Vulnerability in sysutils/wemux

Document samba multiple vulnerabilities announced today.

Document asterisk vulnerabilities

MFH:	2014Q1

Document new vulnerabilities in www/chromium < 33.0.1750.149

Obtained from:	http://googlechromereleases.blogspot.nl/
MFH:		2014Q1

Properly indent the last entry.

Discussed with:	kwm

Unbreak vuxml.

Submitted by:	battlez
MFH:		2014Q1

Document freetype2 vuln.

MFH:	2014Q1

Reference xmms vulnerabilities: CVE-2007-0653 and CVE-2007-0654

Add security advisory for nginx-1.5.10.

Document new vulnerabilities in www/chromium < 33.0.1750.146

Obtained from:	http://googlechromereleases.blogspot.nl/

security/gnutls is fixed for CVE-2014-0092 and CVE-2014-1959

Document GnuTLS multiple certification verification issues.

Add an entry for the file DOS vulnerability, CVE-2014-1943

Use correct PORTREVISION for python33's CVE.

security/vuxml: Sort Python entry references alphabetically

MFH:		2014Q1
Reported by:	remko

security/vuxml: Document CVE-2014-1912 for Python 2.7 - 3.3

Python: buffer overflow in socket.recvfrom_into()

MFH:		2014Q1
Security:	CVE-2014-1912

- add entry for subversion CVE-2014-0032

Report new vulnerability in otrs to vuxml
Security:	CVE-2014-1695

Document new vulnerabilities in www/chromium < 33.0.1750.117

Obtained from:	http://googlechromereleases.blogspot.nl/
MFH:		2014Q1

The PostgreSQL Global Development Group has released an important
update to all supported versions of the PostgreSQL database system,
which includes minor versions 9.3.3, 9.2.7, 9.1.12, 9.0.16, and
8.4.20. This update contains fixes for multiple security issues, as
well as several fixes for replication and data integrity issues.  All
users are urged to update their installations at the earliest
opportunity, especially those using binary replication or running a
high-security application.

This update fixes CVE-2014-0060, in which PostgreSQL did not properly
enforce the WITH ADMIN OPTION permission for ROLE management. Before
this fix, any member of a ROLE was able to grant others access to the
same ROLE regardless if the member was given the WITH ADMIN OPTION
permission. It also fixes multiple privilege escalation issues,
including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064,
CVE-2014-0065, and CVE-2014-0066. More information on these issues can
be found on our security page and the security issue detail wiki page.

Security:	CVE-2014-0060,CVE-2014-0061,CVE-2014-0062,CVE-2014-0063
		CVE-2014-0064,CVE-2014-0065,CVE-2014-0066,CVE-2014-0067

- Last whitespace change
- Sort CVE entries

Notified by:	remko

Document the latest PMA security advisory: PMSA-2014-1

The version of PMA currently in ports (since 2014-02-09) is not
affected.

Add CVE entry to references

Notified by:	remko

whitespace

Notified by:	remko

Document Jenkins Security Advisory 2014-02-14

- Document recent vulnerabilities in www/lighttpd

Document phpmyfaq vulnerabilities

Update VUXML entry on recent otrs vulnerabilities

Suggested by:	remko@

Update the latest flash security advisory

Report the latest flash security issue

Document mozilla vulnerabilities

Reviewed by:	flo

- Add modified date to libyaml entry

- Add libyaml to the libyaml vulnerability entry

- Document libyaml vulnerability in pkg

Security:	CVE-2013-6393

Use the same URL as in blockquote.

Submitted by:	remko

- Fix format

Document socat vulnerability.

Security:	CVE-2014-0019

2 new OTRS vulnerabilities

Security:	CVE-2014-1471

rt42-4.2.1_3, which appears only on the 2014Q1 branch, should also be
counted as not vulnerable.

Document vulnerabilities in www/chromium < 32.0.1700.102

Obtained from:	http://googlechromereleases.blogspot.nl/

Formatting fixes

Submitted by:	remko

- Fix style for strongswan entry

Reported by:	remko

vuxml entry concerning	the recent security advisory about www/rt42
from 4.2.0 to 4.2.2 inclusive.  This is slightly unusual in the the
fix is applied to a completely different port
mail/p5-Email-Address-List which www/rt42 depends on..

Security:	d1dfc4c7-8791-11e3-a371-6805ca0b3d42

- Fix typo in last entry

Reported by:	bz

- Document multiple DoS vulnerabilities in strongswan

Security:	CVE-2013-5018
Security:	CVE-2013-6075
Security:	CVE-2013-6076

Document Varnish HTTP Cache < 3.0.5 DoS Vulnerability

Reviewed by:	remko

Update flash to 11.2r202.335
Report security issues

PR:		ports/185790
Reported by:	Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>

Cleanup the HTMLDOC entry, long lines and remove the ...
entries because I think it's not needed.  Also adjust
the previous entry by indenting correctly.

Hat:		secteam
Facilicated by:	Snow B.V.

Document HTMLDOC < 1.8.28 vulnerability.

Document virtualbox-ose vulnerabilities

Security:	CVE-2013-5892

Document new vulnerabilities in www/chromium < 32.0.1700.77

Obtained from:	http://googlechromereleases.blogspot.nl/
MFH:		2014Q1

Sort references

Submitted by:	remko

Document SA-13:07.bind

Fix the latest entry, it has many issues, make validate
told us exactly what was wrong. I redid the entry and
just took out the ul/li structure and replaced it with
regular paragraphs. It might be worth investigating
to use the FreeBSD SA that got released because of this
as the main text, which is best suited imo.

Hat:	    secteam

Mark net/ntp forbidden.

Security:	CVE-2013-5211 / VU#348126

Document the latest nagios vulnerability.

Security update to fix CVE-2014-0591 as reported at
https://kb.isc.org/article/AA-01078/74/

9.9.4 -> 9.9.4-P2
9.8.6 -> 9.8.6-P2
9.6-ESV-R10 -> 9.6-ESV-R10-P2

Security:	CVE-2014-0591 Remote DOS

Update libXfont to 1.4.7

This is a security fix and it is important to update, since it might lead to
a privilege escalation if the X server is run as root (which is the default)

Security:	CVE-2013-6462

Document OpenSSL 1.0.1e multiple vulnerabilities.

Correct ident for most recent entries.  No functional changes.

People, please be aware that we use the FreeBSD Documentation Primer
and that there are style rules we have to follow.  If you are in
doubt please consult me and I am more then willing to help.

Hat:	secteam

- mark as FORBIDDEN (zero day SQL vuln)

Security:	CVE-2013-7149

Cover gnupg1 ports/packages as well.

Apply vendor fix for CVE-2013-6422, cURL libcurl cert name check ignore
with GnuTLS.  Document the vulnerability fix in vuxml while I'm here.

Add about gnupg-1.4.16.

- document asterisk vulnerabilities
- correctly order references [1]

Reported by:	remko [1]

- update to 2.8.4
- add stage support

Security:	3b86583a-66a7-11e3-868f-0025905a4771

Document Zabbix agent remote command execution vulnerability.

Update to 5.3.28

Security:	47b4e713-6513-11e3-868f-0025905a4771

Update to nspr 4.10.2
Update to nss 3.15.3.1
Update firefox-esr and thunderbird to 24.2.0
Update firefox to 26.0
Update seamonkey to 2.23

- catch up with directory renames since USES=webplugins was introduced;
  fixes plugins not being automatically enabled after install
- linux-firefox and linux-seamonkey can play HTML5 audio [2][3] and
  measure about:memory usage, again
- dom.ipc.plugins.enabled->true no longer crash linux-firefox which makes
  some flash sites work again; as there's no nspluginwrapper in-between
  the infamous "youtube issue" never occurs
- install DEBUG with symbols [3] and describe the option better [4]
- enable dumping about:memory upon kill -65, kill -66 and GC/CC log
  upon kill -67 to a file under /tmp directory; linux-firefox uses
  kill -34, kill -35 and kill -36 respectively

PR:		ports/183861 [1]
PR:		ports/184006 [2]
PR:		ports/169896 [3]
PR:		ports/184285 [3]
PR:		ports/184286 [4]
Security:	dd116b19-64b3-11e3-868f-0025905a4771
In collaboration with: Jan Beich <jbeich@tormail.org>

- Group affected packages
- Sort CVE
- Fix indent

Notified by:	remko

Add entry for net/samba* CVE-2012-6150 and CVE-2013-4408

- Document Rails vulnerability

Document drupal multiple vulnerabilities.

Document new vulnerabilities in www/chromium < 31.0.1650.63

Obtained from:	http://googlechromereleases.blogspot.nl/

- Document multiple XSS core vulnerabilities for Joomla!
  (2.5.0 <= version <= 2.5.14, 3.0.0 <= version <= 3.1.5)

Update to version 1.3.3, which fixes an important crashy bug: denial of
service (server) using forcefully crashed aircrafts.

While here, reduce the diffs between other OpenTTD's VuXML entries; and
limit build logs verbosity to bulk package builders (or batch builds).

PR:		ports/184434, ports/184435
Submitted by:	Ilya A. Arkhipov
Security:	CVE-2013-6411

- security update to 3.3.1

This is a maintenance release that fixes a serious bug in the built-in HTTP
server. It was discovered that the handle_request() routine did not properly
perform input sanitization which led into a number of security
vulnerabilities.

An unauthenticated, remote attacker could exploit this flaw to execute
arbitrary commands on the remote host.

All users still using older versions are advised to upgrade to this version,
which resolves this issue.

Approved by:	crees (maintainer, per PM)
Security:	620cf713-5a99-11e3-878d-20cf30e32f6d

- security update subversion-1.8.5 / 1.7.14 [1]
- add vuxml entry
- let bindings ports load options file [2]

[1]
Version 1.8.5
(25 November 2013, from /branches/1.8.x)
http://svn.apache.org/repos/asf/subversion/tags/1.8.5

 User-visible changes:
  - Client-side bugfixes:
    * fix externals that point at redirected locations (issues #4428, #4429)
    * diff: fix assertion with move inside a copy (issue #4444)

  - Server-side bugfixes:

Make it more clear that "SAME URL" is actually the blockquote
url.

hat:	secteam

- Update devel/ruby-gems to 1.8.28
- Document security issues with 1.8.26 and 1.8.27 (CVE-2013-4287 and
CVE-2013-4363)

Security:	742eb9e4-e3cb-4f5a-b94e-0e9a39420600
Security:	54237182-9635-4a8b-92d7-33bfaeed84cd

- Fix and report heap overflow in floating point parsing issue in ruby

Security:	cc9043cf-7f7a-426e-b2cc-8d1980618113

Add entries about CVE-2013-4475 and CVE-2013-4476 for net/samba* ports.

Document new vulnerability in www/nginx (< 1.4.4) and www/nginx-devel (< 1.5.7).

Add back NO_STAGE which snuck away during testing.

Minor tweak to standard template in order to fit with convention

Document new vulnerability in www/chromium < 31.0.1650.57

Obtained from:	http://googlechromereleases.blogspot.nl/

Fix the OpenSSH entry, a version entry should be marked
on a per rule basis, and not on it's own lines, because
that would bogusly match other versions then intended.

When in doubt, please let me review your changes!!

hat:	secteam

Update to latest flash and mark the old one as vulnerable.

PR:		ports/183911
Submitted by:	Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>

Document new vulnerabilities in www/chromium < 31.0.1650.48

Obtained from:	http://googlechromereleases.blogspot.nl/

- Set MAINTAINER to ports-secteam

Requested by:	des@
With hat:	ports-secteam@

- Fix versions for entry 5709d244-4873-11e3-8a46-000d601460a4

- Document memory corruption in security/openssh-portable

Document vulnerability in irc/quassel

security/vuxml: add modified date for gnutls

Reported by:	kwm

gnutls3 3.1.15 is affected by the same vulnerability

Thunderbird is only at version 24.1.0, not 25.0

Add an entry for the recent mozilla vulnerabilities

- Update www/mod_pagespeed to 1.2.24.2,1
- Document security issue in mod_pagespeed

- Cancel the vuxml entry correctly

Notified by:	remko

- Revert previous commit