Add recent gnupg issue.

We are not affected by: CAN-2005-0018 in the
f2c entry (43cb40b3-c8c2-11da-a672-000e0c2e438a).  We do not have
the shellscript, and it is not installed.

Reported by:            thierry

Unbreak latest ruby entry by adding missing </lt>.

Run make tidy to clean up some style issues.

Only sort on entry date, not modified date.  It simply causes too much
repo churn with little value to resort all entries which have been
modified.

- The last vulnerabilities was fixed in ruby18 port

OK, I misunderstood Simon with this one.  The <gt>1.8.*</gt> entry
should have stayed and I interpreted that wrong.

Pointyhat:              remko

Fix my previous version commit.  The two entries matched twice when you
have ruby installed.  You learn something new everyday...

Noticed/discussed with:         simon

Mark all 1.6 and 1.8 versions as vulnerable, we do not have a fix
yet and are unable to tell what the naming scheme will be with
those patches.  We can narrow down the scope later, we should
not do so before we know the mentioned scheme.

Triggered by:           sem

Add a BID to the latest vuxml entry.
Some minor changes to the markup of the entry.

- Document Ruby vulnerability. [1]
- Fix URL in previous mutt entry while here.

Reported by:    Joel Hatton via freebsd-ports [1]

Add linux-thunderbird to mozilla -- multiple vulnerabilities entry.

Prodded by:     sat

Document apache -- mod_rewrite ldap buffer overflow vulnerability.

Thanks to remko for doing initial list of apache package names in an
earlier VuXML entry.

Fix error in latest mozilla entry which marked all firefox version as
vulnerable.

Reported by:    Craig Leres

Document mozilla -- multiple vulnerabilities.

Note I assume that linux-firefox-devel 3.0.a2006.07.26 is fixed, I
haven't actually checked (way to many issues to check for).

Add "zope -- information disclosure vulnerability" entry

Reviewed by:    simon

For latest drupal entry:
 - Unbreak vuln.xml format by adding content to the references section.
 - Remove vulnerabilities already documented in
   40a0185f-ec32-11da-be02-000c6ec775d9.

Add entry for drupal issues.

Add shoutcast crosssite scripting.

Submitted by:   gabor
Reviewed by:    simon

Cancel VID 0a4cd819-0291-11db-bbf7-000c6ec775d9 / opera -- JPEG
processing integer overflow vulnerability, since it turns out that the
issue does not affect the FreeBSD or Linux versions of Opera.

Source: http://www.opera.com/support/search/supsearch.dml?index=834

Correct dates in latest mambo entry by resetting entry date and adding
a modified date.

OK'ed by:       itetcu

Bump modified date for previous commit.

Requested by:   simon

The two two SQL injection vulnerabilities in Mambo described in
vid f70d09cb-0c46-11db-aac7-000c6ec775d9 are fixed in 4.5.4

PR:             ports/100044
Submited by:    maintainer

Fix markup breakage that slipped in just before commit of the latest
samba entry.

Document samba -- memory exhaustion DoS in smbd.

- For the latest trac entry include information from the release
  announcements about setups which are not affected.  To avoid having
  to reference two documents simply reference the release notes for
  all the information (it's basically the same as the changelog with
  slightly different wording).
- Add a modified date tag.

Document twiki -- multiple file extensions file upload vulnerability.

Improve markup for last entry.  No content change.

Add trac DoS.

Add an entry for Horde's latest vulnerabilities.

Document mambo -- SQL injection vulnerabilities.

 Document phpmyadmin -- cross site scripting vulnerability

Approved by:    markus (co mentor)

Document webmin, usermin -- arbitrary file disclosure vulnerability.

Details are unknown, all sources talk about an "unspecified" vulnerability.

Document mutt -- Remote Buffer Overflow Vulnerability.

Approved by:    ahze (mentor)

Document joomla --  multiple vulnerabilities

Approved by:    markus (co mentor)

Document hashcash -- heap overflow vulnerability.

Document gnupg -- user id integer overflow vulnerability.

Document opera -- JPEG processing integer overflow vulnerability.

Update the webcalendar entry, use alphabetic sorting, no functional
change of information.

Add an entry for Horde's latest XSS vulnerabilities.

Add webcalendar -- information disclosure vulnerability.

PR:             ports/98993
Submitted by:   Gregory C. Larkin <glarkin@sourcehosting.net>

Add FreeBSD-SA-06:17.sendmail to the VuXML database.

Bump modification date in the last entry and earn my own pointyhat.

Forgotten by/pointyhat:         remko

Fix the latest entry by using the entity for &, this passes make validate.

Reported by:    Michal Kaps <michal at ionic dot co dot uk>
Pointyhat by:   aaron, (tobez implicit)

- Added multiple dokuwiki vulnerabilities

Approved by:    tobez

Add an entry for libxine -- buffer overflow vulnerability.

Document FreeBSD-SA-06:15.ypserv and FreeBSD-SA-06:16.smbfs.
Add the proper freebsdsa tag for older entries and bump
their modification date.

Document two freeradius issues, one newer and one older issue:
freeradius -- multiple vulnerabilities
freeradius -- authentication bypass vulnerability

Mark graphics/fractorama 1.6.7_1 "clean". This port now links against libtiff
from ports.

Approved by:    simon (secteam)

The awstats port has PORTEPOCH bumped, so update the vuxml entry awstats
-- arbitrary command execution vulnerability to reflect that.

Mumble, back out local changes which should not have been committed.

Mark squirrelmail-1.4.6_1 as fixed for squirrelmail -- plugin.php
local file inclusion vulnerability.

Document squirrelmail -- plugin.php local file inclusion vulnerability.

Document dokuwiki -- spellchecker remote PHP code execution.

Document drupal -- multiple vulnerabilities.

- Add last two MySQL vulnerabilities

MySQL -- SQL-injection security vulnerability
MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities

Document frontpage -- cross site scripting vulnerability and point
FORBIDDEN from the frontpage ports at it.

While this is "only" a cross site scripting vulnerability it has some
rather serious implications which can allow an attacker to take over a
web site, so I'm keeping FORBIDDEN.

cscope -- buffer overflow vulnerabilities

coppermine -- Multiple File Extensions Vulnerability
coppermine -- "file" Local File Inclusion Vulnerability
coppermine -- File Inclusion Vulnerabilities

phpmyadmin -- XSRF vulnerabilities

- Normalize the topic of last entry

Requested by:   remko

- Add VuXML entry for vnc 4.1.1

- Add vulnerabilities in last topic.

phpldapadmin -- Cross-Site Scripting and Script Insertion

Modify the entry for p5-DBI insecure temporary files creation to reflect
the fact that version 1.37_1 of p5-DBI-137 is OK now.

Reviewed by:    simon

Add www/fswiki vulnerability.

- Add missing s in latest awstats entry's title.
- Document mysql50-server -- COM_TABLE_DUMP arbitrary code execution.

- Cancel last rsync entry. Does not affect FreeBSD port.

Notified by:    simon, pav
Discussed with: simon

Document awstat -- arbitrary command execution vulnerability.

Fix a incorrect use of cvename in the latest firefox entry, which I
missed when reviewing the entry (and which make validate did not / can
not catch).

phpwebftp -- "language" Local File Inclusion

Document firefox -- denial of service vulnerability

Reviewed by:    simon

trac -- Wiki Macro Script Insertion Vulnerability

rsync -- "xattrs.diff" Patch Integer Overflow Vulnerability

clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability

- Add last jabberd entry:

jabberd -- SASL Negotiation Denial of Service Vulnerability

Also mark linux-seamonkey vulnerable to recent mozilla
vulnerabilities.

Reported by:    Andrew Pantyukhin infofarmer at gmail dotty com

cacti -- ADOdb "server.php" Insecure Test Script Security Issue

amaya -- Attribute Value Buffer Overflow Vulnerabilities

lifetype -- ADOdb "server.php" Insecure Test Script Security Issue

ethereal -- Multiple Protocol Dissector Vulnerabilities

My 100th commit to the vuln.xml file:

- Document Asterisk -- denial of service vulnerability, local system access.

Change paraview checks to be < 2.4.3 now that paraview uses system libtiff.

Document zgv, xzgv -- heap overflow vulnerability.

Document crossfire-server -- denial of service and remote code execution
vulnerability.

Document p5-DBI -- insecure temporary file creation vulnerability.

Document wordpress -- full path disclosure.

Document xine -- multiple remote string vulnerabilities.

Add an entry for cyrus-sasl -- DIGEST-MD5 Pre-Authentication
Denial of Service.

Also mark all other versions of FreeBSD (That were released) as
vulnerable.

Noticed by:     brueffer
Discussed with: brueffer, simon

Add FreeBSD -- FPU information disclosure (SA-06:14) to the
vuxml list.

Add some CERT references to latest Mozilla entry.

plone -- "member_id" Parameter Portrait Manipulation Vulnerability

Fix copy/paste error in last commit and mark linux-mozilla < 1.7.13 as
vulnerable.

Document mozilla/firefox/thunderbirds's latest attempt at Internet
Explorer compatibility.

Note that I omitted marking some really old mozilla versions as
vulnerable this time, since there is already a bunch of entries
covering these versions (which haven't been in ports for a while).

Update entry for sysutils/heartbeat. The insecure temporary file creation
vulnerability is fixed in 1.2.4.

Approved by:    secteam (simon)

mailman -- Private Archive Script Cross-Site Scripting

Document f2c -- insecure temporary files.

It is not very clear to me to see what version is fixed.  The one fixing
this port should import the latest available one which is fixed.

mplayer -- Multiple integer overflows

- Add Secunia references for last phpMyAdmin issue.

Document kaffeine -- buffer overflow vulnerability.