21:55 miwi 

Document mantis -- multiple vulnerabilities

PR:             based on 129438

20:10 miwi 

- Fix previous entry

19:37 tabthorpe 

- Document squirrelmail -- Cross site scripting vulnerability

16:24 miwi 

- Fix discovery from previous entry

16:16 miwi 

- Document openoffice -- arbitrary code execution vulnerabilities

PR:             based on 129192
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

15:15 miwi 

- Document wordpress -- Header RSS Feed Script Insertion Vulnerability

14:31 miwi 

- Document samba -- potential leakage of arbitrary memory contents
- Fix my previous entry

13:48 miwi 

- Document hplip -- hpssd Denial of Service

PR:             based on 129097
Submitted by:   Eygene Ryabinkin

13:04 miwi 

- Document cups -- multiple vulnerabilities

17:47 stas 

- Document a buffer overflow vulnerability in imlib2.

PR:             ports/129037
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

16:04 miwi 

- Fix latest mozilla entry

Note:
        mail/thunderbird and mail/linux-thunderbird versions are wrong.
        All problems are fixed in 2.0.0.18 and not in 2.0.0.17.

Pointy hat to:  tabthorpe

08:38 miwi 

- Document streamripper -- multiple buffer overflows

PR:             based on 128999

22:01 miwi 

- Dokument -- Mantis: Session hijacking vulnerability

21:46 miwi 

- Cleanup
- Fix a lot whitespaces

22:37 delphij 

Document two ACL bypassing vulnerabilities of dovecot.

Submitted by:   Eygene Ryabinkin <rea-fbsd codelabs.ru> (with changes)
PR:             ports/129000

21:07 tabthorpe 

- Document libxml2 -- multiple vulnerabilities

15:24 tabthorpe 

- Document openfire -- multiple vulnerabilities

23:07 wxs 

Document syslog-ng2 chroot vulnerability.

PR:             ports/128960
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Reviewed by:    tabthorpe

15:34 rafan 

- Add a missing new line between entries

15:33 rafan 

- Add an entry for print/enscript and its slave ports

PR:             ports/128958
Submitted by:   Eygene Ryabinkin <rea-fbsd at codelabs.ru> (based on)
Reviewed by:    stas@

19:02 wxs 

Add CVE identifier for clamav off-by-one error.

PR:             ports/128924
Submitted by:   Mark Foster <mark@foster.cc>

10:01 stas 

- Fix an indentation in the latest net-snmp entry.

09:59 stas 

- Document the recent chain validation vulnerability in gnutls.

PR:             ports/128868
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru> (based on)

17:04 miwi 

- Fix formating

06:16 kuriyama 

Add entry for net-snmp (fix will be followed).

PR:             ports128772, ports/128837
Submitted by:   "Mark D. Foster" <mark@foster.cc>,
                Eygene Ryabinkin <rea-fbsd@codelabs.ru>

20:43 miwi 

- Cleanup
  * Add some more references to the faad2 entry
  * Fix formating for the last emacs and trac entry

18:24 tabthorpe 

- Document mozilla -- multiple vulnerabilities

Reviewed by:    simon

17:06 tabthorpe 

- Document faad2 -- heap overflow vulnerability

22:22 miwi 

- Fix multimedia/vlc entry

22:50 bsam 

Document vulnerability in Emacs python integration.

PR:             127168
Submitted by:   keramida

11:53 garga 

- Document clamav get_unicode_name() off-by-one buffer overflow, 0.94.1 have
  fixed the problem [1]
- Since i'm here, document clamav-devel either

PR:             ports/128749 [1]
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru> [1]

03:46 delphij 

Document trac wiki markup DoS issue

21:30 miwi 

- Document vlc -- cue processing stack overflow

19:17 remko 

Document opera -- multiple vulnerabilities

With hat:       secteam
Requested by:   simon

22:47 nox 

Document qemu -- Heap overflow in Cirrus emulation

00:21 delphij 

Fix BugTraq ID :(

Pointy hat to:  delphij

23:58 delphij 

Add more reference with last commit

23:52 delphij 

Document phpmyadmin XSS issue

06:16 mezz 

Add linux-opera with opera entries. Remove the YYYYMMDD in the version (ie:
9.61.YYYYMMDD -> 9.61) as linux-opera does not do it anymore. It should not
affect anything on opera.

21:04 miwi 

- Fix formating

20:05 tabthorpe 

- Document opera -- multiple vulnerabilities

PR:             ports/128264
Submitted by:   Arjan van Leeuwen <freebsd-maintainer opera.com>

18:47 tabthorpe 

- Document libspf2 -- Buffer overflow

20:13 miwi 

- Document openx -- sql injection vulnerability

19:09 miwi 

- Fix duplicate wording

18:51 miwi 

- Document flyspray -- multiple vulnerabilities

Submitted by:   Nick Hilliard (nick@foobar.org) (based on)

19:13 delphij 

Document wordpress snoopy shell command execution vulnerability

16:56 miwi 

- Fix libxine entry

21:02 stas 

- Whitespace fix in last entry.

20:55 delphij 

Document drupal multiple vulnerabilities.

Submitted by:   Nick Hilliard <nick foobar org>

20:02 delphij 

Newer version of wordpress-mu has resolved the security vulnerability,
I have verified the code with respect to older release and to wordpress
changeset.

Reviewed by:    stas

16:19 mezz 

The libxml2-2.6.32_1 now have two security fixed. If I edit it incorrect,
please fix it for me.

13:21 nobutaka 

Document libxine denial of service vulnerability.

12:52 miwi 

- Fix formating from previous entry

02:15 tabthorpe 

- Fix previous commit

22:31 tabthorpe 

- Document linux-flashplugin -- multiple vulnerabilities

Reviewed by:    stas

09:19 delphij 

Document libxml2 vulnerabilities.

16:49 miwi 

- Fix a small typo

16:37 miwi 

- Document drupal -- multiple vulnerabilities

22:40 delphij 

Document cups multiple vulnerabilities.

18:58 ale 

Update mysql entries.

10:00 miwi 

- Fix formating and remove whitespaces from previous commit.

09:41 itetcu 

Add two www/opera vulnarabilities which affect versions <9.60.20081004

PR:             ports/127941
Submitted by:   Arjan van Leeuwen (opera maintainer)

22:37 stas 

- Capitalize "Secunia" word in all entries.

Reviewed by:    tabthorpe

21:31 stas 

- Mplayer vulnerability has been fixed in 0.99.11_7.

20:46 stas 

- Document mysql-client input validation vulnerability.

20:13 stas 

- Document mplayer integer overflows.

22:56 simon 

Bump copyright year.

22:45 simon 

Really fix firefox 3 part of the latest mozilla entry.  Now it doesn't
match fixed firefox 2 versions.

Cluebat:        Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Pointyhat:      simon (for too quick review of last update)

11:46 miwi 

- Fix bad firefox3 specification

PR:             127712
Reported by:    Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Reviewed by:    simon

23:48 mnag 

lighttpd -- multiple vulnerabilities

23:07 miwi 

- Fix last thunderbird entrys
- Bump modified date

21:43 miwi 

- Cleanup previous entry.

21:38 brix 

Add irc/bitlbee entry.

21:10 simon 

- Update samba entries so they don't match upcomming Samba 3.2 which
  doesn't have PORTEPOCH in the version number.
- Bump modified date for all updated entries.

Requested by:   timur

14:59 miwi 

- Fix firefox version

Reported by:    bsam@

12:39 miwi 

- Fix a typo (s/reportss/reports)

Submitted by:   tabthorpe/remko

12:09 miwi 

- Document mozilla --  multiple vulnerabilities

21:51 miwi 

- Mark ftp/proftpd as safe
- Add more references to the last phpMyAdmin entry

19:13 tabthorpe 

- Document squirrelmail -- Session hijacking vulnerability

10:07 miwi 

- Fix discovery from my previous commit

10:06 miwi 

- Document proftpd -- Long Command Processing Vulnerability

09:21 miwi 

- Document phpmyadmin -- cross-site scripting vulnerability

20:44 miwi 

- Document gallery -- multiple vulnerabilities

Approved by:    portmgr (secteam blanked)

17:10 miwi 

- Replace phpmyadmin with phpMyAdmin to fix portaudit

Note:
        portaudit does not flag phpmyadmin as vulnerable,
        so we need to change it to the pkgname (phpMyAdmin).

Reported by:    glarkin@
Reviewed by:    simon
Discussion on:  ports-security@
Approved by:    portmgr (secteam blanked)

08:41 miwi 

- Document phpmyadmin -- Code execution vulnerability

Approved by:    portmgr (secteam blanked)

09:07 miwi 

- Fix previous commit

Approved by:    portmgr (secteam blanked)

02:03 glarkin 

- Mark www/twiki FORBIDDEN due to security exploit

Approved by:    beech (mentor, implicit)
Approved by:    portmgr (pav)
Security:       http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195

09:41 miwi 

- corrects the bid number from me previous commit

Approved by:    portmgr (secteam blanked)

09:12 miwi 

- Document neon -- NULL pointer dereference in Digest domain support

Approved by:    portmgr (secteam blanked)

04:31 delphij 

Document clamav CHM parser DoS issue.

Approved by:    portmgr (vuxml blanket)

11:45 miwi 

- Document horde -- multiple vulnerabilities

Approved by:    portmgr (secteam blanked)

07:52 miwi 

- Document python -- multiple vulnerabilities

Reviewed by:    remko/tabthorpe
Approved by:    portmgr (secteam blanked)

12:09 miwi 

- Mark www/wordpress and german/wordpress as safe

Approved by:    portmgr (secteam approved: remko, blanket vuxml)

10:53 stas 

- Document wordpress, rails and mysql vulnerabilties.

Reviewed by:    remko
Approved by:    portmgr (secteam approved: remko, blanket vuxml)

22:33 brd 

Extend the Nagios entry to cover Nagios 3.x < 3.0.2. This covers the edge case
of `portupgrade -o net-mgmt/nagios-devel nagios'.

Approved by:    portmgr (simon@ using secteam blanket)

16:44 remko 

Add FreeBSD-SA-08:09.icmp6

16:39 remko 

Add FreeBSD-SA-08:08.nmount

16:34 remko 

Add FreeBSD-SA-08:07.amd64.

Hat:    secteam

14:00 ale 

Update for php5 safe_mode fix.

19:34 simon 

Fix XML in openvpn-devel entry: – was used but as vuln.xml does
not import HTML named entities this is not allowed - use –
instead which produces the same end result.