19b17ab4-51e0-11db-a5ae-00508d6a62df

- Document admin section SQL injection in postnuke

- Document LWFN Files Buffer Overflow Vulnerability in freetype

- Document Buffer Overflow Vulnerabilities in cscope

- Document RSA Signature Forgery Vulnerability in gnutls

- Document Search Unspecified XSS in MT

- Update dokuwiki advisories

- Document latest XSRF vulnerabilities in phpmyadmin

- Mark gtetrinet 0.7.10 safe

Document openssh -- multiple vulnerabilities AKA
FreeBSD-SA-06:22.openssh.

- Document multiple vulnerabilities in dokuwiki

- Document multiple vulnerabilities in tikiwiki

- Document NULL byte injection vulnerability in punbb

- Concisify a Secunia report
- Use <gt>0 for an unpatched bug

Suggested by:   simon

- Document (another) Denial of Service Vulnerability in freeciv

- Document Packet Parsing Denial of Service Vulnerability in freeciv

- Document multiple vulnerabilities in plans

- Update the unace advisory

- Document multiple XSS security bugs in eyeOS

- Document restructuredText "csv_table" Information Disclosure in zope

- Document stack-based buffer overflow in libmms

- Document Opera SSL RSA Signature Forgery

Bump modified data which was missed in last commit.

- Mark latest linux-{firefox,seamonkey}-devel safe

Document mozilla -- multiple vulnerabilities.

In the PHP entry, replace mod-php with mod_php [1].

Rewrite the win32-codecs entry to even better explain the vulnerability [2].

Noticed by:             Dan Langille (with FreshPorts.org) [1]
Discussed with:         simon [2]

Try to explain a bit better that users who have the Quicktime plugin
as a browser plugin can be directly affected by the remote code
execution.

Also mention that I changed the entry date in the previous entry
(PHP) which I had forgotten to do yesterday and did not mention
in the previous commit.

Document win32-codecs -- multiple vulnerabilities

Attempt two:

Document php -- multiple vulnerabilities

OK, I do not know WHAT went wrong but it went wrong, revert to the old
situation and i will re-adopt the PHP entry.

Document php -- multiple vulnerabilities

Cancel latest gnutls entry (GNUTLS-SA-2006-3) - it is a false alarm:

http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001208.html

Upgrade drupal-pubcookie to the latest version fixing a security hole
allowing anyone to bypass the authenication system and become an
arbitrary drupal user.

Security:       vid:c0fd7890-4346-11db-89cc-000ae42e9b93

Style neats for the latest gnutls entry.

Reviewed by:    remko

correct the tomcat entry (change the ,5 to _5 since we talk about PORTREVISION
instead of PORTEPOCH) [1]

correct the jdk -- jar directory traversal vulnerability entry, the
FreeBSD Foundation uses different package names [2], [3].

For both entries the modification date was bumped.

Reported by:            Gabor Kovesdan (on #bsdports) [1]
                        David Robillard <david dot robillard at gmail dot com>
[2]
                        Tim Zingelman <zingelman at fnal dot gov>

Document linux-flashplugin7 -- arbitrary code execution vulnerabilities.

Mark jakarta-tomcat5 as fixed since 5.0.30,5 regarding minor XSS issue.

Add an info about GNUTLS-SA-2006-3.

- mailman -- Multiple Vulnerabilities

Bump modification date for last jabber entry change

Noted by:       remko

Fix jabber entry

Document hlstats -- multiple cross site scripting vulnerabilities.

Document gtetrinet -- remote code execution

Bump modified date in the entry changed by garga.

Forgotten by:   garga

net-im/jabber -- Mark the correct versions with fd_set vulnerability, author
fixed the problem on trunk and 2 new releases (1.4.3.1 and 1.4.4.1) is comming
soon

Update the latest FreeBSD-SA entry, ppp got replaced by sppp.
Also implement a suggestion from Simon, mark all versions before
the latest version vulnerable.

Document joomla -- multiple vulnerabilities

Note that I only documented the high level
threats, there are several others which can
be found at the link provided [1]

Reference:      http://www.joomla.org/content/view/1841/78/ [1]

Document FreeBSD-SA-06:18.ppp

Minor whitespace cleanup (we need a blank line every after </entry>
so that we can easily see the different entries).

- Add imp to the previous entry.
- Add some SecurityFocus BIDs too.

Document horde -- Phishing and Cross-Site Scripting Vulnerabilities.

Convert 8 spaces to tab as per the FDP for the latest
entry.

Add entry for globus tmpfile creation bugs.

The lang/f2c port has been updated, update affected versions.

Reviewed by:    simon

Document x11vnc -- authentication bypass vulnerability.

The 1.1111th commit, yay.

Document alsaplayer -- multiple vulnerabilities.

Document postgresql -- encoding based SQL injection.

Reported by:            Radim Kolar <hsn at netmag dot cz>

Bump modified date in the older entry I just corrected.

Spotted by:     simon (again)

Document postgresql -- multiple vulnerabilities.

These are all older vulnerabilities which had not yet been documented
by the Security Team.

Also fix a minor mistake in an older PostgreSQL entry.