Add a CERT VU reference for the latest Acrobat Reader vulnerability.

Add old package names (acroread4, acroread5) for an older Acrobat Reader
vulnerability.

Approved by:    portmgr (implicit, VuXML)

Document buffer overflow vulnerabilities in pcal.

Approved by:    portmgr (implicit, VuXML)

Add (now deleted) exim-ldap package to latest exim entry.

Approved by:    portmgr (implicit, VuXML)

s/le/lt/ on my last commit. it's "<", not "<=".

Approved by:    portmgr (implicitly)

exim -- two relatively minor security issues

Approved by:    portmgr (implicitly, VuXML)

For the "kdelibs3 -- konqueror FTP command injection vulnerability"
entry: replace references to Debian and KDE bugtracking systems with a
KDE advisory which basically contains the same information but is more
readable.

Approved by:    portmgr (implicit, VuXML)

Document security issues in golddig, greed, mpg123.

Submitted by:   niels
Approved by:    portmgr(implicit, VuXML)

Mark open-motif-2.2.3_1 as fixed with regard to the "xpm -- image
decoding vulnerabilities" entry.

PR:             misc/75726
Submitted by:   Hilko Meyer <hilko.meyer@gmx.de>
Approved by:    portmgr (implicit, VuXML)

- Note that the port update to up-imapproxy 1.2.2 included a patch to
  fix the security vulnerability.
- Mark pop3proxy as vulnerable to the up-imapproxy vulnerability,
  since pop3proxy is derived from up-imapproxy.

Reported by:    mbr
Approved by:    portmgr (implicit, VuXML)

Document vulnerabilities in up-imapproxy.

Approved by:    portmgr (implicit, VuXML)

Add two bugtraq ids to the latest a2ps entry.

Approved by:    portmgr (implicit, VuXML)

Document FTP command injection vulnerability in kdelibs3.

Approved by:    portmgr (implicit, VuXML)

Improve topic for latest phpbb vulnerability to highlight the main
problem (arbitrary command execution).

Prodded by:     remko

Document insecure temporary file creation in a2ps.

Add more references to two older entries.

Add m odified date to my last commit.

Spotted by:     simon

libxine is also affected by the mplayer vulnerabilities.

Add cvenames.

Document vulnerability in libxine.

Document vulnerability in jabberd1

s/kpdf/kdegraphics

Add ports to xpdf report that come with own xpdf in distfile.

For kdegraphics:
Reported by:    lofi

Remove duplicate word in the latest squid entry.

Noticed by:     josef

Document potentially confusing results results on empty ACL
declarations in squid.

PR:             ports/75403 (part of)
Submitted by:   Thomas-Martin Seck <tmseck@netcologne.de>

Document multiple vulnerabilities in ethereal.

Document a buffer overflow vulnerability in xpdf.

Document phpBB vulnerability that exists on phpBB < 2.0.11

Submitted by:   Kang LIU <liukang bjut edu cn>

Document a vulnerability in acroread.

Document a vulnerability in ecartis.

Document multiple vulnerabilities in mplayer.

Document a heap buffer overflow vulnerability in MIT Kerberos 5.

Document an integer overflow vulnerability in samba.

Corrected typo (blockquote in wrong place).
Approved by:    nectar (implicit)

- Update the corrected version number for recent phpMyAdmin entry to match
  the actual ports version number for phpMyAdmin 2.6.1-rc1.
- Bump modification date for the updated entries.

Updates for the latest PHP entry:
- Correctly match the www/mod_php4 port (it was missing PORTEPOCH).
- Add a few more references.
- Bump modified date.

Correct recent php entry, 4.3.10 and 5.0.3 are fixed.

Fix VID for the last commit.

Multiple vulnerabilities in PHP. From Secunia report.

Added 5 MySQL vulnerabilities
Approved by: nectar (mentor)

Document two vulnerabilities in phpMyAdmin.

Document multiple vulnerabilities in wget.

- Add bugtraqid references to several entries.
- Fix typo in msgid for a samba entry.
- Bump modification date for updated entries.

Document security issue in Konqueror.

Document a NULL pointer dereference vulnerability in mod_access_referer.

Submitted by:   Niels Heinen <niels.heinen@ubizen.com>

Integrate the following vendor patches as published on
http://www.squid-cache.org/Versions/v2/2.5/bugs/:

- a malformed hostname can cause squid to return random data as error messages,
  possibly leaking internal information from former requests (squid bug #1143).
  (This is classified as a minor security issue by the squid developers, so
  maintainer cc'ed security-team@. See VuXML entry.)
- the "httpd_accel_port 0" directive does not work on its own (squid bug #1121)
- fix crashes occuring when using cachemgr's "vm_objects" operation (squid
  bug #1149)

PR:             ports/74859
Submitted by:   maintainer

Document information leakage in viewcvs.

Document a symlink attack vulnerability in cscope.

. Put the topic in the same format all other recent topics have been in for
  the Java plugin vulnerability.
. Note that the diablo-jdk and diablo-jre packages are vulnerable to the
  plugin issue. [1]

Prodded by:     simon [1]

Add cvename to bnc vulnerability.

Document a remote code execution vulnerability in bnc.

Fix grammar nit in ImageMagick entry.

Submitted by:   Daniel Seuffert <DS@praxisvermittlung24.de>

For the Java plugin vulnerability, also match the linux-jdk package
(old name for linux-jdk-sun).

. Note that although linux-sun-jdk13 had one plugin vulnerability fixed
  in 1.3.1.13, it contained another problem.  This is fixed in 1.3.1.14.

Document vulnerability that allows arbitrary command execution in rssh
and scponly.

Approved & reviewed by:    josef (security team)

Document buffer overflows in rockdodger.

Add CVE to zip vulnerability.

Document a long path buffer overflow in zip.

Document signal delivery vulnerability in sudoscript.

Document vulnerability in net/jabberd.

Document vulnerability in net/opendchub.

Based on submission by: Niels Heinen <niels.heinen@ubizen.com>

Add Bugtraq ID for SA-04:16.fetch entry.

Document two vulnerabilities in unarj.

. Mark linux-ibm-jdk as also vulnerable to the Java plugin vulnerability.

. Fix the range and add an additional range for the jdk vulnerability.
. Note that linux-sun-jdk and linux-blackdown-jdk are also vulnerable.

. Fix whitespace.

. Add an entry for the problem in the Java plugin.

Update ruby CGI DoS entry to note that the most recent version in
ports is fixed.  Also remove ruby-static as vulnerable, since it does
not contain cgi.rb.

Document vulnerability in ftp/prozilla.

Submitted by:   Niels Heinen <niels.heinen@ubizen.com>

correct fixed version

Pointed out by: josef

c0a269d5-3d16-11d9-8818-008088034841 and
114d70f3-3d16-11d9-8818-008088034841 are fixed in cyrus-imapd 2.1.17.

Document that the twiki vulnerability is fixed in twiki-20040902.

add Cyrus IMAP Server multiple remote vulnerabilities.

Obtained from:  http://security.e-matters.de/advisories/152004.html

Add CVE reference for the SA-04:16.fetch entry.

Document vulnerability in phpmyadmin.

Add localized versions of gd port to the VuXML entry.

Document SA-04:16.fetch.

Document the buffer overrun vulnerability in samba3
CAN-2004-882

Correct range for xpdf vulnerability, as cups-base got a fixing
update.

The last commit to japanese/samba also fixed the security issue
in samba (CAN-2004-0815)

As discussed with:      NAKAJI Hiroyuki <nakaji@jp.freebsd.org> (maintainer)

Add CVE name to twiki entry.

Noticed by:     josef

Add teTeX-base to affected packages in xpdf's vuxml entry.

Document arbitrary shell command execution in twiki.

Document a format string vulnerability in proxytunnel.

Fix entry date for the ruby entry from the last commit.

- Document at DoS in the Ruby CGI module.
- Document a privilege escalation in sudo.

Add CVE name for gnats issue.

Note (likely) remotely exploitable vulnerability in samba 3.

Submitted by:   Shane Kinney <mod6@freebsdhackers.net>

Document vulnerability in GNATS.

Document a XSS in squirrelmail.

Fix entry date.

Document BNC vulnerability.

Note old hafiye bug.

Submitted by:   Shane Kinney <mod6@freebsdhackers.net>

Fix a format string vulnerability in ez-ipupdate.

Approved by:    se@
Obtained from:  Ulf Harnhammar <Ulf.Harnhammar.9485@student.uu.se>

Document a buffer overflow in ImageMagick's EXIF parser.

Correct recent Apache 2 entry to not match Apache 1.X.

Noticed by:     Dan Langille <dan@langille.org>

Document vulnerability in Apache 2 (CAN-2004-0942).

Update the libxml vulnerability to indicate the fixed version.

Document a format string vulnerability in socat.

Document remote buffers overflow in libxml and libxml2.

The bugs discovered by Chris Evans have been fixed
in linux-gdk-pixbuf.

Reported by:    thierry

Fix pkgnames for mod_include vulnerability.
Thanks to Dan Langille for helping me to track these down.