07:57 flo 

document phpmyfaq remote PHP code injection vulnerability

17:45 rene 

Mention vulnerabilities in www/chromium < 15.0.874.102

Obtained from:  http://googlechromereleases.blogspot.com/
Security:       CVE-2011-[2845, 3875-3891]

15:20 glarkin 

- Document phpldapadmin - remote PHP code injection vulnerability

PR:             ports/161954
Submitted by:   Ruslan Mahmatkhanov <cvs-src@yandex.ru>

16:16 rakuco 

Document CVE-2011-3365 and CVE-2011-3366.

Different CVE numbers for different software, but they share the same
KDE security advisory.

Approved by:    makc (mentor)

16:14 rakuco 

Fix the port names of a few past KDE vulnerabilities.

The entries mentioned kdebase4-runtime, kdebase3, kdelibs4 etc, but
the port names are kdebase, kdelibs etc.

Adjust the names and the version ranges.

Approved by:    makc (mentor)

11:01 flo 

add an entry for the recent piwik vulnerability, with the little information
that's available.

The only known fact is that Piwik rates this update critical.

18:53 delphij 

Fix discovery date.

18:24 kwm 

Document a File disclosure vulnerability and File permission change
vulnerability
in xorg-server.

Obtained from: 
http://lists.freedesktop.org/archives/xorg-announce/2011-October/001744.html
                upstream xorg-server
Security:       CVE-2011-4028, CVE-2011-4029

19:49 amdmi3 

- Fix entry dates for recently added OpenTTD vulns

Submitted by:   "Ilya A. Arkhipov" <micro@heavennet.ru>

19:02 delphij 

Document asterisk -- remote crash vulnerability in SIP channel driver.

18:54 delphij 

Commit result of manually merged make tidy output.

18:52 delphij 

Document PivotX remote file inclusion vulnerability.

PR:             ports/161734
Submitted by:   Fumiyuki Shimizu <fumifumi abacustech jp>

03:50 amdmi3 

- Fix quotation links

Reported by:    danfe

18:39 amdmi3 

Document openttd multiple vulnerabilities

PR:             161488
Submitted by:   "Ilya A. Arkhipov" <micro@heavennet.ru>

10:56 mandree 

ca_root_nss - fix capitalization of topics

Security: 1b27af46-d6f6-11e0-89a6-080027ef73ec
Security: aa5bc971-d635-11e0-b3cf-080027ef73ec

10:54 mandree 

ca_root_nss - reword topic for clarity

Security: 1b27af46-d6f6-11e0-89a6-080027ef73ec

07:32 novel 

Be less grubby in specifying vulnerable gnutls-devel versions.

00:25 jlaffaye 

Latest pyblosxom version is not vulnerable

20:44 delphij 

Document quagga multiple vulnerabilities

18:24 rene 

Document latest vulnerabilities for www/chromium

Obtained from:  http://googlechromereleases.blogspot.com/
Security:       CVE-2011-[2876-2881, 3873]

18:06 delphij 

Correct tomcat version represetations.

Pointed out by: Tim Zingelman <tez netbsd.org>

15:58 beat 

- Document mozilla -- multiple vulnerabilities

20:02 delphij 

Properly mark version range for horde-imp.

20:47 nox 

- Update linux-f10-flashplugin to 10.3r183.10 . [1]
- Make gnome desktopfileutils dependency optional. [2]

PR:             ports/160894 [1]
Submitted by:   Garrett Cooper <yanegomi@gmail.com> [1]
Suggested by:   Peter Jeremy <peterjeremy@acm.org> [2]
Security:      
http://www.freebsd.org/ports/portaudit/53e531a7-e559-11e0-b481-001b2134ef46.html

11:35 zi 

Improve accuracy of krb5 vulnerability entries for upcoming port addition of
krb5-17.
(one entry was missed from the previous commit)

02:21 zi 

Improve accuracy of krb5 vulnerability entries for upcoming port addition
of krb5-17.

18:24 rene 

Document vulnerabilities in Chromium 13.0.x.y

Obtained from:  http://googlechromereleases.blogspot.com/
Security:       CVE-2011-[2834-2838, 2840-2844, 2846-2862, 2864, 2874-2875,
                          3234]

23:26 delphij 

Document phpMyAdmin multiple XSS vulnerability.

Update phpMyAdminn to 3.4.5 release. [1]

PR:             ports/160589 [1]
Submitted by:   maitainer [1]

17:50 delphij 

Document Django multiple vulnerabilities.

01:11 delphij 

Document roundcube XSS vulnerability.

18:38 olgeni 

Document libsndfile -- PAF file processing integer overflow.

Security:       CVE-2011-2696

07:41 ashish 

Re-revise emacs vulnerability to limit with >= 22 and < 22.2_1 instead of
>21.* and <22.2_1 which didn't work as expected

22:30 ashish 

- Limit emacs vulnerability to > 21.* and <= 22.2 instead of just <= 22.2

18:30 delphij 

Document two OpenSSL vulnerabilities.

(There is no OpenSSL 0.9.8s in the ports so mark <1.0.0 as vulnerable).

21:12 flo 

fix last thunderbird entry

20:12 flo 

add firefox, thunderbird and seamonkey to the DigiNotar.nl entry

Security:      
http://www.vuxml.org/freebsd/aa5bc971-d635-11e0-b3cf-080027ef73ec.html

16:24 bapt 

Fix vuln.xml, while here fix indentation

15:55 eadler 

- Update to 1.2.7

PR:             ports/160368
Submitted by:   gjb
Approved by:    dvl (maintainer), bapt (mentor)
Security:       CVE-2011-2938

20:15 crees 

- Document cfs buffer overflow vulnerability.
- While here, unbreak packaudit -- it doesn't like newlines in the
  middle of tags.  Perhaps a comment should say something?

13:14 mandree 

Revise nss/ca_root_nss working around Mozilla,
limit ca_root_nss vuln to < 3.12.11 from <= 3.12.11.

Add a new entry for the ca_root_nss bug that caused extraction of untrusted
certificates to the trust bundle.

PR: ports/160455

11:46 sunpoet 

- Correct affected plone versions

04:09 dinoex 

- bump modifiled for CVE-2007-5137

16:28 dinoex 

- update CVE-2007-5137

16:18 mandree 

Update range to exclude nss 3.12.11 from vuln, as kwm@'s commit
to upgrade nss to 3.12.11 included the newer CKBI 1.87 that explicitly
distrusts DigiNotar.

15:43 mandree 

Add a security notice for the DigiNotar incident, listing nss/ca_root/nss.

12:49 flo 

- only match vulnerable versions in the hlstats entry
- add additional CVEs

17:15 crees 

Final modification for apache22 vulnerability; include slave ports as well

Pointed out by: flo
Reviewed by:    eadler

19:06 crees 

Correct range for apache22, 2.2.20 is fixed and 1.3 wasn't affected.

Submitted by:   Aleksandr Stankevic (sysmonk on IRC/Freenode##FreeBSD)
Security:       CVE-2011-3192

22:29 shaun 

Put a lower bound on the last php entry, as the bug was introduced in
5.3.7-RC5.

Submitted by:   "jaset" via #bsdports

13:21 sbz 

- Fix entry date and use two ranges

Reviewed by:    gahr@
Approved by:    jadawin@ (mentor)

12:01 sbz 

- Document CVE-2011-3192 for recent apache DoS vulnerability

Approved by:    jadawin@ (mentor)
Security:      
http://vuxml.org/freebsd/7f6108d2-cea8-11e0-9d58-0800279895ea.html

18:12 delphij 

Upstream indicates that this only affects 4.40 and 4.41 so add a <ge> tag
to indicate that.

18:10 delphij 

Document stunnel heap corruption vulnerability.

22:43 bapt 

Fix discovery date

22:20 delphij 

DOcument phpMyAdmin CVE-2011-3181 (multiple XSS).

17:02 rene 

Document new Chromium vulnerabilities.

Obtained from:  http://google-chrome-browser.com/releases
Security:       CVE-2011-[2821, 2823-2829, 2839]

00:58 delphij 

Mark PHP5 < 5.3.7_2 as vulnerable to PHP bug #55439: crypt() returns only
the salt for MD5.

00:43 delphij 

Document multiple PHP vulnerabilities.

18:42 delphij 

Document Rails multiple vulnerabilities.

17:46 delphij 

Document dovecot DoS vulnerability.

19:06 skv 

Document "otrs" - vulnerabilities in OTRS-Core allows read access
to any file on local file system.

18:12 flo 

document recent mozilla vulnerabilities

17:36 delphij 

Document samba vulnerabilities of SWAT web interface.

20:00 wxs 

Adjust dates in 510b630e-c43b-11e0-916c-00e0815b8da8.

Noticed by:     kwm@

01:41 wxs 

- Document ISC DHCP server DoS.

18:19 skv 

Document "bugzilla" - multiple vulnerabilities.

15:02 crees 

Document dtc security issues

PR:             ports/159736
Submitted by:   Ansgar Burchardt <ansgar@debian.org>

08:37 kwm 

Document freetype2 and libXfont vulnabilities.

20:27 nox 

Update linux-f10-flashplugin to 10.3r183.5 .

Submitted by:   pointyhat via erwin
Security:      
http://www.freebsd.org/ports/portaudit/2c12ae0c-c38d-11e0-8eb7-001b2134ef46.html

17:57 rene 

Document new vulnerabilities for www/chromium ( < 13.0.782.107)

Obtained from:  http://googlechromereleases.blogspot.com/
Security:       CVE-2011-{2358-2361, 2782-2805, 2818-2819}

19:18 kwm 

Document libsoup security hole.

07:10 delphij 

Fix match of phpmyadmin in recent revisions.

02:12 swills 

- Add CVE reference for OpenSAML2 issue
- Use official citation

01:12 zi 

Document phpmyadmin vulnerabilities

Approved by:    wxs (mentor)

23:47 swills 

Document OpenSAML2 issue

20:50 delphij 

Document rsync DoS issue (CVE-2011-1097).

23:39 dougb 

Document BIND vulnerabilities for ports. This was inspired by the PR,
but re-formatted and edited by me, so responsibility for errors is mine.

PR:             ports/158672
Submitted by:   Ryan Steinmetz <rpsfa@rit.edu>

13:32 jlaffaye 

Document phpMyAdmin multiple vulnerabilities

Reviewed by:    flo
Approved by:    rene (mentor vacation)

10:15 flo 

document one more vulnerability in the recent asterisk entry

22:50 rene 

Document new vulnerabilities for www/chromium ( < 12.0.742.112)

Security:       CVE-2011-[2345-2351]

00:57 wxs 

Add modified tag to 8a5770b4-54b5-11db-a5ae-00508d6a62df.

Noticed by:     sahil@

14:39 wxs 

Now that www/mambo is updated, fix the range in
8a5770b4-54b5-11db-a5ae-00508d6a62df.

22:48 flo 

document recent asterisk vulnerabilities

13:46 ashish 

- Document ejabberd vulnerability fixed in 2.1.8

PR:             ports/158137
Submitted by:   Ruslan Mahamatkhanov <cvs-src@yandex.ru>
Security:      
http://vuxml.org/freebsd/01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6.html

12:36 flo 

- also mark firefox35 vulnerable

20:26 flo 

- document recent mozilla vulnerabilities [1]
- while here also document an older samba Denial of service vulnerability [2]

Security:      
http://www.vuxml.org/freebsd/dfe40cff-9c3f-11e0-9bec-6c626dd55a41.html [1]
               
http://www.vuxml.org/freebsd/bfdbc7ec-9c3f-11e0-9bec-6c626dd55a41.html [2]
Requested by:   timur [2]

17:50 culot 

Document piwik remote command execution vulnerability.

22:59 delphij 

Document dokuwiki XSS vulnerability.

19:53 nox 

Update linux-f10-flashplugin to 10.3r181.26 .

PR:             ports/157900
Submitted by:   Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:      
http://www.freebsd.org/ports/portaudit/55a528e8-9787-11e0-b24a-001b2134ef46.html

12:43 brix 

- Document CVE-2011-1408 in www/ikiwiki

05:15 miwi 

- Cleanup

20:49 nox 

Update to 10.3r181.22 .

PR:             ports/157696
Submitted by:   Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
Security:      
http://www.freebsd.org/ports/portaudit/57573136-920e-11e0-bdc9-001b2134ef46.html

17:30 rene 

Document www/chromium vulnerabilities fixed in version 12.0.742.91

Security:       CVE-2011-{1808-1819,2332,2342}

00:24 wxs 

- Document CVE-2011-1910

PR:             ports/157548
Submitted by:   Ryan Steinmetz <rpsfa@rit.edu>

12:45 mandree 

Add CVE-2011-1947: fetchmail STARTTLS denial of service.

03:36 miwi 

- Cleanup

20:39 flo 

- document asterisk remote crash vulnerability

Security:      
http://www.vuxml.org/freebsd/34ce5817-8d56-11e0-b5a2-6c626dd55a41.html

14:19 lev 

  Document CVE-2011-1752, CVE-2011-1783 and CVE-2011-1921 in devel/subversion

13:54 wxs 

Document drupal6 multiple vulnerabilities.

Submitted by:   Nick Hilliard <nick@foobar.org>

21:14 olgeni 

Document Erlang R14B02 ssh library vulnerability (cryptographically
weak RNG).

Security:       CVE-2011-0766