Add more references (particularly CVE names) for issues affecting

SpamAssassin, tnftpd, ruby, mysql.

Place text taken from another source inside <blockquote cite="...">
for ruby issue.

1 files changed, 24 insertions, 8 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index e509e4839034..e0d2eea553c3 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -350,12 +350,15 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
       </body>
     </description>
     <references>
+      <cvename>CAN-2004-0796</cvename>
+      <bid>10957</bid>
       <mlist>http://marc.theaimsgroup.com/?l=spamassassin-announce&amp;m=109168121628767</mlist>
       <url>http://search.cpan.org/src/JMASON/Mail-SpamAssassin-2.64/Changes</url>
     </references>
     <dates>
       <discovery>2004-08-04</discovery>
       <entry>2004-08-23</entry>
+      <modified>2004-08-28</modified>
     </dates>
   </vuln>
 
@@ -520,6 +523,8 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
       </body>
     </description>
     <references>
+      <cvename>CAN-2004-0794</cvename>
+      <bid>10967</bid>
       <url>http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/ftpd/ftpd.c#rev1.158</url>
       <url>ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc</url>
       <mlist msgid="412239E7.1070807@freebsd.lublin.pl">http://lists.netsys.com/pipermail/full-disclosure/2004-August/025418.html</mlist>
@@ -527,6 +532,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     <dates>
       <discovery>2004-08-17</discovery>
       <entry>2004-08-17</entry>
+      <modified>2004-08-28</modified>
     </dates>
   </vuln>
 
@@ -4598,6 +4604,10 @@ misc.c:
       </body>
     </description>
     <references>
+      <cvename>CAN-2004-0627</cvename>
+      <cvename>CAN-2004-0628</cvename>
+      <certvu>184030</certvu>
+      <certvu>645326</certvu>
       <url>http://www.nextgenss.com/advisories/mysql-authbypass.txt</url>
       <url>http://dev.mysql.com/doc/mysql/en/News-4.1.3.html</url>
       <url>http://secunia.com/advisories/12020</url>
@@ -4608,7 +4618,7 @@ misc.c:
     <dates>
       <discovery>2004-07-01</discovery>
       <entry>2004-07-05</entry>
-      <modified>2004-08-12</modified>
+      <modified>2004-08-28</modified>
     </dates>
   </vuln>
 
@@ -4976,22 +4986,28 @@ misc.c:
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Andres Salomon noticed a problem in the CGI session
-          management of Ruby, an object-oriented scripting language.
-          CGI::Session's FileStore (and presumably PStore)
-          implementations store session information insecurely.
-          They simply create files, ignoring permission issues.
-          This can lead an attacker who has also shell access to the
-          webserver to take over a session.</p>
+	<p>According to a Debian Security Advisory:</p>
+	<blockquote cite="http://www.debian.org/security/2004/dsa-537">
+          <p>Andres Salomon noticed a problem in the CGI session
+            management of Ruby, an object-oriented scripting language.
+            CGI::Session's FileStore (and presumably PStore [...])
+            implementations store session information insecurely.
+            They simply create files, ignoring permission issues.
+            This can lead an attacker who has also shell access to the
+            webserver to take over a session.</p>
+	</blockquote>
       </body>
     </description>
     <references>
+      <cvename>CAN-2004-0755</cvename>
+      <url>http://xforce.iss.net/xforce/xfdb/16996</url>
       <url>http://www.debian.org/security/2004/dsa-537</url>
       <mlist>http://marc.theaimsgroup.com/?l=bugtraq&amp;m=109267579822250&amp;w=2</mlist>
     </references>
     <dates>
       <discovery>2004-08-16</discovery>
       <entry>2004-08-16</entry>
+      <modified>2004-08-28</modified>
     </dates>
   </vuln>