- Mark *seamonkey as safe

- Add CVE's referenc to 78f5606b-f9d1-11dd-b79c-0030843d3802

PR:             132797
Submitted by:   Mark Foster <mark@foster.cc>

- Mark mail/*thunderbird as safe

- Added more references to the netatalk

- Small cleanup

- Document netatalk -- arbitrary command execution in papd daemon

PR:             based on 132427
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Fix discovery date from previous entry

- Document gstreamer-plugins-good -- multiple memory overflows

PR:              based on 132428

- Document libsndfile -- CAF processing integer overflow vulnerability

PR:             based on 132371

- Fix roundcube entry

Pointy hat to:  me

- Document ffmpeg -- 4xm processing memory corruption vulnerability

PR:             based on 132434
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document roundcube -- webmail script insertion and php code injection

PR:             based on 130968

- Document proftpd -- multiple sql injection vulnerabilities

PR:             based on 132369

- Fix a typo

- Document zappix -- php frontend multiple vulnerabilities

PR:             based on 132315

- Document php-mbstring -- php mbstring buffer overflow vulnerability

PR:             based on 130603

- Document phppgadmin -- directory traversal with register_globals enabled

PR:             based on 132346

- Document opera -- multiple vulnerabilities

PR:             based on 132437

- Clean up latest curl entry

- Document epiphany -- untrusted search path vulnerability

- Document apache -- Cross-site scripting vulnerability

- Document pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability

Reviewed by:    tabthorpe

Document the cURL redirection security bypass - CVE-2009-0037.
I'll update the ftp/curl port itself ASAP.

PR:             132299
Reported by:    Mark Foster <mark@foster.cc> (the PR),
                Daniel Bond <db@danielbond.org> (e-mail)

Bump the modified date for the previous Firefox change.

Requested by:   miwi

Correct the Firefox 2.0 version for the recent Firefox vulnerabilities.

- Add CVE entries for last lighttpd security issue.

Reported by:    Eygene Ryabinkin <rea-fbsd___codelabs.ru>

- Update to 1.7.5
- Added UPDATING entry about incompatibility between 1.7.4 and 1.7.5
- Added vuln.xml entry for local file inclusion vulnerability in <1.7.5
- Added maintainer mode target in ZF Makefile to speed up fixups of
  pkg-plist output from genplist

Security:       cf495fd4-fdcd-11dd-9a86-0050568452ac
Security:       http://framework.zend.com/issues/browse/ZF-5748
Security:      
http://weierophinney.net/matthew/archives/206-Zend-Framework-1.7.5-Released-Important-Note-Regarding-Zend_View.html

- Document dia -- remote command execution vulnerability

Reviewed by:    miwi

- Document pycrypto -- ARC2 module buffer overflow

PR:             based on 131689
Submitted by:   Mark Foster <mark@foster.cc>

Update the latest firefox vulnerability ranges.

Minor whitespace nits.

- Update previous entry
   * remove duplicate bid entry
   * add more referens
   * fix whitespaces

Document Varnish 2.0 DoS.

PR:             ports/131690
Submitted by:   Mark Foster <mark@foster.cc>

- Document tor -- multiple vulnerabilites

- Fix portaudit conflict with www/firefox and www/firefox3
- Mark www/firefox and www/linux-firefox FORBIDDEN

Discussion by:  simon/stas
With hat:       secteam

- Fix latest firefox entry

- Document firefox -- multiple vulnerabilities

- document codeigniter -- arbitrary script execution in the new
                          Form Validationclass

- Document pyblosxom -- atom flavor multiple XML injection vulnerabilities

Reviewed by:    miwi

- Document typo3 -- cross-site scripting and information disclosure

- Update latest squid* entry
        Add CVE-2009-0478

Submitted by:   jadawin

- Update ruby vuxml entries due to ruby19 version bump.

- Document amaya -- multiple buffer overflow vulnerabilities

PR:             based on 131508
Submitted by:   Mark Foster <mark@foster.cc>

- Document websvn -- multiple vulnerabilities

PR:             based on 130934
Submitted by:   Mark Foster <mark@foster.cc>

- Document phplist -- local file inclusion vulnerability

PR:             based on 130932

- Document squid -- remote denial of service vulnerability

PR:             based on 131431

- Fix topic s/typo/typo3

- Document typo3 -- Multiple Vulnerabilities

- Fix previous entry

Security update for sudo to 1.6.9p20 for CVE 2009-0034

Changes:
- Only use the cached supplementory group vector when matching groups
  for the invoking user. (security)
- When setting the umask, use the union of the user's umask and the
  default value set in sudoers so that we never lower the user's umask
  when running a command.
- Sudo now operates in the C locale again when doing a match against
  sudoers.

PR:             131446
Submitted by:   Eygene Ryabinkin
Security:       vid:13d6d997-f455-11dd-8516-001b77d09812

- Fix a typo (s/drual/drupal)

- Cleanup

- Document drupal -- multible vulnerabilities

Update php5-gd entry.

- Document perl -- Directory Permissions Race Condition

PR:             based on 129317

- Rework ganglia entry
  * Fix topic
  * Fix discovery and entry day

- Set modified for b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e entry
- more cleanup

- Document moinmoin -- multiple cross site scripting vulnerabilities

- Cleanup previous entry
        * remove whitespaces
        * sort bid/cvename/url

Upgrade Ganglia to 3.1.1 plus a fix for CVE-2009-0241.

PR:             ports/129822, ports/131067
Submitted by:   Mark Foster <mark at foster dot cc> (vuxml)
Security:       vid:b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e

- Document Tor -- Unspecified Memory Corruption Vulnerability

- Cleanup
        * Fix whitespaces/ Tabs
        * Sort <bid>/<cvename>/<url>

- Rewording 2ffb1b0d-ecf5-11dd-abae-00219b0fc4d (glpi -- SQL Injection)
- Add more reference sites

Document glpi -- SQL Injection vulnerabilty

PR:             ports/131011
Submitted by:   Mathias Monnerville <mathias@monnerville.com>

- Document openfire -- multiple vulnerabilities

PR:             ports/130606
Submitted by:   Mark Foster <mark foster.cc>

Update information about 9fff8dc8-7aa7-11da-bf72-00123f589060
and 651996e0-fe07-11d9-8329-000e0c2e438a, newer versions of
apache+ipv6 has the problems fixed.

Submitted by:   sumikawa

- Document two old ipsec-tools DoS

PR:             ports/129468
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document directory traversal bug in teamspeak server

PR:             ports/130608
Submitted by:   Mark Foster <mark@foster.cc>

- Document graphics/optipng buffer overflow

PR:             ports/129072
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document old gitweb privilege escalation vulnerability.

PR:             ports/130600
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

Document vulnerability in older versions of GNU tar.

PR:             130602
Submitted by:   Mark Foster <mark@foster.cc>

- Mark net-mgmt/nagios2 as secure

- Document mplayer -- vulnerability in STR files processor

PR:             based on 130573

- Cleanup previous entry
- Add more references

- Add missing blockquote and linewrap properly

- Document cgiwrap XSS vulnerability

PR:             ports/130277
Submitted by:   Eric W. Bates <ericx@vineyard.net>

- Document nagios -- web interface privilege escalation vulnerability

- Document pdfjam -- insecure temporary files

PR:             based on 130028

- Document verlihub -- insecure temporary file usage and arbitrary command
execution

- Document mysql -- empty bit-string literal denial of service

PR:             based on 129978
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Fix discovery date

- Document mysql multiple vulnerabilities:

        * mysql -- renaming of arbitrary tables by authenticated users
        * mysql -- remote Denial of Service via malformed password packet
        * mysql -- privilege escalation and overwrite of the system table
information

PR:             based on 130025
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

- Document imap-uw -- imap c-client buffer overflow

PR:             130013
Submitted by:   Mark Foster <mark@foster.cc>
Approved by:    maintainer timeout

- Fix a small typo

- Document imap-uw -- local buffer overflow vulnerabilities

PR:             128923
Submitted by:   Mark Foster <mark@foster.cc>
Approved by:    maintainer timeout

- Document libcdaudio -- remote buffer overflow and code execution

- Mark xterm 238 safe

Import latest FreeBSD-SA's so that we are up to date again.

- Document xterm vulnerability.

- Document PHP gd library vulnerability.

- Update awstats entry (also affect www/awstats-devel)

- Fix the affected version of awstats

- Document awstats -- multiple XSS vulnerabilities

PR:             ports/129957
Submitted by:   Eygene Ryabinkin <rea-fbsd _at\ codelabs.ru>
Approved by:    Alex Samorukov (maintainer)
Security:       http://secunia.com/advisories/31519

- Cleanup (fix whitespaces, typos)

- Completely fix CVE-2005-0448

PR:             ports/129301
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

Bump copyright year.

- Document vim -- multiple vulnerabilities in the netrw module

PR:             ports/129137
Submitted by:   Eygene Ryabinkin <rea-fbsd codelabs.ru>

Add vinagre -- format string vulnerability entry.

PR:             ports/129959
Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>

Document twiki - multiple vulnerabilities

Add entry for roundcube.

Submitted by:   Eygene Ryabinkin <rea-fbsd@codelabs.ru>