- Document squirrelmail -- Session hijacking vulnerability

- Fix discovery from my previous commit

- Document proftpd -- Long Command Processing Vulnerability

- Document phpmyadmin -- cross-site scripting vulnerability

- Document gallery -- multiple vulnerabilities

Approved by:    portmgr (secteam blanked)

- Replace phpmyadmin with phpMyAdmin to fix portaudit

Note:
        portaudit does not flag phpmyadmin as vulnerable,
        so we need to change it to the pkgname (phpMyAdmin).

Reported by:    glarkin@
Reviewed by:    simon
Discussion on:  ports-security@
Approved by:    portmgr (secteam blanked)

- Document phpmyadmin -- Code execution vulnerability

Approved by:    portmgr (secteam blanked)

- Fix previous commit

Approved by:    portmgr (secteam blanked)

- Mark www/twiki FORBIDDEN due to security exploit

Approved by:    beech (mentor, implicit)
Approved by:    portmgr (pav)
Security:       http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195

- corrects the bid number from me previous commit

Approved by:    portmgr (secteam blanked)

- Document neon -- NULL pointer dereference in Digest domain support

Approved by:    portmgr (secteam blanked)

Document clamav CHM parser DoS issue.

Approved by:    portmgr (vuxml blanket)

- Document horde -- multiple vulnerabilities

Approved by:    portmgr (secteam blanked)

- Document python -- multiple vulnerabilities

Reviewed by:    remko/tabthorpe
Approved by:    portmgr (secteam blanked)

- Mark www/wordpress and german/wordpress as safe

Approved by:    portmgr (secteam approved: remko, blanket vuxml)

- Document wordpress, rails and mysql vulnerabilties.

Reviewed by:    remko
Approved by:    portmgr (secteam approved: remko, blanket vuxml)

Extend the Nagios entry to cover Nagios 3.x < 3.0.2. This covers the edge case
of `portupgrade -o net-mgmt/nagios-devel nagios'.

Approved by:    portmgr (simon@ using secteam blanket)

Add FreeBSD-SA-08:09.icmp6

Add FreeBSD-SA-08:08.nmount

Add FreeBSD-SA-08:07.amd64.

Hat:    secteam

Update for php5 safe_mode fix.

Fix XML in openvpn-devel entry: – was used but as vuln.xml does
not import HTML named entities this is not allowed - use –
instead which produces the same end result.

- Document opera -- multiple vulnerabilities

gnutls -- "gnutls_handshake()" Denial of Service

Use joomla15 as name for the vulnerability

Document joomla flaw in the reset token validation

Register a Buffer Overflow Vulnerability in CDF 3.2.

- Clean up whitespace a bit
- Wrap long lines where appropriate
- Fix previous commit

- Fix drupal5 version

- Document drupal - multiple vulnerabilities

- Document recent ruby vulnerabilities.

- fix make validate

Pointy hat to:  skv

- Fix previous commit.

Document bugzilla directory traversal vulnerability.

- Document openvpn-devel -- arbitrary code execution

PR:             126352 (based on)
Submitted by:   Matthias Andree <matthias.andree@gmx.de>

- Fix kdewebdev conflict with upcommig kdewebdev4

Reviewed by:    simon

Fix vuxml-entries for 'devel/bugzilla*'.

- Fix portversion

- Document phpmyadmin -- cross site request forgery vulnerabilites

- Document drupal - multiple vulnerabilities

Add the latest security advisory to vuxml.

Hat:    secteam

Document poppler -- uninitialized pointer.

- Document py-pylons -- Path traversal bug

- Document FreeType 2 -- Multiple Vulnerabilities

PR:             ports/124917
Submitted by:   Nick Barkas <snb threerings.net>

Document revised patch for CVE-2008-2711.

- Document phpmyadmin - Cross Site Scripting Vulnerability

PR:             124900

Update squid SNMP DoS vulnerability to cover squid 3.0STABLE6 as well.

Submitted by:   Thomas-Martin Seck <tmseck web de>

- Document apache -- multiple vulnerabilities

Reviewed by:    delphij

- Add missing <code></code> block around safe_mode.

Pointy hat to:  me

- Add a note to php-posix entry, that
  safe_mode is considred to be insecure
  by FreeBSD Security Team.
- Add <code> blocks around function
  names.

Suggested by:   simon

- Document php5-posix directory traversal vulnerability.

Fix the Firefox 3 part, it has no multiple vulnerabilities.

Reviewed by:    remko

- Document vim -- Vim Shell Command Injection Vulnerabilities

Reviewed by:    remko, miwi

- Document recent ruby vulnerabilities.

- Clean up whitespace a bit
- Wrap long lines where appropriate

Reviewed by:    remko

Document potiential crash in fetchmail < 6.3.8_6 (in -v -v verbose mode).

Unbreak VuXML.org build: Use correct syntax for CVE name in latest
moinmoin entry.

Document xorg -- multiple vulnerabilities.

- Document moinmoin -- superuser privilege escalation

Notified by:    Janos Mohacsi

add an error about courier-authlib < 0.60.6

Fix 2747fc39-915b-11dc-9239-001c2514716c.  zh-xpdf, ja-xpdf, and
ko-xpdf have nothing to do with "multiple remote Stream.CC
vulnerabilities" because they are packages which just install
additional data files.

Add entry for www/ikiwiki.

Approved by:    erwin (mentor, implicit)

Avoid confusion about backported www/ikiwiki security fix by not
mentioning version 2.48 in the entry.

Approved by:    erwin (mentor, implicit)

Add www/ikiwiki entry.

Approved by:    erwin (mentor, implicit)

- Fix range on previous commit

Noticed by:     miwi

- Document linux-flashplugin -- unspecified remote code execution
  vulnerability

Document XSS vulnerabilities in nagios and nagios-devel.

PR:             ports/123893 ports/123894
Submitted by:   Jarrod Sayers <jarrod@netleader.com.au> (maintainer)
Reviewed by:    miwi
Approved by:    garga (mentor, implicit)

Document spamdyke open relay vulnerability.

PR:             ports/124013
Reviewed by:    miwi
Approved by:    garga (mentor), miwi

- Add net-p2p/peercast entry.

Reviewed by:    miwi
Approved by:    mentor (implicit)

Document libvorbis security issues.

Document django XSS vulnerability.

Document vorbis-tools Speex header processing vulnerability.

Document qemu -- "drive_init()" Disk Format Security Bypass

- Sort previous commit

Add graphics/swfdec entry.

Approved by:    erwin (mentor)

- Thunderbird 2.0.0.14 is safe

- Document mt-daapd -- Integer overflow

PR:             123285 (based on)
Submitted by:   Mark D. Foster <mark@foster.cc>

- Document sdl_image - Buffer Overflow Vulnerabilities

- Mark PHP5 as safe

- Mark graphics/png as safe.

- Fix last gnupg entry.

PR:             123178 [1]
Submitted by:   Nick Barkas (via privat mail)
                bf <bf2006a@yahoo.com> [1]

- Clean up whitespace a bit
- Wrap long lines where appropriate
- Add a vim-friendly modeline

- A new Firefox vulnerability currently affects 10 of our ports, on
  average. A new VuXML entry usually forgets about 8 of them.

Wiki:           http://wiki.freebsd.org/VuXML

- Update last python entry python23 and python24 also affected

PR:             123153
Submitted by:   Nick Barkas <snb@threerings.net>

- Mark gnupg and gnupg1 as secure

- Document gnupg -- memory corruption vulnerability

Document extman password bypass vulnerability.

- Document mailman -- script insertion vulnerability.

Submitted by:   tabthorpe (one a month ago)
Discussed/Reviewed by:  tabthorpe

- now really fix the CVE entry

- Fix CVE entry from the previous commit

- Document mksh -- TTY Attachment Privilege Escalation.

- Document serendipity -- multiple cross site scripting vulnerabilities.

- Document firefox -- javascript harbage collector vulnerability.

- Add missing - in the previous entry

- Remove whitespaces
- Fix spelling

- Document png - unknown chunk processing uninitialized memory access

- Document openfire - unspecified denial of service

PR:             122872 (based on)

- Document php -- Integer Overflow Vulnerability

PR:             based on 122872

- Document python -- Integer Signedness Error in zlib Module

Document postgresql -- multiple vulnerabilities

PR:             120133 (basic on)
Submitted by:   Nick Barkas <snb@threerings.net>