Note that the fix for gnupg -- OpenPGP symmetric encryption
vulnerability in gnupg is not complete (see entry for details).

Discussed with: nectar
Approved by:    portmgr (blanket, VuXML)

Mark p5-Crypt-OpenPGP, pgp, and pgpin as vulnerable to gnupg --
OpenPGP symmetric encryption vulnerability.

Reminded by:    nectar
Approved by:    portmgr (blanket, VuXML)

Mark latest gdal version as fixed for all tiff vulnerabilities.

Added nbsmtp format string vulnerability.

Approved by:    nectar (mentor)

Mark latest the linux-tiff and pdflib ports safe from latest tiff
vulnerability.

Thanks to lawrance and netchild for fast fixes.

Document sylpheed -- MIME-encoded file name buffer overflow
vulnerability.

Document phpmyadmin -- cross site scripting vulnerability.

Document gnupg -- OpenPGP symmetric encryption vulnerability.

Note: this is mainly a theoretical vulnerability.

Bump entry date.

Forgotten by:   remko
Spotted by:     simon

Document vim -- vulnerabilities in modeline handling: glob, expand.

Discussed with:         nectar, simon

Document that ekg -- insecure temporary file creation was fixed in
1.6r2,1.

Noted by:       Michal Kalkowski

Add pdflib-perl, fractorama, gdal, iv, ivtools, ja-iv, ja-libimg,
paraview to recent libtiff vulnerabilities since they contain (and
compile) an embedded version of libtiff...

Change MAINTAINER address for ports maintained by the Security Team to
secteam@ instead of security@ to make it more clear that the ports are
not maintained by the freebsd-security@ mailing list.  Both addresses
go to the same people.

Document tiff -- buffer overflow vulnerability.

- Misc. markup/whitespace fixes.
- Collapse a few package entries from the latest apache entry (still
  matches same package names, is just shorter markup-wise).
- Use standard topic style for jaberd entry.
- Fix entry date for jaberd entry.

Document jabberd vulnerabilities that were fixed by the latest update.

Approved by:    perky (mentor)

Be consistent and use the same title for the latest ethereal
vulnerabilities as used for previous entries.

Document opera -- image dragging vulnerability and opera -- download
dialog spoofing vulnerability.

Document ethereal -- multiple vulnerabilities.

- Fix apache 2.1 range for CAN-2005-2088 entry which prevents apache 2.0 from
  upgrading.

Pointyhat to:   clement, remko
Reviewed by:    erwin

Mark apache+mod_ssl-1.3.33+2.8.22_1 as not vulnerable in the latest Apache
entry.

There must be an curse. s/il/li/.

Noticed by:     nectar

Update my latest Apache entry to make clear that this only affects certain
installations (when Apache is used as a HTTP proxy in combination with some
web servers). I didn't make that clear in the first commit.

Requested by:           nectar
Discussed with:         clement

Document apache -- http request smuggling.

Requested by:   clement
Glanced at by:  clement

Set modified date in entry for previous commit.

Cluebat swung by:       simon

Note that the fd_set vulnerability in net/bld was fixed in 0.3.3

Prodded by:     garga
Glanced at by:  remko

Document clamav -- multiple remote buffer overflows.

- Document isc-dhcpd -- format string vulnerabilities (older
  vulnerabilty). [1]
- Use standard title format for latest egroupware entry.

Reminded by:    Panagiotis Christias [1]

Add entry for eGroupWare's recent vulnerabilities.

Document denial of service attack in fetchmail 6.5.2.1.

Reported by:    Matthias Andree <matthias.andree@gmx.de>
Reviewed by:    simon

Update phppgadmin entry to note that it was fixed in 3.5.4 and add a
few references while here anyway.

Prodded by:     Tobias Roth (I think :-) )

Document dnrd -- remote buffer and stack overflow vulnerabilities.

Fix typo in last commit

Noticed by:     Matthias Andree <matthias.andree@gmx.de>

Add more references to latest fetchmail entry [1] and sort references
while here anyway.

Submitted by:   Matthias Andree <matthias.andree@gmx.de> [1]

Document an issue with the LDAP backend provided by PowerDNS.

Document fetchmail -- remote root/code injection from malicious POP3
server.

Submitted by:   Matthias Andree <matthias.andree@gmx.de>

o add kdebase (kate) vulnarability.

Reviewed by:    simon

Add CVE names to recent bugzilla entry.

- Document firefox & mozilla -- multiple vulnerabilities.
- Minor style nit in drupal entry: Use port name (i.e. lower case) as
  first part of the title.

Add an entry for the drupal vulnerabilities.

Fixed incorrect newsfetch and mnogosearch affected package versions

Approved by:    nectar (mentor)

Markup fixed version of net-snmp problem.

Correct a typo: s/lemote/remote/

Spotted by:     simon

Document the following vulnerabilities:
phpSysInfo -- cross site scripting vulnerability
mysql-server -- insecure temporary file creation
net-snmp -- fixproc insecure temporary file creation
phpbb -- multiple vulnerabilities
shtool -- insecure temporary file creation

Approved by:            simon

Document phppgadmin -- "formLanguage" local file inclusion vulnerability.

Document pear-XML_RPC -- information disclosure vulnerabilities.

Document ekg -- insecure temporary file creation.

Document bugzilla -- multiple vulnerabilities.

Document nwclient -- multiple vulnerabilities (old issues).

PR:             ports/82101
Submitted by:   niels
Noticed by:     Derik van Zuetphen <dz@426.ch>

Add CAN reference to recent phpbb vulnerability.

Document acroread -- insecure temporary file creation.

Document two calmav vulnerabilities.

- Add FreeBSD-SA-05:16.zlib.
- Fix ranges for recent security advisories, a bunch of <le> really
  should have been <lt>.

Document acroread -- buffer overflow vulnerability.

Document net-snmp -- remote DoS vulnerability.

Document cacti -- multiple vulnerabilities.

Prodded by:     Babak Farrokhi <babak@farrokhi.net>

- Add another reference to bzip2 -- denial of service and permission
  race vulnerabilities.
- Document two cases of wordpress -- multiple vulnerabilities.

Document the following issues:
 - phpbb -- remote PHP code execution vulnerability
 - pear-XML_RPC -- arbitrary remote code execution

Add certvu reference to kernel -- TCP connection stall denial of service
vulnerability.

Add FreeBSD-SA-05:13.ipfw, FreeBSD-SA-05:14.bzip2, and
FreeBSD-SA-05:15.tcp.

Document ethereal -- multiple protocol dissectors vulnerabilities.

Document tor -- information disclosure.

Document linux-realplayer -- RealText parsing heap overflow.

Document ruby -- arbitrary command execution on XMLRPC server.

- net/cacti - potential SQL injection and cross site scripting attacks

Document three opera issues.

Document sudo -- local race condition vulnerability.

Add another reference to the latest tcpdump issue.

- Add entry for trac -- file upload/download vulnerability.
- Improve the last couple of entries a bit:
  - Whilespace cleanup.
  - Use standard topic format (port name first, then description
    starting with lower case).
  - Make sure SpamAssasin entry also match other 3.0.3 port revisions.

- razor-agents DoS vulnerabilities

PR:             ports/82414
Submitted by:   dawnshade <h-k@mail.ru>

Fix year in <discovery> and <entry>.

Noticed by:     nectar
Pointy hat to:  hrs

Document SpamAssassin -- Denial of service vulnerability.

Document squirrelmail -- Several cross site scripting vulnerabilities.

Document acroread -- XML External Entity vulnerability.

Use standard topic format for gzip vulnerability.

Document FreeBSD-SA-05:11.gzip.

Document SA-05:10.tcpdump.

Document two vulnerabilities in Gaim.

Document an older, more serious gallery vulnerability.

Document XSS vulnerabilities in gallery.

Document KDE kstars vulnerability.

Document fd_set overruns reported by 3APA3A.

Document leafnode -- denial of service vulnerability.

Submitted by:   Matthias Andree <matthias.andree@gmx.de>

Document a directory traversal issue in older GForge versions.

Document an authentication bypass vulnerability in imap-uw.

Document squid denial-of-service vulnerabilities.

Document a remote denial-of-service vulnerability in racoon.

Document integer overflows in xli.

Document arbitrary command execution vulnerabilities in xli and
xloadimage.

Add new CVE names for yamt entry.

Correct and improve recent xli entry:
* It actually affected xloadimage and xli
* A slightly better topic than just "buffer overflows"
* More refererences
* Fix the version number for xli... it is still vulnerable as of this
  writing

Correct recently added yamt entry:
* This is not CAN-2004-1302, which was documented much earlier
* Try to explain the issue
* Add the only public reference to the issue I can find

Buffer overflow in xli.

Fix breakage I caused.

Note buffer overflows and directory transversal issues in audio/ymat.

Update entry for FreeStyle Wiki:
* <topic> style: ASCII em-dash "--" for separator
* replace quoted text with more informative excerpt from a Secunia
  advisory
* add CVE name

Document vulnerabilities in XView library.

document a vulnerability in xtrlock

Document vulnerabilities reported in the Red Hat 7.1 libraries.

Document squirrelmail vulnerabilities.