22:06 nectar 

Repair broken URL.

Noticed by:     simon

21:07 nectar 

Add two issues covering three KDE advisories:  two temporary file
handling issues, and a KHTML issue.

20:54 marcus 

The last commit should have changed the comparison tag from <le> to <lt>.

20:44 marcus 

Update Gaim vulnerability (5b8f9a02-ec93-11d8-b913-000c41e2cdad) to indicate
that gaim-0.81_1 has a fix for this.

19:23 nectar 

The MSN component of Gaim contains remotely exploitable buffer
overflows.

19:05 nectar 

The Adobe Acrobat Reader can be coerced into executing arbitrary
commands on UNIX systems.

18:56 nectar 

Under certain configurations of POPfile may allow an attacker to
retrieve files from the victim's machine.

Reported by:    Daniel Grund <mail@dgrund.de>

18:43 nectar 

Correct version information syntax in a number of entries.  VuXML-using
tools are expected only to understand actual package names and version
numbers, not globs such as `foo-{bar,baz}' or `1.*'.

11:58 eik 

give the ImageMagick png vulnerability an own entry

22:57 eik 

f72ccf7c-e607-11d8-9b0a-000347a4fa7d is a duplicate of
6f955451-ba54-11d8-b88c-000d610a3b12, move references

11:00 eik 

add a reference for linux-png-1.0.x to 3a408f6f-9c52-11d8-9366-0020ed76ef5a

15:10 eik 

add ImageMagick to the list of png-vulnerable ports

08:33 eik 

correct typo

21:51 marcus 

Add an entry for Thunderbird to the libpng vulnerability.

23:35 eik 

move abe47a5a-e23c-11d8-9b0a-000347a4fa7d to vuxml, add mozilla to the list of
vulnerable ports

14:27 eik 

move f9e3e60b-e650-11d8-9b0a-000347a4fa7d to vuxml, add mozilla to the list of
vulnerable ports

11:19 eik 

Mozilla / Firefox user interface spoofing vulnerability

11:46 des 

Use & instead of naked &.

11:45 des 

Add CVE name and correct URL to iDEFENSE advisory for the SSLtelnet issue.

23:30 eik 

- add some references
- correctly match samba 3.0
- add ja-samba

15:45 trhodes 

Fix an XML tag.

15:22 trhodes 

Mark the 2.2.x series of Samba as vulnerable.

14:43 trhodes 

Recently announced Samba issue.

07:31 eik 

fix courier-imap version number

08:01 eik 

PHP memory_limit and strip_tags() vulnerabilities.

00:59 eik 

ethereal

14:24 eik 

move e5e2883d-ceb9-11d8-8898-000d6111a684 to vuln.xml

21:27 eik 

XSS vulnerability affecting other webmail systems

17:24 nectar 

Add missing mandatory <body> element for SSLtelnet issue.

12:03 des 

Add an entry for the SSLtelnet format string vulnerability.

15:27 naddy 

Pavuk HTTP Location header overflow

06:48 trhodes 

Move phpnuke vulnerabilities to VuXML.

14:24 eik 

GNATS local privilege elevation (corrected PORTREVISION)

13:31 eik 

GNATS local privilege elevation

09:13 des 

Whitespace cleanup.

09:12 des 

Add SA-04:13.linux

00:48 eik 

move "phpMyAdmin code injection" to vuxml

23:55 pav 

- Add phpMyAdmin 2.5.7 vulnerability.

  I hope I got XML right.

22:49 trhodes 

Use the equal '=' sign as only the current version was affected.

21:27 eik 

add a reference to ISC DHCP overflows

21:20 trhodes 

Add xorg-clients due to xdm socket vuln.

03:58 trhodes 

Move MoinMoin entry to VuXML.

19:26 eik 

reference cleanup

00:45 trhodes 

Fix the previous entry; it had an incorrect port range.

20:01 trhodes 

Add an entry for recent isc-dhcp3-server buffer overflows.
Remove the one in portaudit.txt.

17:18 trhodes 

Move giFT-FastTrack to VuXML.

02:04 trhodes 

Fix an older entry which ends with "buffer overflows vuxml".

Fill in a date on my previous entry.

01:35 trhodes 

Move the Gallery entry to VuXML.

00:36 eik 

www/sitecopy uses the included libneon version 0.24.0

22:03 eik 

I believe that linux-png-1.2.2 still contains the vulnerability.

Add some references that support this opinion.

20:04 pav 

- Extend png entry to cover it's linux-png variant

Requested by:   eik

21:05 fjoe 

Midnight Commander security vulnerabilities

CAN-2004-0226, CAN-2004-0231, CAN-2004-0232

fixed in mc-4.6.0_10.

12:22 eik 

add a $FreeBSD$ tag

20:38 des 

Add CAN-2004-0541 (buffer overflow in Squid NTLM authentication helper)

12:42 eik 

Fix for CAN-2004-0097

Forgotten by:   sobomax

21:21 des 

Correction: FreeBSD-SA-04:12.jailroute does not apply to 4.7 and older.

21:17 des 

Whitespace cleanup

21:17 des 

Add FreeBSD-SA-04:12.jailroute.

11:32 des 

FreeBSD-SA-04:11

11:49 ale 

Update modified date for mysql bug after fixing typo.

Requested by:   nectar

12:42 nectar 

Add CVE name for one of the leafnode issues.

12:39 nectar 

Edit the topics to distinguish a bit better between the different
leafnode DoS issues.

12:13 nectar 

Document several issues in leafnode.

Submitted by:    Matthias Andree <matthias.andree@gmx.de>

07:57 ale 

Fix typo.

Spotted by:     eik

21:06 nectar 

Correct a typo (s/Jon/Joe/)

20:21 nectar 

Add subversion and neon date parsing vulnerabilities.

12:57 des 

make tidy

12:55 des 

Add an entry for the cvs pserver heap overflow.

14:53 nectar 

Add CVE name and CERT Vulnerability Note references for old Cyrus bug.

14:43 nectar 

make tidy

14:40 nectar 

Forced commit to note that the content of the previous revision was
Reported by:    Ion-Mihai Tetcu <itetcu@apropo.ro>

14:39 nectar 

Add URI handling issue that affects Opera and KDE, at least.

11:50 ale 

Note that the mysqlbug has been fixed.

13:20 nectar 

Update version number for fspd, now that it has been corrected.

Reported by:    Radim Kolar <hsn@netmag.cz>

13:20 eik 

&, not |

13:13 eik 

ProFTPD vulnerability is fixed in
  <http://www.proftpd.org/docs/NEWS-1.2.10rc1>

Submitted by:   Koop Mast <kwm@rainbow-runner.nl>

16:01 nectar 

Add Cyrus IMSPd security release.

Reported by:    eik

15:28 nectar 

Add old Cyrus IMAP server heap buffer overflow.

Reported by:    eik

22:26 nobutaka 

The security issue of multimedia/xine (insecure temporary file creation in
xine-check, xine-bugreport) has been fixed in 0.9.23_3.

21:11 nectar 

Only one <modified> is allowed per entry.

20:40 des 

Correct the discovery date for the proftpd issue.

16:26 nectar 

Oops.  s/2005-05-05/2004-05-05/ :-)

16:12 nectar 

Second-guess Oliver and correct the affected entry for exim
in order to unbreak this file.

15:43 eik 

exim buffer overflow when verify = header_syntax is used

15:33 nectar 

Add phpBB session table exhaustion issue.

Submitted by:   Xin LI <delphij@frontfree.net>

21:49 nectar 

Add the issues covered in FreeBSD-SA-04:08.heimdal and
FreeBSD-SA-04:09.kadmind.

14:57 nectar 

make tidy

14:57 nectar 

Use PORTVERSION conventions for FreeBSD version numbers, so that
5.2.1-RELEASE-p5 becomes 5.2.1_5 (not 5.2.1p5, as it would have been
previously).

This is necessary because e.g. 5.2p1 > 5.2.1p5 using existing version
comparison tools.

20:15 nectar 

Correct package name for xchat Socks5 vulnerability (xchat -> xchat2).
Note that the issue is fixed in version 2.0.8_2 (thanks marcus!).

18:23 nectar 

Correct the fixed version for lha.

14:42 nectar 

png issue was fixed in png-1.2.5_4

16:55 nectar 

Add a vulnerability in www/pound.

Submitted by:   clement

Add a security-related regression in ftp/proftpd.
Add several security issues in misc/mc.
Add a DoS issue in graphics/png.
Add a security issues in archivers/lha.
Add recent advisories for xine.
Add rsync path traversal issue.

16:04 nectar 

tla is also affected by libneon issue.

PR:             ports/65754
Submitted by:   Frank Ruell <stoerte@dreamwarrior.net>

Additional reference for mysql issue.

Submitted by:   Daniel Harris <dannyboy@FreeBSD.org>

23:07 nectar 

Added CVE name for ident2 issue.
Added the ``new'' TCP DoS issue.
Added phpBB issue. (1)
Added XChat Socks5 issue.

Submitted by:   (1) Frankye - ML <listsucker@ipv5.net>

16:29 nectar 

Add mysqlbug temporary file handling vulnerability.
Add ident2 vulnerability.

make tidy (sorry, I meant to do this in a separate commit)

14:44 nectar 

Additional CVE name for recent CVS vulnerability.

00:49 nectar 

Add kdepim vulnerability

00:26 nectar 

Add neon vulnerability
Correct the version range for openh323

17:18 nectar 

Add CVS vulnerabilities.

15:10 nectar 

Document another racoon DoS vulnerability.
Note that racoon was also affected by the tcpdump ISAKMP vulnerability.