Belated VuXML entry for recent NVIDIA Unix driver arbitrary system memory
access vulnerability.

Reviewed by:    eadler, delphij
Security:       CVE-2012-0946

- Add entry for rubygem-mail

Revert my "correction" for php52. All the 5.2.x still affected to NULL
poison bug. Just tested both latest 5.2 and 5.3 with the script from here:
https://bugs.php.net/bug.php?id=39863
Sorry.

Mark php52 >= 5.2.15 as not vulnerable to NULL byte poisoning [1]. This problem
was fixed in 5.3.4 and 5.2.15 simultaneously.

[1] http://www.vuxml.org/freebsd/3761df02-0f9c-11e0-becc-0022156e8794.html

Reported by:     Svyatoslav Lempert <svyatoslav.lempert at gmail dot com>

- Add entry for www/node

- Add entry for p5-Config-IniFiles

Add references for the portupgrade advisory. Some code actually expects content
in this section.

Reported by:    dvl
Reviewed by:    wxs,zi

Unbreak vuln.xml format.
While here fix a long line.

Pointyhat:      scheidell

- Account for repocopy of php5 -> php53
- Account for php52 backport fix
- Add entry for php54 (which will be named php5)

Submitted by:   scheidell@ (me)

- Third time the charm. remove extra (

Submitted by:   scheidell@ (me)

- All versions of PHP between 2004 release and May 3rd, 2012 are vulnerable to
cmdarg attacks
- Note:  PHP 5.2.12 and 5.4.2 were created to address this issue, but did not.
- See WWW: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
- An additional, unreleased version is needed.

Submitted by:   scheidell@ (me)
Obtained from:  WWW:www.php.net/archive/2012.php#id2012-05-03-1
Security:       CVE-2012-1823

Fix PHP entry to match the actual package name

Submitted by:   simon

- Document www/webcalendar-devel - multiple vulnerabilities

Requested by:   eadler, Hanno Boeck <hanno@hboeck.de>

Document vulnerabilities in www/chromium < 18.0.1025.168

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3078-3081], CVE-2012-1521

- Document vulnerability in lang/php5

Document samba incorrect permission checks vulnerability.

Inform users that ports-mgmt/portupgrade-devel had unchecked distinfo

- Document vulnerability in net-mgmt/net-snmp (CVE-2012-2141)

- Document mozilla -- multiple vulnerabilities

Document dokuwiki CSRF vulnerability.

Document multiple asterisk vulnerabilities

Inform users of security vulns in wordpress

PR:             ports/167157

Unbreak vuxml by removing stray 'p'

Submitted by:   vuxml buildbot

Fix formatting in the first 10% of VuXML database file.

Fix whitespace: run through unexpand(1), spelling, wrap overly long lines.

Inform users about the recent openssl vuln

Reviewed by:    dinoex

- security update to bugzilla 3.0.9 and 4.0.6
- update russian/bugzilla3-ru template
- patch german templates so revision match and no warning is displayed
- add vuxml entry

Approved by:    skv (implicit)
Security:       https://bugzilla.mozilla.org/show_bug.cgi?id=728639
                https://bugzilla.mozilla.org/show_bug.cgi?id=745397
                CVE-2012-0465
                CVE-2012-0466

- document typo3 vulnerability

PR:     ports/167029

Add information about the recent nginx security vulnerability

PR:             ports/166990
Submitted by:   rodrigo osorio <rodrigo@bebik.net>

Document phpmyfaq -- Remote PHP Code Execution Vulnerability

- Slight cleanups for my puppet entry

Add logic to check for tidy differences in the 'make validate' target.

Approved by:    secteam (simon, maintainer)

- Document security issue with Puppet
- Update puppet for security issue

Security:       607d2108-a0e4-423a-bf78-846f2a8f01b0

Document samba root code execution vulnerability.

- document bugzilla Cross-Site Request Forgery

Document recent flash player vulnerabilities

Reviewed by:    nox

- Document vulnerability in graphics/png (CVE-2011-3048)
- Fix wording/spelling in 462e2d6c-8017-11e1-a571-bcaec565249c

Feature safe:   yes

As requested by eadler, revert the commit about the move of the
<!-- EOF --> tag. I cannot reproduce the error anymore, so it
might have been the reviewal entry or something else was locally
wrong.

I did a make validate before committing this to make sure it's
OK at this point, if someone encounters the same problem, please
let us know!

Feature safe:   yes

Document freetype 2 multiple vulnabilities.

Feature safe:   yes

- Fix vulnerability CVE-2011-1429.
- Add a patch to the mutt pager that handles non-breaking space
  characters (0xA0) in an UTF8 environment correctly.
- Bump PORTREVISION.

PR:             ports/166659
Submitted by:   Udo Schweigert <udo.schweigert@siemens.com> (maintainer)
Security:      
http://www.freebsd.org/ports/portaudit/49314321-7fd4-11e1-9582-001b2134ef46.html
Feature safe:   yes

Mention vulnerabilities in www/chromium < 18.0.1025.151

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3066-3077]
Feature safe:   yes

Someone forgot to do a make validate after adding the <!--EOF
line. It breaks the make validate.

Feature safe:   yes

Add a record for CVE-2012-1178.

Reported by:    Peter Jeremy <peterjeremy@acm.org>
Feature safe:   yes

Fix formatting so that "make tidy" passes

Feature safe:   yes

Another phpmyadmin security update.

ChangeLog:

http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.10.2/phpMyAdmin-3.4.10.2-notes.html/download

Welcome to phpMyAdmin 3.4.10.2, a minor security release.

3.4.10.2 (2012-03-28)
- [security] Fixed local path disclosure vulnerability, see PMASA-2012-2

Advisory:

http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php

Approved by:    shaun (mentor)
Feature safe:   yes
Security:       a81161d2-790f-11e1-ac16-e0cb4e266481

Document vulnerabilities in www/chromium < 18.0.1025.142

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3057-3065]
Feature safe:   yes

- quagga-re affected the last vulnerability too.

Feature safe:   Yes

Document CVE-2012-0037 for textproc/raptor and textproc/raptor2.

Security:       CVE-2012-0037
Feature safe:   yes

Fix formatting so that "make tidy" passes

Feature safe:   yes

- Document recent vulnerabilities in net/quagga (CVE-2012-0249, CVE-2012-0250,
CVE-2012-0255)

Feature safe:   yes

Correct version ranges.

Feature safe:   yes

Document Apache Traffic Server -- heap overflow vulnerability

Feature safe:   yes

Document vulnerabilities for www/chromium < 17.0.963.83

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3045,3049-3057]
Feature safe:   yes

Document GNUtls and libtasn1 security vulnerabilities.

Feature safe:   yes

- Cleanup

Feature safe:   yes

- Correct the last 3 firefox 3.6 entrys

PR:             166207
Submitted by:   Sergey Kandaurov <pluknet@gmail.com>
Feature safe:   yes

Document recent asterisk vulnerabilities.

Feature safe:   yes

Document CVE-2012-0884.

Feature safe:   yes

Document nginx -- potential information leak.

Feature safe:   yes

- Document mozilla -- multiple vulnerabilities

Feature safe:   yes

Do proper input validation for libXfont. This is for CVE-2011-2895.

Feature safe:   yes

Typo fix.

Feature safe:   yes

- Document portaudit -- auditfile remote code execution.
- Update (c) year.

Feature safe:   yes

Appease the tidy target. ;)

Feature safe:   yes

Document vulnerabilities in www/chromium < 17.0.963.79

Security:       CVE-2011-3047
Feature safe:   yes

Fix formatting so that "make tidy" passes

Feature safe:   yes

Document the latest flash player vulnerabilities

Reviewed by:    nox
Feature safe:   yes

Mark chromium < 17.0.963.78 as vulnerable.

Security:       CVE-2011-3046
Feature safe:   yes

Document jenkins XSS vulnerability.

Submitted by:   Gersom van de Bunt <gersom.vandebunt@pine.nl>

Add new vulnerabilities for www/chromium < 17.0.963.65

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3031-3044]

Document dropbear security issue

Approved by:    eadler (mentor)

Whitespace cleanup and stick to ASCII in recent openx entry.

document latest openx security issue

PR:     ports/165613

Document latest PostgreSQL vulnerabilities

Security:       http://www.postgresql.org/about/news/1377/

- Add information about make tidy checking now that it actually functions
- use ' instead of `
- add a note about ports-security

Document recent flash vulns

Reviewed by:    nox

Pacify 'make tidy' and use valid XML.
While make diff against the tidy version a canconical test.

Add libxml2 vulnability.

PR:             ports/164270
Submitted by:   kj <b4039413@nwldx.com>

Fixup python entry. No need to have python metaport listed.

Reviewed by:    miwi@

Minor whitespace fixup

Include PORTREVISION in plib version number to fix previous commit.

Document a remote code execution via a buffer overflow in PLIB.

Security:       CVE-2011-4620

  Security update to 3.4.10.1

    XSS in replication setup

  ChangeLog:

    Welcome to phpMyAdmin 3.4.10.1, a minor security release.

3.4.10.1 (2012-02-18)
- [security] XSS in replication setup, see PMASA-2012-1

  Security Advisory:

    http://www.phpmyadmin.net/home_page/security/PMASA-2012-1.php

Approved by:    shaun (mentor)

- document latest piwik security vulnerability

PR:     ports/165217

- document recent mozilla vulnerabilities
- wrap a long line

Document vulnerabilities in chromium < 17.0.963.56

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       CVE-2011-[3015-3027]

- Updated the recent WebCalendar entry to match <= 1.2.4 instead of < 1.2.4,
  since 1.2.4 (not yet in tree) is vulnerable, and 1.2.5 has not been
  released by upstream yet
- Fixed the URL in the recent WebCalendar entry
- Canonicalized naming in other WebCalendar entries
- Fixed various nits flagged by "make tidy"

This vuln also affects pypy

typo

Inform users of the DoS issue in the python SimpleXMLRPCServer function

Add the recently assigned cve number

Inform users of the XSS issue in the latest version of WebCalendar.

It seems that there has been no response from the vendor
and users may want to switch to an alternate product that fits their needs.

Whitespace fixes.

- Document mozilla -- use after free in nsXBLDocumentInfo::ReadPrototypeBindings

Inform bip users of buffer overflow (CVE-2012-0806)

Inform users of the private information disclosure bug in surf (CVE-2012-0842)

Reviewed by:    dougb

Fix style

Reported by:    flo@ via irc

Document last glpi vulnerabilities

Submitted by:   Mathias Monnerville <mathias@monnerville.com> via email

Document new Chromium < 17.0.963.46 vulnerabilities.

Obtained from: 
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Security:       fe1976c2-5317-11e1-9e99-00262d5ed8ee

Document Drupal core multiple vulnerabilities.