15:53 nectar 

correct version number for mailman password generation issue

15:51 nectar 

Document vulnerability in set-user-ID sympa application.

15:36 nectar 

Another older mailman vulnerability, somewhat minor

15:27 nectar 

Add year-old mailman vulnerability, that seems to not have been
previously documented here.

14:48 nectar 

document Apache Jakarta Tomcat 5.x XSS issue

15:01 simon 

Mark samba-2.2.12.j1.0beta1_2 as safe from "samba -- integer overflow
vulnerability".

Reminded by:    NAKAJI Hiroyuki <nakaji@jp.freebsd.org>

03:06 kuriyama 

- Update to 3.5.8 (including XSS problem fix).

Submitted by:   Toshiya SAITOH <toshiya@saitoh.nu>
PR:             ports/81520

13:27 remko 

Remove a forgotten :.

Spotted by:             simon

13:18 remko 

Document the following issues:

o freeradius -- sql injection and denial of service vulnerability
o ppxp -- local root exploit
o oops -- format string vulnerability

Approved by:    simon

19:56 simon 

Fix entry dates for latest squid entries.

19:48 remko 

Reword the cdrdao entry, this includes comments from Simon which i overlooked.

Forgotten by:   remko
Spotted by:     simon

14:17 pav 

- Update Squid to 2.5.STABLE10

PR:             ports/81213
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de> (maintainer)

04:17 remko 

Document cdrdao -- unspecified privilege escalation vulnerability.

Approved by:            simon

03:43 simon 

Document two gaim issues.

16:24 nectar 

Add FreeBSD-SA-05:09.htt.

15:32 nectar 

Update some leafnode references.
Add new leafnode vulnerability.

PR:             ports/80724
Submitted by:   Matthias Andree <matthias.andree@gmx.de>

09:59 simon 

Document two new vulnerabilities in mozilla/firefox.

19:00 simon 

Document mozilla -- code execution via javascript: IconURL vulnerability.

07:04 okazaki 

Document some vulnerabilities in groff.
- pic2graph and eqn2graph are vulnerable to symlink attack through temporary
files
- groffer uses temporary files unsafely

PR:             ports/80671
Submitted by:   KOMATSU Shinichiro

10:14 sem 

- gnu-radius exploitation was fixed in maintenance release 1.2.94
  as reported in
http://www.idefense.com/application/poi/display?id=141&type=vulnerabilities

PR:             ports/80558 (follow-up)
Submitted by:   Vsevolod Stakhov <vsevolod@highsecure.ru>

18:57 glewis 

. Update the version for the jar(1) vulnerability so that 1.2.2p11_4 is
  no longer considered vulnerable.  Adjust the modified date for the entry.

14:33 remko 

Document sharutils -- unshar insecure temporary file creation

Approved by:            simon

12:25 remko 

Document rsnapshot -- local privilege escalation

Approved by:    simon

00:30 brooks 

coppermine -- IP spoofing and XSS vulnerability

15:00 glewis 

. Correct the range of vulnerable jdk14 ports for the jar(1) vulnerability
  and update the modified time for the entry.

21:35 simon 

Document ImageMagick -- ReadPNMImage() heap overflow vulnerability.

21:24 simon 

Bump modified date for last commit.

20:46 glewis 

. Adjust ranges so that jdk-1.3.1p9_5 is no longer marked as vulnerable to
  the jar(1) vulnerability but is still marked vulnerable to the browser
  plugin vulnerability (although the plugin is no longer built by default).

21:53 simon 

Document mplayer & libxine -- MMS and Real RTSP buffer overflow
vulnerabilities.

21:10 simon 

Document some older vulnerabilities in GAIM.

11:40 simon 

Document kdewebdev -- kommander untrusted code execution vulnerability.

21:53 remko 

Fix a typo in the kdelibs - kimgio entry.

21:52 remko 

junkbuster -- heap corruption vulnerability and configuration modification
vulnerability

Approved by:            simon

08:22 simon 

Document kdelibs -- kimgio input validation errors.

22:09 simon 

Mark latest openoffice 1.1 as fixed wrt. openoffice -- DOC document
heap overflow vulnerability.

Informed by:    maho

11:14 remko 

Document gld -- format string and buffer overflow vulnerabilities

15:34 naddy 

Document remote buffer overflow in ftp/axel.

22:52 simon 

Document firefox -- PLUGINSPAGE privileged javascript execution (also
from the < 1.0.3 batch).

22:35 remko 

Document jdk - jar directory traversal vulnerability.

Approved by:    simon

16:12 simon 

Document several mozilla/firefox issues.

21:47 simon 

Mark wget >= 1.10.a1 safe from the "wget -- multiple vulnerabilities"
entry.

Info provided by:       sf

23:17 simon 

Document openoffice -- DOC document heap overflow vulnerability.

08:24 simon 

Fix and document insecure temporary file handling in portupgrade.

Security:       CAN-2005-0610
Security:      
http://vuxml.FreeBSD.org/22f00553-a09d-11d9-a788-0001020eed82.html
Approved by:    erwin (mentor), maintainer timeout
OK'ed by:       portmgr
Reviewed by:    nectar

19:41 simon 

Document three GAIM vulnerabilities.

18:47 simon 

Document an old PHP issue.

10:22 simon 

Document squid -- DoS on failed PUT/POST requests vulnerability.

Submitted by:   Devon H. O'Dell <dodell@offmyserver.com> (original version)

20:42 pav 

- Fix closing tag on the entry I just touched.

Pointed out by: still Chimera
Blaming:        too much bear earlier tonight

20:38 pav 

- Add <modified> to the entry I just touched

Prodded by:     Chimera

20:21 pav 

- CAN-2005-0133 is fixed in clamav-devel-20050408

PR:             ports/79688
Submitted by:   Renato Botelho <freebsd@galle.com.br>

20:57 simon 

Bump modified date for entry modified last commit.

20:03 ume 

add CVE name to latest vuln of Cyrus IMAPd.

19:57 thierry 

Add an entry for a XSS vulnerabilty fixed in horde-3.0.4.

20:06 simon 

Document wu-ftpd -- remote globbing DoS vulnerability.

06:53 simon 

Add CVE name to hashash entry.

23:15 naddy 

Document hashcash format string vulnerability.

20:49 simon 

Document clamav -- zip handling DoS vulnerability.

Approved by:    portmgr (blanket, VuXML)

14:15 nectar 

Document Wine information disclosure.

Based on an entry that was
Submitted by:   Devon H. O'Dell <dodell@offmyserver.com>
Approved by:    portmgr (blanket, VuXML)

14:08 nectar 

Document the most serious of the recently disclosed
Mozilla/Firefox/Thunderbird vulnerabilities.

Based on entries that were
Submitted by:   Devon H. O'Dell <dodell@offmyserver.com>
Approved by:    portmgr (blanket, VuXML)

18:29 nectar 

Document Sylpheed buffer overflow.

Reminded by:    netchild
Approved by:    portmgr (blanket, VuXML)

21:19 simon 

Document xv -- filename handling format string vulnerability.

Approved by:    portmgr (implicit, VuXML)

20:27 simon 

Document kdelibs -- local DCOP denial of service vulnerability.

Approved by:    portmgr (implicit, VuXML)

19:16 simon 

Mark grip port as fixed for recent vulnerability.

Requested by:   ahze

21:13 simon 

Document phpmyadmin -- increased privilege vulnerability.

19:40 danfe 

Note that recent Quake2-LNX is fixed.

14:27 ale 

Recent mysql snapshot import fixed several vulnerabilities.

21:55 simon 

Document ethereal -- multiple protocol dissectors vulnerabilities.

20:19 simon 

Document "grip -- CDDB response multiple matches buffer overflow
vulnerability".

19:49 simon 

Update references for latest MySQL entry:

- Use bid tag for Bugtraq ID reference.
- Add CVE names.

15:16 ale 

Document multiple mysql remote vulnerabilities.

10:31 thierry 

Add an entry about rxvt-unicode bufer overflow.

22:52 simon 

Document two phpMyAdmin issues.

21:26 simon 

Document libexif -- buffer overflow vulnerability.

15:45 nectar 

Fix invalid date.

Noticed by:     Kang Liu <liukang@bjut.edu.cn>

17:06 nectar 

Add <modified> date for recent commit to phpbb vulnerability.

Forgotten by:   delphij

While here, add msgids for recent phpbb addition.

15:53 delphij 

Document a low risk HTML injection (configuration bypass)
vulnerability [1] of phpBB.

(maintainer contacted and is preparing a fix)

[1] http://marc.theaimsgroup.com/?l=bugtraq&m=110987231502274

15:42 delphij 

Add bugtraq bug ID for phpbb vulnerability.

Submitted by:   Kang LIU <liukang bjut edu cn>

18:14 nectar 

Document two phpnuke vulnerabilities, and a Linux RealPlayer
vulnerability.

Based on entries that were
Submitted by:   Devon H. O'Dell <dodell@sitetronics.com>

22:20 simon 

- Document ImageMagick -- format string vulnerability.
- Fix typo on older tiff entry.

13:17 nobutaka 

Document the privilege escalation vulnerability in uim.

13:39 nectar 

Fix typo in linux-tiff version number for
http://vuxml.freebsd.org/8f86d8b5-6025-11d9-a9e7-0001020eed82.html

Reported by:    Ian Moore <no-spam@swiftdsl.com.au>

13:23 nectar 

Document lighttpd information disclosure bug.

This entry is based on one that was
Submitted by:   Devon H. O'Dell <dodell@offmyserver.com>

13:41 nectar 

Fix typo in linux-tiff version number for
http://vuxml..freebsd.org/fc7e6a42-6012-11d9-a9e7-0001020eed82.html

Reported by:    Ian Moore <no-spam@swiftdsl.com.au>

10:48 delphij 

Document latest phpBB critical security vulnerabilities.

Submitted by:   Kang LIU <liukang bjut edu cn>

03:42 nectar 

Correct the linux-tiff version number for several entries.

Reported by:    netchild

21:24 simon 

Document curl -- authentication buffer overflow vulnerability.

20:34 simon 

- Document cyrus-imapd -- multiple buffer overflow vulnerabilities. [1]
- Use bid tag for a reference in sup entry.

Advice from:    ume [1]

13:21 hrs 

Document format string vulnerabilities in net/sup.

21:12 simon 

- Just use mozilla in title for last entry for consistency.
- Document mozilla -- insecure temporary directory vulnerability.

20:36 simon 

Update list of affected mozilla/firefox ports by the web browsers --
window injection vulnerabilities entry.

14:25 simon 

Document mozilla & firefox -- arbitrary code execution vulnerability.

Submitted by:   Devon H. O'Dell <dodell@sitetronics.com> (original version)

04:55 nectar 

Improve the description of the latest phpBB information disclosure
bugs.

Submitted by:   delphij (in part)

15:43 hrs 

Document a format string vulnerability in mkbold-mkitalic.

Reviewed by:    simon

16:20 nectar 

Add CVE names for wget.

15:11 nectar 

De-confuse latest AWStats entry: rewrite description, and add relevant
references.  There were so many bugs, it was hard to keep them straight
(^_^).

14:37 nectar 

Format the <topic> of the most recent entry so that it is more
consistent with other entries.

13:13 delphij 

Document latest phpbb vulnerabilities.

Discussed with: phpbb maintainer

05:15 simon 

Add more references to recent putty vulnerability.

21:58 nectar 

The mod_dosevasive port was upgraded.

19:27 nectar 

Nit:
- In most recent `unace' entry, replace HTML entity with the Unicode
  character.  We do not use HTML entities so that a VuXML document may
  be processed without using the DTD.  (We also avoid character entity
  references for more natural grep'ing, sed'ing, and editor searching.)

Corrections:
- An invalid UUID was assigned to a FreeRADIUS vulnerability, and went
  undetected since last October.  (>_<)   Correct it.
- A bnc vulnerability was duplicated.  Cancel the older, less informative
  entry and update the newer entry.

15:37 naddy 

Document unace-1.2b vulnerabilities: buffer overflows, directory traversal.