Note CUPS printer queue browser denial-of-service.

Approved by:    portmgr

Note Apache 2 IPv6 address parsing bug.

Approved by:    portmgr

Note new libXpm vulnerabilities.

Approved by:    portmgr

I appear to have deleted a line at the last minute.  Restore it.

Approved by:    portmgr

Add mod_dav denial-of-service issue.

Approved by:    portmgr

Oops, forgot to note that the previous issue affects only the Apache 2.x
series.

Approved by:    portmgr

Add Apache 2 vulnerability concerning environmental variables in
configuration files.

Approved by:    portmgr

Repair three <freebsdpr> elements.  The content of these elements
must be e.g. "ports/46613", not just "46613".

Reported by:    Matthew Seaman <m.seaman@infracaninophile.co.uk>
Approved by:    portmgr

Note that some versions of OpenOffice have been corrected.

Approved by:    portmgr

Fix botched date entry and correct iDefense URL.

Approved by:    portmgr

Really add Samba 3 vulnerability.
Remove incorrect URL in mpg123 entry.

Approved by:    portmgr
URL noticed:    nectar

Correct version.  Note my last commit here was for mpg123 instead of
samba3.

Noticed by:     nectar
Approved by:    portmgr

- There is a WITHOUT_X11 version of ImageMagick that needs to be
  taken into account.
- Fix transposed characters in `isakmpd'.

Noticed by:     Dan Langille <dan@langille.org>

- Add CVE name reference for ImageMagick.
- Add webmin temporary file handling issue.
- Add OpenOffice temporary file handling issue.
- Widen the `KDE frame injection' issue to cover Mozilla, Firebird,
  Netscape, and Opera as well
- Add Mozilla/Firebird/Netscape SOAPParameter vulnerability
- Add Mozilla/Thunderbird/Netscape POP client vulnerability

Approved by:    portmgr

Update for recent Samba3 vulnerabilities.

Approved by:    portmgr

Adjust the affected version for imlib now that the 2nd instance of BMP
loader has been corrected.

The recent commit to the krb5 port brought the version to 1.3.4_1 but
did not correct one of the existing vulnerabilities.  Update the
affected range to compensate.

Note recent MIT Kerberos 5 vulnerabilities.

Document imlib2 BMP decoder bug.

Document BMP decoder bugs in imlib1 and ImageMagick.

Correct bogus date in mysql entry. (It should be YYYY-MM-DD, not
DD-MM-YYYY.)

Reported by:    robert@openbsd.org

Add more references (particularly CVE names) for issues affecting
SpamAssassin, tnftpd, ruby, mysql.

Place text taken from another source inside <blockquote cite="...">
for ruby issue.

correct/add some references

Document NSS SSLv2 server buffer overflow (already referenced in
portaudit.txt).

Document ripMIME decoding bug (already referenced in portaudit.txt).

Remove <modified/> from the gnomevfs vulnerability since it was the same
as <entry/> and it needed to be last anyway.

Suggested by:   nectar

Update the gnomevfs entry to reflect the fixed versions.

Add entry for moinmoin ACL bypass.

Note sanitize_path bug in rsync (already referenced in portaudit.txt).

Unsafe URI handling in gnome-vfs, MidnightCommander.

Document buffer overflows in SoX (already referenced in portaudit.txt).

Document cookie bug in Konqueror (already referenced in portaudit.txt).

- Fix "make validate" problem when textproc/xhtml-basic is
  installed by adding an SGML declaration and DTDDECL.
- Remove the --catalogs option for xmllint(1) in validate.sh.

Approved by:    nectar (maintainer)
PR:             ports/63035

Place port name in the description.

Suggested by:   eik

Add libxine vcd URL handling issue.

Add DoS in SpamAssassin.

Add <modified> date for previous commit.

fidogate-ds was also affected by the ``write files as `news' user''
issue.

Off-by-one error in courier-imap entry.

Noticed by:     oliver

Add a more useful reference for the Qt issue.

Add Qt heap overflow issue.

Add a security issue affected courier-imap when run with certain debug
flags.

Add fidogate issue.

Add an issue covering a vulnerability in mysqlhotcopy.

Reported by:    robert@openbsd.org

Cancel a VuXML entry for an Apache vulnerability that does not affect
FreeBSD.

Reminded by:    recent conversations :-)

cancelled 6fd9a1e9-efd3-11d8-9837-000c41e2cdad: does not affect FreeBSD
  <http://docs.FreeBSD.org/cgi/mid.cgi?20040817123651.GB930>

Add a pointer to Przemyslaw Frasunek's advisory.

For the lukemftpd/tnftpd issue, add a reference to NetBSD security
advisory now that it is available.

Note a vulnerability in lukemftpd/tnftpd.

multiple CVS vulnerabilities

Correct the version numbers and dates in the last entry.

Add an entry for:
  Ruby insecure file permissions in the CGI session management

Document a setgid "games" security issue in xonix.  Based on a VuXML
entry that was

Submitted by:   robert@OpenBSD.org

Correct the version number range affected for ja-samba.
Correct the version number range affected for Mozilla 1.8 alphas.

Problem hinted at by:   eik

Correct the version number range affected for Mozilla 1.8 alphas.

Problem hinted at by:   eik

While I'm here, add a CVE name reference and a couple of other relevant
Bugzilla links.  It is interesting that this security issue was reported
as early as 1999.  Also, replace the text plagiarized from the Secunia
advisory without attribution with a more helpful (maybe?) description of
the issue.

Format string vulnerability in jftpgw.

Informed by:    Robert Nagy <robert@openbsd.org>

Repair broken URL.

Noticed by:     simon

Add two issues covering three KDE advisories:  two temporary file
handling issues, and a KHTML issue.

The last commit should have changed the comparison tag from <le> to <lt>.

Update Gaim vulnerability (5b8f9a02-ec93-11d8-b913-000c41e2cdad) to indicate
that gaim-0.81_1 has a fix for this.

The MSN component of Gaim contains remotely exploitable buffer
overflows.

The Adobe Acrobat Reader can be coerced into executing arbitrary
commands on UNIX systems.

Under certain configurations of POPfile may allow an attacker to
retrieve files from the victim's machine.

Reported by:    Daniel Grund <mail@dgrund.de>

Correct version information syntax in a number of entries.  VuXML-using
tools are expected only to understand actual package names and version
numbers, not globs such as `foo-{bar,baz}' or `1.*'.

give the ImageMagick png vulnerability an own entry

f72ccf7c-e607-11d8-9b0a-000347a4fa7d is a duplicate of
6f955451-ba54-11d8-b88c-000d610a3b12, move references

add a reference for linux-png-1.0.x to 3a408f6f-9c52-11d8-9366-0020ed76ef5a

add ImageMagick to the list of png-vulnerable ports

correct typo

Add an entry for Thunderbird to the libpng vulnerability.

move abe47a5a-e23c-11d8-9b0a-000347a4fa7d to vuxml, add mozilla to the list of
vulnerable ports

move f9e3e60b-e650-11d8-9b0a-000347a4fa7d to vuxml, add mozilla to the list of
vulnerable ports

Mozilla / Firefox user interface spoofing vulnerability

Use & instead of naked &.

Add CVE name and correct URL to iDEFENSE advisory for the SSLtelnet issue.

- add some references
- correctly match samba 3.0
- add ja-samba

Fix an XML tag.

Mark the 2.2.x series of Samba as vulnerable.

Recently announced Samba issue.

fix courier-imap version number

PHP memory_limit and strip_tags() vulnerabilities.

ethereal

move e5e2883d-ceb9-11d8-8898-000d6111a684 to vuln.xml

XSS vulnerability affecting other webmail systems

Add missing mandatory <body> element for SSLtelnet issue.

Add an entry for the SSLtelnet format string vulnerability.

Pavuk HTTP Location header overflow

Move phpnuke vulnerabilities to VuXML.

GNATS local privilege elevation (corrected PORTREVISION)

GNATS local privilege elevation

Whitespace cleanup.

Add SA-04:13.linux

move "phpMyAdmin code injection" to vuxml

- Add phpMyAdmin 2.5.7 vulnerability.

  I hope I got XML right.

Use the equal '=' sign as only the current version was affected.

add a reference to ISC DHCP overflows

Add xorg-clients due to xdm socket vuln.

Move MoinMoin entry to VuXML.

reference cleanup

Fix the previous entry; it had an incorrect port range.

Add an entry for recent isc-dhcp3-server buffer overflows.
Remove the one in portaudit.txt.