exim buffer overflow when verify = header_syntax is used

Add phpBB session table exhaustion issue.

Submitted by:   Xin LI <delphij@frontfree.net>

Add the issues covered in FreeBSD-SA-04:08.heimdal and
FreeBSD-SA-04:09.kadmind.

make tidy

Use PORTVERSION conventions for FreeBSD version numbers, so that
5.2.1-RELEASE-p5 becomes 5.2.1_5 (not 5.2.1p5, as it would have been
previously).

This is necessary because e.g. 5.2p1 > 5.2.1p5 using existing version
comparison tools.

Correct package name for xchat Socks5 vulnerability (xchat -> xchat2).
Note that the issue is fixed in version 2.0.8_2 (thanks marcus!).

Correct the fixed version for lha.

png issue was fixed in png-1.2.5_4

Add a vulnerability in www/pound.

Submitted by:   clement

Add a security-related regression in ftp/proftpd.
Add several security issues in misc/mc.
Add a DoS issue in graphics/png.
Add a security issues in archivers/lha.
Add recent advisories for xine.
Add rsync path traversal issue.

tla is also affected by libneon issue.

PR:             ports/65754
Submitted by:   Frank Ruell <stoerte@dreamwarrior.net>

Additional reference for mysql issue.

Submitted by:   Daniel Harris <dannyboy@FreeBSD.org>

Added CVE name for ident2 issue.
Added the ``new'' TCP DoS issue.
Added phpBB issue. (1)
Added XChat Socks5 issue.

Submitted by:   (1) Frankye - ML <listsucker@ipv5.net>

Add mysqlbug temporary file handling vulnerability.
Add ident2 vulnerability.

make tidy (sorry, I meant to do this in a separate commit)

Additional CVE name for recent CVS vulnerability.

Add kdepim vulnerability

Add neon vulnerability
Correct the version range for openh323

Add CVS vulnerabilities.

Document another racoon DoS vulnerability.
Note that racoon was also affected by the tcpdump ISAKMP vulnerability.

make tidy

Add CVE name for racoon DoS vulnerability.

Correct modified date in previous commit:  format is YYYY-MM-DD and
timezone is UTC.

Midnight Commander vulnerability CAN-2003-1023 was fixed in version 4.6.0_9.

make tidy

Add new affected version of gaim.
Add year 2004 FreeBSD security advisories.

Add two racoon issues, one particularly serious.

Add CVE name for oftpd issue.

Add Midnight Commander buffer overflow.

Oops, tidy.xsl should now produce VuXML 1.1 documents on output.

Add VuXML 1.1 DTD
Update document type declaration to VuXML 1.1

make tidy

Add Heimdal cross-realm validation issue.

Correct usage message for tidy.sh.

Submitted by:   Frankye Fattarelli <frankye@ipv5.net>

Add security issue affecting the Courier mail services.

Add isakmpd denial-of-service vulnerability.

Add apache 2 DoS vulnerability that doesn't affect us.  I keep coming
across the CVE name (CAN-2004-0174) and re-researching it.

Add mplayer and tcpdump issues.

Submitted by:   Frankye Fattarelli <frankye@ipv5.net>
Reported by:    Many

Correct a mispelled CVE name.

make tidy

Add a `make tidy' target that will clean up and sort a VuXML
document.  Requires xsltproc.

Fix dates for SA-04:06.ipv6 and phpbb issues (typos).
Add Bugtraq ID and other references for many entries.
Delete duplicate copula.

Submitted by:   Frankye Fattarelli <frankye@ipv5.net>

Add zebra/quagga denial of service vulnerability.

Submitted by:   sumikawa

Correct advisory name for old bind issue.

Add old ecartis issue.
Add FreeBSD-SA-04:06.ipv6.
Correct advisory name for old pine issue.

Add Emil issue.

Fix a botched version number (the package name was erroneously included).
Add another phpbb vulnerability. [1]
Add oftpd denial-of-services. [2]

Submitted by:   Frankye Fattarelli <frankye@ipv5.net> [1]
Reported by:    Shane Kerr <shane@time-travellers.org> (oftpd author) [2]

Add ethereal vulnerabilities.

PR:     ports/64777

Oops, empty <topic> tag.  Fill in for squid ACL bypass issue.

Add squid ACL bypass.
Add xine temporary file handling issue. [1]

Submitted by:   Frankye Fattarelli <frankye@ipv5.net> [1]

Add ezbounce (old) and phpBB (new)

Add xdeview to existing UUDecode issue
Add racoon SA deletion issue.

Add uulib, uudeview issue.

Add SIZE.

Submitted by:   trevor

Add OpenSSL denial-of-service vulnerability.

ModSecurity < 1.7.5

Remove linux-XFree86-libs.

Reminded by:    eik

add russian/apache13*

- restore the healthy mix of marc and securityfocus
- unicodeify Ulf again

Requested by:   nectar

remove vid 3ca8dd7a-6fb3-11d8-873f-0020ed76ef5a, since the unsafe call
to sprintf is made in preparation for outputting a debug message using
OutputDebugString, which is a function from a different operating system.

While I'm here, transform U+C3A4 into ä (or 쎤), since CVS is
bad in handling binary data.

add a modified tag to vid 09d418db-70fd-11d8-873f-0020ed76ef5a

The apache ports have fixes from CVS

canonicalize list urls (mostly bugtraq)

correct typo
correct entry/modification date

Delete duplicated mod_python entry, merging additional information into
previous entry.

le -> lt

add mod_python

The previous commit was in error.  Re-add wu-ftpd+ipv6.

The actual port which was corrected due to IPv6 modifications is
apache+ipv6: remove it.

Reported by:    ache
Doofus:         nectar

Remove wu-ftpd+ipv6.  Due to IPv6 modifications, the bug had been
already corrected.

Submitted by:   sumikawa

Add wu-ftpd `restricted-[ug]id' issue.

Add recent Apache 1.3 and 2.0 issues.

Add mpg123.

Add Adobe Acrobat Reader and GNU Anubis issues.

chronological sort

Add linux-XFree86-libs

Expand tabs.
Add xboing issue.

Christian Weisgerber <naddy@FreeBSD.org> fixed the metamail fix.
Add mod_python DoS issue.

Allow validation without the need to specify which processor to use.
Now just invoke `make validate', and a shell script will be run and try
to use xmllint or nsgmls.

Requested by:   des

Add entries for: hsftp, DarwinStreamingServer, libxml2, lbreakout2,
phpnuke, mailman, and fetchmail.

Note vulnerabilities in phpmyadmin, pwlib, openh323, asterisk.

Add a <modified> tag to the XFree86 issue, and move it up to
it's chronological spot within the file.

I forgot the topic for the metamail issue.

XFree86-Server-4.3.0_14 is the fixed version

Note metamail vulnerabilities.

Correct version for previous entry (mnoGoSearch >= 3.2).

Normalize dates: YYYY-MM-DD, not YYYY/MM/DD.

Note buffer overflow in mnoGoSearch.

Note insecure temporary file/directory handling in libtool.

Reported by:    eik

Update with information garnered from FORBIDDEN tags used in ports
in the accessibility, arabic, archives, astro, audio, benchmarks,
biology, cad, and chinese categories.

Note rsync buffer overflow from December.

Remove `vulnerability-test-port'--- it wasn't supposed to get committed
:-)

Forgot PORTEPOCH for samba 3.x.  While I'm at it, note that our port is
patched.

Note gaim's bumper crop of vulnerabilities.

Note Samba 3.0.x password initialization bug

Note clamav remote denial-of-service.

Note XFree86 server buffer overflows.

Add missing `<p>'s in Apache-SSL entry.

Add VuXML DTDs and the VuXML document for FreeBSD.