Document insecure temporary file creation in a2ps.

Add more references to two older entries.

Add m odified date to my last commit.

Spotted by:     simon

libxine is also affected by the mplayer vulnerabilities.

Add cvenames.

Document vulnerability in libxine.

Document vulnerability in jabberd1

s/kpdf/kdegraphics

Add ports to xpdf report that come with own xpdf in distfile.

For kdegraphics:
Reported by:    lofi

Remove duplicate word in the latest squid entry.

Noticed by:     josef

Document potentially confusing results results on empty ACL
declarations in squid.

PR:             ports/75403 (part of)
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

Document multiple vulnerabilities in ethereal.

Document a buffer overflow vulnerability in xpdf.

Document phpBB vulnerability that exists on phpBB < 2.0.11

Submitted by:   Kang LIU <liukang bjut edu cn>

Document a vulnerability in acroread.

Document a vulnerability in ecartis.

Document multiple vulnerabilities in mplayer.

Document a heap buffer overflow vulnerability in MIT Kerberos 5.

Document an integer overflow vulnerability in samba.

Corrected typo (blockquote in wrong place).
Approved by:    nectar (implicit)

- Update the corrected version number for recent phpMyAdmin entry to match
  the actual ports version number for phpMyAdmin 2.6.1-rc1.
- Bump modification date for the updated entries.

Updates for the latest PHP entry:
- Correctly match the www/mod_php4 port (it was missing PORTEPOCH).
- Add a few more references.
- Bump modified date.

Correct recent php entry, 4.3.10 and 5.0.3 are fixed.

Fix VID for the last commit.

Multiple vulnerabilities in PHP. From Secunia report.

Added 5 MySQL vulnerabilities
Approved by: nectar (mentor)

Document two vulnerabilities in phpMyAdmin.

Document multiple vulnerabilities in wget.

- Add bugtraqid references to several entries.
- Fix typo in msgid for a samba entry.
- Bump modification date for updated entries.

Document security issue in Konqueror.

Document a NULL pointer dereference vulnerability in mod_access_referer.

Submitted by:   Niels Heinen <niels.heinen@ubizen.com>

Integrate the following vendor patches as published on
http://www.squid-cache.org/Versions/v2/2.5/bugs/:

- a malformed hostname can cause squid to return random data as error messages,
  possibly leaking internal information from former requests (squid bug #1143).
  (This is classified as a minor security issue by the squid developers, so
  maintainer cc'ed security-team@. See VuXML entry.)
- the "httpd_accel_port 0" directive does not work on its own (squid bug #1121)
- fix crashes occuring when using cachemgr's "vm_objects" operation (squid
  bug #1149)

PR:             ports/74859
Submitted by:   maintainer

Document information leakage in viewcvs.

Document a symlink attack vulnerability in cscope.

. Put the topic in the same format all other recent topics have been in for
  the Java plugin vulnerability.
. Note that the diablo-jdk and diablo-jre packages are vulnerable to the
  plugin issue. [1]

Prodded by:     simon [1]

Add cvename to bnc vulnerability.

Document a remote code execution vulnerability in bnc.

Fix grammar nit in ImageMagick entry.

Submitted by:   Daniel Seuffert <DS@praxisvermittlung24.de>

For the Java plugin vulnerability, also match the linux-jdk package
(old name for linux-jdk-sun).

. Note that although linux-sun-jdk13 had one plugin vulnerability fixed
  in 1.3.1.13, it contained another problem.  This is fixed in 1.3.1.14.

Document vulnerability that allows arbitrary command execution in rssh
and scponly.

Approved & reviewed by:    josef (security team)

Document buffer overflows in rockdodger.

Add CVE to zip vulnerability.

Document a long path buffer overflow in zip.

Document signal delivery vulnerability in sudoscript.

Document vulnerability in net/jabberd.

Document vulnerability in net/opendchub.

Based on submission by: Niels Heinen <niels.heinen@ubizen.com>

Add Bugtraq ID for SA-04:16.fetch entry.

Document two vulnerabilities in unarj.

. Mark linux-ibm-jdk as also vulnerable to the Java plugin vulnerability.

. Fix the range and add an additional range for the jdk vulnerability.
. Note that linux-sun-jdk and linux-blackdown-jdk are also vulnerable.

. Fix whitespace.

. Add an entry for the problem in the Java plugin.

Update ruby CGI DoS entry to note that the most recent version in
ports is fixed.  Also remove ruby-static as vulnerable, since it does
not contain cgi.rb.

Document vulnerability in ftp/prozilla.

Submitted by:   Niels Heinen <niels.heinen@ubizen.com>

correct fixed version

Pointed out by: josef

c0a269d5-3d16-11d9-8818-008088034841 and
114d70f3-3d16-11d9-8818-008088034841 are fixed in cyrus-imapd 2.1.17.

Document that the twiki vulnerability is fixed in twiki-20040902.

add Cyrus IMAP Server multiple remote vulnerabilities.

Obtained from:  http://security.e-matters.de/advisories/152004.html

Add CVE reference for the SA-04:16.fetch entry.

Document vulnerability in phpmyadmin.

Add localized versions of gd port to the VuXML entry.

Document SA-04:16.fetch.

Document the buffer overrun vulnerability in samba3
CAN-2004-882

Correct range for xpdf vulnerability, as cups-base got a fixing
update.

The last commit to japanese/samba also fixed the security issue
in samba (CAN-2004-0815)

As discussed with:      NAKAJI Hiroyuki <nakaji@jp.freebsd.org> (maintainer)

Add CVE name to twiki entry.

Noticed by:     josef

Add teTeX-base to affected packages in xpdf's vuxml entry.

Document arbitrary shell command execution in twiki.

Document a format string vulnerability in proxytunnel.

Fix entry date for the ruby entry from the last commit.

- Document at DoS in the Ruby CGI module.
- Document a privilege escalation in sudo.

Add CVE name for gnats issue.

Note (likely) remotely exploitable vulnerability in samba 3.

Submitted by:   Shane Kinney <mod6@freebsdhackers.net>

Document vulnerability in GNATS.

Document a XSS in squirrelmail.

Fix entry date.

Document BNC vulnerability.

Note old hafiye bug.

Submitted by:   Shane Kinney <mod6@freebsdhackers.net>

Fix a format string vulnerability in ez-ipupdate.

Approved by:    se@
Obtained from:  Ulf Harnhammar <Ulf.Harnhammar.9485@student.uu.se>

Document a buffer overflow in ImageMagick's EXIF parser.

Correct recent Apache 2 entry to not match Apache 1.X.

Noticed by:     Dan Langille <dan@langille.org>

Document vulnerability in Apache 2 (CAN-2004-0942).

Update the libxml vulnerability to indicate the fixed version.

Document a format string vulnerability in socat.

Document remote buffers overflow in libxml and libxml2.

The bugs discovered by Chris Evans have been fixed
in linux-gdk-pixbuf.

Reported by:    thierry

Fix pkgnames for mod_include vulnerability.
Thanks to Dan Langille for helping me to track these down.

Document a virus detection evasion in p5-Archive-Zip.

Document mod_include vulnerability in apache and related ports.

Document an insecure temporary file creation in postgresql-contrib.

Bump modified date in the entry for the last commit.

Update latest mpg123 entry to note that the port is fixed in the most
recent port version.

There was a gd 1.X port with portepoch 2 for a while, so let the gd
entry also match that.

Document an integer overflow in the GD Graphics Library.

Correct entry date for the putty entry.

OK'ed by:       josef

Document vulnerability in putty

Reviewed by:    simon

Add an entry for a wzdftpd remote DoS.

Updates to the bogofilter entry:

- Improve information about which versions are vulnerable. [1]
- Add a few more references.

Submitted by:   Matthias Andree <matthias.andree@gmx.de> [1]

Update linux-openmotif to 2.2.4 to fix the security.

http://vuxml.freebsd.org/ef253f8b-0727-11d9-b45d-000c41e2cdad.html

Document rssh format string vulnerability.

Approved by:    nectar