- Document phpMyAdmin - Shared Host Information Disclosure.

- Document phpMyAdmin - Username/Password Session File Information Disclosure.

- Document libxine -- array index vulnerability

Reviewed by:    remko, miwi

Add an entry about clamav < 0.93 vulnerabilities

Reviewed by:    mnag

lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability

Add www/ikiwiki entry.

Approved by:    pav (co-mentor)

- Enrich Firefox 2.0.0.13 entry

- Use <mlist> as the references are mailing posts
- Correct discovery date

Noticed by:     simon

- Add entry for mail/postfix-policyd-weight

PR:             ports/122194
Reviewed by:    ports-security (miwi)

- Add entries for www/suphp and dns/powerdns-recursor

Reviewed by:    ports-security (remko, simon)

- Add entry for www/opera 9.26

PR:             ports/122400
Reviewed by:    remko, delphij

Document mozilla multiple vulnerabilities.

Reviewed by:    miwi, remko (via IRC)

Document buffer overflow in silc-client and silc-server.

Reviewed by:    remko
Approved by:    garga (mentor)

Document bzip2 crash with certain malformed archive files

- Ups remove duplicate url

- Fix previos commit
   * sort
   * more reference

Document qemu -- unchecked block read/write vulnerability

Reviewed by:    stas

- Fix previous commit
  * sort
  * more reference

- Add entry for dovecot

- Fix 2 typos form the previous commit

Submitted by:   simon/gahr

- Document mplayer - multiple vulnerabilities

- Entry for ghostscrip-gpl 8.61

Reviewed by:    ports-security@ (simon, remko)

- Document phpmyadmin -- SQL injection vulnerability

Reviewed by:    simon

- Document pcre -- buffer overflow vulnerability

PR:             ports/121224
Submitted by:   Nick Barkas <snb threerings.net>

- Document libxine -- buffer overflow vulnerability

Reviewed by:    miwi

- Mark mail/up-imapproxy as safe

Submitted by:   Abdullah Ibn Hamad Al-Marri <wearabnet@yahoo.ca>

- Document coppermine -- multiple vulnerabilities.

Reviewed by:    miwi

- Fix previous commit (use now <bid>)

- Document moinmoin -- multiple vulnerabilities.

Reviewed by:    remko

Document opera -- multiple vulnerabilities.

Document mozilla -- multiple vulnerabilities.

Document openldap modrdn DoS vulnerability

Document clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability

Submitted by:   "Eygene Ryabinkin" <rea-fbsd at codelabs dot ru>

- Fix previous commit

Discussed with: remko

Bump modification date for latest change.

xfce4-panel, libxfce4gui - mark the security problem which existed in 4.4.1 "<
4.4.2"

Noted by:       Carl Johan Gustavsson <carl.gustavsson@bahnhofbredband.se>

- mark claws-mail as safe

- Document a cacti vulnerability

Add entry for www/ikiwiki.

Approved by:    erwin (mentor)

- Fix grammar for www/zenphoto description

- Document www/zenphoto

Reviewed by:    remko

- Fix a typo

Submitted by:   antoine@

- Document jetty -- multiple vulnerability

PR:             120171
Submitted by:   Nick Barkas <snb@threerings.net>

- Bump modified from previous commit

Fix name of irc/dircproxy package.

Hat:            portmgr

Document libxine -- buffer overflow vulnerability.

Document xorg -- multiple vulnerabilities.

Reviewed by:    miwi

- Fix discovery line from the previous commit :(

- Document xfce -- multiple vulnerabilities

- Document claws-mail -- insecure temporary file creation

- Add modified date for previous commit

- Fix freeradius-devel entry, narrow down range to prevent affect later versions

PR:             ports/119582
Submitted by:   David Wood <david AT wood2.org.uk>
Reviewed by:    pav

- Fix previous commit (whitespaces, sorting)

- Add entry for ircservices

PR:             ports/119769
Approved by:    linimon (mentor)

Document libxine -- buffer overflow vulnerability.

Update the "firebird" entry to properly match corrected versions.

- Fix <name> sections from both previous committs

- Fix previous commit
  - Mark geeklog as safe
  - add cve

Reviewed by:    remko

- Document XSS vulnerability in geeklog 1.4.0

Reviewed by:    remko

- This vulnerability exists in PHP versions prior to 4.4.8, not
  after. Fix the entry.

Reported by:    Vadim Goncharov <vadimnuclight@tpu.ru>

Document multiple drupal issues.

Submitted by:   Nick Hilliard <nick@foobar.org>

- Document maradns -- CNAME record resource rotation denial of service

PR:             ports/119471 (based on)
Submitted by:   Mark D. Foster <mark@foster.cc>
Reviewed by:    simon

- Mark security/lsh as safe

Update php multiple vulnerability entry: revalent bugs were fixed in PHP 4.4.8.

- Fix linux-realplayer new version

- Fix range for linux-flahsplugin

- linux-realplayer -- multiple vulnerabilities

- linux-flashplugin -- multiple vulnerabilities

- Fix the last tcl/tk entry for portaudit.

Submitted by:   mm@
Reviewed by:    simon

Document dovecot specific LDAP + auth cache configuration may mix up user logins
vulnerability

Add more references to latest opera entry.

Make "gallery2 -- multiple vulnerabilities" follow the normal format for
VuXML entries.

- Document gallery2 -- multiple vulnerabilities

Submitted by:   Alex Varju <freebsd-ports@varju.ca> (maintainer)
Approved by:    linimon (mentor)

Update list if CVE names for latest wireshark entry.

- Document e2fsprogs -- heap buffer overflow

PR:             118848 (based on)
Submitted by:   Matthias Andree <matthias.andree@gmx.de>
Reviewed by:    remko

Document wireshark -- multiple vulnerabilities.

Document opera -- multiple vulnerabilities.

Document peercast -- buffer overflow vulnerability.

Unbreak vuln.xml: & -> &

Pointy hat to:  brooks

Upgrade to Ganglia 3.0.6.

Release 3.0.5 contained minor bug fixes.  3.0.6 corrects XSS
vulnerabilities in the webfrontend.

Security:        vid:fee7e059-acec-11dc-807f-001b246e4fdf

Sort references section for last commit.

- Mark latest linux-firefox/seamonkey-devel snapshots as safe
- Add (linux-)flock and linux-*-devel to latest firefox advisory
- Note that the tradition of covering more gecko ports with
  firefox-related advisories should probably be kept up

Document qemu -- Translation Block Local Denial of Service Vulnerability

Document drupal -- SQL injection vulnerability

Submitted by:   Nick Hilliard <nick at netability dot ie>

Document samba -- buffer overflow vulnerability.

Remove redundant "A" in the latest entry

- Fix previous commit
   - Sorting
   - more referencs

- Missed a section - smbftpd

Pointyhat to: Self

- Document smbftpd - format string vulnerability.

Requested by:   linimon
Approved by:    linimon (mentor)

Document jetty - multiple vulnerabilities

PR:             ports/118524
Submitted by:   Nick Barkas <snb at threerings dot net>
                with minor modifications by me
Approved by:    portmgr (secteam blanket)

Update to 2007.12.07 with fix security issue.

Security:       VuXML ID: 821afaa2-9e9a-11dc-a7e3-0016360406fa
                CVE-2007-6036
                http://aluigi.altervista.org/adv/live555x-adv.txt
Approved by:    portmgr (erwin)

Document liveMedia -- DoS vulnerability

Submitted by:   Rafae«l Careé <funm at videolan dot org>
                with modifications by me
Approved by:    portmgr (secteam blanket)

Update to reflect the squid issue has been assigned
CVE-2007-6239.

Approved by:    portmgr (ports-security blanket)

- Update gnu-finger entry
        * Fix cvename handling

Approved by:    portmgr (ports-security blanket)

http://nvd.nist.gov/nvd.cfm?cvename=CVE-1999-1165: gnu-finger is old,
creaky, and not for use in production environments.

Submitted by:   tabthorpe
Approved by:    portmgr (self)

Update to reflect an updated www/squid30 version which is no
longer vulnerable.

Approved by:    portmgr (ports-security blanket)

Update to reflect an updated www/squid version which is no
longer vulnerable.

Approved by:    portmgr (ports-security blanket)

Document squid denial of service vulnerability.  This can be
triggered from trusted squid client only.

Approved by:    portmgr (ports-security blanket)

Remove the rsync entry for now.  Better way of handling
this is still under discussion, as the vendor patch does
not automatically resolve problem for customized
configuration that have chroot = no.

Requested by:   pav
Approved by:    portmgr (ports-security blanket)

Document rsync security bypass vulnerability.

Approved by:    portmgr (ports-security blanket)