Remove <modified/> from the gnomevfs vulnerability since it was the same
as <entry/> and it needed to be last anyway.

Suggested by:   nectar

Update the gnomevfs entry to reflect the fixed versions.

Add entry for moinmoin ACL bypass.

Note sanitize_path bug in rsync (already referenced in portaudit.txt).

Unsafe URI handling in gnome-vfs, MidnightCommander.

Document buffer overflows in SoX (already referenced in portaudit.txt).

Document cookie bug in Konqueror (already referenced in portaudit.txt).

- Fix "make validate" problem when textproc/xhtml-basic is
  installed by adding an SGML declaration and DTDDECL.
- Remove the --catalogs option for xmllint(1) in validate.sh.

Approved by:    nectar (maintainer)
PR:             ports/63035

Place port name in the description.

Suggested by:   eik

Add libxine vcd URL handling issue.

Add DoS in SpamAssassin.

Add <modified> date for previous commit.

fidogate-ds was also affected by the ``write files as `news' user''
issue.

Off-by-one error in courier-imap entry.

Noticed by:     oliver

Add a more useful reference for the Qt issue.

Add Qt heap overflow issue.

Add a security issue affected courier-imap when run with certain debug
flags.

Add fidogate issue.

Add an issue covering a vulnerability in mysqlhotcopy.

Reported by:    robert@openbsd.org

Cancel a VuXML entry for an Apache vulnerability that does not affect
FreeBSD.

Reminded by:    recent conversations :-)

cancelled 6fd9a1e9-efd3-11d8-9837-000c41e2cdad: does not affect FreeBSD
  <http://docs.FreeBSD.org/cgi/mid.cgi?20040817123651.GB930>

Add a pointer to Przemyslaw Frasunek's advisory.

For the lukemftpd/tnftpd issue, add a reference to NetBSD security
advisory now that it is available.

Note a vulnerability in lukemftpd/tnftpd.

multiple CVS vulnerabilities

Correct the version numbers and dates in the last entry.

Add an entry for:
  Ruby insecure file permissions in the CGI session management

Document a setgid "games" security issue in xonix.  Based on a VuXML
entry that was

Submitted by:   robert@OpenBSD.org

Correct the version number range affected for ja-samba.
Correct the version number range affected for Mozilla 1.8 alphas.

Problem hinted at by:   eik

Correct the version number range affected for Mozilla 1.8 alphas.

Problem hinted at by:   eik

While I'm here, add a CVE name reference and a couple of other relevant
Bugzilla links.  It is interesting that this security issue was reported
as early as 1999.  Also, replace the text plagiarized from the Secunia
advisory without attribution with a more helpful (maybe?) description of
the issue.

Format string vulnerability in jftpgw.

Informed by:    Robert Nagy <robert@openbsd.org>

Repair broken URL.

Noticed by:     simon

Add two issues covering three KDE advisories:  two temporary file
handling issues, and a KHTML issue.

The last commit should have changed the comparison tag from <le> to <lt>.

Update Gaim vulnerability (5b8f9a02-ec93-11d8-b913-000c41e2cdad) to indicate
that gaim-0.81_1 has a fix for this.

The MSN component of Gaim contains remotely exploitable buffer
overflows.

The Adobe Acrobat Reader can be coerced into executing arbitrary
commands on UNIX systems.

Under certain configurations of POPfile may allow an attacker to
retrieve files from the victim's machine.

Reported by:    Daniel Grund <mail@dgrund.de>

Correct version information syntax in a number of entries.  VuXML-using
tools are expected only to understand actual package names and version
numbers, not globs such as `foo-{bar,baz}' or `1.*'.

give the ImageMagick png vulnerability an own entry

f72ccf7c-e607-11d8-9b0a-000347a4fa7d is a duplicate of
6f955451-ba54-11d8-b88c-000d610a3b12, move references

add a reference for linux-png-1.0.x to 3a408f6f-9c52-11d8-9366-0020ed76ef5a

add ImageMagick to the list of png-vulnerable ports

correct typo

Add an entry for Thunderbird to the libpng vulnerability.

move abe47a5a-e23c-11d8-9b0a-000347a4fa7d to vuxml, add mozilla to the list of
vulnerable ports

move f9e3e60b-e650-11d8-9b0a-000347a4fa7d to vuxml, add mozilla to the list of
vulnerable ports

Mozilla / Firefox user interface spoofing vulnerability

Use & instead of naked &.

Add CVE name and correct URL to iDEFENSE advisory for the SSLtelnet issue.

- add some references
- correctly match samba 3.0
- add ja-samba

Fix an XML tag.

Mark the 2.2.x series of Samba as vulnerable.

Recently announced Samba issue.

fix courier-imap version number

PHP memory_limit and strip_tags() vulnerabilities.

ethereal

move e5e2883d-ceb9-11d8-8898-000d6111a684 to vuln.xml

XSS vulnerability affecting other webmail systems

Add missing mandatory <body> element for SSLtelnet issue.

Add an entry for the SSLtelnet format string vulnerability.

Pavuk HTTP Location header overflow

Move phpnuke vulnerabilities to VuXML.

GNATS local privilege elevation (corrected PORTREVISION)

GNATS local privilege elevation

Whitespace cleanup.

Add SA-04:13.linux

move "phpMyAdmin code injection" to vuxml

- Add phpMyAdmin 2.5.7 vulnerability.

  I hope I got XML right.

Use the equal '=' sign as only the current version was affected.

add a reference to ISC DHCP overflows

Add xorg-clients due to xdm socket vuln.

Move MoinMoin entry to VuXML.

reference cleanup

Fix the previous entry; it had an incorrect port range.

Add an entry for recent isc-dhcp3-server buffer overflows.
Remove the one in portaudit.txt.

Move giFT-FastTrack to VuXML.

Fix an older entry which ends with "buffer overflows vuxml".

Fill in a date on my previous entry.

Move the Gallery entry to VuXML.

www/sitecopy uses the included libneon version 0.24.0

I believe that linux-png-1.2.2 still contains the vulnerability.

Add some references that support this opinion.

- Extend png entry to cover it's linux-png variant

Requested by:   eik

Midnight Commander security vulnerabilities

CAN-2004-0226, CAN-2004-0231, CAN-2004-0232

fixed in mc-4.6.0_10.

add a $FreeBSD$ tag

Add CAN-2004-0541 (buffer overflow in Squid NTLM authentication helper)

Fix for CAN-2004-0097

Forgotten by:   sobomax

Correction: FreeBSD-SA-04:12.jailroute does not apply to 4.7 and older.

Whitespace cleanup

Add FreeBSD-SA-04:12.jailroute.

FreeBSD-SA-04:11

Update modified date for mysql bug after fixing typo.

Requested by:   nectar

Add CVE name for one of the leafnode issues.

Edit the topics to distinguish a bit better between the different
leafnode DoS issues.

Document several issues in leafnode.

Submitted by:    Matthias Andree <matthias.andree@gmx.de>

Fix typo.

Spotted by:     eik

Correct a typo (s/Jon/Joe/)

Add subversion and neon date parsing vulnerabilities.

make tidy

Add an entry for the cvs pserver heap overflow.

Add CVE name and CERT Vulnerability Note references for old Cyrus bug.