Document monkey remote DoS vulnerability.

- Fix a typo (s/opensll/openssl)

Reported by:    pluknet <pluknet@gmail.com>

Document php multiple vulnerabilities.

Sponsored by:   iXsystems, Inc.

Document PostgreSQL multiple vulnerabilities.

Sponsored by:   iXsystems, Inc.

Add tptest pwd remote buffer overflow vulnerability.

Submitted by:   Mark Foster <mark foster cc>
PR:             ports/131938

- Document mozilla -- multiple vulnerabilities

Make the problem more visible by choosing a more descriptive subject.

Document freeradius remote packet of death exploit (CVE 2009-3111)

Submitted by:   "Danilo G. Baio" <dbaio bs2 com br>
PR:             ports/141318

- Mark Seamonkey 2.0 as safe

Reviewed by:    miwi

- Mark linux-firefox-devel as safe

Reviewed by:    miwi

- Fix build

- Document pligg -- Cross-Site Scripting and Cross-Site Request Forgery

- Document piwik -- php code execution

Requested by:   wen

- Fix previous entrys (formating etc)

- Document dovecot insecure directory permissions

Document linux-flashplugin -- multiple vulnerabilities.

Reviewed by:    miwi

- Document ruby 1.9.1 heap overflow vulnerability.

Document session fixation vulnerability in RequestTracker < 3.8.6

Reviewed by:    simon@, wxs@

- Add two CVE entries for expat2.

- Document opera -- multiple vulnerabilities

Request by:     itetcu

Fix the libtool entry to include 2.2.6a as vulnerable.

Document libtool vulnerability.

Reviewed by:    miwi@

- Cleanup (whitespaces/tabs)

document: libvorbis -- multiple vulnerabilities

Document "bugzilla" - information leak.

- Report a XSS vulnerability in net-mgmt/cacti port

- fix german wordpress name

- Document wordpress -- multiple vulnerabilities

Mark php5-gd 5.2.11_2 as safe.

- Note that CVE-2009-3546 has been fixed in graphics/gd.

Noticed by:     N.J. Mann <njm@njm.me.uk>

- Fix previous commit

- Document HTML-Parser denial of service

Document remote buffer overflow vulnerability in gd.

Document typo3 multiple vulnerabilities.

Notified by:    Wennrich, Markus <Markus Wennrich f-i-ts de>

Add an entry for VideoLAN-SA-0901, about multimedia/vlc.

- Document KDE -- multiple vulnerabilities

Reported by:    Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Fix previous entry

Add two opera vulnerabilities

PR:             140101
Submitted by:   Arjan van Leeuwen

- Fix latest entrys

Document vulnerability in net-p2p/ctorrent < 3.3.2_2 (CVE-2009-1759).

PR:             ports/139635
Submitted by:   Eygene Ryabinkin
Security:       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1759

- Fix linux-opera vuxml entry (it uses different version numbering scheme) [1]
- Add entry for opera-devel as well.

PR:             ports/140038 [1]
Submitted by:   Sato Kuro <poyopoyo@puripuri.plala.or.jp> [1]

- Document mozilla -- multiple vulnerabilities

Approved by:    miwi (secteam)

- Fix discovery date of a recent entry

- Document elinks < 0.11.4 buffer overflow vulnerability.

Add CVE reference provided by author via maintainer for the squidguard
issue.

Apply vendor fixes 20091015 and 20091019 to fix multiple vulnerabilities
of squidGuard 1.4.

Requested by:   maintainer
Security:       692ab645-bf5d-11de-849b-00151797c2d4

- Add an entry for Xpdf -- Multiple Vulnerabilities.

- Document django -- denial-of-service attack

- Document phpmyadmin -- XSS and SQL injection vulnerabilities

- Document php5 multiple security vulnerabilities.

PR:             ports/139196
Submitted by:   Mark Foster <mark@foster.cc>

- Document virtualbox -- privilege escalation

Add FreeBSD-SA-09:14.devfs to the VuXML list.

Hat:    secteam
Facilitated by: Snow B.V.

Add FreeBSD-SA-09:13.pipe to the VuXML list.

Hat:    secteam
Facilitated by: Snow B.V.

- linux-f10-pango is affected by 4b172278-3f46-11de-becb-001cc0377035 too.

Reported by:    "Edward Sanford Sutton, III" <mirror176@cox.net>

- Document mybb -- multiple vulnerabilities

PR:             based on 139197

- Document drupal -- Multiple Vulnerabilities

Submitted by:   Nick Hillard (based on)
Feature safe:   yes

- Rework latest horde-base entry (ee23aa09-a175-11de-96c0-0011098ad87f)

Feature safe:   yes

Fix a formatting issue.

Pointy hat to:          myself
Noticed by:             miwi
Feature safe:           Yes

Fix build.

Feature safe:   yes

Document a security problem in fwbuilder/libfwbuilder 3.0.4 - 3.0.6.
Generated iptables scripts when used to generate static routing
configurations have a security issue.

Feature safe:   Yes

Document "bugzilla" - two SQL injections, sensitive data exposure.

Feature safe:   yes

Adding an entry for three vulnerabilities fixed in the latest Horde
framework (i.e. the port www/horde-base).

- Fix formatting.
- Add link to the debian security advisory.
- Fix the description to be the actual citation from the official sources
  instead of some wild interpretation.  We do not know for sure if remote
  code execution is possible at all and from looking to the source code it
  seems unlikely as the buffer undeflown is allocated on the heap.  Moreover,
  it is not clear if this is exploitable in the default install.

Discussed with: az

Document nginx DoS condition.

Submitted by:   az@ (via IRC)

Add cvename and bid for cyrus-imapd potential buffer overflow
in Sieve.

Add ikiwiki vulnerability.

- Cleanup previous commit

- Add xapian-omega cross-scripting vulnerability

- Document mozilla firefox -- Multiple Vulnerabilities

Fix xml broke by my previous commit.

Document cyrus-imapd potential buffer overflow vulnerability in Sieve.

- Document silc-toolkit format string vulnerabilities. Unfortunately little
  information is provided publicly.

- Mark seamonkey as safe

- Update latest Opera entry,
        * add missing linux-opera
        * fix topic

- Fix vuxml build

Pointyhat to:   me

- Fix vuxml build

Pointyhat to:   itetcu

Add an atry for opera < 10.00

PR:             138449
Submitted by:   maintainer

- Fix cvenames

- Document dnsmasq -- TFTP server remote code injection vulnerability

PR:             138418 (based on)
Submitted by:   Matthias Andree <matthias.andree@gmx.de>

- I cannot confirm these vulns can be affected to 1.3.x and 2.0.x
  lines.  Limit this entry to 2.2.x until confirmed.

Add apache-2.2.12 fixes.

- Mark thunderbird 2.0.0.23 and higher as safe

Approved by:    secteam (miwi)

- Document pidgin, libpurple, and finch memory corruption.

PR:             ports/137997
Submitted by:   Armin Pirkovitsch <armin@frozen-zone.org>

- Document NUL byte problem in gnutls and gnutls-devel
- Document multiple vulnerabilities in older versions[1]

Note:  These have all been fixed with the exception of the NUL byte problem
in gnutls-devel.

PR:             [1]: ports/134785
Submitted by:   [1]: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Reviewed by:    miwi

- memcached -- memcached stats maps Information Disclosure Weakness

PR:             134206
Submitted by:   Mark Foster <mark___foster.cc>

- Update latest wordpress entry
   * add wordpress-mu which was also affected
- Mark latest fetchmail entry as safe

Document remote admin password reset vulnerability in wordpress <= 3.8.3

Reviewed by:    simon

- Document fetchmail -- improper SSL certificate subject verification

Fix typo in affected version number for vid
739b94a4-838b-11de-938e-003048590f9e

Submitted by:   Roberto Nunnari <robi@nunnisoft.ch> (Private eMail)
Reviewed by:    simon

- Fix improper formatting reported by miwi

- Add additioinal reference url for vid 739b94a4-838b-11de-938e-003048590f9e
reported by miwi

Reviewed by:    miwi

Document com_mailto Timeout Issue in www/joomla15

Cleanup whitespace and XML format using 'make tidy' and a bit manual
editing.

When running the tidy target:
- Pipe ouput into vuln.xml.tidy instead of stdout.
- Don't hide what command we are running so it's clear where the tidy
  version of the output went.

Various affects fixes to the last 3 Mozilla/Firefox entries to make then
match correctly against package names.  In particular the port name
instead of package name was used in a couple of places.  For Seamonkey
and Thunderbird where no known fixes exist don't include a fixed
version.

- Update previous subversion entry,
  add missing p5-subversion and py-subversion

- Fix latest firefox entry.

Reported by:    b.f <bf1793@gmail.com>

Document subversion -- heap overflow vulnerability.

Add a few CVE names to the 'squid -- several remote denial of service
vulnerabilities' entry.

Document bugzilla -- product name information leak.

- Mark squid 3.1.0.12 as safe