16:54 wxs 

- s/secunia reports/Secnuia reports/
- Fix whitespace

Approved by:    secteam (miwi)

13:03 wxs 

- Document tor-devel DNS resolution issue.

PR:             ports/135925
Submitted by:   bf <bf1783@gmail.com>

20:59 miwi 

- Document cscope -- multiple buffer overflows

PR:             135097
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

20:52 miwi 

- Document cscope -- buffer overflow

PR:             based on 135097
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

20:45 miwi 

- Fix a typo from previous commit

20:10 skreuzer 

Document joomla -- multiple vulnerabilities

Approved by:    wxs (mentor)

20:04 miwi 

- Document pidgin -- multiple vulnerabilities

PR:             135239 (based on)
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

13:57 wxs 

- Document git-daemon DoS.

22:46 stas 

- Fix the latest ruby entry: 1.9 branch is not vulnerable.

22:07 stas 

- Document ruby denial of sevice vulnerability in BigDecimal.

15:40 beat 

- Fix firefox3 version in da185955-5738-11de-b857-000f20797ede

Approved by:    miwi (secteam)

14:55 beat 

- Document mozilla  -- multiple vulnerabilities

Approved by:    miwi (secteam)

06:19 miwi 

- Add some more cve to the previous entry

06:17 miwi 

- Fix previous entry

02:21 pgollucci 

Document DOS in apr-util xml(expat) processing

Submitted by:       Eygene Ryabinkin <rea-fbsd@codelabs.ru>

21:52 delphij 

Document dokuwiki local File Inclusion with register_globals on vulnerability.

20:53 miwi 

- Document openssl -- denial of service in DTLS implementation

PR:             based on 134653
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

20:39 miwi 

- Document eggdrop -- denial of service vulnerability

20:07 miwi 

- Document wireshark -- Denial of Service in the PCNFSD dissector

PR:             135061 (based on)
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

19:23 miwi 

- Add more infos for libsndfile entry

19:16 miwi 

- Document libsndfile -- multiple vulnerabilities

19:07 miwi 

- Document slim -- local disclosure of X authority magic cookie

10:50 miwi 

- Cleanup previous entry

09:15 simon 

Unbreak file by removing double <vuxml> tag.

04:37 cy 

Add CVE information for NTP stack overflow.

PR:             134755
Submitted by:   Mark Foster <mark@foster.cc>
Security:       CVE-2009-0159 and CVE-2009-1252

16:34 miwi 

- Fix 5ed2f96b-33b7-4863-8c6b-540d22344424
   * Remove duplicte url
   * Fix safe version
   * Bump modified date

16:08 miwi 

- Bump modified date for previous commit.

13:15 wxs 

- Add CVE information for nsd overflow.
- s/over flow/overflow/ for the same entry.

Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru> (private mail)

15:30 pav 

- Document imap-uw -- University of Washington IMAP c-client Remote Format
  String Vulnerability (submitted back in Feb 2009)

PR:             ports/131939
Submitted by:   Mark Foster <mark@foster.cc>

17:20 wxs 

- Document dns/nsd and dns/nsd2 one-byte overflow (both are already fixed
  in ports). Still need a CVE entry but there is not one assigned yet.

15:05 nobutaka 

Add entries of libxine vulnerabilities fixed in version 1.1.16.2 and 1.1.16.3.

PR:             ports/132593
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

20:36 miwi 

- Document php -- ini database truncation inside dba_replace() function

PR:             129459 (based on)
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

20:09 miwi 

- Document libwmf -- embedded GD library Use-After-Free vulnerability

PR:             based on 134246

19:59 miwi 

- Document libwmf -- Integer Overflow Vulnerability

PR:             based on 134246

13:01 miwi 

- Document moinmoin -- cross-site scripting vulnerabilities

12:51 miwi 

- Rework previus entry

01:32 pgollucci 

- Document mod_perl -- cross site scripting in Apache::Status

00:44 miwi 

- Small cleanup
  * fix spelling
  * fix tabs/whitespaces
  * add more references to the latest drual entry

00:36 miwi 

- Fix formating

22:26 delphij 

Document drupal -- cross-site scripting vulnerability.

Submitted by:   Nick Hilliard <nick foobar org>

01:49 ume 

- Document cyrus-sasl -- buffer overflow vulnerability

10:07 miwi 

- Document moinmoin -- multiple cross site scripting vulnerabilities

PR:             based on 134467

08:23 miwi 

- Document ghostscript8 -- Buffer Overflow Vulnerability

PR:             133331 (baesed on)

08:10 miwi 

- Cleanup

07:55 miwi 

- Added a referece to the latest pango entry
(4b172278-3f46-11de-becb-001cc0377035)

23:03 stas 

- Document pango buffer overflow vulnerability.

20:13 marcus 

Document the recent Wireshark vulnerabilities.

PR:             134245
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

14:46 wxs 

- Add CVE entry for quagga vulnerability.

Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru> (private mail)

07:57 dinoex 

- add CUPS 1.3.10
PR:             134247

07:40 dinoex 

- add SA-09:08.openssl
PR:             133156

13:14 wxs 

- Document quagga DoS.

PR:             ports/134248
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Reviewed by:    miwi

08:04 beat 

- Mark flock 2.0 as safe

Approved by:    miwi (mentor)

20:10 miwi 

- Cleanup previous entry

14:35 gahr 

- Document openfire -- Password Changes Security Bypass

PR:             134207
Submitted by:   Mark Foster <mark@foster.cc>

20:09 miwi 

- Document drupal -- cross site scripting

21:32 stas 

- CVE-2007-3387 has been fixed in pdftohtml 0.39_3.

08:38 miwi 

- Document mozilla  -- multiple vulnerabilities

18:26 marcus 

Document the recent poppler vulnerabilities fixed in 0.10.6.

PR:             133838
Submitted by:   Mark Foster <mark@foster.cc>
Approved by:    portmgr (implicit)

17:55 miwi 

- Rework previus entry (xpdf -- multiple vulnerabilities)
        * fix typos
        * added more information about security issues
        * added more reference sites

Approved by:    portmgr (secteam blanked)

17:20 araujo 

- Document xpdf -- multiple vulnerabilities

Approved by:    portmgr (erwin)

09:41 miwi 

- Document freetype2 -- multiple vulnerabilities

Approved by:    portmgr (secteam blanked)

16:51 wxs 

- Document ejabberd cross-site scripting vulnerability.

PR:             ports/132800
Submitted by:   Mark Foster <mark@foster.cc>
Reviewed by:    miwi
Approved by:    portmgr (secteam blanket, explicitly miwi)

13:34 miwi 

- Document ziproxy -- Multiple HTTP Proxy HTTP Host Header Incorrect Relay
Behavior Vulnerability

Approved by:    portmgr (secteam blanked)

13:17 miwi 

- Document phpmyadmin -- insufficient output sanitizing when generating
configuration file

Approved by:    portmgr (secteam blanked)

12:01 miwi 

- Document drupal6-cck -- cross-site scripting

PR:             133550
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

21:49 miwi 

- Document pivot-weblog -- file deletion vulnerability

14:13 mat 

Fix the roundcube version of CVE-2009-0413, should be 0.2.1,1 and not 0.2.1.

Pointy Hat To:  miwi

07:41 delphij 

Document phpmyadmin: insufficient output sanitizing when generating
configuration file.

15:43 miwi 

- Update 8e8b8b94-7f1d-11dd-a66a-0019666436c2 (www/rubygem-rails) now secure
- Bump modified day

Reported by:    Mike Duchene

15:28 miwi 

- Fix daf045d7-b211-11dd-a987-000c29ca8953
- Fix discovery date
- Tell portaudit net-snmp is secure

Reported by:    Oliver Brandmueller <ob@e-Gitt.NET> (via private mail)
Reviewed by:    tabthorpe

15:08 miwi 

- Update zabbix entry is now secure

14:22 miwi 

- Fix spelling

14:17 miwi 

- Document amarok -- multiple vulnerabilitie

PR:             based on 132938

14:09 miwi 

- Fix portaudit build
- Rework latest wireshark entry
- Bump modified

19:26 miwi 

- Cleanup latest Wireshark entry

19:24 miwi 

- Bump modified date for zope entry

18:24 pav 

- zope-2.7.9_2 secure

17:11 marcus 

Add an entry for Wireshark less than or equal to 1.0.5 pertaining to
multiple DoS situations as described at
http://www.wireshark.org/security/wnpa-sec-2009-01.html.

PR:             131688
Submitted by:   Mark Foster <mark@foster.cc>

22:01 miwi 

- Mark *seamonkey as safe

21:59 miwi 

- Add CVE's referenc to 78f5606b-f9d1-11dd-b79c-0030843d3802

PR:             132797
Submitted by:   Mark Foster <mark@foster.cc>

21:13 miwi 

- Mark mail/*thunderbird as safe

16:18 miwi 

- Added more references to the netatalk

15:34 miwi 

- Small cleanup

15:05 miwi 

- Document netatalk -- arbitrary command execution in papd daemon

PR:             based on 132427
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

21:01 miwi 

- Fix discovery date from previous entry

20:37 miwi 

- Document gstreamer-plugins-good -- multiple memory overflows

PR:              based on 132428

19:50 miwi 

- Document libsndfile -- CAF processing integer overflow vulnerability

PR:             based on 132371

19:33 miwi 

- Fix roundcube entry

Pointy hat to:  me

19:25 miwi 

- Document ffmpeg -- 4xm processing memory corruption vulnerability

PR:             based on 132434
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

18:49 miwi 

- Document roundcube -- webmail script insertion and php code injection

PR:             based on 130968

18:11 miwi 

- Document proftpd -- multiple sql injection vulnerabilities

PR:             based on 132369

17:51 miwi 

- Fix a typo

17:38 miwi 

- Document zappix -- php frontend multiple vulnerabilities

PR:             based on 132315

17:13 miwi 

- Document php-mbstring -- php mbstring buffer overflow vulnerability

PR:             based on 130603

17:01 miwi 

- Document phppgadmin -- directory traversal with register_globals enabled

PR:             based on 132346

20:42 miwi 

- Document opera -- multiple vulnerabilities

PR:             based on 132437

08:35 miwi 

- Clean up latest curl entry

02:30 tabthorpe 

- Document epiphany -- untrusted search path vulnerability

20:17 tabthorpe 

- Document apache -- Cross-site scripting vulnerability

00:35 amdmi3 

- Document pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability

Reviewed by:    tabthorpe