GNATS local privilege elevation (corrected PORTREVISION)

GNATS local privilege elevation

Whitespace cleanup.

Add SA-04:13.linux

move "phpMyAdmin code injection" to vuxml

- Add phpMyAdmin 2.5.7 vulnerability.

  I hope I got XML right.

Use the equal '=' sign as only the current version was affected.

add a reference to ISC DHCP overflows

Add xorg-clients due to xdm socket vuln.

Move MoinMoin entry to VuXML.

reference cleanup

Fix the previous entry; it had an incorrect port range.

Add an entry for recent isc-dhcp3-server buffer overflows.
Remove the one in portaudit.txt.

Move giFT-FastTrack to VuXML.

Fix an older entry which ends with "buffer overflows vuxml".

Fill in a date on my previous entry.

Move the Gallery entry to VuXML.

www/sitecopy uses the included libneon version 0.24.0

I believe that linux-png-1.2.2 still contains the vulnerability.

Add some references that support this opinion.

- Extend png entry to cover it's linux-png variant

Requested by:   eik

Midnight Commander security vulnerabilities

CAN-2004-0226, CAN-2004-0231, CAN-2004-0232

fixed in mc-4.6.0_10.

add a $FreeBSD$ tag

Add CAN-2004-0541 (buffer overflow in Squid NTLM authentication helper)

Fix for CAN-2004-0097

Forgotten by:   sobomax

Correction: FreeBSD-SA-04:12.jailroute does not apply to 4.7 and older.

Whitespace cleanup

Add FreeBSD-SA-04:12.jailroute.

FreeBSD-SA-04:11

Update modified date for mysql bug after fixing typo.

Requested by:   nectar

Add CVE name for one of the leafnode issues.

Edit the topics to distinguish a bit better between the different
leafnode DoS issues.

Document several issues in leafnode.

Submitted by:    Matthias Andree <matthias.andree@gmx.de>

Fix typo.

Spotted by:     eik

Correct a typo (s/Jon/Joe/)

Add subversion and neon date parsing vulnerabilities.

make tidy

Add an entry for the cvs pserver heap overflow.

Add CVE name and CERT Vulnerability Note references for old Cyrus bug.

make tidy

Forced commit to note that the content of the previous revision was
Reported by:    Ion-Mihai Tetcu <itetcu@apropo.ro>

Add URI handling issue that affects Opera and KDE, at least.

Note that the mysqlbug has been fixed.

Update version number for fspd, now that it has been corrected.

Reported by:    Radim Kolar <hsn@netmag.cz>

&, not |

ProFTPD vulnerability is fixed in
  <http://www.proftpd.org/docs/NEWS-1.2.10rc1>

Submitted by:   Koop Mast <kwm@rainbow-runner.nl>

Add Cyrus IMSPd security release.

Reported by:    eik

Add old Cyrus IMAP server heap buffer overflow.

Reported by:    eik

The security issue of multimedia/xine (insecure temporary file creation in
xine-check, xine-bugreport) has been fixed in 0.9.23_3.

Only one <modified> is allowed per entry.

Correct the discovery date for the proftpd issue.

Oops.  s/2005-05-05/2004-05-05/ :-)

Second-guess Oliver and correct the affected entry for exim
in order to unbreak this file.

exim buffer overflow when verify = header_syntax is used

Add phpBB session table exhaustion issue.

Submitted by:   Xin LI <delphij@frontfree.net>

Add the issues covered in FreeBSD-SA-04:08.heimdal and
FreeBSD-SA-04:09.kadmind.

make tidy

Use PORTVERSION conventions for FreeBSD version numbers, so that
5.2.1-RELEASE-p5 becomes 5.2.1_5 (not 5.2.1p5, as it would have been
previously).

This is necessary because e.g. 5.2p1 > 5.2.1p5 using existing version
comparison tools.

Correct package name for xchat Socks5 vulnerability (xchat -> xchat2).
Note that the issue is fixed in version 2.0.8_2 (thanks marcus!).

Correct the fixed version for lha.

png issue was fixed in png-1.2.5_4

Add a vulnerability in www/pound.

Submitted by:   clement

Add a security-related regression in ftp/proftpd.
Add several security issues in misc/mc.
Add a DoS issue in graphics/png.
Add a security issues in archivers/lha.
Add recent advisories for xine.
Add rsync path traversal issue.

tla is also affected by libneon issue.

PR:             ports/65754
Submitted by:   Frank Ruell <stoerte@dreamwarrior.net>

Additional reference for mysql issue.

Submitted by:   Daniel Harris <dannyboy@FreeBSD.org>

Added CVE name for ident2 issue.
Added the ``new'' TCP DoS issue.
Added phpBB issue. (1)
Added XChat Socks5 issue.

Submitted by:   (1) Frankye - ML <listsucker@ipv5.net>

Add mysqlbug temporary file handling vulnerability.
Add ident2 vulnerability.

make tidy (sorry, I meant to do this in a separate commit)

Additional CVE name for recent CVS vulnerability.

Add kdepim vulnerability

Add neon vulnerability
Correct the version range for openh323

Add CVS vulnerabilities.

Document another racoon DoS vulnerability.
Note that racoon was also affected by the tcpdump ISAKMP vulnerability.

make tidy

Add CVE name for racoon DoS vulnerability.

Correct modified date in previous commit:  format is YYYY-MM-DD and
timezone is UTC.

Midnight Commander vulnerability CAN-2003-1023 was fixed in version 4.6.0_9.

make tidy

Add new affected version of gaim.
Add year 2004 FreeBSD security advisories.

Add two racoon issues, one particularly serious.

Add CVE name for oftpd issue.

Add Midnight Commander buffer overflow.

Oops, tidy.xsl should now produce VuXML 1.1 documents on output.

Add VuXML 1.1 DTD
Update document type declaration to VuXML 1.1

make tidy

Add Heimdal cross-realm validation issue.

Correct usage message for tidy.sh.

Submitted by:   Frankye Fattarelli <frankye@ipv5.net>

Add security issue affecting the Courier mail services.

Add isakmpd denial-of-service vulnerability.

Add apache 2 DoS vulnerability that doesn't affect us.  I keep coming
across the CVE name (CAN-2004-0174) and re-researching it.

Add mplayer and tcpdump issues.

Submitted by:   Frankye Fattarelli <frankye@ipv5.net>
Reported by:    Many

Correct a mispelled CVE name.

make tidy

Add a `make tidy' target that will clean up and sort a VuXML
document.  Requires xsltproc.

Fix dates for SA-04:06.ipv6 and phpbb issues (typos).
Add Bugtraq ID and other references for many entries.
Delete duplicate copula.

Submitted by:   Frankye Fattarelli <frankye@ipv5.net>

Add zebra/quagga denial of service vulnerability.

Submitted by:   sumikawa

Correct advisory name for old bind issue.

Add old ecartis issue.
Add FreeBSD-SA-04:06.ipv6.
Correct advisory name for old pine issue.

Add Emil issue.

Fix a botched version number (the package name was erroneously included).
Add another phpbb vulnerability. [1]
Add oftpd denial-of-services. [2]

Submitted by:   Frankye Fattarelli <frankye@ipv5.net> [1]
Reported by:    Shane Kerr <shane@time-travellers.org> (oftpd author) [2]

Add ethereal vulnerabilities.

PR:     ports/64777

Oops, empty <topic> tag.  Fill in for squid ACL bypass issue.

Add squid ACL bypass.
Add xine temporary file handling issue. [1]

Submitted by:   Frankye Fattarelli <frankye@ipv5.net> [1]

Add ezbounce (old) and phpBB (new)

Add xdeview to existing UUDecode issue
Add racoon SA deletion issue.