10:21 remko 

Document some recent FreeBSD advisories:
o devfs -- ruleset bypass.
o zlib -- buffer overflow vulnerability.
o ipsec -- Incorrect key usage in AES-XCBC-MAC.

Approved by:    portsmgr (blanket VuXML)

15:56 remko 

Add some more entries to the apache -- http smuggling vulnerability.

PR:             ports/84312
Submitted by:   Dmitry A Grigorovich <odip at bionet dot nsc dot ru>
Approved by:    portsmgr (blanket VuXML)

17:14 simon 

Document proftpd -- format string vulnerabilities.

Approved by:    portmgr (blanket, VuXML)

16:54 simon 

Note that the fix for gnupg -- OpenPGP symmetric encryption
vulnerability in gnupg is not complete (see entry for details).

Discussed with: nectar
Approved by:    portmgr (blanket, VuXML)

11:58 simon 

Mark p5-Crypt-OpenPGP, pgp, and pgpin as vulnerable to gnupg --
OpenPGP symmetric encryption vulnerability.

Reminded by:    nectar
Approved by:    portmgr (blanket, VuXML)

18:38 simon 

Mark latest gdal version as fixed for all tiff vulnerabilities.

07:45 niels 

Added nbsmtp format string vulnerability.

Approved by:    nectar (mentor)

23:39 simon 

Mark latest the linux-tiff and pdflib ports safe from latest tiff
vulnerability.

Thanks to lawrance and netchild for fast fixes.

15:00 simon 

Document sylpheed -- MIME-encoded file name buffer overflow
vulnerability.

13:50 simon 

Document phpmyadmin -- cross site scripting vulnerability.

13:23 simon 

Document gnupg -- OpenPGP symmetric encryption vulnerability.

Note: this is mainly a theoretical vulnerability.

11:38 remko 

Bump entry date.

Forgotten by:   remko
Spotted by:     simon

11:31 remko 

Document vim -- vulnerabilities in modeline handling: glob, expand.

Discussed with:         nectar, simon

22:20 simon 

Document that ekg -- insecure temporary file creation was fixed in
1.6r2,1.

Noted by:       Michal Kalkowski

20:20 simon 

Add pdflib-perl, fractorama, gdal, iv, ivtools, ja-iv, ja-libimg,
paraview to recent libtiff vulnerabilities since they contain (and
compile) an embedded version of libtiff...

15:48 simon 

Document tiff -- buffer overflow vulnerability.

11:18 simon 

- Misc. markup/whitespace fixes.
- Collapse a few package entries from the latest apache entry (still
  matches same package names, is just shorter markup-wise).
- Use standard topic style for jaberd entry.
- Fix entry date for jaberd entry.

10:00 vsevolod 

Document jabberd vulnerabilities that were fixed by the latest update.

Approved by:    perky (mentor)

09:24 simon 

Be consistent and use the same title for the latest ethereal
vulnerabilities as used for previous entries.

09:13 simon 

Document opera -- image dragging vulnerability and opera -- download
dialog spoofing vulnerability.

08:26 simon 

Document ethereal -- multiple vulnerabilities.

08:51 clement 

- Fix apache 2.1 range for CAN-2005-2088 entry which prevents apache 2.0 from
  upgrading.

Pointyhat to:   clement, remko
Reviewed by:    erwin

04:22 remko 

Mark apache+mod_ssl-1.3.33+2.8.22_1 as not vulnerable in the latest Apache
entry.

17:21 remko 

There must be an curse. s/il/li/.

Noticed by:     nectar

17:01 remko 

Update my latest Apache entry to make clear that this only affects certain
installations (when Apache is used as a HTTP proxy in combination with some
web servers). I didn't make that clear in the first commit.

Requested by:           nectar
Discussed with:         clement

15:57 remko 

Document apache -- http request smuggling.

Requested by:   clement
Glanced at by:  clement

13:32 erwin 

Set modified date in entry for previous commit.

Cluebat swung by:       simon

10:50 erwin 

Note that the fd_set vulnerability in net/bld was fixed in 0.3.3

Prodded by:     garga
Glanced at by:  remko

15:57 hrs 

Document clamav -- multiple remote buffer overflows.

09:30 simon 

- Document isc-dhcpd -- format string vulnerabilities (older
  vulnerabilty). [1]
- Use standard title format for latest egroupware entry.

Reminded by:    Panagiotis Christias [1]

02:03 kuriyama 

Add entry for eGroupWare's recent vulnerabilities.

09:44 barner 

Document denial of service attack in fetchmail 6.5.2.1.

Reported by:    Matthias Andree <matthias.andree@gmx.de>
Reviewed by:    simon

21:13 simon 

Update phppgadmin entry to note that it was fixed in 3.5.4 and add a
few references while here anyway.

Prodded by:     Tobias Roth (I think :-) )

16:31 simon 

Document dnrd -- remote buffer and stack overflow vulnerabilities.

13:38 simon 

Fix typo in last commit

Noticed by:     Matthias Andree <matthias.andree@gmx.de>

10:56 simon 

Add more references to latest fetchmail entry [1] and sort references
while here anyway.

Submitted by:   Matthias Andree <matthias.andree@gmx.de> [1]

08:43 trhodes 

Document an issue with the LDAP backend provided by PowerDNS.

19:43 simon 

Document fetchmail -- remote root/code injection from malicious POP3
server.

Submitted by:   Matthias Andree <matthias.andree@gmx.de>

20:07 mich 

o add kdebase (kate) vulnarability.

Reviewed by:    simon

09:54 simon 

Add CVE names to recent bugzilla entry.

14:38 simon 

- Document firefox & mozilla -- multiple vulnerabilities.
- Minor style nit in drupal entry: Use port name (i.e. lower case) as
  first part of the title.

11:29 erwin 

Add an entry for the drupal vulnerabilities.

14:35 niels 

Fixed incorrect newsfetch and mnogosearch affected package versions

Approved by:    nectar (mentor)

03:04 kuriyama 

Markup fixed version of net-snmp problem.

20:02 remko 

Correct a typo: s/lemote/remote/

Spotted by:     simon

19:57 remko 

Document the following vulnerabilities:
phpSysInfo -- cross site scripting vulnerability
mysql-server -- insecure temporary file creation
net-snmp -- fixproc insecure temporary file creation
phpbb -- multiple vulnerabilities
shtool -- insecure temporary file creation

Approved by:            simon

21:36 simon 

Document phppgadmin -- "formLanguage" local file inclusion vulnerability.

21:17 simon 

Document pear-XML_RPC -- information disclosure vulnerabilities.

21:03 simon 

Document ekg -- insecure temporary file creation.

20:29 simon 

Document bugzilla -- multiple vulnerabilities.

20:04 simon 

Document nwclient -- multiple vulnerabilities (old issues).

PR:             ports/82101
Submitted by:   niels
Noticed by:     Derik van Zuetphen <dz@426.ch>

22:46 simon 

Add CAN reference to recent phpbb vulnerability.

22:25 simon 

Document acroread -- insecure temporary file creation.

22:14 simon 

Document two calmav vulnerabilities.

21:34 simon 

- Add FreeBSD-SA-05:16.zlib.
- Fix ranges for recent security advisories, a bunch of <le> really
  should have been <lt>.

20:45 simon 

Document acroread -- buffer overflow vulnerability.

21:13 simon 

Document net-snmp -- remote DoS vulnerability.

20:33 simon 

Document cacti -- multiple vulnerabilities.

Prodded by:     Babak Farrokhi <babak@farrokhi.net>

19:01 simon 

- Add another reference to bzip2 -- denial of service and permission
  race vulnerabilities.
- Document two cases of wordpress -- multiple vulnerabilities.

08:40 hrs 

Document the following issues:
 - phpbb -- remote PHP code execution vulnerability
 - pear-XML_RPC -- arbitrary remote code execution

08:12 simon 

Add certvu reference to kernel -- TCP connection stall denial of service
vulnerability.

23:00 simon 

Add FreeBSD-SA-05:13.ipfw, FreeBSD-SA-05:14.bzip2, and
FreeBSD-SA-05:15.tcp.

20:38 simon 

Document ethereal -- multiple protocol dissectors vulnerabilities.

10:22 hrs 

Document tor -- information disclosure.

09:09 hrs 

Document linux-realplayer -- RealText parsing heap overflow.

06:55 hrs 

Document ruby -- arbitrary command execution on XMLRPC server.

09:58 sem 

- net/cacti - potential SQL injection and cross site scripting attacks

22:34 simon 

Document three opera issues.

20:18 simon 

Document sudo -- local race condition vulnerability.

19:17 simon 

Add another reference to the latest tcpdump issue.

19:09 simon 

- Add entry for trac -- file upload/download vulnerability.
- Improve the last couple of entries a bit:
  - Whilespace cleanup.
  - Use standard topic format (port name first, then description
    starting with lower case).
  - Make sure SpamAssasin entry also match other 3.0.3 port revisions.

07:30 sem 

- razor-agents DoS vulnerabilities

PR:             ports/82414
Submitted by:   dawnshade <h-k@mail.ru>

04:57 hrs 

Fix year in <discovery> and <entry>.

Noticed by:     nectar
Pointy hat to:  hrs

17:27 hrs 

Document SpamAssassin -- Denial of service vulnerability.

17:15 hrs 

Document squirrelmail -- Several cross site scripting vulnerabilities.

16:54 hrs 

Document acroread -- XML External Entity vulnerability.

14:49 simon 

Use standard topic format for gzip vulnerability.

14:32 simon 

Document FreeBSD-SA-05:11.gzip.

23:19 simon 

Document SA-05:10.tcpdump.

19:12 simon 

Document two vulnerabilities in Gaim.

18:37 nectar 

Document an older, more serious gallery vulnerability.

18:30 nectar 

Document XSS vulnerabilities in gallery.

18:11 nectar 

Document KDE kstars vulnerability.

17:00 nectar 

Document fd_set overruns reported by 3APA3A.

08:44 simon 

Document leafnode -- denial of service vulnerability.

Submitted by:   Matthias Andree <matthias.andree@gmx.de>

19:45 nectar 

Document a directory traversal issue in older GForge versions.

19:29 nectar 

Document an authentication bypass vulnerability in imap-uw.

19:18 nectar 

Document squid denial-of-service vulnerabilities.

19:08 nectar 

Document a remote denial-of-service vulnerability in racoon.

18:24 nectar 

Document integer overflows in xli.

18:19 nectar 

Document arbitrary command execution vulnerabilities in xli and
xloadimage.

18:01 nectar 

Add new CVE names for yamt entry.

17:56 nectar 

Correct and improve recent xli entry:
* It actually affected xloadimage and xli
* A slightly better topic than just "buffer overflows"
* More refererences
* Fix the version number for xli... it is still vulnerable as of this
  writing

16:26 nectar 

Correct recently added yamt entry:
* This is not CAN-2004-1302, which was documented much earlier
* Try to explain the issue
* Add the only public reference to the issue I can find

04:48 trhodes 

Buffer overflow in xli.

02:15 trhodes 

Fix breakage I caused.

02:09 trhodes 

Note buffer overflows and directory transversal issues in audio/ymat.

17:16 nectar 

Update entry for FreeStyle Wiki:
* <topic> style: ASCII em-dash "--" for separator
* replace quoted text with more informative excerpt from a Secunia
  advisory
* add CVE name

17:07 nectar 

Document vulnerabilities in XView library.

16:52 nectar 

document a vulnerability in xtrlock