Add an entry for:
  Ruby insecure file permissions in the CGI session management

Document a setgid "games" security issue in xonix.  Based on a VuXML
entry that was

Submitted by:   robert@OpenBSD.org

Correct the version number range affected for ja-samba.
Correct the version number range affected for Mozilla 1.8 alphas.

Problem hinted at by:   eik

Correct the version number range affected for Mozilla 1.8 alphas.

Problem hinted at by:   eik

While I'm here, add a CVE name reference and a couple of other relevant
Bugzilla links.  It is interesting that this security issue was reported
as early as 1999.  Also, replace the text plagiarized from the Secunia
advisory without attribution with a more helpful (maybe?) description of
the issue.

Format string vulnerability in jftpgw.

Informed by:    Robert Nagy <robert@openbsd.org>

Repair broken URL.

Noticed by:     simon

Add two issues covering three KDE advisories:  two temporary file
handling issues, and a KHTML issue.

The last commit should have changed the comparison tag from <le> to <lt>.

Update Gaim vulnerability (5b8f9a02-ec93-11d8-b913-000c41e2cdad) to indicate
that gaim-0.81_1 has a fix for this.

The MSN component of Gaim contains remotely exploitable buffer
overflows.

The Adobe Acrobat Reader can be coerced into executing arbitrary
commands on UNIX systems.

Under certain configurations of POPfile may allow an attacker to
retrieve files from the victim's machine.

Reported by:    Daniel Grund <mail@dgrund.de>

Correct version information syntax in a number of entries.  VuXML-using
tools are expected only to understand actual package names and version
numbers, not globs such as `foo-{bar,baz}' or `1.*'.

give the ImageMagick png vulnerability an own entry

f72ccf7c-e607-11d8-9b0a-000347a4fa7d is a duplicate of
6f955451-ba54-11d8-b88c-000d610a3b12, move references

add a reference for linux-png-1.0.x to 3a408f6f-9c52-11d8-9366-0020ed76ef5a

add ImageMagick to the list of png-vulnerable ports

correct typo

Add an entry for Thunderbird to the libpng vulnerability.

move abe47a5a-e23c-11d8-9b0a-000347a4fa7d to vuxml, add mozilla to the list of
vulnerable ports

move f9e3e60b-e650-11d8-9b0a-000347a4fa7d to vuxml, add mozilla to the list of
vulnerable ports

Mozilla / Firefox user interface spoofing vulnerability

Use & instead of naked &.

Add CVE name and correct URL to iDEFENSE advisory for the SSLtelnet issue.

- add some references
- correctly match samba 3.0
- add ja-samba

Fix an XML tag.

Mark the 2.2.x series of Samba as vulnerable.

Recently announced Samba issue.

fix courier-imap version number

PHP memory_limit and strip_tags() vulnerabilities.

ethereal

move e5e2883d-ceb9-11d8-8898-000d6111a684 to vuln.xml

XSS vulnerability affecting other webmail systems

Add missing mandatory <body> element for SSLtelnet issue.

Add an entry for the SSLtelnet format string vulnerability.

Pavuk HTTP Location header overflow

Move phpnuke vulnerabilities to VuXML.

GNATS local privilege elevation (corrected PORTREVISION)

GNATS local privilege elevation

Whitespace cleanup.

Add SA-04:13.linux

move "phpMyAdmin code injection" to vuxml

- Add phpMyAdmin 2.5.7 vulnerability.

  I hope I got XML right.

Use the equal '=' sign as only the current version was affected.

add a reference to ISC DHCP overflows

Add xorg-clients due to xdm socket vuln.

Move MoinMoin entry to VuXML.

reference cleanup

Fix the previous entry; it had an incorrect port range.

Add an entry for recent isc-dhcp3-server buffer overflows.
Remove the one in portaudit.txt.

Move giFT-FastTrack to VuXML.

Fix an older entry which ends with "buffer overflows vuxml".

Fill in a date on my previous entry.

Move the Gallery entry to VuXML.

www/sitecopy uses the included libneon version 0.24.0

I believe that linux-png-1.2.2 still contains the vulnerability.

Add some references that support this opinion.

- Extend png entry to cover it's linux-png variant

Requested by:   eik

Midnight Commander security vulnerabilities

CAN-2004-0226, CAN-2004-0231, CAN-2004-0232

fixed in mc-4.6.0_10.

add a $FreeBSD$ tag

Add CAN-2004-0541 (buffer overflow in Squid NTLM authentication helper)

Fix for CAN-2004-0097

Forgotten by:   sobomax

Correction: FreeBSD-SA-04:12.jailroute does not apply to 4.7 and older.

Whitespace cleanup

Add FreeBSD-SA-04:12.jailroute.

FreeBSD-SA-04:11

Update modified date for mysql bug after fixing typo.

Requested by:   nectar

Add CVE name for one of the leafnode issues.

Edit the topics to distinguish a bit better between the different
leafnode DoS issues.

Document several issues in leafnode.

Submitted by:    Matthias Andree <matthias.andree@gmx.de>

Fix typo.

Spotted by:     eik

Correct a typo (s/Jon/Joe/)

Add subversion and neon date parsing vulnerabilities.

make tidy

Add an entry for the cvs pserver heap overflow.

Add CVE name and CERT Vulnerability Note references for old Cyrus bug.

make tidy

Forced commit to note that the content of the previous revision was
Reported by:    Ion-Mihai Tetcu <itetcu@apropo.ro>

Add URI handling issue that affects Opera and KDE, at least.

Note that the mysqlbug has been fixed.

Update version number for fspd, now that it has been corrected.

Reported by:    Radim Kolar <hsn@netmag.cz>

&, not |

ProFTPD vulnerability is fixed in
  <http://www.proftpd.org/docs/NEWS-1.2.10rc1>

Submitted by:   Koop Mast <kwm@rainbow-runner.nl>

Add Cyrus IMSPd security release.

Reported by:    eik

Add old Cyrus IMAP server heap buffer overflow.

Reported by:    eik

The security issue of multimedia/xine (insecure temporary file creation in
xine-check, xine-bugreport) has been fixed in 0.9.23_3.

Only one <modified> is allowed per entry.

Correct the discovery date for the proftpd issue.

Oops.  s/2005-05-05/2004-05-05/ :-)

Second-guess Oliver and correct the affected entry for exim
in order to unbreak this file.

exim buffer overflow when verify = header_syntax is used

Add phpBB session table exhaustion issue.

Submitted by:   Xin LI <delphij@frontfree.net>

Add the issues covered in FreeBSD-SA-04:08.heimdal and
FreeBSD-SA-04:09.kadmind.

make tidy

Use PORTVERSION conventions for FreeBSD version numbers, so that
5.2.1-RELEASE-p5 becomes 5.2.1_5 (not 5.2.1p5, as it would have been
previously).

This is necessary because e.g. 5.2p1 > 5.2.1p5 using existing version
comparison tools.

Correct package name for xchat Socks5 vulnerability (xchat -> xchat2).
Note that the issue is fixed in version 2.0.8_2 (thanks marcus!).

Correct the fixed version for lha.

png issue was fixed in png-1.2.5_4

Add a vulnerability in www/pound.

Submitted by:   clement

Add a security-related regression in ftp/proftpd.
Add several security issues in misc/mc.
Add a DoS issue in graphics/png.
Add a security issues in archivers/lha.
Add recent advisories for xine.
Add rsync path traversal issue.

tla is also affected by libneon issue.

PR:             ports/65754
Submitted by:   Frank Ruell <stoerte@dreamwarrior.net>

Additional reference for mysql issue.

Submitted by:   Daniel Harris <dannyboy@FreeBSD.org>

Added CVE name for ident2 issue.
Added the ``new'' TCP DoS issue.
Added phpBB issue. (1)
Added XChat Socks5 issue.

Submitted by:   (1) Frankye - ML <listsucker@ipv5.net>

Add mysqlbug temporary file handling vulnerability.
Add ident2 vulnerability.

make tidy (sorry, I meant to do this in a separate commit)