07:13 rafan 

- Entry for ghostscrip-gpl 8.61

Reviewed by:    ports-security@ (simon, remko)

01:01 tabthorpe 

- Document phpmyadmin -- SQL injection vulnerability

Reviewed by:    simon

04:08 tabthorpe 

- Document pcre -- buffer overflow vulnerability

PR:             ports/121224
Submitted by:   Nick Barkas <snb threerings.net>

01:41 tabthorpe 

- Document libxine -- buffer overflow vulnerability

Reviewed by:    miwi

09:33 miwi 

- Mark mail/up-imapproxy as safe

Submitted by:   Abdullah Ibn Hamad Al-Marri <wearabnet@yahoo.ca>

12:43 tabthorpe 

- Document coppermine -- multiple vulnerabilities.

Reviewed by:    miwi

12:34 miwi 

- Fix previous commit (use now <bid>)

18:38 tabthorpe 

- Document moinmoin -- multiple vulnerabilities.

Reviewed by:    remko

00:56 simon 

Document opera -- multiple vulnerabilities.

00:43 simon 

Document mozilla -- multiple vulnerabilities.

00:26 delphij 

Document openldap modrdn DoS vulnerability

10:23 remko 

Document clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability

Submitted by:   "Eygene Ryabinkin" <rea-fbsd at codelabs dot ru>

17:20 miwi 

- Fix previous commit

Discussed with: remko

16:37 remko 

Bump modification date for latest change.

15:32 oliver 

xfce4-panel, libxfce4gui - mark the security problem which existed in 4.4.1 "<
4.4.2"

Noted by:       Carl Johan Gustavsson <carl.gustavsson@bahnhofbredband.se>

22:14 miwi 

- mark claws-mail as safe

13:30 sem 

- Document a cacti vulnerability

08:48 brix 

Add entry for www/ikiwiki.

Approved by:    erwin (mentor)

18:47 tabthorpe 

- Fix grammar for www/zenphoto description

14:39 tabthorpe 

- Document www/zenphoto

Reviewed by:    remko

11:16 miwi 

- Fix a typo

Submitted by:   antoine@

07:58 miwi 

- Document jetty -- multiple vulnerability

PR:             120171
Submitted by:   Nick Barkas <snb@threerings.net>

14:47 miwi 

- Bump modified from previous commit

04:06 linimon 

Fix name of irc/dircproxy package.

Hat:            portmgr

15:14 nobutaka 

Document libxine -- buffer overflow vulnerability.

12:11 flz 

Document xorg -- multiple vulnerabilities.

Reviewed by:    miwi

22:18 miwi 

- Fix discovery line from the previous commit :(

22:01 miwi 

- Document xfce -- multiple vulnerabilities

21:38 miwi 

- Document claws-mail -- insecure temporary file creation

10:04 miwi 

- Add modified date for previous commit

02:28 lwhsu 

- Fix freeradius-devel entry, narrow down range to prevent affect later versions

PR:             ports/119582
Submitted by:   David Wood <david AT wood2.org.uk>
Reviewed by:    pav

01:35 miwi 

- Fix previous commit (whitespaces, sorting)

01:21 beech 

- Add entry for ircservices

PR:             ports/119769
Approved by:    linimon (mentor)

18:03 nobutaka 

Document libxine -- buffer overflow vulnerability.

09:50 skv 

Update the "firebird" entry to properly match corrected versions.

22:43 miwi 

- Fix <name> sections from both previous committs

20:15 miwi 

- Fix previous commit
  - Mark geeklog as safe
  - add cve

Reviewed by:    remko

18:52 tabthorpe 

- Document XSS vulnerability in geeklog 1.4.0

Reviewed by:    remko

15:56 stas 

- This vulnerability exists in PHP versions prior to 4.4.8, not
  after. Fix the entry.

Reported by:    Vadim Goncharov <vadimnuclight@tpu.ru>

15:53 simon 

Document multiple drupal issues.

Submitted by:   Nick Hilliard <nick@foobar.org>

19:38 miwi 

- Document maradns -- CNAME record resource rotation denial of service

PR:             ports/119471 (based on)
Submitted by:   Mark D. Foster <mark@foster.cc>
Reviewed by:    simon

22:48 miwi 

- Mark security/lsh as safe

18:52 delphij 

Update php multiple vulnerability entry: revalent bugs were fixed in PHP 4.4.8.

18:48 mnag 

- Fix linux-realplayer new version

18:45 mnag 

- Fix range for linux-flahsplugin

18:07 mnag 

- linux-realplayer -- multiple vulnerabilities

13:13 mnag 

- linux-flashplugin -- multiple vulnerabilities

11:59 miwi 

- Fix the last tcl/tk entry for portaudit.

Submitted by:   mm@
Reviewed by:    simon

09:35 delphij 

Document dovecot specific LDAP + auth cache configuration may mix up user logins
vulnerability

20:28 simon 

Add more references to latest opera entry.

19:49 simon 

Make "gallery2 -- multiple vulnerabilities" follow the normal format for
VuXML entries.

08:14 beech 

- Document gallery2 -- multiple vulnerabilities

Submitted by:   Alex Varju <freebsd-ports@varju.ca> (maintainer)
Approved by:    linimon (mentor)

14:26 simon 

Update list if CVE names for latest wireshark entry.

21:43 miwi 

- Document e2fsprogs -- heap buffer overflow

PR:             118848 (based on)
Submitted by:   Matthias Andree <matthias.andree@gmx.de>
Reviewed by:    remko

23:03 simon 

Document wireshark -- multiple vulnerabilities.

21:06 simon 

Document opera -- multiple vulnerabilities.

20:52 simon 

Document peercast -- buffer overflow vulnerability.

13:06 simon 

Unbreak vuln.xml: & -> &

Pointy hat to:  brooks

22:24 brooks 

Upgrade to Ganglia 3.0.6.

Release 3.0.5 contained minor bug fixes.  3.0.6 corrects XSS
vulnerabilities in the webfrontend.

Security:        vid:fee7e059-acec-11dc-807f-001b246e4fdf

19:55 remko 

Sort references section for last commit.

00:17 sat 

- Mark latest linux-firefox/seamonkey-devel snapshots as safe
- Add (linux-)flock and linux-*-devel to latest firefox advisory
- Note that the tradition of covering more gecko ports with
  firefox-related advisories should probably be kept up

00:36 nox 

Document qemu -- Translation Block Local Denial of Service Vulnerability

15:48 remko 

Document drupal -- SQL injection vulnerability

Submitted by:   Nick Hilliard <nick at netability dot ie>

15:29 remko 

Document samba -- buffer overflow vulnerability.

15:11 remko 

Remove redundant "A" in the latest entry

08:32 miwi 

- Fix previous commit
   - Sorting
   - more referencs

08:11 beech 

- Missed a section - smbftpd

Pointyhat to: Self

07:55 beech 

- Document smbftpd - format string vulnerability.

Requested by:   linimon
Approved by:    linimon (mentor)

07:00 remko 

Document jetty - multiple vulnerabilities

PR:             ports/118524
Submitted by:   Nick Barkas <snb at threerings dot net>
                with minor modifications by me
Approved by:    portmgr (secteam blanket)

15:47 nork 

Update to 2007.12.07 with fix security issue.

Security:       VuXML ID: 821afaa2-9e9a-11dc-a7e3-0016360406fa
                CVE-2007-6036
                http://aluigi.altervista.org/adv/live555x-adv.txt
Approved by:    portmgr (erwin)

23:26 remko 

Document liveMedia -- DoS vulnerability

Submitted by:   Rafae«l Careé <funm at videolan dot org>
                with modifications by me
Approved by:    portmgr (secteam blanket)

10:25 delphij 

Update to reflect the squid issue has been assigned
CVE-2007-6239.

Approved by:    portmgr (ports-security blanket)

07:49 miwi 

- Update gnu-finger entry
        * Fix cvename handling

Approved by:    portmgr (ports-security blanket)

07:27 linimon 

http://nvd.nist.gov/nvd.cfm?cvename=CVE-1999-1165: gnu-finger is old,
creaky, and not for use in production environments.

Submitted by:   tabthorpe
Approved by:    portmgr (self)

00:28 delphij 

Update to reflect an updated www/squid30 version which is no
longer vulnerable.

Approved by:    portmgr (ports-security blanket)

19:49 delphij 

Update to reflect an updated www/squid version which is no
longer vulnerable.

Approved by:    portmgr (ports-security blanket)

19:20 delphij 

Document squid denial of service vulnerability.  This can be
triggered from trusted squid client only.

Approved by:    portmgr (ports-security blanket)

00:15 delphij 

Remove the rsync entry for now.  Better way of handling
this is still under discussion, as the vendor patch does
not automatically resolve problem for customized
configuration that have chroot = no.

Requested by:   pav
Approved by:    portmgr (ports-security blanket)

20:23 delphij 

Document rsync security bypass vulnerability.

Approved by:    portmgr (ports-security blanket)

14:25 simon 

Make the rubygem-rails -- JSON XSS vulnerability entry valid UTF-8 (at
least the special chars doesn't look like UTF-8 as per emacs or
freshports).

Reported by:    freshports via dvl
Approved by:    portmgr (secteam blanket)

00:26 delphij 

Also cover rubygem-activesupport which is part of rails and is
affected by CVE-2007-3227 as well.

Approved by:    portmgr (ports-security blanket)

00:19 delphij 

Document recent Ruby On Rails vulnerabilities.

Approved by:    portmgr (ports-security blanket)

21:57 brix 

Document ikiwiki improper symlink verification vulnerability.

Reviewed by:    remko
Approved by:    portmgr (erwin), erwin (mentor)

21:35 delphij 

Document firefox multiple unspecified memory corruption vulnerabilities.

Approved by:    portmgr (ports-security blanket)

18:58 miwi 

- Document phpmyadmin -- Cross Site Scripting

Reviewed by:    remko
Approved by:    portmgr (ports-security blanket

09:02 miwi 

- Update last Samba entry,
        * Add reference to the samba advisories
        * Fix the PORTVERSION/PORTEPOCH

Reviewed by:    simon
Approved by:    portmgr (ports-security blanket)

07:40 miwi 

 Document samba - multiple vulnerabilities

Reviewed by:    remko
Approved by:    portmgr (ports-security blanket)

00:47 delphij 

postnuke 0.763 is not vulnerable to 35f2679f-52d7-11db-8f1a-000a48049292
so mark it as not vulnerable.

Approved by:    portmgr (ports-security blanket)

07:07 delphij 

Improve JDK version coverage.  We should consider PORTEPOCH'ed version
separately, so restruct the range.

Approved by:    portmgr (ports-security blanket)

19:53 delphij 

Document PHP multiple vulnerabilities that are fixed by php 5.2.5.

Approved by:    portmgr (ports-security blanket)

08:05 miwi 

- Fix c93e4d41-75c5-11dc-b903-0016179b2dd5 entry

Submitted by:   glewis
Reviewed by:    remko
Approved by:    portmgr (ports-security blanket)

22:19 erwin 

print/cups-base is vulnerable for all previous versions to
1.3.3_2, not all coming ones.

Submitted by:   Andrew Daugherity <ADaugherity@vprmail.tamu.edu>
Approved by:    portmgr (self)

14:23 remko 

Document mt-daapd -- denial of service vulnerability, also
correct the previous entry style wise.

Submitted by:   Mark D. Foster <mark at foster dot cc> with minor
                modifications by me.

Approved by:    portmgr (secteam blanket)

09:23 miwi 

- Update xpdf -- multiple remote Stream.CC vulnerabilities
         * Mark cups-base as safe

Approved by:    portmgr (ports-security blanket)

05:45 kuriyama 

o Add a patch for CVE-2007-5846, and add an entry for vuxml.

Approved by:  portmgr (marcus)

15:41 miwi 

- Document flac -- media file processing integer overflow vulnerabilities

Reviewed by:    simon
Approved by:    portsmgr (ports-security blanket)
Thanks to:      naddy

06:46 simon 

Unbreak file by closing </li> tag.

Approved by:    portmgr (secteam blanket)

01:14 delphij 

Document xpdf arbitrary code execution vulnerability, as documented in
CVE-2007-4352, CVE-2007-5392, CVE-2007-5393.

Approved by:    portmgr (ports-security blanket)

19:46 delphij 

dinoex@ has choosen to apply a vendor patch that has resolved CVE-2007-4351
instead of upgrading to 1.3.4.  Mark this updated version as not vulnerable.

Approved by:    portmgr (ports-security blanket)

00:39 delphij 

Document plone arbitrary code execution vulnerability.

Approved by:    portmgr (ports-security blanket)