Document nfs -- remote denial of service (FreeBSD: SA-06:10)

Approved by:    portmgr (blanket VuXML)

Add OpenSSH Remote Denial of Service (FreeBSD SA-06:09.openssh) to the
vuxml list.

Approved by:    portmgr (Blanket VuXML)

Correct the gpg entry wrt. style.

Approved by:            portmgr (Blanket VuXML)

Update to 1.4.2.2.

Security:       GnuPG does not detect injection of unsigned data
References:    
http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
Probbed by:     simon
Approved by:    portmgr (erwin)

Document multimedia/mplayer's heap overflow in the ASF demuxer

Reviewed by:    simon
Approved by:    portmgr (implicit), security-officer (simon)

Add the ssh2-nox11 slave port to the list of ports affected by
VID 594ad3c5-a39b-11da-926c-0800209adf0e.

Prodded by:     Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
Approved by:    portmgr (erwin)

Document a SSH.COM SFTP server format string vulnerability affecting
the security/ssh2 port.

Approved by:    portmgr (erwin)

Document GNU tar invalid headers buffer overflow.

Approved by:    portmgr (erwin)

Remove the pinentry entry.  It was gentoo specific and I overlooked
that.

Noticed by:     Dejan Lesjak <dejan dot lesjak at ijs dot si>
Pointyhat:      remko
Approved by:    portmgr (implicit VuXML)

Document Bugzilla [2.*, 2.20.1) vulnerabilities.

Approved by:    security-officer (simon)
Approved by:    portmgr (implicit)

Document squirrelmail (< 1.4.6) vulnerabilities:
        CVE-2006-0377 (IMAP injection)
        CVE-2006-0195 (XSS)
        CVE-2006-0188 (XSS)

Approved by:    security-officer (simon)
Approved by:    portmgr (implicit)

Remove the latest squid entry, it already existed.

Noticed by:     Thomas-Martin Seck <tmseck at netcologne dot de>

Document gedit -- format string vulnerability.

Add koffice to the RTF import issue.

Documenet WebCalendar -- unauthorized access vulnerability.

Document abiword -- stack based buffer overflow vulnerabilities.

Document pinentry -- local privilege escalation.
Correct previous entry (the entry time was invalid).

Document squid -- dns lookup spoofing.

Document postgresql81-server -- SET ROLE privilege escalation.

Document gnupg -- false positive signature verification.

Document rssh -- privilege escalation vulnerability.
The port will be marked forbidden due to possible
root access.

Document tor -- malicious tor server can locate a hidden service.

Document sudo -- arbitrary command execution.

Document libtomcrypt -- weak signature scheme with ECC keys.

Document mantis -- "view_filters_page.php" cross site scripting vulnerability.

Document phpbb -- multiple vulnerabilities.

Reviewed by:    simon

Document postgresql -- character conversion and tsearch2 vulnerabilities.

Document heartbeat -- insecure temporary file creation vulnerability.

Document kpdf -- heap based buffer overflow

Document perl, webmin, usermin -- perl format string integer wrap vulnerability

PR:             ports/91202
Submitted by:   KOMATSU Shinichiro <koma2 at lovepeers dot org>
                (slightly modified).

Document phpicalendar -- cross site scripting vulnerability and
document phpicalendar -- file disclosure vulnerability [1].

Reviewed by:            simon [1]
Spotted on:             cvs-ports@ [1]

Document FreeBSD -- Infinite loop in SACK handling (FreeBSD SA 06.08)

Document pf -- IP fragment handling panic, FreeBSD SA 06.07

Document FreeBSD -- Local kernel memory disclosure
(FreeBSD SA 06.07).

Document IEEE 802.11 -- buffer overflow (FreeBSD SA 06.05).

Add FreeBSD SA 06.04.ipfw to the vuln.xml list.

Mark ivtools 1.2.3 as fixed for jpeg vulnerabilities.  Note that this
version is not yet in ports, but marking the new version fixed now
make porting a bit simpler.

Document kpopup -- local root exploit and local denial of service.

PR:             ports/92359
Submitted by:   Ion-Mihai "IOnut" Tetcu <itetcu@people.tecnik93.com>

Oops.  Forgot to modify the discovery date.

Spotted by:     simon (again)

Add 4 FreeBSD advisories to the VuXML database.
The other recently released advisories will be
added later today.

o SA-06:03.cpio
o SA-06:02.ee
o SA-06:01.texindex
o SA-05:20.cvsbug

SHA256ify

Approved by: krion@

Document local root exploit in SGE.

Document "fetchmail -- crash when bouncing a message" DOS vulnerability.

Reviewed by:    secteam (simon)

- Update description and references for "clamav -- possible heap
  overflow in the UPX code" now that more information is available.
- Remove some EOL whitespace.

Add an entry for clamav/clamav-devel

Reviewed by:    simon (secteam)

Document milter-bogom -- headerless message crash.

Reported by:    Victor Balada Diaz <victor@bsdes.net>

Mark latest bnc version as fixed wrt. to "fd_set -- bitmap index
overflow in multiple applications".

Reported by:    Christian Elmerot <Chreo At chreo , net>

Document two bogofilter vulnerabilities.

Submitted by:   Matthias Andree <matthias.andree@gmx.de>

Add an entry for rxvt-unicode < 6.3: root privileges were not restored
before the call to openpty(), so the permissions on the pty device node
remain root:wheel 666 after opening a new terminal.

Discovered by:  Ryan Beasley <ryanb (at) rainbowdevilsland.co.uk>

  `ru-apache' and `ru-apache+mod_ssl' was patchet against CAN-2005-3352
 
(http://www.FreeBSD.org/ports/portaudit/9fff8dc8-7aa7-11da-bf72-00123f589060.html)

  Yes, changes are validated with xmllint at this time.

Correct a little typo.

Document apache -- mod_imap cross-site scripting flaw.

I expanded the diff from the PR a bit to denote other
affected apache ports as well.  Therefor mistakes in
that should be redirected to me.

Also bump the copyright year for the vuxml file.

PR:                     ports/91157 (based on)
Submitted by:           KOMATSU Shinichiro <koma2 at lovepeers dot org>

Fix the affected versions of 9b4facec-6761-11da-99f6-00123ffe8333.

PR:             ports/91156
Submitted by:   KOMATSU Shinichiro (koma2 at lovepeers dot org)

Add missing "</package>" tag from rev. 1.917, which caused the file to
be invalid XML and in turn caused the portaudit database to be only
partially built.

Bump modification date of all entries which had modification date on
the 23'rd to make sure VuXML consumers catch the updates.

Portaudit problem reported by:  Peter Vohmann
Pointy hat to:                  lev

  russian/apache13 and russian/apache13-modssl were updated and new version
doesn't
contain any known vulnerabilities.

Bump modification date for entries touched by last commit.

Update the phpSysInfo entries, PR ports/90849 will solve the documented
issues.

Requested by:           Babak Farrokhi <babak at farrokhi dot net>

Fix another typo in my nbd entry.

Spotted by:             Linus Nordberg <linus at nordberg dot se>

Correct a typo.

Submitted by:           Linus Nordberg <linus at nordberg dot se>

Update the affected range.

Prodded by:     erwin

The previous entry should have read:
Document ndb-server -- buffer overflow vulnerability

:

- Register scponly-4.1 vulnerabilities

PR:             ports/90813
Submitted by:   maintainer
Security:      
https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html

Correct the recent horde entries as per the FDP
(made the entries max 72 chars wide).

Document fetchmail vulnerability:
http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt (CVE-2005-4348)

Reviewed by:    secteam (simon@)

Document the following mantis vulnerabilities:

o "t_core_path" file inclusion vulnerability
o "view_filters_page.php" cross-site scripting vulnerability

- Add entries for several XSS vulnerabilities in Horde, Kronolith, Nag
  Turba and Mnemo;

- Fix a typo in the previous Horde entry.

Add curl -- URL buffer overflow vulnerability

Reviewed by:    simon

Add phpmyadmin -- register_globals emulation "import_blacklist" manipulation
Add phpmyadmin -- XSS vulnerabilities

Add ffmpeg -- libavcodec buffer overflow vulnerability

Reviewed by:    simon

Add trac -- search module SQL injection vulnerability

Reviewed by:    simon

Add drupal -- multiple vulnerabilities

Reviewed by:    simon

Document opera -- multiple vulnerabilities.

Document opera -- command line URL shell command injection.

Add entry to www/mambo

Reviewed by:    simon

Backup rev 1.9 which should not have been committed since it was just my
local hack.

Note to self: Do not commit before having at least two cups of coffee.

Pointy hat to:  simon

Mark flyspar 0.9.8 as fixed wrt. "flyspray -- cross-site scripting
vulnerabilities" since our port version of 0.9.8 includes update1 which
fixes the issue.

Reported by:    Volodymyr Kostyrko via pav

Change topic zope28 to zope (www/zope affected too)
Add <cvename> to zope entry
Change CAN-XXXX-XXXX to CVE-XXXX-XXXX

Reviewed by:    simon

Security fix: several shell scripts included in the Ghostscript package
allow local users to overwrite files via a symlink attack on temporary
files.

Security: CAN-2004-0967

Forced commit to notice that I also added some references to the
latest horde entry.

Standarize the horde -- Cross site scripting vulnerabilities in MIME
viewers entry as per the FDP-primer and the vuxml layout (topic).

Also correct the qpopper vulnerability to match 4.0 and above since
the 2.x range is listed as affected at the moment but has an entirely
different base.  After checking it appears that the information all
point to >= 4.0. [1]

Noticed by:     ache [1]

Add an entry for cross site scripting vulnerabilities in Horde's MIME
viewers.

phpmyadmin -- HTTP Response Splitting vulnerability

Reviewed by:    simon

Add CVE name to an old sudo entry.

Update latest phpSysInfo entry to reflect that 2.4 was in fact not fixed
(or rather, had an incorrect "fix").

Reported by:    Christopher Kunz (advisory author)
Security:       http://www.hardened-php.net/advisory_222005.81.html

- Micromedia -> Macromedia
- Standard FDP primer documentation rules apply
- Two dots fixed

Noted by:       remko

- Document phpSysInfo vulnerability

- Document flashplugin vulnerability

- Document p5-Mail-SpamAssassin vulnerabily (alread fixed in ports)
- Document flyspray cross-site scripting vulnerabilities

Update the recent gallery2 and webcalendar entries:

o Add a better topic (description)
o Reword the webcalendar entry to have some more usefull data
o Add references (bid's and CVE names).

Document qpopper -- multiple privilege escalation vulnerabilities.

Note that the current version is not affected anymore.

- Add missed </p> tag [1]
- Modify 594eb447-e398-11d9-a8bd-000cf18bbe54 entry:
  ruby 1.6.x is not affected this vulnerability,
  it have no XMLRPC support.

Pointy hat to:  simon [1]

Add a bit more info from the PEAR advisory about the vulnerability to
make the scope of the vulnerability a bit more clear.

Disussed with:  thierry

The two latest OpenVPN vulnerabilities were both only for 2.0 and
newer, so mark the correctly as such.

Submitted by:   Matthias Andree <matthias.andree@gmx.de>

Add an entry for pear-PEAR arbitrary code execution vulnerability.

Correct skype entry to match the correct fixed port version number.

Noted by:       Stefan Lambrev, cheffo FreeBSD-BG org

Document two OpenVPN vulnerabilities.

Submitted by:   Matthias Andree <matthias.andree@gmx.de>

As Peter Jeremy points out, the recent lynx vulnerability also concerns
lynx-ssl.

- Document skype vulnerabilities
- Document PHP vulnerabilities
- Convert first letters in titles from upcase to lowercase
  in my last additions.

- Document CVE-2005-3258:
    Squid FTP Server Response Handling Denial of Service