squid bug #1200:

        squid -- HTTP response splitting cache pollution attack

PR:             ports/76550
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

Fix typo in last commit.

Document XSS in Horde.

Oops, I accidently changed an <entry> date when I should have
added a <modified> date.

Document vulnerabilities in older versions of Midnight Commander.

Document a race condition in Perl's File::Path module.

Document phpBB vulnerabilities.

Document vulnerabilities in the Opera web browser's Java implementation.

Document that older versions of sudo lack CDPATH environmental variable
handling.

Document vulnerabilities in fcron.

Document vulnerabilities in RealPlayer.

Add CVE name and iDEFENSE advisory references to xzgv issue.

Grr, get the imlib version number right!

Oops, imlib 1.9.15 is still affected.  Adjust version number to reflect
upcoming fix.

Document xpm heap overflows and integer overflows affecting imlib and imlib2.

Document a vulnerability in eGroupWare.

Document Quake II vulnerabilities reported by Richard Stanway.

Add CVE names for konversation bugs.

Document security issue in irc/konversation.

Pointed out by: markus

Correct several instances where the "msgid" attribute content had an
extraneous trailing greater-than character ">", e.g.

   <mlist msgid="some-message@id>">some-url</mlist>

These were probably the result of off-by-one errors during
cut-and-paste.

Eliminate character entity references.  They are technically fine of
course, but I prefer to use the UTF-8 character directly: it makes
grep'ing and the like easier.

Update entries with 12 new CVE name references.

Fix date (was YYYY-MM-DD, now 2005-01-19)

Thanks for Chimera@#bsdports

squid -- no sanity check of usernames in squid_ldap_auth

(My first attempt to update this thing. Hope all goes fine!)

PR:             ports/76364
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

Document remote DoS in CUPS.

Heads-ups by:   Hilko Meyer <hilko.meyer@gmx.de>
Description by: nectar

During last year's bumpercrop of vulnerabilities in libtiff, a 2004 CVE
name was assigned to what was actually a much older (circa March 2002)
denial-of-service issue.  Document it, since occassionally the CVE name
crops up and then I wonder why we missed it.

Document exploitable vulnerabilities in zgv and xzgv.

Document bug in Mozilla-based software that may leave downloaded files
or attachments world-readable.

Add more references to exim entry.

pdflib contains libtiff, and thus is affected by several vulnerabilities
that affected libtiff.

Document remote command execution vulnerability in awstats.

Document security vulnerability in ImageMagick.

Update "cups-base -- HPGL buffer overflow vulnerability" entry to
reflect the fix in the latest port version.

Spelling corrections.

Regarding CUPS lppasswd entry: Add the CVE names for each issue inline
with the excerpt from Bernstein's message.  Note that the third issue
does not effect users of FreeBSD 4.6 or later.

Document two vulnerabilities in CUPS.

Heads up by:    Hilko Meyer <hilko.meyer@gmx.de>

Document mysqlaccess insecure temporary file creation.

Document buffer overflow vulnerability in unrtf.

Correct recent squid entry: WCCP is in fact enabled by default.

Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (squid maintainer)

For mod_access_referer issue:
- Correct spelling.
- `null' in `null pointer' should not be all caps
- Correct the secunia.com URL (it did not identify this particular bug)

Add references to Konqueror password disclosure bug: CVE name, CERT
Vulnerability Note, and KDE security advisory.

Update phpBB command execution entry references:
- Convert some <url>s into the appropriate <certvu> and <uscertta>
  elements.
- Add CVE name
- Add a couple of mailing list posts

For the latest three Squid issues, add references to the Squid bug
tracking database.  Also, rework the description of the empty ACL issue.

Add a better reference and description of the jabberd vulnerability.

Oops, add missing closing tag for Bugtraq ID which I recently added.

Add CVE name for up-imapproxy issue.

Add CVE names to greed buffer overflows issue.  Re-indent <references>
children.

For mpg123 playlist issue, add CVE name, Bugtraq ID, and X-Force
references.  Correct a double slash (`//') in a URL.  Re-ident the
<references> children.

Add a CVE name for VIM modeline handling issue.

Cancel VID 14e8f315-600e-11d9-a9e7-0001020eed82 "tiff -- stripoffsets
integer overflow vulnerability", as it was a subset of VID
3897a2f8-1d57-11d9-bc4a-000c41e2cdad "tiff -- multiple integer
overflows".  This is another case of iDEFENSE ``discovering'' a
vulnerability months after it had already been made public and
corrected.  I've preserved the iDEFENSE advisory reference by moving it
to the older entry, so that someone won't get misled by it again later.

Add CVE name for tnftp mget vulnerability.  Re-indent <references>
children while I'm here.

For recent squid WCCP DoS issue, correct the URL used in <blockquote>
"cite" attribute and <url> content.  It referenced the wrong squid
patch description.

Document Mozilla NNTP handler vulnerability.

- Document a vulnerability in mpg123.
- Add mpg123-nas to an earlier mpg123 entry.
- Make title for exim entry more accurate.
- Fix invalid modification date in latest xpdf entry.

- Integrate vendor patches as published on
  <http://www.squid-cache.org/Versions/v2/2.5/bugs/> for the following
  issues:
  + Prevent a possible denial of service attack via WCCP messages (squid bug
    #1190), classified as security issue by the vendor
  + Fix a buffer overflow in the Gopher to HTML conversion routine (squid bug
    #1189), classified as security issue by the vendor
  + Fix a null pointer access and plug memory leaks in the fake_auth NTLM
    helper (squid bug #1183) (this helper app is not installed by default by
    the port)
  + Stop closing open filedescriptors beyond stdin, stdout and stderr on
    startup (squid bug #1177)

- Unbreak the port on NO_NIS systems (thanks to "Alexander <freebsd AT
  nagilum.de>" for reporting this)

- Document the two security issues in VuXML.

PR:             ports/76173
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)
Approved by:    erwin (mentor)

- Document some older security issues in libxine.
- Cancel VID bef4515b-eaa9-11d8-9440-000347a4fa7d in favor of a more
  complete, new entry.  (A xine security announcement covered the same
  issue and others.)
- Add references to xine security announcements and iDEFENSE
  Security Advisories.

Document HylaFAX authentication bypass vulnerability.

Document xshisen buffer overflows.

Add CERT Vulnerability Note reference for tiff issue.

Bump copyright for 2005.

Mark pdftohtml as vulnerable to recent xpdf vulnerability.

Documented two vulnerabilities in the helvis port

Add CVE names for exim issue.

Document format string vulnerability in dillo.

- Shorten exim entry

Thanks to:      simon

Fix typo in latest tiff entry.

Noticed by:     bmah

Change the behavior of `make newentry' so that it invokes ${EDITOR}
after adding the template, since this is certainly the next required
action. [1]

Fix the error checking: a pipeline was masking some errors, and `set
errexit' was not effective in some other places.

Suggested by:   delphij [1]

Add a target, `newentry', that will insert a VuXML <vuln> template
(including generated VID) to the top of the `vuln.xml' file.  This will
save a little time when adding new entries.

Inspired by:    a patch from simon

- Document that two older tiff vulnerabilities also affects
  linux-tiff. [1]
- Add an extra reference to each of the two entries while I'm here
  anyway.
- In one of the tiff title elements do s/---/--/ for consistency.

Discussed with: nectar [1]
Approved by:    portmgr (implicit, VuXML)

The tnftp port has been updated.

Approved by:    portmgr (implicit, VuXML)

Fix up last commit (tnftp entry):
- Malformed XML
    - mismatched tags (<packages></package>)
    - invalid entity reference &content-type= (ampersand should have
      been replaced with &amp;)
- Replace <range> so that it matches all possible versions for now,
  until a fixed version is available in the ports tree
- <entry> date was in the past

Approved by:    portmgr (implicit, VuXML)
Pointy hat to:  ahze  (hint: make validate)

Document vulnerabilites in tnftp

PR:             ports/75782
Submitted by:   Tom McLaughlin
Approved by:    portmgr (krion)

Document several vulnerabilites in tiff.

Approved by:    portmgr (implicit, VuXML)

Fill in forgotten `cite' attribute value.

Noticed by:     simon
Approved by:    portmgr (implicit, VuXML)

Document a local vulnerability in VIM's modeline handling.

Approved by:    portmgr (implicit, VuXML)

Add a CERT VU reference for the latest Acrobat Reader vulnerability.

Add old package names (acroread4, acroread5) for an older Acrobat Reader
vulnerability.

Approved by:    portmgr (implicit, VuXML)

Document buffer overflow vulnerabilities in pcal.

Approved by:    portmgr (implicit, VuXML)

Add (now deleted) exim-ldap package to latest exim entry.

Approved by:    portmgr (implicit, VuXML)

s/le/lt/ on my last commit. it's "<", not "<=".

Approved by:    portmgr (implicitly)

exim -- two relatively minor security issues

Approved by:    portmgr (implicitly, VuXML)

For the "kdelibs3 -- konqueror FTP command injection vulnerability"
entry: replace references to Debian and KDE bugtracking systems with a
KDE advisory which basically contains the same information but is more
readable.

Approved by:    portmgr (implicit, VuXML)

Document security issues in golddig, greed, mpg123.

Submitted by:   niels
Approved by:    portmgr(implicit, VuXML)

Mark open-motif-2.2.3_1 as fixed with regard to the "xpm -- image
decoding vulnerabilities" entry.

PR:             misc/75726
Submitted by:   Hilko Meyer <hilko.meyer@gmx.de>
Approved by:    portmgr (implicit, VuXML)

- Note that the port update to up-imapproxy 1.2.2 included a patch to
  fix the security vulnerability.
- Mark pop3proxy as vulnerable to the up-imapproxy vulnerability,
  since pop3proxy is derived from up-imapproxy.

Reported by:    mbr
Approved by:    portmgr (implicit, VuXML)

Document vulnerabilities in up-imapproxy.

Approved by:    portmgr (implicit, VuXML)

Add two bugtraq ids to the latest a2ps entry.

Approved by:    portmgr (implicit, VuXML)

Document FTP command injection vulnerability in kdelibs3.

Approved by:    portmgr (implicit, VuXML)

Improve topic for latest phpbb vulnerability to highlight the main
problem (arbitrary command execution).

Prodded by:     remko

Document insecure temporary file creation in a2ps.

Add more references to two older entries.

Add m odified date to my last commit.

Spotted by:     simon

libxine is also affected by the mplayer vulnerabilities.

Add cvenames.

Document vulnerability in libxine.

Document vulnerability in jabberd1

s/kpdf/kdegraphics

Add ports to xpdf report that come with own xpdf in distfile.

For kdegraphics:
Reported by:    lofi

Remove duplicate word in the latest squid entry.

Noticed by:     josef

Document potentially confusing results results on empty ACL
declarations in squid.

PR:             ports/75403 (part of)
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

Document multiple vulnerabilities in ethereal.

Document a buffer overflow vulnerability in xpdf.