De-confuse latest AWStats entry: rewrite description, and add relevant
references.  There were so many bugs, it was hard to keep them straight
(^_^).

Format the <topic> of the most recent entry so that it is more
consistent with other entries.

Document latest phpbb vulnerabilities.

Discussed with: phpbb maintainer

Add more references to recent putty vulnerability.

The mod_dosevasive port was upgraded.

Nit:
- In most recent `unace' entry, replace HTML entity with the Unicode
  character.  We do not use HTML entities so that a VuXML document may
  be processed without using the DTD.  (We also avoid character entity
  references for more natural grep'ing, sed'ing, and editor searching.)

Corrections:
- An invalid UUID was assigned to a FreeRADIUS vulnerability, and went
  undetected since last October.  (>_<)   Correct it.
- A bnc vulnerability was duplicated.  Cancel the older, less informative
  entry and update the newer entry.

Document unace-1.2b vulnerabilities: buffer overflows, directory traversal.

For the the recent kdelibs entry; note that dcopidlng is only used at
build time.

Reported by:    lofi

Document heap corruption vulnerabilities in putty.

Update affected versions of latest postgresql entry now that the ports
have been fixed.

Document insecure temporary file creation in kdelibs.

Document format string vulnerability in bidwatcher.

Document a directory traversal vulnerability in gftp.

- Document two Opera vulnerabilities.
- Update information about fixed version for Opera with regard to
  "Window Injection" issues (based on release notes for Opera 7.54u2).

Document multiple buffer overflows in postgresql.

Fix entry date for last commit.

Document vulnerabilities in awstats.  Note that this entry will most
likely be updated soon when more information becomes available.

Add a few more references to the awstats entry.

Change affected packages version for the emacs movemail format string
vulnerability since I fixed editors/emacs port by adding a patch
instead of upgrading it to 21.4.

Document DoS in powerdns.

Document format string vulnerability in the Emacs movemail utility.

- Reflect fixing vulnerability in `net/opendchub'
- Print project's name correctly

- Fix a cvename that should have been a certvu.
- Delete trailing white space.
- Fix some nearby formatting while I'm here anyway.

Document two vulnerabilities in ngircd.

Document mod_python information leakage vulnerability.

Document mailman directory traversal vulnerability.

Expand HTML entity reference in latest VuXML entry.

Document enscript-{a4,letter,letterdj} vulnerabilities.

Vulnerability in unrtf is fixed now.

Document privilege escalation vulnerability in postgresql.

Document multiple protocol dissectors vulnerabilities in ethereal.

Add another squid issue.

PR:             ports/76967
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

Add CERT Vulnerability Note reference for one squid issue,
and correct the reference for another one [1].

Reported by:    Thomas-Martin Seck <tmseck@netcologne.de> [1]

Add CVE name for squid confusing empty ACL issue.

Add US-CERT Vulnerability Note references for recent squid issues.

Add missing <code> markups in a citation from PSF-2005-001.

Add an entry for PSF-2005-001,
"SimpleXMLRPCServer.py allows unrestricted traversal"

Update the entry for CAN-2005-0064 to indicate that gpdf 2.8.3 has a fix
for this vulnerability.

Note that perl does not have a suidperl by default.

Note vulnerabilities in perl.

Add Bugtraq ID for evolution issue.

Add CVE name for squid WCCP issue.

Add a <modified> tag to the perl File::Path issue since the affected
versions were changed.

Forgotten by: tobez

Narrow perl File::Path vulnerability version range a bit.

Documented vulnerabilities found in the newspost, newsfetch and newsgrab ports.

http://people.freebsd.org/~niels/issues/newspost-20050114.txt
http://people.freebsd.org/~niels/issues/newsgrab-20050114.txt
http://people.freebsd.org/~niels/issues/newsfetch-20050119.txt

Approved by:    nectar (mentor)

The latest xpdf buffer overflow has been repaired in an update
to pdftohtml.

Submitted by:   erwin

Add CVE names for recent squid vulnerabilities.

squid -- buffer overflow in WCCP recvfrom() call

PR:             ports/76827
Submitted by:   squid maintainer

Mark cups-base as fixed wrt. to "makeFileKey2() buffer overflow
vulnerability".

Document "makeFileKey2()" buffer overflow vulnerability in xpdf (and
programs embedding xpdf).

pdflib has been corrected.

Noticed by:     Hilko Meyer <Hilko.Meyer@gmx.de>

Document a vulnerability in zhcon.

Fix last YAMT entry update to actually make sense... Greater than and
less than are not the same...

Pointy hat to:  simon

Mark latest YAMT port version as fixed.

Document arbitrary code execution vulnerability in evolution.

The previous commit was

Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

Correct the entry date for 4e4bd2c2-6bd5-11d9-9e1e-c296ac722cb3
``squid -- HTTP response splitting cache pollution attack''.

Document a local vulnerability in mod_dosevasive.

Document a possible cache-poisoning issue affecting squid.

Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

Document Bugzilla XSS issue.

Oops, forgot to set <discovery> date.

Document window injection vulnerabilities affecting several web browsers.

Cancel duplicate phpbb entry e8c6ade2-6bcc-11d9-8e6f-000a95bc6fae.  It
was already documented as e3cf89f0-53da-11d9-92b7-ceadd4ac2edd.
Useful references and descriptions were merged.

Noticed by:     simon

Document a vulnerability in YAMT.

Add squid security advisories for two recent squid entries.

Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

squid bug #1200:

        squid -- HTTP response splitting cache pollution attack

PR:             ports/76550
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

Fix typo in last commit.

Document XSS in Horde.

Oops, I accidently changed an <entry> date when I should have
added a <modified> date.

Document vulnerabilities in older versions of Midnight Commander.

Document a race condition in Perl's File::Path module.

Document phpBB vulnerabilities.

Document vulnerabilities in the Opera web browser's Java implementation.

Document that older versions of sudo lack CDPATH environmental variable
handling.

Document vulnerabilities in fcron.

Document vulnerabilities in RealPlayer.

Add CVE name and iDEFENSE advisory references to xzgv issue.

Grr, get the imlib version number right!

Oops, imlib 1.9.15 is still affected.  Adjust version number to reflect
upcoming fix.

Document xpm heap overflows and integer overflows affecting imlib and imlib2.

Document a vulnerability in eGroupWare.

Document Quake II vulnerabilities reported by Richard Stanway.

Add CVE names for konversation bugs.

Document security issue in irc/konversation.

Pointed out by: markus

Correct several instances where the "msgid" attribute content had an
extraneous trailing greater-than character ">", e.g.

   <mlist msgid="some-message@id>">some-url</mlist>

These were probably the result of off-by-one errors during
cut-and-paste.

Eliminate character entity references.  They are technically fine of
course, but I prefer to use the UTF-8 character directly: it makes
grep'ing and the like easier.

Update entries with 12 new CVE name references.

Fix date (was YYYY-MM-DD, now 2005-01-19)

Thanks for Chimera@#bsdports

squid -- no sanity check of usernames in squid_ldap_auth

(My first attempt to update this thing. Hope all goes fine!)

PR:             ports/76364
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

Document remote DoS in CUPS.

Heads-ups by:   Hilko Meyer <hilko.meyer@gmx.de>
Description by: nectar

During last year's bumpercrop of vulnerabilities in libtiff, a 2004 CVE
name was assigned to what was actually a much older (circa March 2002)
denial-of-service issue.  Document it, since occassionally the CVE name
crops up and then I wonder why we missed it.

Document exploitable vulnerabilities in zgv and xzgv.

Document bug in Mozilla-based software that may leave downloaded files
or attachments world-readable.

Add more references to exim entry.

pdflib contains libtiff, and thus is affected by several vulnerabilities
that affected libtiff.

Document remote command execution vulnerability in awstats.

Document security vulnerability in ImageMagick.

Update "cups-base -- HPGL buffer overflow vulnerability" entry to
reflect the fix in the latest port version.

Spelling corrections.

Regarding CUPS lppasswd entry: Add the CVE names for each issue inline
with the excerpt from Bernstein's message.  Note that the third issue
does not effect users of FreeBSD 4.6 or later.