As Peter Jeremy points out, the recent lynx vulnerability also concerns
lynx-ssl.

- Document skype vulnerabilities
- Document PHP vulnerabilities
- Convert first letters in titles from upcase to lowercase
  in my last additions.

- Document CVE-2005-3258:
    Squid FTP Server Response Handling Denial of Service

- Document a BASE Basic Analysis and Security Engine vulnerability

Back out the accidentally committed white-space modification parts of
rev.  1.869, but keep the lynx entry.

Pointy hat to:  naddy
OK'ed by:       naddy

Add entry for "fetchmail -- fetchmailconf local password exposure",
which was fixed with fetchmail-6.2.5.2_1 and above.

Document lynx remote buffer overflow in NNTP header handling.

- Fix a ruby vulnerabuility in the safe level settings.

Based on:       ports/87816
Submitted by:   Phil Oleson <oz@nixil.net>

Security:      
http://vuxml.FreeBSD.org/1daea60a-4719-11da-b5c6-0004614cc33d.html

Add more references to entry net-snmp -- remote DoS vulnerability.

- Mark linux-firefox 1.0.7 as fixed
  wrt. 8665ebb9-2237-11da-978e-0001020eed82 (Mozilla/firefox IDN buffer
  overflow) [1].
- Correct some of the the earlier linux-firefox entries to match
  versions before 1.0.7, not after (whoops)...

Prodded by:     Andrew P. <infofarmer@gmail.com> [1]

Add misc/compat5x to "openssl -- potential SSL 2.0 rollback".

Reviewed by:    simon

Also mark xli as vulnerable to xloadimage -- buffer overflows in NIFF
image title handling, and latest port version as fixed.

Reported by:    jkoshy

For entry libgadu -- multiple vulnerabilities:

- Mark latest centericq port version as fixed.
- Fix cite in description.

For entry zope28 -- expose RestructuredText functionality to untrusted
users:

- Do not match zope 2.7.8 which has been fixed. [1]
- Fix typo in topic.
- Add another reference.

Reported by:    Gerhard Schmidt <estartu augusta de> [1]

Add another reference to clamav -- arbitrary code execution and DoS
vulnerabilities entry.

Document x11/xloadimage buffer overflows in NIFF image title handling.

Rename all CAN-yyyy-nnnn to CVE-yyyy-nnnn, with the exception of text
inside <blockquote>s.
See <URL:http://www.cve.mitre.org/cve/renumber.html>.

For entry: snort -- Back Orifice preprocessor buffer overflow vulnerability:
- Sort references.
- Add ISS advisory to references.

- Document snort -- Back Orifice preprocessor buffer overflow vulnerability.
- Use standard topic format for webcalendar entry.
- Fix package name in webcalendar so it matches the actual package
  name.

- Document www/webcalendar vulnerability.

- Document www/gallery2 vulnerability.

Improve last couple of entries:
- Use standard topic format.
- Fix packagename in phpmyadmin and zone entries.
- Fix indention and remove EOL white-space.
- Make lead in a bit more verbose.
- Add more references to phpmyadmin issue.
- Remove some redundant quoted text in zope issue.

Add entry for openssl
Remove entry about safe mode in phpmyadmin

Add entry for phpmyadmin (PMASA-2005-4)

Fix typo with range values

Add entry from zope28

For libxine -- format string vulnerability entry:
- Add reference to xine security announcement.
- Fix indention on a few lines.

Add an entry for libxine format string vulnerability.

Mark older revisions linux_base-suse 9.3 as vulnerable to kdebase --
Kate backup file permission leak.

- Mark cfengine's arbitrary file overwriting vulnerability as fixed in 2.1.6_1
- Add another possible variant of package name - cfengine2

Add an entry for UW-IMAP Mailbox Name Handling Remote Buffer Overflow
Vulnerability (CAN-2005-2933).

Add credit for recent ftp/weex incident

Approved by:    novel (mentor)

rinetd >= 0.62_1 has no more vulnerabilities

Add references to three squid entries.

Submitted by:           Thomas-Martin Seck <tmseck at netcologne dot de>
                        (except for the bid's which i added myself).

Use the <freebsdpr> tag to markup a PR in weex -- remote format string
vulnerability entry.

Document a format string vulnerability in ftp/weex.

Document picasm -- buffer overflow vulnerability.

Add an URL to the entry of the japanese/uim.

Document japanese/uim privilege escalation vulnerability.

Document cfengine -- arbitrary file overwriting vulnerability.

Mark zsync <= 0.4.1 vulnerable to the zlib buffer overflow vulnerability.

Inspired by:            gordon's commit

Add more references to unace -- multiple vulnerabilities entry.

Add CVE name to an older ProZilla entry.

Add more references for latest phpmyfaq entry.

- Add a note that new entries, per convention, should be added to the
  start of this file.

For latest phpmyfaq entry:

- Use port directory name as first part of topic.
- No need to include information about affected releases in topic
  (it's somewhat redundant and makes the title longer).
- Reindent body with standard FreeBSD Doc Project (more or less)
  style.

Document vulnerabilities in www/phpmyfaq

Add linux_base-suse-9.3 to the zlib entry.

Inspired by:            trevors commit.

Document clamav -- arbitrary code execution and DoS vulnerabilities.

- Be consistent and call entries "firefox & mozilla", not the other way
  around.
- Mark latest linux-mozilla port as fixed for recent mozilla
  vulnerabilities.

- Document mozilla & firefox -- multiple vulnerabilities.
- Add Mozilla Foundation Security Advisory references to two other
  firefox/mozilla entries.

Add real references to urban -- stack overflow vulnerabilities.

Document mozilla & firefox -- command line URL shell command injection.

Add CVE name for tor -- diffie-hellman handshake flaw.

Correct package name for entry bind -- buffer overrun vulnerability.

Add CVE name to an older CUPS issue.

Fix the htdig entry, the port version and the VuXML version did not
align.

Reported by:            Nic Bellamy <nic at bellamy dot co dot nz>

Fix the squirrelmail entry since only versions prior to 1.4.5 were
affected. Bump modification date accordingly.

Reported by:            Avinash Piare <avinash at piare dot org>

Document the following items:

o apache -- Certificate Revocation List (CRL) off-by-one vulnerability
o squirrelmail -- _$POST variable handling allows for various attacks

Reviewed by:            simon

- Add an entry on possible DOS condition regarding NTLM in squid

PR:             ports/86179
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

Document X11 server -- pixmap allocation vulnerability.

Reviewed by:    simon

Document unzip -- permission race vulnerability. [1]

Update the recent htdig entry with it's corrected version.

Reviewed by:            simon [1]

Document firefox & mozilla -- buffer overflow vulnerability.

Prodded by:     pav

Mark the latest version of cups-base fixed for "xpdf -- disk fill DoS
vulnerability"

Add forgotten </package> line.

Spotted by:             simon

Mark b2evolution prior to 0.9.0.12_2 vulnerable to the XML_RPC remote php code
injection vulnerability.

Inspired by:            pav's commit, updating the port.

Document htdig -- cross site scripting vulnerability.

Reviewed by:    simon

- Document two squid security related issues.

PR:             ports/85688
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (squid maintainer)

Document bind9 -- denial of service.
Also merge the FreeBSD-SA-05:12.bind9 advisory in the entry. [1]

Suggested by:           simon [1]
Reviewed by:            simon

Document bind -- buffer overrun vulnerability

Add a more or less bogus reference section to the last entry, to make it
a valid entry.  The reference simply references the VuXML entry itself,
but at least it fixes the build for now.

Missed by:      simon

Document stack overflow vulnerabilities in games/urban.

Approved by:    simon

Mark latest evolution port version as fixed wrt. evolution -- remote
format string vulnerabilities.

Add entry for fswiki's vuln.

Dante 1.1.15 is no longer affected by the fd_set bitmap index overflow.
Updated the version in VuXML (was 0).

Approved by:    nectar (mentor)

- Fill out part of the std. VuXML template missed in the last entry.
- Mark acroread 7.0.1 as fixed for acroread -- XML External Entity
  vulnerability. [1]

Reported by:    Sverre H. Huseby [1]

Document evolution -- remote format string vulnerabilities.

Approved by:    portmgr (blanket, VuXML)

Document pam_ldap -- authentication bypass vulnerability.

Approved by:    portmgr (blanket, VuXML)

Mark phpgroupware as vulnerable to pear-XML_RPC -- remote PHP code
injection vulnerability.

Reported by:    olgeni
Approved by:    portmgr (blanket, VuXML)

Document pcre -- regular expression buffer overflow.

Approved by:    portmgr (blanket, VuXML)

Mark latest awstats port as fixed for awstats -- arbitrary code
execution vulnerability.

Approved by:    portmgr (blanket, VuXML)

Document mail/elm remote buffer overflow vulnerability.

PR:             ports/85225
Submitted by:   Kevin Day <toasty@dragondata.com> (elm maintainer)
Approved by:    portmgr (blanket, VuXML)

Document four vulnerabilities in openvpn:

* openvpn -- multiple TCP clients connecting with the same certificate at the
same time can crash the server
* openvpn -- denial of service: malicious authenticated "tap" client
can deplete server virtual memory
* openvpn -- denial of service: undecryptable packet from authorized client can
disconnect unrelated clients
* openvpn -- denial of service: client certificate validation can disconnect
unrelated clients

Approved by:    portsmgr (blanket VuXML)
Submitted by:   Matthias Andree <matthias dot andree at gmx dot de>

Also mark phpAdsNew as affected by "pear-XML_RPC -- remote PHP code
injection vulnerability".

Approved by:    portmgr (blanket, VuXML)

Add the fixed version so that people do not get a stale portaudit when the
update is there.
Also fix some indentation that i overlooked.

Noticed by:             simon (both of the items)
Approved by:            portsmgr (blanket VuXML)

Document tor -- diffie-hellman handshake flaw.

Submitted by:           Michal Bartkowiak <michal at nonspace dot net>
Approved by:            portsmgr (blanket VuXML)

gpdf has been fixed for "xpdf -- disk fill DoS vulnerability", mark it
as such.

Approved by:    portmgr (blanket, VuXML)

Add eGroupWare to the list of packages affected by "pear-XML_RPC --
remote PHP code injection vulnerability".

Approved by:    portmgr (blanket, VuXML)

Document acroread -- plug-in buffer overflow vulnerability.

Approved by:    portmgr (blanket, VuXML)

Add phpmyfaq and drupal to the "pear-XML_RPC -- remote PHP code
injection vulnerability" entry since they contain an embedded version of
pear-XML_RPC.

Fix typo in body of the latest xpdf entry (note: no modified date bump
as this is a minor typo fix which does change <affects>).

Approved by:    portmgr (blanket, VuXML)

Document pear-XML_RPC -- remote PHP code injection vulnerability.

Submitted by:   hrs
Approved by:    portmgr (blanket, VuXML)

Document awstats -- arbitrary code execution vulnerability.

Approved by:    portmgr (blanket, VuXML)

After further examination it turns out that gnugadu does not include
libgadu, at least not any in any current version, and from looking at
the gnugadu code there is no direct indication that this code should
actually be vulnerable to the other libgadu vulnerabilities. [1]

The gaim part of libgadu -- multiple vulnerabilities was fixed in
1.4.0_1. [2]

Polish translation clue:        pjd [1]
General clue by:                markus [2]
Not enough checking:            simon
Approved by:                    portmgr (blanket, VuXML)

Remove pl-gnugadu2 and kadu from being affected by libgadu -- multiple
vulnerabilities, since it turns out that they use libgadu from the ekg
port.

Approved by:    portmgr (blanket, VuXML)

Document libgadu -- multiple vulnerabilities.

Approved by:    portmgr (blanket, VuXML)

Document gaim -- AIM/ICQ away message buffer overflow and gaim --
AIM/ICQ non-UTF-8 filename crash.

Approved by:    portmgr (blanket, VuXML)

Remove pdftohtml from the list of packages affected by xpdf -- disk
fill DoS vulnerability, since it includes xpdf 2, which should not be
affected.

Approved by:    portmgr (blanket, VuXML)

Document xpdf -- disk fill DoS vulnerability.

Approved by:    portmgr (blanket, VuXML)

Mark apache 1.3.33_2 as fixed for apache -- http request smuggling.

Approved by:    portmgr (blanket, VuXML)

Document gforge -- XSS and email flood vulnerabilities.

Approved by:    portmgr (blanket, VuXML)

Document postnuke -- multiple vulnerabilities.

Approved by:    portmgr (blanket, VuXML)