- Clean up whitespace a bit

- Wrap long lines where appropriate
- Add a vim-friendly modeline

1 files changed, 1798 insertions, 1768 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index f97fb6ca43b9..d2b16b322a2c 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -42,7 +42,7 @@ Note:  Please add new entries to the beginning of this file.
 	<range><lt>2.0.9</lt></range>
       </package>
       <package>
-        <name>gnupg1</name>
+	<name>gnupg1</name>
 	<range><lt>1.4.9</lt></range>
       </package>
     </affects>
@@ -53,10 +53,10 @@ Note:  Please add new entries to the beginning of this file.
 	  <p>A vulnerability has been reported in GnuPG, which can potentially
 	    be exploited to compromise a vulnerable system.</p>
 	  <p>The vulnerability is caused due to an error when importing keys
-	    with duplicated IDs. This can be exploited to cause a memory corruption
-	    when importing keys via --refresh-keys or --import.</p>
-	  <p>Successful exploitation potentially allows execution of arbitrary code,
-	    but has not been proven yet.</p>
+	    with duplicated IDs. This can be exploited to cause a memory
+	    corruption when importing keys via --refresh-keys or --import.</p>
+	  <p>Successful exploitation potentially allows execution of arbitrary
+	    code, but has not been proven yet.</p>
 	</blockquote>
       </body>
     </description>
@@ -115,13 +115,14 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Secunia reports:</p>
 	<blockquote cite="http://secunia.com/advisories/28794">
-	  <p>A vulnerability has been reported in Mailman, which can be exploited
-	    by malicious users to conduct script insertion attacks.</p>
-	  <p>Certain input when editing the list templates and the list info attribute
-	    is not properly sanitised before being stored. This can be exploited to
-	    insert arbitrary HTML and script code, which is executed in a user's
-	    browser session in context of an affected site when the malicious website
-	    is accessed.</p>
+	  <p>A vulnerability has been reported in Mailman, which can be
+	    exploited by malicious users to conduct script insertion
+	    attacks.</p>
+	  <p>Certain input when editing the list templates and the list info
+	    attribute is not properly sanitised before being stored. This can be
+	    exploited to insert arbitrary HTML and script code, which is
+	    executed in a user's browser session in context of an affected site
+	    when the malicious website is accessed.</p>
 	</blockquote>
       </body>
     </description>
@@ -150,10 +151,10 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Secunia reports:</p>
 	<blockquote cite="http://secunia.com/advisories/29803/">
-	  <p>The vulnerability is caused due to an error when attaching to a TTY via
-	    the -T command line switch. This can be exploited to execute arbitrary
-	    commands with the privileges of the user running mksh via characters
-	    previously written to the attached virtual console.</p>
+	  <p>The vulnerability is caused due to an error when attaching to a TTY
+	    via the -T command line switch. This can be exploited to execute
+	    arbitrary commands with the privileges of the user running mksh via
+	    characters previously written to the attached virtual console.</p>
 	</blockquote>
       </body>
     </description>
@@ -176,7 +177,7 @@ Note:  Please add new entries to the beginning of this file.
 	<range><lt>1.3.1</lt></range>
       </package>
       <package>
-        <name>serendipity-devel</name>
+	<name>serendipity-devel</name>
 	<range><lt>200804242342</lt></range>
       </package>
     </affects>
@@ -184,11 +185,13 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Hanno Boeck reports:</p>
 	<blockquote cite="http://int21.de/cve/CVE-2008-1386-s9y.html">
-	  <p>The installer of serendipity 1.3 has various Cross Site Scripting issues.
-	    This is considered low priority, as attack scenarios are very unlikely.</p>
-	  <p>Various path fields are not escaped properly, thus filling them with
-	    javascript code will lead to XSS. MySQL error messages are not escaped,
-	    thus the database host field can also be filled with javascript.</p>
+	  <p>The installer of serendipity 1.3 has various Cross Site Scripting
+	    issues.  This is considered low priority, as attack scenarios are
+	    very unlikely.</p>
+	  <p>Various path fields are not escaped properly, thus filling them
+	    with javascript code will lead to XSS. MySQL error messages are not
+	    escaped, thus the database host field can also be filled with
+	    javascript.</p>
 	</blockquote>
 	<blockquote cite="http://int21.de/cve/CVE-2008-1385-s9y.html">
 	  <p>In the referrer plugin of the blog application serendipity,
@@ -219,7 +222,7 @@ Note:  Please add new entries to the beginning of this file.
 	<range><lt>2.0.0.14,1</lt></range>
       </package>
       <package>
-        <name>linux-firefox</name>
+	<name>linux-firefox</name>
 	<range><lt>2.0.0.14</lt></range>
       </package>
       <package>
@@ -287,13 +290,14 @@ Note:  Please add new entries to the beginning of this file.
 	    exploited by malicious people to cause a Denial of Service, disclose
 	    potentially sensitive information, or potentially compromise an
 	    application using the library.</p>
-	  <p>The vulnerability is caused due to the improper handling of PNG chunks
-	    unknown to the library. This can be exploited to trigger the use of
-	    uninitialized memory in e.g. a free() call via unknown PNG chunks having
-	    a length of zero.</p>
-	  <p>Successful exploitation may allow execution of arbitrary code, but requires
-	    that the application calls the png_set_read_user_chunk_fn() function or the
-	    png_set_keep_unknown_chunks() function under specific conditions.</p>
+	  <p>The vulnerability is caused due to the improper handling of PNG
+	    chunks unknown to the library. This can be exploited to trigger the
+	    use of uninitialized memory in e.g. a free() call via unknown PNG
+	    chunks having a length of zero.</p>
+	  <p>Successful exploitation may allow execution of arbitrary code, but
+	    requires that the application calls the png_set_read_user_chunk_fn()
+	    function or the png_set_keep_unknown_chunks() function under
+	    specific conditions.</p>
 	</blockquote>
       </body>
     </description>
@@ -321,8 +325,8 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Secunia reports:</p>
 	<blockquote cite="http://secunia.com/advisories/29751">
-	  <p>A vulnerability has been reported in Openfire, which can be exploited
-	    by malicious people to cause a Denial of Service.</p>
+	  <p>A vulnerability has been reported in Openfire, which can be
+	    exploited by malicious people to cause a Denial of Service.</p>
 	  <p>The vulnerability is caused due to an unspecified error and can be
 	    exploited to cause a Denial of Service.</p>
 	</blockquote>
@@ -354,10 +358,10 @@ Note:  Please add new entries to the beginning of this file.
 	<blockquote cite="http://www.securityfocus.com/bid/28392/discuss">
 	  <p>Integer overflow in PHP 5.2.5 and earlier allows context-dependent
 	    attackers to cause a denial of service and possibly have unspecified
-	    other impact via a printf format parameter with a large width specifier,
-	    related to the php_sprintf_appendstring function in formatted_print.c and
-	    probably other functions for formatted strings (aka *printf functions).
-	    </p>
+	    other impact via a printf format parameter with a large width
+	    specifier, related to the php_sprintf_appendstring function in
+	    formatted_print.c and probably other functions for formatted strings
+	    (aka *printf functions).</p>
 	</blockquote>
       </body>
     </description>
@@ -376,15 +380,15 @@ Note:  Please add new entries to the beginning of this file.
     <topic>python -- Integer Signedness Error in zlib Module</topic>
     <affects>
       <package>
-        <name>python23</name>
+	<name>python23</name>
 	<range><lt>2.3.6_1</lt></range>
       </package>
       <package>
-        <name>python24</name>
+	<name>python24</name>
 	<range><lt>2.4.5_1</lt></range>
       </package>
       <package>
-        <name>python25</name>
+	<name>python25</name>
 	<range><lt>2.5.2_2</lt></range>
       </package>
     </affects>
@@ -392,10 +396,10 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Justin Ferguson reports:</p>
 	<blockquote cite="http://bugs.python.org/issue2586">
-	  <p>Integer signedness error in the zlib extension module in Python 2.5.2
-	    and earlier allows remote attackers to execute arbitrary code via a
-	    negative signed integer, which triggers insufficient memory allocation
-	    and a buffer overflow.</p>
+	  <p>Integer signedness error in the zlib extension module in Python
+	    2.5.2 and earlier allows remote attackers to execute arbitrary code
+	    via a negative signed integer, which triggers insufficient memory
+	    allocation and a buffer overflow.</p>
 	</blockquote>
       </body>
     </description>
@@ -429,28 +433,30 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The PostgreSQL developers report:</p>
 	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6600">
-	  <p>PostgreSQL allows users to create indexes on the results of user-defined
-	    functions, known as "expression indexes". This provided two vulnerabilities
-	    to privilege escalation: (1) index functions were executed as the superuser
-	    and not the table owner during VACUUM and ANALYZE, and (2) that SET ROLE
-	    and SET SESSION AUTHORIZATION were permitted within index functions. Both
-	    of these holes have now been closed.</p>
+	  <p>PostgreSQL allows users to create indexes on the results of
+	    user-defined functions, known as "expression indexes". This provided
+	    two vulnerabilities to privilege escalation: (1) index functions
+	    were executed as the superuser and not the table owner during VACUUM
+	    and ANALYZE, and (2) that SET ROLE and SET SESSION AUTHORIZATION
+	    were permitted within index functions. Both of these holes have now
+	    been closed.</p>
 	</blockquote>
 	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4772">
-	  <p>PostgreSQL allowed malicious users to initiate a denial-of-service by
-	    passing certain regular expressions in SQL queries. First, users could
-	    create infinite loops using some specific regular expressions. Second,
-	    certain complex regular expressions could consume excessive amounts of
-	    memory. Third, out-of-range backref numbers could be used to crash the
-	    backend.</p>
+	  <p>PostgreSQL allowed malicious users to initiate a denial-of-service
+	    by passing certain regular expressions in SQL queries. First, users
+	    could create infinite loops using some specific regular expressions.
+	    Second, certain complex regular expressions could consume excessive
+	    amounts of memory. Third, out-of-range backref numbers could be used
+	    to crash the backend.</p>
 	</blockquote>
 	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=">
-	  <p>DBLink functions combined with local trust or ident authentication could
-	    be used by a malicious user to gain superuser privileges. This issue has
-	    been fixed, and does not affect users who have not installed DBLink (an
-	    optional module), or who are using password authentication for local
-	    access. This same problem was addressed in the previous release cycle,
-	    but that patch failed to close all forms of the loophole.</p>
+	  <p>DBLink functions combined with local trust or ident authentication
+	    could be used by a malicious user to gain superuser privileges. This
+	    issue has been fixed, and does not affect users who have not
+	    installed DBLink (an optional module), or who are using password
+	    authentication for local access. This same problem was addressed in
+	    the previous release cycle, but that patch failed to close all forms
+	    of the loophole.</p>
 	</blockquote>
       </body>
     </description>
@@ -481,11 +487,12 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>A phpMyAdmin security announcement report:</p>
 	<blockquote cite="http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3">
-	  <p>It is possible to read the contents of any file that the web server's
-	    user can access. The exact mechanism to achieve this won't be disclosed.
-	    If a user can upload on the same host where phpMyAdmin is running a PHP
-	    script that can read files with the rights of the web server's user, the
-	    current advisory does not describe an additional threat.</p>
+	  <p>It is possible to read the contents of any file that the web
+	    server's user can access. The exact mechanism to achieve this won't
+	    be disclosed.  If a user can upload on the same host where
+	    phpMyAdmin is running a PHP script that can read files with the
+	    rights of the web server's user, the current advisory does not
+	    describe an additional threat.</p>
 	</blockquote>
       </body>
     </description>
@@ -615,7 +622,8 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Secunia reports:</p>
 	<blockquote cite="http://secunia.com/advisories/29649">
 	  <p>A vulnerability has been reported in lighttpd, which can be
-	    exploited by malicious people to cause a DoS (Denial of Service).</p>
+	    exploited by malicious people to cause a DoS (Denial of
+	    Service).</p>
 	  <p>The vulnerability is caused due to lighttpd not properly clearing
 	    the OpenSSL error queue. This can be exploited to close concurrent
 	    SSL connections of lighttpd by terminating one SSL connection.</p>
@@ -821,15 +829,15 @@ Note:  Please add new entries to the beginning of this file.
 	  <ul>
 	    <li><a href="/security/announce/2008/mfsa2008-19.html">MFSA 2008-19</a>
 	      XUL popup spoofing variant (cross-tab popups)</li>
- 	    <li><a href="/security/announce/2008/mfsa2008-18.html">MFSA 2008-18</a>
+	    <li><a href="/security/announce/2008/mfsa2008-18.html">MFSA 2008-18</a>
 	      Java socket connection to any local port via LiveConnect</li>
- 	    <li><a href="/security/announce/2008/mfsa2008-17.html">MFSA 2008-17</a>
+	    <li><a href="/security/announce/2008/mfsa2008-17.html">MFSA 2008-17</a>
 	      Privacy issue with SSL Client Authentication</li>
- 	    <li><a href="/security/announce/2008/mfsa2008-16.html">MFSA 2008-16</a>
+	    <li><a href="/security/announce/2008/mfsa2008-16.html">MFSA 2008-16</a>
 	      HTTP Referrer spoofing with malformed URLs</li>
- 	    <li><a href="/security/announce/2008/mfsa2008-15.html">MFSA 2008-15</a>
+	    <li><a href="/security/announce/2008/mfsa2008-15.html">MFSA 2008-15</a>
 	      Crashes with evidence of memory corruption (rv:1.8.1.13)</li>
- 	    <li><a href="/security/announce/2008/mfsa2008-14.html">MFSA 2008-14</a>
+	    <li><a href="/security/announce/2008/mfsa2008-14.html">MFSA 2008-14</a>
 	      JavaScript privilege escalation and arbitrary code execution</li>
 	  </ul>
 	</blockquote>
@@ -872,7 +880,7 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Core Security Technologies reports:</p>
 	<blockquote cite="http://www.coresecurity.com/?action=item&amp;id=2206">
 	  <p>A remote buffer overflow vulnerability found in a library
-	    used by both the SILC server and client to process 
+	    used by both the SILC server and client to process
 	    packets containing cryptographic material may allow an
 	    un-authenticated client to executearbitrary code on the
 	    server with the privileges of the user account running the
@@ -1544,7 +1552,7 @@ Note:  Please add new entries to the beginning of this file.
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Greg Wilkins reports:</p>
+	<p>Greg Wilkins reports:</p>
 	<blockquote cite="http://jira.codehaus.org/browse/JETTY-386#action_117699">
 	  <p>jetty allows remote attackers to bypass protection mechanisms and
 	    read the source of files via multiple '/' characters in the URI.</p>
@@ -1609,21 +1617,21 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Matthieu Herrb of X.Org reports:</p>
 	<blockquote cite="http://lists.freedesktop.org/archives/xorg/2008-January/031918.html">
 	  <p>Several vulnerabilities have been identified in server code
-            of the X window system caused by lack of proper input validation
-            on user controlled data in various parts of the software,
-            causing various kinds of overflows.</p>
-          <p>Exploiting these overflows will crash the X server or,
-            under certain circumstances allow the execution of arbitray
-            machine code.</p>
-          <p>When the X server is running with root privileges (which is the
-            case for the Xorg server and for most kdrive based servers),
-            these vulnerabilities can thus also be used to raise
-            privileges.</p>
-          <p>All these vulnerabilities, to be exploited succesfully, require
-            either an already established connection to a running X server
-            (and normally running X servers are only accepting authenticated
-            connections), or a shell access with a valid user on the machine
-            where the vulnerable server is installed.</p>
+	    of the X window system caused by lack of proper input validation
+	    on user controlled data in various parts of the software,
+	    causing various kinds of overflows.</p>
+	  <p>Exploiting these overflows will crash the X server or,
+	    under certain circumstances allow the execution of arbitray
+	    machine code.</p>
+	  <p>When the X server is running with root privileges (which is the
+	    case for the Xorg server and for most kdrive based servers),
+	    these vulnerabilities can thus also be used to raise
+	    privileges.</p>
+	  <p>All these vulnerabilities, to be exploited succesfully, require
+	    either an already established connection to a running X server
+	    (and normally running X servers are only accepting authenticated
+	    connections), or a shell access with a valid user on the machine
+	    where the vulnerable server is installed.</p>
 	</blockquote>
       </body>
     </description>
@@ -1689,9 +1697,9 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Nico Golde reports:</p>
 	<blockquote cite="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454089">
-	  <p>A local attacker could exploit this vulnerability to conduct symlink
-	    attacks to overwrite files with the privileges of the user running
-	    Claws Mail.</p>
+	  <p>A local attacker could exploit this vulnerability to conduct
+	    symlink attacks to overwrite files with the privileges of the user
+	    running Claws Mail.</p>
 	</blockquote>
       </body>
     </description>
@@ -1930,13 +1938,13 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Secunia reports:</p>
 	<blockquote cite="http://secunia.com/advisories/28329">
-	  <p>A vulnerability has been reported in MaraDNS, which can be exploited
-	    by malicious people to cause a Denial of Service.</p>
+	  <p>A vulnerability has been reported in MaraDNS, which can be
+	    exploited by malicious people to cause a Denial of Service.</p>
 	  <p>The vulnerability is caused due to an error within the handling of
-	    certain DNS packets. This can be exploited to cause a resource rotation
-	    by sending specially crafted DNS packets, which cause an authoritative
-	    CNAME record to not resolve, resulting in a Denial of Sevices.
-	  </p>
+	    certain DNS packets. This can be exploited to cause a resource
+	    rotation by sending specially crafted DNS packets, which cause an
+	    authoritative CNAME record to not resolve, resulting in a Denial of
+	    Sevices.</p>
 	</blockquote>
       </body>
     </description>
@@ -2075,14 +2083,14 @@ Note:  Please add new entries to the beginning of this file.
     <topic>gallery2 -- multiple vulnerabilities</topic>
     <affects>
       <package>
-        <name>gallery2</name>
-        <range><lt>2.2.4</lt></range>
+	<name>gallery2</name>
+	<range><lt>2.2.4</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>The Gallery team reports:</p>
-        <blockquote cite="http://gallery.menalto.com/gallery_2.2.4_released">
+	<p>The Gallery team reports:</p>
+	<blockquote cite="http://gallery.menalto.com/gallery_2.2.4_released">
 	  <p>Gallery 2.2.4 addresses the following security
 	    vulnerabilities:</p>
 	  <ul>
@@ -2119,7 +2127,7 @@ Note:  Please add new entries to the beginning of this file.
 	      modules.</li>
 	    <li>WebCam module - Fixed proxied request weakness.</li>
 	  </ul>
-        </blockquote>
+	</blockquote>
       </body>
     </description>
     <references>
@@ -2482,8 +2490,8 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Secunia reports:</p>
 	<blockquote cite="http://secunia.com/advisories/27014/">
 	  <p>Format string vulnerability in the SMBDirList function in dirlist.c
-	    in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via
-	    format string specifiers in a directory name.</p>
+	    in SmbFTPD 0.96 allows remote attackers to execute arbitrary code
+	    via format string specifiers in a directory name.</p>
 	</blockquote>
       </body>
     </description>
@@ -2813,7 +2821,7 @@ Note:  Please add new entries to the beginning of this file.
     <topic>samba -- multiple vulnerabilities</topic>
     <affects>
       <package>
-        <name>samba</name>
+	<name>samba</name>
 	<name>samba3</name>
 	<name>ja-samba</name>
 	<range><lt>3.0.26a_2,1</lt></range>
@@ -2834,7 +2842,7 @@ Note:  Please add new entries to the beginning of this file.
 	  of GETDC logon server requests.  This code is only used
 	  when the Samba server is configured as a Primary or Backup
 	  Domain Controller.</p>
-	</blockquote>  
+	</blockquote>
       </body>
     </description>
     <references>
@@ -2869,18 +2877,18 @@ Note:  Please add new entries to the beginning of this file.
 	      Gaffie.</li>
 	    <li>Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
 	      Reported by Laurent Gaffie.</li>
-	    <li>Fixed htmlentities/htmlspecialchars not to accept partial multibyte
-	      sequences. Reported by Rasmus Lerdorf</li>
+	    <li>Fixed htmlentities/htmlspecialchars not to accept partial
+	      multibyte sequences. Reported by Rasmus Lerdorf</li>
 	    <li>Fixed possible triggering of buffer overflows inside glibc
-	      implementations of the fnmatch(), setlocale() and glob() functions.
-	      Reported by Laurent Gaffie.</li>
+	      implementations of the fnmatch(), setlocale() and glob()
+	      functions.  Reported by Laurent Gaffie.</li>
 	    <li>Fixed "mail.force_extra_parameters" php.ini directive not to be
 	      modifiable in .htaccess due to the security implications. Reported
 	      by SecurityReason.</li>
-	    <li>Fixed bug #42869 (automatic session id insertion adds sessions id
-	      to non-local forms).</li>
-	    <li>Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be
-	      overwritten with ini_set()).</li>
+	    <li>Fixed bug #42869 (automatic session id insertion adds sessions
+	      id to non-local forms).</li>
+	    <li>Fixed bug #41561 (Values set with php_admin_* in httpd.conf can
+	      be overwritten with ini_set()).</li>
 	  </ul>
 	</blockquote>
       </body>
@@ -2971,10 +2979,10 @@ Note:  Please add new entries to the beginning of this file.
 	    in libFLAC, as included with various vendor's software
 	    distributions, allows attackers to execute arbitrary code
 	    in the context of the currently logged in user.</p>
-	  <p>These vulnerabilities specifically exist in the handling
-	    of malformed FLAC media files. In each case, an integer overflow
-	    can occur while calculating the amount of memory to allocate. As
-	    such, insufficient memory is allocated for the data that is subsequently
+	  <p>These vulnerabilities specifically exist in the handling of
+	    malformed FLAC media files. In each case, an integer overflow can
+	    occur while calculating the amount of memory to allocate. As such,
+	    insufficient memory is allocated for the data that is subsequently
 	    read in from the file, and a heap based buffer overflow occurs.</p>
 	</blockquote>
       </body>
@@ -2994,7 +3002,7 @@ Note:  Please add new entries to the beginning of this file.
     <topic>xpdf -- multiple remote Stream.CC vulnerabilities</topic>
     <affects>
       <package>
-        <name>cups-base</name>
+	<name>cups-base</name>
 	<range><lt>1.3.3_2</lt></range>
       </package>
       <package>
@@ -3002,7 +3010,7 @@ Note:  Please add new entries to the beginning of this file.
 	<range><gt>0</gt></range>
       </package>
       <package>
-        <name>kdegraphics</name>
+	<name>kdegraphics</name>
 	<range><lt>3.5.8_1</lt></range>
       </package>
       <package>
@@ -3010,7 +3018,7 @@ Note:  Please add new entries to the beginning of this file.
 	<range><lt>1.6.3_3,2</lt></range>
       </package>
       <package>
-        <name>poppler</name>
+	<name>poppler</name>
 	<range><lt>0.6</lt></range>
       </package>
       <package>
@@ -3097,11 +3105,11 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The DigiTrust Group reports:</p>
 	<blockquote cite="http://www.digitrustgroup.com/advisories/tdg-advisory071108a.html">
-	  <p>When creating a new database, a malicious user can use a client-side
-	    Web proxy to place malicious code in the db parameter of the POST
-	    request. Since db_create.php does not properly sanitize user-supplied
-	    input, an administrator could face a persistent XSS attack when the database
-	    names are displayed.</p>
+	  <p>When creating a new database, a malicious user can use a
+	    client-side Web proxy to place malicious code in the db parameter of
+	    the POST request. Since db_create.php does not properly sanitize
+	    user-supplied input, an administrator could face a persistent XSS
+	    attack when the database names are displayed.</p>
 	</blockquote>
       </body>
     </description>
@@ -3131,9 +3139,10 @@ Note:  Please add new entries to the beginning of this file.
 	  <ul>
 	    <li>Unauthorized renaming of items possible with WebDAV (reported
 	      by Merrick Manalastas)</li>
-	    <li>Unauthorized modification and retrieval of item properties possible
-	      with WebDAV</li>
-	    <li>Unauthorized locking and replacing of items possible with WebDAV</li>
+	    <li>Unauthorized modification and retrieval of item properties
+	      possible with WebDAV</li>
+	    <li>Unauthorized locking and replacing of items possible with
+	      WebDAV</li>
 	    <li>Unauthorized editing of data file possible via linked items with
 	      Reupload and WebDAV (reported by Nicklous Roberts)</li>
 	  </ul>
@@ -3167,23 +3176,23 @@ Note:  Please add new entries to the beginning of this file.
 	    scripting and script insertion attacks and disclose potentially
 	    sensitive information.</p>
 	  <p>Input passed to the username parameter in tiki-remind_password.php
-	    (when remind is set to send me my password) is not properly sanitised
-	    before being returned to the user. This can be exploited to execute
-	    arbitrary HTML and script code (for example with meta refreshes to a
-	    javascript: URL) in a user's browser session in context of an affected
-	    site.</p>
+	    (when remind is set to send me my password) is not properly
+	    sanitised before being returned to the user. This can be exploited
+	    to execute arbitrary HTML and script code (for example with meta
+	    refreshes to a javascript: URL) in a user's browser session in
+	    context of an affected site.</p>
 	  <p>Input passed to the local_php and error_handler parameters in
 	    tiki-index.php is not properly verified before being used to include
 	    files. This can be exploited to include arbitrary files from local
 	    resources.</p>
-	  <p>Input passed to the imp_language parameter in tiki-imexport_languages.php
-	    is not properly verified before being used to include files.
-	    This can be exploited to include arbitrary files from local
-	    resources.</p>
-	  <p>Certain img src elements are not properly santised before being used.
-	    This can be exploited to insert arbitrary HTML and script code, which
-	    is executed in a user's browser session in context of an affected site
-	    when the malicious data is viewed.</p>
+	  <p>Input passed to the imp_language parameter in
+	    tiki-imexport_languages.php is not properly verified before being
+	    used to include files.  This can be exploited to include arbitrary
+	    files from local resources.</p>
+	  <p>Certain img src elements are not properly santised before being
+	    used.  This can be exploited to insert arbitrary HTML and script
+	    code, which is executed in a user's browser session in context of an
+	    affected site when the malicious data is viewed.</p>
 	</blockquote>
       </body>
     </description>
@@ -3212,13 +3221,14 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Secunia reports:</p>
 	<blockquote cite="http://secunia.com/advisories/27233">
-	  <p>Secunia Research has discovered a vulnerability in CUPS, which can be
-	    exploited by malicious people to compromise a vulnerable system.</p>
-	  <p>The vulnerability is caused due to a boundary error within the "ippReadIO()"
-	    function in cups/ipp.c when processing IPP (Internet Printing Protocol) tags.
-	    This can be exploited to overwrite one byte on the stack with a zero by sending
-	    an IPP request containing specially crafted "textWithLanguage" or
-	    "nameWithLanguage" tags.</p>
+	  <p>Secunia Research has discovered a vulnerability in CUPS, which can
+	    be exploited by malicious people to compromise a vulnerable
+	    system.</p>
+	  <p>The vulnerability is caused due to a boundary error within the
+	    "ippReadIO()" function in cups/ipp.c when processing IPP (Internet
+	    Printing Protocol) tags.  This can be exploited to overwrite one
+	    byte on the stack with a zero by sending an IPP request containing
+	    specially crafted "textWithLanguage" or "nameWithLanguage" tags.</p>
 	  <p>Successful exploitation allows execution of arbitrary code.</p>
 	</blockquote>
       </body>
@@ -3247,10 +3257,10 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Red Hat reports:</p>
 	<blockquote cite="https://rhn.redhat.com/errata/RHSA-2007-0966.html">
-	  <p>A flaw was found in Perl's regular expression engine. Specially crafted
-	    input to a regular expression can cause Perl to improperly allocate
-	    memory, possibly resulting in arbitrary code running with the permissions
-	    of the user running Perl.</p>
+	  <p>A flaw was found in Perl's regular expression engine. Specially
+	    crafted input to a regular expression can cause Perl to improperly
+	    allocate memory, possibly resulting in arbitrary code running with
+	    the permissions of the user running Perl.</p>
 	</blockquote>
       </body>
     </description>
@@ -3350,8 +3360,8 @@ Note:  Please add new entries to the beginning of this file.
 	    names.</p>
 	  <p>A remote attacker could trigger these vulnerabilities by enticing
 	    a user to download a file with a specially crafted directory or file
-	    name, possibly resulting in the execution of arbitrary code or a Denial
-	    of Service.</p>
+	    name, possibly resulting in the execution of arbitrary code or a
+	    Denial of Service.</p>
 	</blockquote>
       </body>
     </description>
@@ -3384,9 +3394,9 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Securiweb reports:</p>
 	<blockquote cite="http://dircproxy.securiweb.net/ticket/89">
 	  <p>dircproxy allows remote attackers to cause a denial of
-	    service (segmentation fault) via an ACTION command without a parameter,
-	    which triggers a NULL pointer dereference, as demonstrated using
-	    a blank /me message from irssi.</p>
+	    service (segmentation fault) via an ACTION command without a
+	    parameter, which triggers a NULL pointer dereference, as
+	    demonstrated using a blank /me message from irssi.</p>
 	</blockquote>
       </body>
     </description>
@@ -3411,7 +3421,7 @@ Note:  Please add new entries to the beginning of this file.
 	<range><lt>2.3.1</lt></range>
       </package>
       <package>
-        <name>zh-wordpress</name>
+	<name>zh-wordpress</name>
 	<range><gt>0</gt></range>
       </package>
     </affects>
@@ -3419,7 +3429,7 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>A Secunia Advisory report:</p>
 	<blockquote cite="http://secunia.com/advisories/27407">
-	  <p>Input passed to the "posts_columns" parameter in 
+	  <p>Input passed to the "posts_columns" parameter in
 	    wp-admin/edit-post-rows.php is not properly sanitised before
 	    being returned to the user. This can be exploited to execute
 	    arbitrary HTML and script code in a user's browser session in
@@ -3792,9 +3802,9 @@ Note:  Please add new entries to the beginning of this file.
 	<blockquote cite="http://secunia.com/advisories/27124/">
 	  <p>The vulnerability is caused due to a boundary error within the
 	    redir() function in check_http.c when processing HTTP Location:
-	    header information. This can be exploited to cause a buffer overflow by
-	    returning an overly long string in the "Location:" header to a vulnerable
-	    system.</p>
+	    header information. This can be exploited to cause a buffer overflow
+	    by returning an overly long string in the "Location:" header to a
+	    vulnerable system.</p>
 	</blockquote>
       </body>
     </description>
@@ -3822,11 +3832,12 @@ Note:  Please add new entries to the beginning of this file.
 	<p>A Secunia Advisory reports:</p>
 	<blockquote cite="http://secunia.com/advisories/27093/">
 	  <p>Some vulnerabilities have been reported in libpng, which can be
-	    exploited by malicious people to cause a DoS (Denial of Service).</p>
+	    exploited by malicious people to cause a DoS (Denial of
+	    Service).</p>
 	  <p>Certain errors within libpng, including a logical NOT instead of a
 	    bitwise NOT in pngtrtran.c, an error in the 16bit cheap transparency
-	    extension, and an incorrect use of sizeof() may be exploited to crash an
-	    application using the library.</p>
+	    extension, and an incorrect use of sizeof() may be exploited to
+	    crash an application using the library.</p>
 	  <p>Various out-of-bounds read errors exist within the functions
 	    png_handle_pCAL(), png_handle_sCAL(), png_push_read_tEXt(),
 	    png_handle_iTXt(), and png_handle_ztXt(), which may be exploited by
@@ -3936,9 +3947,9 @@ Note:  Please add new entries to the beginning of this file.
 	    caching may allow an untrusted applet that is downloaded from a
 	    malicious website to make network connections to network services
 	    on machines other than the one that the applet was downloaded from.
-	    This may allow network resources (such as web pages) and vulnerabilities
-	    (that exist on these network services) which are not otherwise normally
-	    accessible to be accessed or exploited.</p>
+	    This may allow network resources (such as web pages) and
+	    vulnerabilities (that exist on these network services) which are not
+	    otherwise normally accessible to be accessed or exploited.</p>
 	</blockquote>
       </body>
     </description>
@@ -3966,15 +3977,15 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Matthieu Herrb reports:</p>
 	<blockquote cite="http://lists.freedesktop.org/archives/xorg/2007-October/028899.html">
 	  <h1>Problem Description:</h1>
-          <p>Several vulnerabilities have been identified in xfs, the X font
-            server.  The QueryXBitmaps and QueryXExtents protocol requests
-            suffer from lack of validation of their 'length' parameters.</p>
+	  <p>Several vulnerabilities have been identified in xfs, the X font
+	    server.  The QueryXBitmaps and QueryXExtents protocol requests
+	    suffer from lack of validation of their 'length' parameters.</p>
 	  <h1>Impact:</h1>
-          <p>On most modern systems, the font server is accessible only for
-            local clients and runs with reduced privileges, but on some
-            systems it may still be accessible from remote clients and
-            possibly running with root privileges, creating an opportunity
-            for remote privilege escalation.</p>
+	  <p>On most modern systems, the font server is accessible only for
+	    local clients and runs with reduced privileges, but on some
+	    systems it may still be accessible from remote clients and
+	    possibly running with root privileges, creating an opportunity
+	    for remote privilege escalation.</p>
 	</blockquote>
       </body>
     </description>
@@ -4067,8 +4078,9 @@ Note:  Please add new entries to the beginning of this file.
 	<blockquote cite="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438540">
 	  <p>When tagging file $foo, a temporary copy of the file is
 	    created, and for some reason, libid3 doesn't use mkstemp
-	    but just creates $foo.XXXXXX literally, without any checking.</p> 
-	  <p>This would silently truncate and overwrite an existing $foo.XXXXXX.</p>
+	    but just creates $foo.XXXXXX literally, without any checking.</p>
+	  <p>This would silently truncate and overwrite an existing
+	    $foo.XXXXXX.</p>
 	</blockquote>
       </body>
     </description>
@@ -4129,7 +4141,7 @@ Note:  Please add new entries to the beginning of this file.
       </package>
       <package>
 	<name>wordpress-mu</name>
-        <range><lt>1.2.4,2</lt></range>
+	<range><lt>1.2.4,2</lt></range>
       </package>
     </affects>
     <description>
@@ -4223,7 +4235,7 @@ Note:  Please add new entries to the beginning of this file.
 	  <p>We strongly advise that 2.20.x and 2.22.x users should upgrade to
 	    2.20.5 and 2.22.3 respectively. 3.0 users, and users of 2.18.x or
 	    below, should upgrade to 3.0.1.</p>
-        </blockquote>
+	</blockquote>
       </body>
     </description>
     <references>
@@ -4500,7 +4512,7 @@ Note:  Please add new entries to the beginning of this file.
 	  other browsers like firefox and seamonkey.  The vulnerability
 	  is caused by QuickTime Media-Link files that contain a qtnext
 	  attribute.  This could allow an attacker to start the browser
-	  with arbitrary command-line options.  This could allow the
+	  with arbitrary command-line options.	This could allow the
 	  attacker to install malware, steal local data and possibly
 	  execute and/or do other arbitrary things within the users
 	  context.</p>
@@ -4533,39 +4545,39 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The PHP development team reports:</p>
 	<blockquote cite="http://www.php.net/releases/5_2_4.php">
-          <p>Security Enhancements and Fixes in PHP 5.2.4:</p>
-          <ul>
-            <li>Fixed a floating point exception inside wordwrap() (Reported
-            by Mattias Bengtsson)</li>
-            <li>Fixed several integer overflows inside the GD extension
-            (Reported by Mattias Bengtsson)</li>
-            <li>Fixed size calculation in chunk_split() (Reported by Gerhard
-            Wagner)</li>
-            <li>Fixed integer overflow in str[c]spn(). (Reported by Mattias
-            Bengtsson)</li>
-            <li>Fixed money_format() not to accept multiple %i or %n tokens.
-            (Reported by Stanislav Malyshev)</li>
-            <li>Fixed zend_alter_ini_entry() memory_limit interruption
-            vulnerability. (Reported by Stefan Esser)</li>
-            <li>Fixed INFILE LOCAL option handling with MySQL extensions not
-            to be allowed when open_basedir or safe_mode is active. (Reported
-            by Mattias Bengtsson)</li>
-            <li>Fixed session.save_path and error_log values to be checked
-            against open_basedir and safe_mode (CVE-2007-3378) (Reported by
-            Maksymilian Arciemowicz)</li>
-            <li>Fixed a possible invalid read in glob() win32 implementation
-            (CVE-2007-3806) (Reported by shinnai)</li>
-            <li>Fixed a possible buffer overflow in php_openssl_make_REQ
-            (Reported by zatanzlatan at hotbrev dot com)</li>
-            <li>Fixed an open_basedir bypass inside glob() function (Reported
-            by dr at peytz dot dk)</li>
-            <li>Fixed a possible open_basedir bypass inside session extension
-            when the session file is a symlink (Reported by c dot i dot morris
-            at durham dot ac dot uk)</li>
-            <li>Improved fix for MOPB-03-2007.</li>
-            <li>Corrected fix for CVE-2007-2872.</li>
-          </ul>
-        </blockquote>
+	  <p>Security Enhancements and Fixes in PHP 5.2.4:</p>
+	  <ul>
+	    <li>Fixed a floating point exception inside wordwrap() (Reported
+	    by Mattias Bengtsson)</li>
+	    <li>Fixed several integer overflows inside the GD extension
+	    (Reported by Mattias Bengtsson)</li>
+	    <li>Fixed size calculation in chunk_split() (Reported by Gerhard
+	    Wagner)</li>
+	    <li>Fixed integer overflow in str[c]spn(). (Reported by Mattias
+	    Bengtsson)</li>
+	    <li>Fixed money_format() not to accept multiple %i or %n tokens.
+	    (Reported by Stanislav Malyshev)</li>
+	    <li>Fixed zend_alter_ini_entry() memory_limit interruption
+	    vulnerability. (Reported by Stefan Esser)</li>
+	    <li>Fixed INFILE LOCAL option handling with MySQL extensions not
+	    to be allowed when open_basedir or safe_mode is active. (Reported
+	    by Mattias Bengtsson)</li>
+	    <li>Fixed session.save_path and error_log values to be checked
+	    against open_basedir and safe_mode (CVE-2007-3378) (Reported by
+	    Maksymilian Arciemowicz)</li>
+	    <li>Fixed a possible invalid read in glob() win32 implementation
+	    (CVE-2007-3806) (Reported by shinnai)</li>
+	    <li>Fixed a possible buffer overflow in php_openssl_make_REQ
+	    (Reported by zatanzlatan at hotbrev dot com)</li>
+	    <li>Fixed an open_basedir bypass inside glob() function (Reported
+	    by dr at peytz dot dk)</li>
+	    <li>Fixed a possible open_basedir bypass inside session extension
+	    when the session file is a symlink (Reported by c dot i dot morris
+	    at durham dot ac dot uk)</li>
+	    <li>Improved fix for MOPB-03-2007.</li>
+	    <li>Corrected fix for CVE-2007-2872.</li>
+	  </ul>
+	</blockquote>
       </body>
     </description>
     <references>
@@ -4613,7 +4625,8 @@ Note:  Please add new entries to the beginning of this file.
 	    <li>CVE-2007-3847: mod_proxy: Prevent reading past the end of a
 	      buffer when parsing date-related headers.</li>
 	    <li>CVE-2007-1863: mod_cache: Prevent a segmentation fault if
-	      attributes are listed in a Cache-Control header without any value.</li>
+	      attributes are listed in a Cache-Control header without any
+	      value.</li>
 	    <li>CVE-2007-3304: prefork, worker, event MPMs: Ensure that the
 	      parent process cannot be forced to kill processes outside its
 	      process group.</li>
@@ -4800,7 +4813,7 @@ Note:  Please add new entries to the beginning of this file.
       <discovery>2007-08-23</discovery>
       <entry>2007-09-01</entry>
     </dates>
-  </vuln>  
+  </vuln>
 
   <vuln vid="d9867f50-54d0-11dc-b80b-0016179b2dd5">
     <topic>claws-mail -- POP3 Format String Vulnerability</topic>
@@ -4811,7 +4824,7 @@ Note:  Please add new entries to the beginning of this file.
 	<range><lt>2.10.0_3</lt></range>
       </package>
       <package>
-        <name>sylpheed2</name>
+	<name>sylpheed2</name>
 	<range><lt>2.4.4_1</lt></range>
       </package>
     </affects>
@@ -4836,7 +4849,7 @@ Note:  Please add new entries to the beginning of this file.
     <dates>
       <discovery>2007-08-24</discovery>
       <entry>2007-08-27</entry>
-      <modified>2007-08-28</modified>    
+      <modified>2007-08-28</modified> 
     </dates>
   </vuln>
 
@@ -4955,7 +4968,7 @@ Note:  Please add new entries to the beginning of this file.
 	    code in a user's browser session in context of an affected
 	    site.</p>
 	  <p>Input passed to the url parameter is not properly sanitised
-	    before being returned to the user.  This can be exploited to insert
+	    before being returned to the user.	This can be exploited to insert
 	    arbitrary HTTP headers, which will be included in a response sent
 	    to the user, allowing for execution of arbitrary HTML and script
 	    code in a user's browser session in context of an affected
@@ -5067,23 +5080,23 @@ Note:  Please add new entries to the beginning of this file.
 	<range><lt>3.02_2</lt></range>
       </package>
       <package>
-        <name>kdegraphics</name>
+	<name>kdegraphics</name>
 	<range><lt>3.5.7_1</lt></range>
       </package>
       <package>
-        <name>cups-base</name>
+	<name>cups-base</name>
 	<range><lt>1.2.11_3</lt></range>
       </package>
       <package>
-        <name>gpdf</name>
+	<name>gpdf</name>
 	<range><gt>0</gt></range>
       </package>
       <package>
-        <name>pdftohtml</name>
+	<name>pdftohtml</name>
 	<range><gt>0</gt></range>
       </package>
       <package>
-        <name>poppler</name>
+	<name>poppler</name>
 	<range><lt>0.5.9_4</lt></range>
       </package>
     </affects>
@@ -5253,7 +5266,7 @@ Note:  Please add new entries to the beginning of this file.
 	<range><lt>4.7.7</lt></range>
       </package>
       <package>
-        <name>drupal5</name>
+	<name>drupal5</name>
 	<range><lt>5.2</lt></range>
       </package>
     </affects>
@@ -5439,14 +5452,14 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>DokuWiki reports:</p>
 	<blockquote cite="http://bugs.splitbrain.org/index.php?do=details&amp;task_id=1195">
-	  <p>The spellchecker tests the UTF-8 capabilities of the used browser by
-	    sending an UTF-8 string to the backend, which will send it back unfiltered.
-	    By comparing string length the spellchecker can work around broken
-	    implementations. An attacker could construct a form to let users send
-	    JavaScript to the spellchecker backend, resulting in malicious JavaScript
-	    being executed in their browser.</p>
-	  <p>Affected are all versions up to and including 2007-06-26 even when the
-	    spell checker is disabled.</p>
+	  <p>The spellchecker tests the UTF-8 capabilities of the used browser
+	    by sending an UTF-8 string to the backend, which will send it back
+	    unfiltered.  By comparing string length the spellchecker can work
+	    around broken implementations. An attacker could construct a form to
+	    let users send JavaScript to the spellchecker backend, resulting in
+	    malicious JavaScript being executed in their browser.</p>
+	  <p>Affected are all versions up to and including 2007-06-26 even when
+	    the spell checker is disabled.</p>
 	</blockquote>
       </body>
     </description>
@@ -5641,7 +5654,7 @@ Note:  Please add new entries to the beginning of this file.
     <dates>
       <discovery>2007-07-17</discovery>
       <entry>2007-07-19</entry>
-      <modified>2007-12-14</modified>    
+      <modified>2007-12-14</modified> 
     </dates>
   </vuln>
 
@@ -5728,7 +5741,7 @@ Note:  Please add new entries to the beginning of this file.
 	<blockquote cite="http://www.debian.org/security/2005/dsa-684">
 	  <p>Ulf Härnhammar from the Debian Security Audit Project
 	    discovered a problem in typespeed, a touch-typist trainer
-	    disguised as game.  This could lead to a local attacker
+	    disguised as game.	This could lead to a local attacker
 	    executing arbitrary code.</p>
 	</blockquote>
       </body>
@@ -5808,8 +5821,8 @@ Note:  Please add new entries to the beginning of this file.
     <topic>gd -- multiple vulnerabilities</topic>
     <affects>
       <package>
-        <name>gd</name>
-        <range><lt>2.0.35,1</lt></range>
+	<name>gd</name>
+	<range><lt>2.0.35,1</lt></range>
       </package>
     </affects>
     <description>
@@ -5825,24 +5838,27 @@ Note:  Please add new entries to the beginning of this file.
 	    Graphics Library (libgd) before 2.0.35 allows user-assisted
 	    remote attackers to cause a denial of service (crash) via
 	    unspecified vectors involving a gdImageCreate failure.</li>
-	  <li>CVE-2007-3474: Multiple unspecified vulnerabilities in the GIF reader in the GD
-	    Graphics Library (libgd) before 2.0.35 allow user-assisted remote
-	    attackers to have unspecified attack vectors and impact.</li>
-	  <li>CVE-2007-3475: The GD Graphics Library (libgd) before 2.0.35 allows user-assisted
-	    remote attackers to cause a denial of service (crash) via a GIF image
-	    that has no global color map.</li>
-	  <li>CVE-2007-3476: Array index error in gd_gif_in.c in the GD Graphics Library (libgd)
-	    before 2.0.35 allows user-assisted remote attackers to cause a denial
-	    of service (crash and heap corruption) via large color index values in
-	    crafted image data, which results in a segmentation fault.</li>
-	  <li>CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions in GD Graphics
-	    Library (libgd) before 2.0.35 allows attackers to cause a denial of
-	    service (CPU consumption) via a large (1) start or (2) end angle
-	    degree value.</li>
-	  <li>CVE-2007-3478: Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in
-	    the GD Graphics Library (libgd) before 2.0.35 allows user-assisted
-	    remote attackers to cause a denial of service (crash) via unspecified
-	    vectors, possibly involving truetype font (TTF) support.</li>
+	  <li>CVE-2007-3474: Multiple unspecified vulnerabilities in the GIF
+	    reader in the GD Graphics Library (libgd) before 2.0.35 allow
+	    user-assisted remote attackers to have unspecified attack vectors
+	    and impact.</li>
+	  <li>CVE-2007-3475: The GD Graphics Library (libgd) before 2.0.35
+	    allows user-assisted remote attackers to cause a denial of service
+	    (crash) via a GIF image that has no global color map.</li>
+	  <li>CVE-2007-3476: Array index error in gd_gif_in.c in the GD Graphics
+	    Library (libgd) before 2.0.35 allows user-assisted remote attackers
+	    to cause a denial of service (crash and heap corruption) via large
+	    color index values in crafted image data, which results in a
+	    segmentation fault.</li>
+	  <li>CVE-2007-3477: The (a) imagearc and (b) imagefilledarc functions
+	    in GD Graphics Library (libgd) before 2.0.35 allows attackers to
+	    cause a denial of service (CPU consumption) via a large (1) start or
+	    (2) end angle degree value.</li>
+	  <li>CVE-2007-3478: Race condition in gdImageStringFTEx
+	    (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd)
+	    before 2.0.35 allows user-assisted remote attackers to cause a
+	    denial of service (crash) via unspecified vectors, possibly
+	    involving truetype font (TTF) support.</li>
 	</ul>
       </body>
     </description>
@@ -6114,7 +6130,7 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Blogsecurity reports:</p>
 	<blockquote cite="http://blogsecurity.net/news/news-310507/">
 	  <p>An attacker can read comments on posts that have not been
-	    moderated.  This can be a real security risk if blog admins
+	    moderated.	This can be a real security risk if blog admins
 	    are using unmoderated comments (comments that have not been
 	    made public) to hide sensitive notes regarding posts, future
 	    work, passwords etc.  So please be careful if you are one of
@@ -6183,7 +6199,7 @@ Note:  Please add new entries to the beginning of this file.
 	  <p>A stack overflow was found in the code used to handle
 	    cddb queries.  When copying the album title and category,
 	    no checking was performed on the size of the strings
-	    before storing them in a fixed-size array.  A malicious
+	    before storing them in a fixed-size array.	A malicious
 	    entry in the database could trigger a stack overflow in
 	    the program, leading to arbitrary code execution with the
 	    uid of the user running MPlayer.</p>
@@ -6301,8 +6317,8 @@ Note:  Please add new entries to the beginning of this file.
     <topic>findutils -- GNU locate heap buffer overrun</topic>
     <affects>
       <package>
-        <name>findutils</name>
-        <range><lt>4.2.31</lt></range>
+	<name>findutils</name>
+	<range><lt>4.2.31</lt></range>
       </package>
     </affects>
     <description>
@@ -6311,11 +6327,11 @@ Note:  Please add new entries to the beginning of this file.
 	<blockquote cite="http://lists.gnu.org/archive/html/bug-findutils/2007-06/msg00000.html">
 	  <p>When GNU locate reads filenames from an old-format locate database,
 	    they are read into a fixed-length buffer allocated on the heap.
-	    Filenames longer than the 1026-byte buffer can cause a buffer overrun.
-	    The overrunning data can be chosen by any person able to control the
-	    names of filenames created on the local system.  This will normally
-	    include all local users, but in many cases also remote users (for
-	    example in the case of FTP servers allowing uploads).</p>
+	    Filenames longer than the 1026-byte buffer can cause a buffer
+	    overrun.  The overrunning data can be chosen by any person able to
+	    control the names of filenames created on the local system.  This
+	    will normally include all local users, but in many cases also remote
+	    users (for example in the case of FTP servers allowing uploads).</p>
 	</blockquote>
       </body>
     </description>
@@ -6333,16 +6349,16 @@ Note:  Please add new entries to the beginning of this file.
     <topic>FreeType 2 -- Heap overflow vulnerability</topic>
     <affects>
       <package>
-        <name>freetype2</name>
-        <range><lt>2.2.1_2</lt></range>
+	<name>freetype2</name>
+	<range><lt>2.2.1_2</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
   <blockquote cite="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2754">
-    <p>Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and 
-      earlier might allow remote attackers to execute arbitrary code via a 
-      crafted TTF image with a negative n_points value, which leads to an 
+    <p>Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and
+      earlier might allow remote attackers to execute arbitrary code via a
+      crafted TTF image with a negative n_points value, which leads to an
       integer overflow and heap-based buffer overflow.</p>
   </blockquote>
       </body>
@@ -6363,8 +6379,8 @@ Note:  Please add new entries to the beginning of this file.
     <topic>FreeBSD -- heap overflow in file(1)</topic>
     <affects>
       <package>
-        <name>file</name>
-        <range><lt>4.21</lt></range>
+	<name>file</name>
+	<range><lt>4.21</lt></range>
       </package>
       <system>
 	<name>FreeBSD</name>
@@ -6383,7 +6399,7 @@ Note:  Please add new entries to the beginning of this file.
 	<h1>Impact:</h1>
 	<p>An attacker who can cause file(1) to be run on a maliciously
 	  constructed input can cause file(1) to crash.  It may be
-          possible for such an attacker to execute arbitrary code with
+	  possible for such an attacker to execute arbitrary code with
 	  the privileges of the user running file(1).</p>
 	<p>The above also applies to any other applications using the
 	  libmagic(3) library.</p>
@@ -6416,11 +6432,12 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The SquirrelMail developers report:</p>
 	<blockquote cite="http://www.squirrelmail.org/security/issue/2007-05-09">
-	  <p>Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in
-            SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary
-            web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2)
-            various non-ASCII character sets that are not properly filtered when viewed
-            with Microsoft Internet Explorer.</p>
+	  <p>Multiple cross-site scripting (XSS) vulnerabilities in the HTML
+	    filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers
+	    to inject arbitrary web script or HTML via the (1) data: URI in an
+	    HTML e-mail attachment or (2) various non-ASCII character sets that
+	    are not properly filtered when viewed with Microsoft Internet
+	    Explorer.</p>
 	</blockquote>
       </body>
     </description>
@@ -6470,9 +6487,9 @@ Note:  Please add new entries to the beginning of this file.
     <topic>samba -- multiple vulnerabilities</topic>
     <affects>
       <package>
-        <name>samba</name>
-        <name>ja-samba</name>
-        <range><gt>3.*</gt><lt>3.0.25,1</lt></range>
+	<name>samba</name>
+	<name>ja-samba</name>
+	<range><gt>3.*</gt><lt>3.0.25,1</lt></range>
       </package>
     </affects>
     <description>
@@ -6639,28 +6656,28 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The Debian Security Team reports:</p>
 	<blockquote cite="http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00040.html">
-	  <p>Several vulnerabilities have been discovered in the QEMU
-	  processor emulator, which may lead to the execution of arbitrary
-	  code or denial of service. The Common Vulnerabilities and Exposures
-	  project identifies the following problems:</p>
-	  <p>CVE-2007-1320<br/>Tavis Ormandy discovered that a memory
-	  management routine of the Cirrus video driver performs insufficient
-	  bounds checking, which might allow the execution of arbitrary code
-	  through a heap overflow.</p>
-	  <p>CVE-2007-1321<br/>Tavis Ormandy discovered that the NE2000
-	  network driver and the socket code perform insufficient input
-	  validation, which might allow the execution of arbitrary code
-	  through a heap overflow.</p>
+	  <p>Several vulnerabilities have been discovered in the QEMU processor
+	    emulator, which may lead to the execution of arbitrary code or
+	    denial of service. The Common Vulnerabilities and Exposures project
+	    identifies the following problems:</p>
+	  <p>CVE-2007-1320<br/>Tavis Ormandy discovered that a memory management
+	    routine of the Cirrus video driver performs insufficient bounds
+	    checking, which might allow the execution of arbitrary code through
+	    a heap overflow.</p>
+	  <p>CVE-2007-1321<br/>Tavis Ormandy discovered that the NE2000 network
+	    driver and the socket code perform insufficient input validation,
+	    which might allow the execution of arbitrary code through a heap
+	    overflow.</p>
 	  <p>CVE-2007-1322<br/>Tavis Ormandy discovered that the "icebp"
-	  instruction can be abused to terminate the emulation, resulting
-	  in denial of service.</p>
-	  <p>CVE-2007-1323<br/>Tavis Ormandy discovered that the NE2000
-	  network driver and the socket code perform insufficient input
-	  validation, which might allow the execution of arbitrary code
-	  through a heap overflow.</p>
+	    instruction can be abused to terminate the emulation, resulting in
+	    denial of service.</p>
+	  <p>CVE-2007-1323<br/>Tavis Ormandy discovered that the NE2000 network
+	    driver and the socket code perform insufficient input validation,
+	    which might allow the execution of arbitrary code through a heap
+	    overflow.</p>
 	  <p>CVE-2007-1366<br/>Tavis Ormandy discovered that the "aam"
-	  instruction can be abused to crash qemu through a division by
-	  zero, resulting in denial of service.</p>
+	    instruction can be abused to crash qemu through a division by zero,
+	    resulting in denial of service.</p>
 	</blockquote>
       </body>
     </description>
@@ -6725,25 +6742,25 @@ Note:  Please add new entries to the beginning of this file.
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<h1>Problem Description</h1>
-        <p>There is no mechanism for preventing IPv6 routing headers
-          from being used to route packets over the same link(s) many
-          times.</p>
+	<p>There is no mechanism for preventing IPv6 routing headers
+	  from being used to route packets over the same link(s) many
+	  times.</p>
 	<h1>Impact</h1>
-        <p>An attacker can "amplify" a denial of service attack against
-          a link between two vulnerable hosts; that is, by sending a
-          small volume of traffic the attacker can consume a much larger
-          amount of bandwidth between the two vulnerable hosts.</p>
-        <p>An attacker can use vulnerable hosts to "concentrate" a
-          denial of service attack against a victim host or network;
-          that is, a set of packets sent over a period of 30 seconds
-          or more could be constructed such that they all arrive at
-          the victim within a period of 1 second or less  over a
-          period of 30 seconds or more could be constructed such that
-          they all arrive at the victim within a period of 1 second or
-          less.</p>
-        <p>Other attacks may also be possible.</p>
+	<p>An attacker can "amplify" a denial of service attack against
+	  a link between two vulnerable hosts; that is, by sending a
+	  small volume of traffic the attacker can consume a much larger
+	  amount of bandwidth between the two vulnerable hosts.</p>
+	<p>An attacker can use vulnerable hosts to "concentrate" a
+	  denial of service attack against a victim host or network;
+	  that is, a set of packets sent over a period of 30 seconds
+	  or more could be constructed such that they all arrive at
+	  the victim within a period of 1 second or less  over a
+	  period of 30 seconds or more could be constructed such that
+	  they all arrive at the victim within a period of 1 second or
+	  less.</p>
+	<p>Other attacks may also be possible.</p>
 	<h1>Workaround</h1>
-        <p>No workaround is available.</p>
+	<p>No workaround is available.</p>
       </body>
     </description>
     <references>
@@ -6770,12 +6787,13 @@ Note:  Please add new entries to the beginning of this file.
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-    <p>Mandriva reports:</p>
-    <blockquote cite="http://www.mandriva.com/security/advisories?name=MDKSA-2007:083">
-      <p>PerlRun.pm in Apache mod_perl 1.29 and earlier, and RegistryCooker.pm in
-        mod_perl 2.x, does not properly escape PATH_INFO before use in a regular 
-        expression, which allows remote attackers to cause a denial of service 
-        (resource consumption) via a crafted URI.</p>
+	<p>Mandriva reports:</p>
+	<blockquote cite="http://www.mandriva.com/security/advisories?name=MDKSA-2007:083">
+	  <p>PerlRun.pm in Apache mod_perl 1.29 and earlier, and
+	    RegistryCooker.pm in mod_perl 2.x, does not properly escape
+	    PATH_INFO before use in a regular expression, which allows remote
+	    attackers to cause a denial of service (resource consumption) via a
+	    crafted URI.</p>
 	</blockquote>
       </body>
     </description>
@@ -6804,9 +6822,9 @@ Note:  Please add new entries to the beginning of this file.
 	<p>CVE reports:</p>
 	<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558">
 	  <p>The APOP protocol allows remote attackers to guess the first 3
-            characters of a password via man-in-the-middle (MITM) attacks
-            that use crafted message IDs and MD5 collisions.
-         </p>
+	    characters of a password via man-in-the-middle (MITM) attacks
+	    that use crafted message IDs and MD5 collisions.
+	 </p>
 	</blockquote>
       </body>
     </description>
@@ -7037,8 +7055,8 @@ Note:  Please add new entries to the beginning of this file.
 	<p>The Zope Team reports:</p>
 	<blockquote cite="http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view">
 	  <p>A vulnerability has been discovered in Zope, where by certain types
-	    of misuse of HTTP GET, an attacker could gain elevated privileges. All
-	    Zope versions up to and including 2.10.2 are affected.</p>
+	    of misuse of HTTP GET, an attacker could gain elevated privileges.
+	    All Zope versions up to and including 2.10.2 are affected.</p>
 	</blockquote>
       </body>
     </description>
@@ -7146,7 +7164,7 @@ Note:  Please add new entries to the beginning of this file.
 	  <p>Internally Samba's file server daemon, smbd, implements
 	    support for deferred file open calls in an attempt to serve
 	    client requests that would otherwise fail due to a share mode
-	    violation.  When renaming a file under certain circumstances
+	    violation.	When renaming a file under certain circumstances
 	    it is possible that the request is never removed from the deferred
 	    open queue.  smbd will then become stuck is a loop trying to
 	    service the open request.</p>
@@ -7257,10 +7275,10 @@ Note:  Please add new entries to the beginning of this file.
 	<p>"Moritz Jodeit reports:</p>
 	<blockquote cite="http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052738.html">
 	  <p>There's an exploitable buffer overflow in the current version of
-          MPlayer (v1.0rc1) which can be exploited with a maliciously crafted
-          video file. It's hidden in the function DMO_VideoDecoder() in the
-          file loader/dmo/DMO_VideoDecoder.c.
-         </p>
+	  MPlayer (v1.0rc1) which can be exploited with a maliciously crafted
+	  video file. It's hidden in the function DMO_VideoDecoder() in the
+	  file loader/dmo/DMO_VideoDecoder.c.
+	 </p>
 	</blockquote>
       </body>
     </description>
@@ -7291,11 +7309,11 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Secunia reports:</p>
 	<blockquote cite="http://secunia.com/advisories/24470/">
 	  <p>The vulnerability is caused due to an error within the
-          "download wiki page as text" function, which can be exploited
-          to execute arbitrary HTML and script code in a user's browser
-          session in context of an affected site.</p>
-          <p>Successful exploitation may require that the victim uses IE.
-          </p>
+	  "download wiki page as text" function, which can be exploited
+	  to execute arbitrary HTML and script code in a user's browser
+	  session in context of an affected site.</p>
+	  <p>Successful exploitation may require that the victim uses IE.
+	  </p>
 	</blockquote>
       </body>
     </description>
@@ -7612,7 +7630,7 @@ Note:  Please add new entries to the beginning of this file.
 	    client code.</li>
 	</ul>
 	<p>In addition, many applications using OpenSSL do not perform
-	  any validation of the lengths of public keys being used.</p> 
+	  any validation of the lengths of public keys being used.</p>
 	<h1>Impact:</h1>
 	<p>Servers which parse ASN1 data from untrusted sources may be
 	  vulnerable to a denial of service attack.</p>
@@ -7656,8 +7674,8 @@ Note:  Please add new entries to the beginning of this file.
 	<range><lt>1.5.0.10</lt></range>
       </package>
       <package>
-        <name>lightning</name>
-        <range><lt>0.3.1</lt></range>
+	<name>lightning</name>
+	<range><lt>0.3.1</lt></range>
       </package>
       <package>
 	<name>seamonkey</name>
@@ -7916,7 +7934,7 @@ Note:  Please add new entries to the beginning of this file.
 	  <p>Some vulnerabilities have been reported in Joomla!, where some
 	    have unknown impacts and one can be exploited by malicious people
 	    to conduct cross-site scripting attacks.</p>
-          <ol>
+	  <ol>
 	    <li>Input passed to an unspecified parameter is not properly
 	      sanitised before being returned to the user.  This can be
 	      exploited to execute arbitrary HTML and script code in a
@@ -8037,13 +8055,13 @@ Note:  Please add new entries to the beginning of this file.
     <topic>mplayer -- buffer overflow in the code for RealMedia RTSP streams.</topic>
     <affects>
       <package>
-        <name>mplayer</name>
-        <name>mplayer-esound</name>
-        <name>mplayer-gtk</name>
-        <name>mplayer-gtk2</name>
-        <name>mplayer-gtk-esound</name>
-        <name>mplayer-gtk2-esound</name>
-        <range><lt>0.99.10_1</lt></range>
+	<name>mplayer</name>
+	<name>mplayer-esound</name>
+	<name>mplayer-gtk</name>
+	<name>mplayer-gtk2</name>
+	<name>mplayer-gtk-esound</name>
+	<name>mplayer-gtk2-esound</name>
+	<range><lt>0.99.10_1</lt></range>
       </package>
     </affects>
     <description>
@@ -8059,7 +8077,7 @@ Note:  Please add new entries to the beginning of this file.
 	A fix for this problem was committed to SVN on Sun Dec 31 13:27:53 2006
 	UTC as r21799. The fix involves three files: stream/realrtsp/asmrp.c,
 	stream/realrtsp/asmrp.h and stream/realrtsp/real.c.</p>
-        </blockquote>
+	</blockquote>
       </body>
     </description>
     <references>
@@ -8220,18 +8238,18 @@ Note:  Please add new entries to the beginning of this file.
 	<p>The Drupal security team reports:</p>
 	<blockquote cite="http://drupal.org/files/sa-2007-001/advisory.txt">
 	  <p>A few arguments passed via URLs are not properly sanitized
-            before display.  When an attacker is able to entice an
-            administrator to follow a specially crafted link, arbitrary
-            HTML and script code can be injected and executed in the
-            victim's session. Such an attack may lead to administrator
-            access if certain conditions are met.</p>
+	    before display.  When an attacker is able to entice an
+	    administrator to follow a specially crafted link, arbitrary
+	    HTML and script code can be injected and executed in the
+	    victim's session. Such an attack may lead to administrator
+	    access if certain conditions are met.</p>
 	</blockquote>
 	<blockquote cite="http://drupal.org/files/sa-2007-002/advisory.txt">
 	  <p>The way page caching was implemented allows a denial of
-            service attack. An attacker has to have the ability to post
-            content on the site. He or she would then be able to poison
-            the page cache, so that it returns cached 404 page not found
-            errors for existing pages.</p>
+	    service attack. An attacker has to have the ability to post
+	    content on the site. He or she would then be able to poison
+	    the page cache, so that it returns cached 404 page not found
+	    errors for existing pages.</p>
 	  <p>If the page cache is not enabled, your site is not vulnerable.
 	    The vulnerability only affects sites running on top of MySQL.</p>
 	</blockquote>
@@ -8605,7 +8623,8 @@ Note:  Please add new entries to the beginning of this file.
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>An undisclosed eRuby injection vulnerability had been discovered in tDiary.</p>
+	<p>An undisclosed eRuby injection vulnerability had been discovered in
+	  tDiary.</p>
       </body>
     </description>
     <references>
@@ -8796,19 +8815,19 @@ Note:  Please add new entries to the beginning of this file.
 	  <p>GnuPG uses data structures called filters to process
 	    OpenPGP messages.  These filters are used in a similar
 	    way as a pipelines in the shell.  For communication
-	    between these filters context structures are used.  These
+	    between these filters context structures are used.	These
 	    are usually allocated on the stack and passed to the
 	    filter functions.  At most places the OpenPGP data stream
 	    fed into these filters is closed before the context
 	    structure gets deallocated.  While decrypting encrypted
 	    packets, this may not happen in all cases and the filter
 	    may use a void contest structure filled with garbage.  An
-	    attacker may control this garbage.  The filter context
+	    attacker may control this garbage.	The filter context
 	    includes another context used by the low-level decryption
 	    to access the decryption algorithm.  This is done using a
 	    function pointer.  By carefully crafting an OpenPGP
 	    message, an attacker may control this function pointer and
-	    call an arbitrary function of the process.  Obviously an
+	    call an arbitrary function of the process.	Obviously an
 	    exploit needs to prepared for a specific version,
 	    compiler, libc, etc to be successful - but it is
 	    definitely doable.</p>
@@ -8841,15 +8860,15 @@ Note:  Please add new entries to the beginning of this file.
     <topic>ruby -- cgi.rb library Denial of Service</topic>
     <affects>
       <package>
-        <name>ruby</name>
-        <name>ruby+pthreads</name>
-        <name>ruby+pthreads+oniguruma</name>
-        <name>ruby+oniguruma</name>
-        <range><ge>1.8.*,1</ge><lt>1.8.5_5,1</lt></range>
+	<name>ruby</name>
+	<name>ruby+pthreads</name>
+	<name>ruby+pthreads+oniguruma</name>
+	<name>ruby+oniguruma</name>
+	<range><ge>1.8.*,1</ge><lt>1.8.5_5,1</lt></range>
       </package>
       <package>
-        <name>ruby_static</name>
-        <range><ge>1.8.*,1</ge></range>
+	<name>ruby_static</name>
+	<range><ge>1.8.*,1</ge></range>
       </package>
     </affects>
     <description>
@@ -8951,7 +8970,7 @@ Note:  Please add new entries to the beginning of this file.
 	<p>SecurityFocus reports about ImageMagick:</p>
 	<blockquote cite="http://www.securityfocus.com/bid/21185/info">
 	  <p>ImageMagick is prone to a remote heap-based buffer-overflow
-            vulnerability because the application fails to properly
+	    vulnerability because the application fails to properly
 	    bounds-check user-supplied input before copying it to an
 	    insufficiently sized memory buffer.</p>
 	  <p>Exploiting this issue allows attackers to execute arbitrary
@@ -9018,11 +9037,11 @@ Note:  Please add new entries to the beginning of this file.
 	    could allow an authenticated web mail user to execute
 	    arbitrary PHP code under the security context of the running
 	    web server.</p>
-	  <p>The vulnerability specifically exists due to a design error
-	    in the way it includes certain files. Specifically, the
-	    'lib/FBView.php' file contains a function 'Kronolith_FreeBusy_View::factory'
-	    which will include local files that are supplied via the
-	    'view' HTTP GET request parameter.</p>
+	  <p>The vulnerability specifically exists due to a design error in the
+	    way it includes certain files. Specifically, the 'lib/FBView.php'
+	    file contains a function 'Kronolith_FreeBusy_View::factory' which
+	    will include local files that are supplied via the 'view' HTTP GET
+	    request parameter.</p>
 	</blockquote>
       </body>
     </description>
@@ -9070,9 +9089,9 @@ Note:  Please add new entries to the beginning of this file.
     <topic>proftpd -- Remote Code Execution Vulnerability</topic>
     <affects>
       <package>
-        <name>proftpd</name>
-        <name>proftpd-mysql</name>
-        <range><le>1.3.0_2</le></range>
+	<name>proftpd</name>
+	<name>proftpd-mysql</name>
+	<range><le>1.3.0_2</le></range>
       </package>
     </affects>
     <description>
@@ -9187,8 +9206,8 @@ Note:  Please add new entries to the beginning of this file.
     <topic>Imlib2 -- multiple image file processing vulnerabilities</topic>
     <affects>
       <package>
-        <name>imlib2</name>
-        <range><lt>20060926_1,1</lt></range>
+	<name>imlib2</name>
+	<range><lt>20060926_1,1</lt></range>
       </package>
     </affects>
     <description>
@@ -9478,7 +9497,7 @@ Note:  Please add new entries to the beginning of this file.
 	<blockquote cite="http://www.security-assessment.com/files/advisories/Asterisk_remote_heap_overflow.pdf">
 	  <p>The Asterisk Skinny channel driver for Cisco SCCP phones
 	    (chan_skinny.so) incorrectly validates a length value in
-	    the packet header.  An integer wrap-around leads to heap
+	    the packet header.	An integer wrap-around leads to heap
 	    overwrite, and arbitrary remote code execution as root.</p>
 	</blockquote>
       </body>
@@ -9679,7 +9698,7 @@ Note:  Please add new entries to the beginning of this file.
 	    to a buffer overflow that allows an attacker to run
 	    arbitrary code as root. This bug can be exploited both
 	    locally or remotely (via a remote X client or an X client
-	    which visits a malicious web page).	 A working
+	    which visits a malicious web page).  A working
 	    proof-of-concept root exploit is included with this
 	    advisory.</p>
 	  <p>The NVIDIA drivers for Solaris and FreeBSD are also
@@ -10355,7 +10374,7 @@ Note:  Please add new entries to the beginning of this file.
     </description>
     <references>
       <bid>20027</bid>
-      <cvename>CVE-2006-4790</cvename>                                           
+      <cvename>CVE-2006-4790</cvename>
       <url>http://secunia.com/advisories/21937</url>
       <url>http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html</url>
     </references>
@@ -11384,8 +11403,8 @@ Note:  Please add new entries to the beginning of this file.
 	  panic.  Such an attacker may also be able to obtain
 	  sensitive information or gain elevated privileges.</p>
 	<h1>Workaround</h1>
-	<p>No workaround is available, but systems which do not use sppp(4) are not
-	vulnerable.</p>
+	<p>No workaround is available, but systems which do not use sppp(4) are
+	  not vulnerable.</p>
       </body>
     </description>
     <references>
@@ -11403,12 +11422,12 @@ Note:  Please add new entries to the beginning of this file.
     <topic>horde -- Phishing and Cross-Site Scripting Vulnerabilities</topic>
     <affects>
       <package>
-        <name>horde</name>
-        <range><le>3.1.2</le></range>
+	<name>horde</name>
+	<range><le>3.1.2</le></range>
       </package>
       <package>
-        <name>imp</name>
-        <range><le>4.1.2</le></range>
+	<name>imp</name>
+	<range><le>4.1.2</le></range>
       </package>
     </affects>
     <description>
@@ -11431,7 +11450,7 @@ Note:  Please add new entries to the beginning of this file.
 	      script code in a user's browser session in context of an
 	      affected site.</li>
 	  </ol>
-        </blockquote>
+	</blockquote>
       </body>
     </description>
     <references>
@@ -11499,7 +11518,7 @@ Note:  Please add new entries to the beginning of this file.
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Ludwig Nussel reports that x11vnc is vulnerable to an
-	  authentication bypass vulnerability.  The vulnerability is
+	  authentication bypass vulnerability.	The vulnerability is
 	  caused by an error in auth.c.  This could allow a remote
 	  attacker to gain unauthorized and unauthenticated access
 	  to the system.</p>
@@ -11856,9 +11875,9 @@ Note:  Please add new entries to the beginning of this file.
     <topic>ruby - multiple vulnerabilities</topic>
     <affects>
       <package>
-        <name>ruby</name>
-        <name>ruby_static</name>
-        <range><gt>1.6.*</gt><lt>1.8.*</lt></range>
+	<name>ruby</name>
+	<name>ruby_static</name>
+	<range><gt>1.6.*</gt><lt>1.8.*</lt></range>
 	<range><gt>1.8.*</gt><lt>1.8.4_9,1</lt></range>
       </package>
     </affects>
@@ -11866,9 +11885,9 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Secunia reports:</p>
 	<blockquote cite="http://secunia.com/advisories/21009/">
-          <p>Two vulnerabilities have been reported in Ruby, which can
+	  <p>Two vulnerabilities have been reported in Ruby, which can
 	    be exploited by malicious people to bypass certain security
-            restrictions.</p>
+	    restrictions.</p>
 	  <ol>
 	    <li>An error in the handling of the "alias" functionality
 	      can be exploited to bypass the safe level protection and
@@ -11963,7 +11982,7 @@ Note:  Please add new entries to the beginning of this file.
 	    execution. This issue has been rated as having important
 	    security impact by the Apache HTTP Server Security Team.</p>
 	  <p>This flaw does not affect a default installation of
-	    Apache HTTP Server.	 Users who do not use, or have not
+	    Apache HTTP Server.  Users who do not use, or have not
 	    enabled, the Rewrite module mod_rewrite are not affected
 	    by this issue. This issue only affects installations using
 	    a Rewrite rule with the following characteristics:</p>
@@ -12176,9 +12195,9 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Goober's advisory reports reports that shoutcast is vulnerable to an
 	  arbitrary file reading vulnerability:</p>
 	<blockquote cite="http://people.ksp.sk/~goober/advisory/001-shoutcast.html">
-	<p>Impact of the vulnerability depends on the way the product was installed.
-	  In general, the vulnerability allows the attacker to read any file which
-	  can be read by the Shoutcast server process.</p>
+	<p>Impact of the vulnerability depends on the way the product was
+	  installed.  In general, the vulnerability allows the attacker to read
+	  any file which can be read by the Shoutcast server process.</p>
 	</blockquote>
       </body>
     </description>
@@ -12247,9 +12266,9 @@ Note:  Please add new entries to the beginning of this file.
 	    suffixes without the .txt filename padding.</p>
 	</blockquote>
 	<p>This issue can also be worked around with a restrictive web
-	  server configuration.	 See the
-	  <a href="http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads">TWiki
-	    Security Alert</a> for more information about how to do
+	  server configuration.  See the
+	  <a href="http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads">
+	  TWiki Security Alert</a> for more information about how to do
 	  this.</p>
       </body>
     </description>
@@ -12379,8 +12398,8 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>phpmyadmin Site reports:</p>
 	<blockquote cite="http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-4">
-	  <p>It was possible to craft a request that contains XSS by attacking the
-	    "table" parameter.</p>
+	  <p>It was possible to craft a request that contains XSS by attacking
+	    the "table" parameter.</p>
 	</blockquote>
       </body>
     </description>
@@ -12433,48 +12452,48 @@ Note:  Please add new entries to the beginning of this file.
     <topic>mutt -- Remote Buffer Overflow Vulnerability</topic>
     <affects>
       <package>
-        <name>mutt</name>
-        <name>mutt-lite</name>
-        <range><le>1.4.2.1_2</le></range>
+	<name>mutt</name>
+	<name>mutt-lite</name>
+	<range><le>1.4.2.1_2</le></range>
       </package>
       <package>
-        <name>mutt-devel</name>
-        <name>mutt-devel-lite</name>
-        <range><le>1.5.11_2</le></range>
+	<name>mutt-devel</name>
+	<name>mutt-devel-lite</name>
+	<range><le>1.5.11_2</le></range>
       </package>
       <package>
-        <name>ja-mutt</name>
-        <range><le>1.4.2.1.j1</le></range>
+	<name>ja-mutt</name>
+	<range><le>1.4.2.1.j1</le></range>
       </package>
       <package>
-        <name>zh-mutt-devel</name>
-        <range><le>1.5.11_20040617</le></range>
+	<name>zh-mutt-devel</name>
+	<range><le>1.5.11_20040617</le></range>
       </package>
       <package>
-        <name>ja-mutt-devel</name>
-        <range><le>1.5.6.j1_2</le></range>
+	<name>ja-mutt-devel</name>
+	<range><le>1.5.6.j1_2</le></range>
       </package>
       <package>
-        <name>mutt-ng</name>
-        <range><le>20060501</le></range>
+	<name>mutt-ng</name>
+	<range><le>20060501</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>SecurityFocus reports:</p>
-        <blockquote cite="http://www.securityfocus.com/bid/18642">
-          <p>
-            Mutt is prone to a remote buffer-overflow vulnerability.
-            This issue is due to the application's failure to properly
-            bounds-check user-supplied input before copying it to an
-            insufficiently sized memory buffer.
+	<p>SecurityFocus reports:</p>
+	<blockquote cite="http://www.securityfocus.com/bid/18642">
+	  <p>
+	    Mutt is prone to a remote buffer-overflow vulnerability.
+	    This issue is due to the application's failure to properly
+	    bounds-check user-supplied input before copying it to an
+	    insufficiently sized memory buffer.
 
-            This issue may allow remote attackers to execute arbitrary
-            machine code in the context of the affected application.
-            Failed exploit attempts will likely crash the application,
-            denying further service to legitimate users.
-          </p>
-        </blockquote>
+	    This issue may allow remote attackers to execute arbitrary
+	    machine code in the context of the affected application.
+	    Failed exploit attempts will likely crash the application,
+	    denying further service to legitimate users.
+	  </p>
+	</blockquote>
       </body>
     </description>
     <references>
@@ -12538,7 +12557,7 @@ Note:  Please add new entries to the beginning of this file.
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Andreas Seltenreich reports that hashcash is prone to a heap
-       	  overflow vulnerability.  This vulnerability is caused by
+	  overflow vulnerability.  This vulnerability is caused by
 	  improper checking of memory allocations within the
 	  "array_push()" function.  An attacker could trigger this
 	  vulnerability by passing a lot of "-r" or "-j" flags from
@@ -12836,7 +12855,7 @@ Note:  Please add new entries to the beginning of this file.
 	<p>There are two documented methods of restricting access to
 	 NIS maps through ypserv(8): through the use of the
 	 /var/yp/securenets file, and through the /etc/hosts.allow file.
-       	 While both mechanisms are implemented in the server, a change
+	 While both mechanisms are implemented in the server, a change
 	 in the build process caused the "securenets" access restrictions
 	 to be inadvertantly disabled.</p>
 	<h1>Impact</h1>
@@ -12847,7 +12866,7 @@ Note:  Please add new entries to the beginning of this file.
 	<p>One possible workaround is to use /etc/hosts.allow for access
 	  control, as shown by examples in that file.</p>
 	<p>Another workaround is to use a firewall (e.g., ipfw(4),
- 	  ipf(4), or pf(4)) to limit access to RPC functions from
+	  ipf(4), or pf(4)) to limit access to RPC functions from
 	  untrusted systems or networks, but due to the complexities of
 	  RPC, it might be difficult to create a set of firewall rules
 	  which accomplish this without blocking all access to the
@@ -12883,7 +12902,7 @@ Note:  Please add new entries to the beginning of this file.
 	    SQL injection attacks, similar to the issues noted below.
 	    All sites that have not deployed the rlm_sqlcounter module
 	    are not vulnerable to external exploits.</p>
-	  <p>The issues are:<br/> 
+	  <p>The issues are:<br/>
 	    SQL Injection attack in the rlm_sqlcounter module.<br/>
 	    Buffer overflow in the rlm_sqlcounter module, that may cause
 	    a server crash. <br/>
@@ -13407,7 +13426,7 @@ Note:  Please add new entries to the beginning of this file.
 	    arbitrary HTML and script code, which will be executed in a user's
 	    browser session in context of an affected site when the malicious
 	    user data is viewed.</p>
- 	</blockquote>
+	</blockquote>
       </body>
     </description>
     <references>
@@ -13460,13 +13479,13 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Stefano Di Paola reports:</p>
 	<blockquote cite="http://www.wisec.it/vulns.php?page=8">
 	  <p>An authenticated user could remotely execute arbitrary
-            commands by taking advantage of a stack overflow.</p>
+	    commands by taking advantage of a stack overflow.</p>
 	  <p>To take advantage of these flaws an attacker should have
-            direct access to MySQL server communication layer (port
-            3306 or unix socket).  But if used in conjuction with some
-            web application flaws (i.e. php code injection) an
-            attacker could use socket programming (i.e. php sockets)
-            to gain access to that layer.</p>
+	    direct access to MySQL server communication layer (port
+	    3306 or unix socket).  But if used in conjuction with some
+	    web application flaws (i.e. php code injection) an
+	    attacker could use socket programming (i.e. php sockets)
+	    to gain access to that layer.</p>
 	</blockquote>
       </body>
     </description>
@@ -13864,7 +13883,7 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Emmanouel Kellenis reports a denial of service vulnerability
 	  within asterisk.  The vulnerability is caused by a buffer
-	  overflow in "format_jpeg.c".  A large JPEG image could
+	  overflow in "format_jpeg.c".	A large JPEG image could
 	  trigger this bug, potentially allowing a local attacker to
 	  execute arbitrary code.</p>
       </body>
@@ -13899,7 +13918,7 @@ Note:  Please add new entries to the beginning of this file.
 	  <p>Andrea Barisani of Gentoo Linux discovered xzgv and zgv
 	    allocate insufficient memory when rendering images with
 	    more than 3 output components, such as images using the
-	    YCCK or CMYK colour space.  When xzgv or zgv attempt to
+	    YCCK or CMYK colour space.	When xzgv or zgv attempt to
 	    render the image, data from the image overruns a heap
 	    allocated buffer.</p>
 	  <p>An attacker may be able to construct a malicious image that
@@ -14003,7 +14022,7 @@ Note:  Please add new entries to the beginning of this file.
 	<blockquote cite="http://echo.or.id/adv/adv24-theday-2005.txt">
 	  <p>A remote user can access the file directly to cause the
 	    system to display an error message that indicates the
-	    installation path.  The resulting error message will
+	    installation path.	The resulting error message will
 	    disclose potentially sensitive installation path
 	    information to the remote attacker.</p>
 	</blockquote>
@@ -14062,10 +14081,10 @@ Note:  Please add new entries to the beginning of this file.
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Unspecified vulnerability in the CMU Cyrus Simple
-        Authentication and Security Layer (SASL) library, has unknown
-        impact and remote unauthenticated attack vectors, related to
-        DIGEST-MD5 negotiation.</p>
+	<p>Unspecified vulnerability in the CMU Cyrus Simple
+	Authentication and Security Layer (SASL) library, has unknown
+	impact and remote unauthenticated attack vectors, related to
+	DIGEST-MD5 negotiation.</p>
       </body>
     </description>
     <references>
@@ -14340,7 +14359,7 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Javier Fernández-Sanguino Peña reports two temporary file
 	  vulnerability within f2c.  The vulnerabilities are caused
-	  due to weak temporary file handling.  An attacker could
+	  due to weak temporary file handling.	An attacker could
 	  create an symbolic link, causing a local user running f2c
 	  to overwrite the symlinked file.  This could give the
 	  attacker elevated privileges.</p>
@@ -14440,7 +14459,7 @@ Note:  Please add new entries to the beginning of this file.
 	  The vulnerability is caused by improper checking of javascript
 	  scripts.  This could lead to javascript code execution which
 	  can lead to information disclosure or a denial of service
-	  (application crash).  This vulnerability is present even if
+	  (application crash).	This vulnerability is present even if
 	  javascript had been disabled in the preferences.</p>
       </body>
     </description>
@@ -14806,21 +14825,21 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Nathan Dors of the Pubcookie Project reports:</p>
 	<blockquote cite="http://www.pubcookie.org/news/20060306-apps-secadv.html">
 	  <p>Non-persistent XSS vulnerabilities were found in the
-            Pubcookie Apache module (mod_pubcookie) and ISAPI
-            filter. These components mishandle untrusted data when
-            printing responses to the browser. This makes them
-            vulnerable to carefully crafted requests containing script
-            or HTML. If an attacker can lure an unsuspecting user to
-            visit carefully staged content, the attacker can use it to
-            redirect the user to a vulnerable Pubcookie application
-            server and attempt to exploit the XSS vulnerabilities.</p>
+	    Pubcookie Apache module (mod_pubcookie) and ISAPI
+	    filter. These components mishandle untrusted data when
+	    printing responses to the browser. This makes them
+	    vulnerable to carefully crafted requests containing script
+	    or HTML. If an attacker can lure an unsuspecting user to
+	    visit carefully staged content, the attacker can use it to
+	    redirect the user to a vulnerable Pubcookie application
+	    server and attempt to exploit the XSS vulnerabilities.</p>
 	  <p>These vulnerabilities are classified as *high* due to the
-            nature and purpose of Pubcookie application servers for user
-            authentication and Web Single Sign-on (SSO). An attacker
-            who injects malicious script through the vulnerabilities
-            might steal private Pubcookie data including a user's
-            authentication assertion ("granting") cookies and
-            application session cookies.</p>
+	    nature and purpose of Pubcookie application servers for user
+	    authentication and Web Single Sign-on (SSO). An attacker
+	    who injects malicious script through the vulnerabilities
+	    might steal private Pubcookie data including a user's
+	    authentication assertion ("granting") cookies and
+	    application session cookies.</p>
 	</blockquote>
       </body>
     </description>
@@ -14846,31 +14865,31 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Nathan Dors of the Pubcookie Project reports:</p>
 	<blockquote cite="">
 	  <p> Multiple non-persistent XSS vulnerabilities were found
-            in the Pubcookie login server's compiled binary "index.cgi"
-            CGI program. The CGI program mishandles untrusted data when
-            printing responses to the browser. This makes the program
-            vulnerable to carefully crafted requests containing script
-            or HTML. If an attacker can lure an unsuspecting user to
-            visit carefully staged content, the attacker can use it to
-            redirect the user to his or her local Pubcookie login page
-            and attempt to exploit the XSS vulnerabilities.</p>
+	    in the Pubcookie login server's compiled binary "index.cgi"
+	    CGI program. The CGI program mishandles untrusted data when
+	    printing responses to the browser. This makes the program
+	    vulnerable to carefully crafted requests containing script
+	    or HTML. If an attacker can lure an unsuspecting user to
+	    visit carefully staged content, the attacker can use it to
+	    redirect the user to his or her local Pubcookie login page
+	    and attempt to exploit the XSS vulnerabilities.</p>
 	  <p> These vulnerabilities are classified as *critical* due
-            to the nature and purpose of the Pubcookie login server for
-            user authentication and Web Single Sign-on (SSO). Specific
-            threats include:</p>
+	    to the nature and purpose of the Pubcookie login server for
+	    user authentication and Web Single Sign-on (SSO). Specific
+	    threats include:</p>
 	  <ul>
 	    <li>An attacker who injects malicious script through the
-              vulnerabilities might steal senstive user data including
-              a user's authentication credentials (usernames and
-              passwords);</li>
+	      vulnerabilities might steal senstive user data including
+	      a user's authentication credentials (usernames and
+	      passwords);</li>
 	    <li>An attacker who injects malicious script through the
-              vulnerabilities might steal private Pubcookie data
-              including a user's authentication assertion ("granting")
-              cookies and SSO ("login") session cookies;</li>
+	      vulnerabilities might steal private Pubcookie data
+	      including a user's authentication assertion ("granting")
+	      cookies and SSO ("login") session cookies;</li>
 	    <li>An attacker who injects HTML tags through the
-              vulnerabilities might deface a site's Pubcookie login page
-              for a single visit by a single user (i.e. a non-persistent
-              defacement).</li>
+	      vulnerabilities might deface a site's Pubcookie login page
+	      for a single visit by a single user (i.e. a non-persistent
+	      defacement).</li>
 	  </ul>
 	  <p>At the heart of these threats lies a violation of the
 	    user's trust in the Pubcookie login server.</p>
@@ -15242,9 +15261,9 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>A Project cURL Security Advisory reports:</p>
 	<blockquote cite="http://curl.haxx.se/docs/adv_20060320.html">
-	  <p>libcurl uses the given file part of a TFTP URL in a manner that allows a
-	    malicious user to overflow a heap-based memory buffer due to the lack of
-	    boundary check.</p>
+	  <p>libcurl uses the given file part of a TFTP URL in a manner that
+	    allows a malicious user to overflow a heap-based memory buffer due
+	    to the lack of boundary check.</p>
 	  <p>This overflow happens if you pass in a URL with a TFTP
 	    protocol prefix ("tftp://"), using a valid host and a path
 	    part that is longer than 512 bytes.</p>
@@ -15279,30 +15298,30 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Drupal reports:</p>
 	<blockquote cite="http://drupal.org/node/53806">
 	  <p>Mail header injection vulnerability.</p>
-          <p>Linefeeds and carriage returns were not being stripped from
-            email headers, raising the possibility of bogus headers
-            being inserted into outgoing email.</p>
-          <p>This could lead to Drupal sites being used to send unwanted
-            email.</p>
+	  <p>Linefeeds and carriage returns were not being stripped from
+	    email headers, raising the possibility of bogus headers
+	    being inserted into outgoing email.</p>
+	  <p>This could lead to Drupal sites being used to send unwanted
+	    email.</p>
 	</blockquote>
 	<blockquote cite="http://drupal.org/node/53805">
 	  <p>Session fixation vulnerability.</p>
-          <p>If someone creates a clever enough URL and convinces you to
-            click on it, and you later log in but you do not log off
-            then the attacker may be able to impersonate you.</p>
+	  <p>If someone creates a clever enough URL and convinces you to
+	    click on it, and you later log in but you do not log off
+	    then the attacker may be able to impersonate you.</p>
 	</blockquote>
 	<blockquote cite="http://drupal.org/node/53803">
 	  <p>XSS vulnerabilities.</p>
-          <p>Some user input sanity checking was missing. This could
-            lead to possible cross-site scripting (XSS) attacks.</p>
-          <p>XSS can lead to user tracking and theft of accounts and
-            services.</p>
+	  <p>Some user input sanity checking was missing. This could
+	    lead to possible cross-site scripting (XSS) attacks.</p>
+	  <p>XSS can lead to user tracking and theft of accounts and
+	    services.</p>
 	</blockquote>
 	<blockquote cite="http://drupal.org/node/53796">
 	  <p>Security bypass in menu.module.</p>
-          <p>If you use menu.module to create a menu item, the page you
-            point to will be accessible to all, even if it is an admin
-            page.</p>
+	  <p>If you use menu.module to create a menu item, the page you
+	    point to will be accessible to all, even if it is an admin
+	    page.</p>
 	</blockquote>
       </body>
     </description>
@@ -15493,11 +15512,11 @@ Note:  Please add new entries to the beginning of this file.
 	    <pre># echo 'UsePAM no' &gt;&gt;/etc/ssh/sshd_config</pre>
 	    <pre># echo 'PasswordAuthentication yes' &gt;&gt;/etc/ssh/sshd_config</pre>
 	    <pre># /etc/rc.d/sshd restart</pre>
-          </li>
+	  </li>
 	  <li>
 	    <p>If disabling PAM is not an option - if, for instance, you use
-	      RADIUS authentication, or store user passwords in an SQL database -
-	      you may instead disable privilege separation.  However, this may
+	      RADIUS authentication, or store user passwords in an SQL database
+	      - you may instead disable privilege separation.  However, this may
 	      leave OpenSSH vulnerable to hitherto unknown bugs, and should be
 	      considered a last resort.</p>
 	    <p>To do this, execute the following commands as root:</p>
@@ -15745,7 +15764,7 @@ Note:  Please add new entries to the beginning of this file.
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>SecurityFocus reports that WebCalendar is affected by
-	 an unauthorized access vulnerability.  The vulnerability
+	 an unauthorized access vulnerability.	The vulnerability
 	 is caused by improper checking of the authentication
 	 mechanism before access is being permitted to the
 	 "assistant_edit.php" file.</p>
@@ -15776,7 +15795,7 @@ Note:  Please add new entries to the beginning of this file.
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Chris Evans reports that AbiWord is vulnerable to multiple
-	  stack-based buffer overflow vulnerabilities.  This
+	  stack-based buffer overflow vulnerabilities.	This
 	  is caused by improper checking of the user-supplied data
 	  before it is being copied to an too small buffer.  The
 	  vulnerability is triggered when someone is importing RTF
@@ -16191,11 +16210,11 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The Perl Development page reports:</p>
 	<blockquote cite="http://dev.perl.org/perl5/news/2005/perl_patches_fix_sprintf_buffer.html">
-	  <p>Dyad Security recently released a security advisory 
-	    explaining how in certain cases, a carefully crafted format string
-	    passed to sprintf can cause a buffer overflow. This buffer overflow
-	    can then be used by an attacker to execute code on the machine.
-	    This was discovered in the context of a design problem with the Webmin
+	  <p>Dyad Security recently released a security advisory explaining how
+	    in certain cases, a carefully crafted format string passed to
+	    sprintf can cause a buffer overflow. This buffer overflow can then
+	    be used by an attacker to execute code on the machine.  This was
+	    discovered in the context of a design problem with the Webmin
 	    administration package that allowed a malicious user to pass
 	    unchecked data into sprintf.</p>
 	</blockquote>
@@ -16325,17 +16344,17 @@ Note:  Please add new entries to the beginning of this file.
 	  invariant.</p>
 	<p>Impact:</p>
 	<p>By sending carefully crafted sequence of IP packet fragments,
-  	  a remote attacker can cause a system running pf with a ruleset
+	  a remote attacker can cause a system running pf with a ruleset
 	  containing a 'scrub fragment crop' or 'scrub fragment
 	  drop-ovl' rule to crash.</p>
 	<p>Workaround:</p>
 	<p>Do not use 'scrub fragment crop' or 'scrub fragment drop-ovl'
-	  rules on systems running pf.  In most cases, such rules can be
+	  rules on systems running pf.	In most cases, such rules can be
 	  replaced by 'scrub fragment reassemble' rules; see the
 	  pf.conf(5) manual page for more details.</p>
 
-	<p>Systems which do not use pf, or use pf but do not use the aforementioned
-	  rules, are not affected by this issue.</p>
+	<p>Systems which do not use pf, or use pf but do not use the
+	  aforementioned rules, are not affected by this issue.</p>
       </body>
     </description>
     <references>
@@ -16369,7 +16388,7 @@ Note:  Please add new entries to the beginning of this file.
 	  Such memory might contain sensitive information, such as
 	  portions of the file cache or terminal buffers.  This
 	  information might be directly useful, or it might be
-	  leveraged to obtain elevated privileges in some way.  For
+	  leveraged to obtain elevated privileges in some way.	For
 	  example, a terminal buffer might include a user-entered
 	  password.</p>
 	<p>Workaround:</p>
@@ -16674,13 +16693,13 @@ Note:  Please add new entries to the beginning of this file.
 	  send-pr(1).</p>
 	<p>Impact</p>
 	<p>A local attacker could cause data to be written to any file
-       	  to which the user running cvsbug(1) (or send-pr(1) in FreeBSD
+	  to which the user running cvsbug(1) (or send-pr(1) in FreeBSD
 	  4.10 and 5.3) has write access.  This may cause damage in
 	  itself (e.g., by destroying important system files or
 	  documents) or may be used to obtain elevated privileges.</p>
 	<p>Workaround</p>
 	<p>Do not use the cvsbug(1) utility on any system with untrusted
-       	  users.<br/>
+	  users.<br/>
 	  Do not use the send-pr(1) utility on a FreeBSD 4.10 or 5.3
 	  system with untrusted users.</p>
       </body>
@@ -16764,8 +16783,8 @@ Note:  Please add new entries to the beginning of this file.
 	<range><lt>0.88</lt></range>
       </package>
       <package>
-        <name>clamav-devel</name>
-        <range><lt>20060110</lt></range>
+	<name>clamav-devel</name>
+	<range><lt>20060110</lt></range>
       </package>
     </affects>
     <description>
@@ -17029,39 +17048,39 @@ Note:  Please add new entries to the beginning of this file.
   <vuln vid="b5a49db7-72fc-11da-9827-021106004fd6">
     <topic>scponly -- local privilege escalation exploits</topic>
       <affects>
-        <package>
-          <name>scponly</name>
-          <range><lt>4.2</lt></range>
-        </package>
+	<package>
+	  <name>scponly</name>
+	  <range><lt>4.2</lt></range>
+	</package>
       </affects>
       <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Max Vozeler reports:</p>
-        <blockquote cite="https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html">
-          <p>If ALL the following conditions are true, administrators using
-            scponly-4.1 or older may be at risk of a local privilege
-            escalation exploit:</p>
-          <ul>
-            <li>the chrooted setuid scponlyc binary is installed</li>
-            <li>regular non-scponly users have interactive shell access
-              to the box</li>
-            <li>a user executable dynamically linked setuid binary
-              (such as ping) exists on the same file system mount
-              as the user's home directory</li>
-            <li>the operating system supports an LD_PRELOAD style
-              mechanism to overload dynamic library loading</li>
-          </ul>
-        </blockquote>
-        <p>Pekka Pessi also reports:</p>
-        <blockquote cite="https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html">
-          <p>If ANY the following conditions are true, administrators
-            using scponly-4.1 or older may be at risk of a local privilege
-            escalation exploit:</p>
-          <ul>
-            <li>scp compatibility is enabled</li>
-            <li>rsync compatibility is enabled</li>
-          </ul>
-        </blockquote>
+	<p>Max Vozeler reports:</p>
+	<blockquote cite="https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html">
+	  <p>If ALL the following conditions are true, administrators using
+	    scponly-4.1 or older may be at risk of a local privilege
+	    escalation exploit:</p>
+	  <ul>
+	    <li>the chrooted setuid scponlyc binary is installed</li>
+	    <li>regular non-scponly users have interactive shell access
+	      to the box</li>
+	    <li>a user executable dynamically linked setuid binary
+	      (such as ping) exists on the same file system mount
+	      as the user's home directory</li>
+	    <li>the operating system supports an LD_PRELOAD style
+	      mechanism to overload dynamic library loading</li>
+	  </ul>
+	</blockquote>
+	<p>Pekka Pessi also reports:</p>
+	<blockquote cite="https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html">
+	  <p>If ANY the following conditions are true, administrators
+	    using scponly-4.1 or older may be at risk of a local privilege
+	    escalation exploit:</p>
+	  <ul>
+	    <li>scp compatibility is enabled</li>
+	    <li>rsync compatibility is enabled</li>
+	  </ul>
+	</blockquote>
       </body>
     </description>
     <references>
@@ -17077,24 +17096,24 @@ Note:  Please add new entries to the beginning of this file.
   <vuln vid="f7eb0b23-7099-11da-a15c-0060084a00e5">
     <topic>fetchmail -- null pointer dereference in multidrop mode with headerless email</topic>
       <affects>
-        <package>
-          <name>fetchmail</name>
-          <range><lt>6.3.1</lt></range>
-        </package>
+	<package>
+	  <name>fetchmail</name>
+	  <range><lt>6.3.1</lt></range>
+	</package>
       </affects>
       <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>The fetchmail team reports:</p>
-        <blockquote cite="http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt">
-          <p>Fetchmail contains a bug that causes an application crash
-             when fetchmail is configured for multidrop mode and the
-             upstream mail server sends a message without headers.  As
-             fetchmail does not record this message as "previously fetched",
-             it will crash with the same message if it is re-executed, so it
-             cannot make progress. A malicious or broken-into upstream server
-             could thus cause a denial of service in fetchmail clients.
-           </p>
-        </blockquote>
+	<p>The fetchmail team reports:</p>
+	<blockquote cite="http://fetchmail.berlios.de/fetchmail-SA-2005-03.txt">
+	  <p>Fetchmail contains a bug that causes an application crash
+	     when fetchmail is configured for multidrop mode and the
+	     upstream mail server sends a message without headers.  As
+	     fetchmail does not record this message as "previously fetched",
+	     it will crash with the same message if it is re-executed, so it
+	     cannot make progress. A malicious or broken-into upstream server
+	     could thus cause a denial of service in fetchmail clients.
+	   </p>
+	</blockquote>
       </body>
     </description>
     <references>
@@ -17747,7 +17766,7 @@ Note:  Please add new entries to the beginning of this file.
 	    scripting vulnerabilities in two of Horde's MIME viewers. These
 	    holes could for example be exploited by an attacker sending
 	    specially crafted emails to Horde's webmail client IMP. The
-            attack could be used to steal users' identity information, taking
+	    attack could be used to steal users' identity information, taking
 	    over users' sessions, or changing users' settings.</p>
 	  <p>As a hotfix the css and tgz MIME drivers can be disabled by
 	    removing their entries from the
@@ -17893,7 +17912,7 @@ Note:  Please add new entries to the beginning of this file.
 	  <p>Lostmon has reported some vulnerabilities in Flyspray,
 	    which can be exploited by malicious people to conduct
 	    cross-site scripting attacks.</p>
-    	  <p>Some input isn't properly sanitised before being
+	  <p>Some input isn't properly sanitised before being
 	    returned to the user.  This can be exploited to execute
 	    arbitrary HTML and script code in a user's browser
 	    session in context of an affected site.</p>
@@ -17927,7 +17946,7 @@ Note:  Please add new entries to the beginning of this file.
 	  <p>A vulnerability has been reported in SpamAssassin,
 	    which can be exploited by malicious people to cause
 	    a DoS (Denial of Service).</p>
-          <p>The vulnerability is caused due to the use of
+	  <p>The vulnerability is caused due to the use of
 	    an inefficient regular expression in
 	    "/SpamAssassin/Message.pm" to parse email headers.
 	    This can cause perl to crash when it runs out of stack
@@ -18093,8 +18112,8 @@ Note:  Please add new entries to the beginning of this file.
 	<range><lt>4.4.1</lt></range>
       </package>
       <package>
-        <name>mod_php</name>
-        <name>mod_php4</name>
+	<name>mod_php</name>
+	<name>mod_php4</name>
 	<range><ge>4</ge><lt>4.4.1,1</lt></range>
       </package>
     </affects>
@@ -18171,7 +18190,7 @@ Note:  Please add new entries to the beginning of this file.
 	  <p>The vulnerability is caused due to an error in
 	    handling certain FTP server responses. This can be
 	    exploited to crash Squid by visiting a malicious FTP
-            server via the proxy.</p>
+	    server via the proxy.</p>
 	</blockquote>
       </body>
     </description>
@@ -18522,8 +18541,8 @@ Note:  Please add new entries to the beginning of this file.
 	    the SSL 2.0 server supposed to prevent active protocol-version
 	    rollback attacks.  With this verification step disabled, an attacker
 	    acting as a "man in the middle" can force a client and a server to
-	    negotiate the SSL 2.0 protocol even if these parties both support SSL
-	    3.0 or TLS 1.0.  The SSL 2.0 protocol is known to have severe
+	    negotiate the SSL 2.0 protocol even if these parties both support
+	    SSL 3.0 or TLS 1.0.  The SSL 2.0 protocol is known to have severe
 	    cryptographic weaknesses and is supported as a fallback only.</p>
 	  <p>Applications using neither SSL_OP_MSIE_SSLV2_RSA_PADDING nor
 	    SSL_OP_ALL are not affected.  Also, applications that disable
@@ -18749,12 +18768,12 @@ Note:  Please add new entries to the beginning of this file.
 	<p>The uim developers reports:</p>
 	<blockquote cite="http://lists.freedesktop.org/archives/uim/2005-September/001346.html">
 	  <p>Masanari Yamamoto discovered that incorrect use
-            of environment variables in uim. This bug causes
-            privilege escalation if setuid/setgid applications
-            was linked to libuim.</p>
-          <p>This bug appears in 'immodule for Qt' enabled Qt.
-            (Normal Qt is also safe.) In some distribution,
-            mlterm is also an setuid/setgid application.</p>
+	    of environment variables in uim. This bug causes
+	    privilege escalation if setuid/setgid applications
+	    was linked to libuim.</p>
+	  <p>This bug appears in 'immodule for Qt' enabled Qt.
+	    (Normal Qt is also safe.) In some distribution,
+	    mlterm is also an setuid/setgid application.</p>
 	</blockquote>
       </body>
     </description>
@@ -19351,7 +19370,8 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The squid patches page notes:</p>
 	<blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout">
-	  <p>After certain slightly odd requests Squid crashes with a segmentation fault in sslConnectTimeout.</p>
+	  <p>After certain slightly odd requests Squid crashes with a
+	    segmentation fault in sslConnectTimeout.</p>
 	</blockquote>
       </body>
     </description>
@@ -19389,7 +19409,7 @@ Note:  Please add new entries to the beginning of this file.
     </description>
     <references>
       <bid>14761</bid>
-      <cvename>CVE-2005-2794</cvename> 
+      <cvename>CVE-2005-2794</cvename>
       <url>http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING</url>
       <url>http://www.squid-cache.org/bugs/show_bug.cgi?id=1368</url>
       <url>http://secunia.com/advisories/16708/</url>
@@ -19640,10 +19660,10 @@ Note:  Please add new entries to the beginning of this file.
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Ulf Harnhammar has discovered a remotely exploitable buffer
-          overflow in Elm e-mail client when parsing the Expires header
+	<p>Ulf Harnhammar has discovered a remotely exploitable buffer
+	  overflow in Elm e-mail client when parsing the Expires header
 	  of an e-mail message:</p>
-        <blockquote cite="http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html">  
+	<blockquote cite="http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html">
 	  <p>The attacker only needs to send the victim an e-mail
 	    message. When the victim with that message in his or her
 	    inbox starts Elm or simply views the inbox in an already
@@ -19801,7 +19821,7 @@ Note:  Please add new entries to the beginning of this file.
 	<blockquote cite="http://archives.seul.org/or/announce/Aug-2005/msg00002.html">
 	  <p>Tor clients can completely loose anonymity, confidentiality,
 	    and data integrity if the first Tor server in their path is
-	    malicious.  Specifically, if the Tor client chooses a
+	    malicious.	Specifically, if the Tor client chooses a
 	    malicious Tor server for her first hop in the circuit, that
 	    server can learn all the keys she negotiates for the rest of
 	    the circuit (or just spoof the whole circuit), and then read
@@ -20145,7 +20165,7 @@ Note:  Please add new entries to the beginning of this file.
 	  specially crafted PDF file.</p>
 	<p>Note that several applications contains an embedded version
 	  of xpdf, therefor making them the vulnerable to the same
-	  DoS.  In CUPS this vulnerability would cause the pdftops
+	  DoS.	In CUPS this vulnerability would cause the pdftops
 	  filter to crash.</p>
       </body>
     </description>
@@ -20177,7 +20197,7 @@ Note:  Please add new entries to the beginning of this file.
 	  vulnerability:</p>
 	<blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=112259845904350">
 	  <p>The login form is also vulnerable to XSS (Cross Site
-	    Scripting) attacks.	 This may be used to launch phising
+	    Scripting) attacks.  This may be used to launch phising
 	    attacks by sending HTML e-mails (i.e.: saying that you
 	    need to upgrade to the latest GForge version due to a
 	    security problem) and putting in the e-mail an HTML link
@@ -20421,7 +20441,7 @@ Note:  Please add new entries to the beginning of this file.
 	<blockquote cite="http://www.proftpd.org/docs/RELEASE_NOTES-1.3.0rc2">
 	  <p>sean &lt;infamous42md at hotpop.com&gt; found two format
 	    string vulnerabilities, one in mod_sql's SQLShowInfo
-	    directive, and one involving the 'ftpshut' utility.	 Both
+	    directive, and one involving the 'ftpshut' utility.  Both
 	    can be considered low risk, as they require active
 	    involvement on the part of the site administrator in order
 	    to be exploited.</p>
@@ -20447,20 +20467,20 @@ Note:  Please add new entries to the beginning of this file.
     <topic>nbsmtp -- format string vulnerability</topic>
     <affects>
       <package>
-        <name>nbsmtp</name>
-        <range><lt>0.99_1</lt></range>
+	<name>nbsmtp</name>
+	<range><lt>0.99_1</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>When nbsmtp is executed in debug mode, server messages
-        will be printed to stdout and logged via syslog. Syslog is
-        used insecurely and user-supplied format characters are
-        directly fed to the syslog function, which results in a
-        format string vulnerability.</p>
-        <p>Under some circumstances, an SMTP server may be able to
-        abuse this vulnerability in order to alter the nbsmtp
-        process and execute malicious code.</p>
+	<p>When nbsmtp is executed in debug mode, server messages
+	will be printed to stdout and logged via syslog. Syslog is
+	used insecurely and user-supplied format characters are
+	directly fed to the syslog function, which results in a
+	format string vulnerability.</p>
+	<p>Under some circumstances, an SMTP server may be able to
+	abuse this vulnerability in order to alter the nbsmtp
+	process and execute malicious code.</p>
       </body>
     </description>
     <references>
@@ -21076,7 +21096,7 @@ Note:  Please add new entries to the beginning of this file.
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Natanael Copa reports that dnrd is vulnerable to a remote
-	  buffer overflow and a remote stack overflow.  These
+	  buffer overflow and a remote stack overflow.	These
 	  vulnerabilities can be triggered by sending invalid DNS
 	  packets to dnrd.</p>
 	<p>The buffer overflow could potentially be used to execute
@@ -21109,7 +21129,7 @@ Note:  Please add new entries to the beginning of this file.
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The LDAP backend in PowerDNS has issues with escaping
-	  queries which could cause connection errors.  This would
+	  queries which could cause connection errors.	This would
 	  make it possible for a malicious user to temporarily blank
 	  domains.</p>
 	<blockquote cite="http://doc.powerdns.com/security-policy.html">
@@ -21332,7 +21352,7 @@ Note:  Please add new entries to the beginning of this file.
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>Kuba Zygmunt discovered a flaw in the input validation routines 
+	<p>Kuba Zygmunt discovered a flaw in the input validation routines
 	  of Drupal's filter mechanism.  An attacker could execute
 	  arbitrary PHP code on a target site when public comments or
 	  postings are allowed.</p>
@@ -21429,7 +21449,7 @@ Note:  Please add new entries to the beginning of this file.
 	  <p>A malicious local attacker could exploit a race condition
 	    to change the content of the temporary files before they
 	    are executed by fixproc, possibly leading to the execution
-	    of arbitrary code.  A local attacker could also create
+	    of arbitrary code.	A local attacker could also create
 	    symbolic links in the temporary files directory, pointing
 	    to a valid file somewhere on the filesystem.  When fixproc
 	    is executed, this would result in the file being
@@ -21630,7 +21650,7 @@ Note:  Please add new entries to the beginning of this file.
 	    inserted and when it is marked as private (usually less
 	    than a second). If replication lags at this point, the bug
 	    summary will be accessible to all users until replication
-	    catches up.	 Also, on a very slow machine, there may be a
+	    catches up.  Also, on a very slow machine, there may be a
 	    pause longer than a second that allows users to see the
 	    title of the newly-filed bug.</p>
 	</blockquote>
@@ -22185,7 +22205,7 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<h1>Problem Description</h1>
 	<p>Two problems have been discovered relating to the
-	  extraction of bzip2-compressed files.	 First, a carefully
+	  extraction of bzip2-compressed files.  First, a carefully
 	  constructed invalid bzip2 archive can cause bzip2 to enter
 	  an infinite loop.  Second, when creating a new file, bzip2
 	  closes the file before setting its permissions.</p>
@@ -22500,7 +22520,7 @@ Note:  Please add new entries to the beginning of this file.
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>iDEFENSE security group disclosed potential SQL injection
+	<p>iDEFENSE security group disclosed potential SQL injection
 	  attacks from unchecked user input and two security holes
 	  regarding potential cross site scripting attacks</p>
       </body>
@@ -22685,7 +22705,7 @@ Note:  Please add new entries to the beginning of this file.
 	  <p>For obvious reasons this can lead to the execution of
 	    arbitrary code if it possible to upload files to the
 	    document root or it's subdirectories. One example of a
-	    configuration would be f.e.	 running Trac and
+	    configuration would be f.e.  running Trac and
 	    s9y/wordpress with writeable content directories on the
 	    same webserver.</p>
 	  <p>Another potential usage of this exploit would be to abuse
@@ -22788,8 +22808,8 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>A SquirrelMail Security Advisory reports:</p>
 	<blockquote cite="http://www.squirrelmail.org/security/issue/2005-06-15">
-	  <p>Several cross site scripting (XSS) vulnerabilities have been discovered
-	    in SquirrelMail versions 1.4.0 - 1.4.4.</p>
+	  <p>Several cross site scripting (XSS) vulnerabilities have been
+	    discovered in SquirrelMail versions 1.4.0 - 1.4.4.</p>
 	  <p>The vulnerabilities are in two categories: the majority can be
 	    exploited through URL manipulation, and some by sending a specially
 	    crafted email to a victim. When done very carefully,
@@ -22897,9 +22917,9 @@ Note:  Please add new entries to the beginning of this file.
     <topic>tcpdump -- infinite loops in protocol decoding</topic>
     <affects>
       <system>
-        <name>FreeBSD</name>
-        <range><ge>5.4</ge><lt>5.4_2</lt></range>
-        <range><ge>5.3</ge><lt>5.3_16</lt></range>
+	<name>FreeBSD</name>
+	<range><ge>5.4</ge><lt>5.4_2</lt></range>
+	<range><ge>5.3</ge><lt>5.3_16</lt></range>
       </system>
       <package>
 	<name>tcpdump</name>
@@ -22908,15 +22928,15 @@ Note:  Please add new entries to the beginning of this file.
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <h1>Problem Description</h1>
-        <p>Several tcpdump protocol decoders contain programming
-          errors which can cause them to go into infinite loops.</p>
-        <h1>Impact</h1>
-        <p>An attacker can inject specially crafted packets into the
-           network which, when processed by tcpdump, could lead to a
-           denial-of-service. After the attack, tcpdump would no
-           longer capture traffic, and would potentially use all
-           available processor time.</p>
+	<h1>Problem Description</h1>
+	<p>Several tcpdump protocol decoders contain programming
+	  errors which can cause them to go into infinite loops.</p>
+	<h1>Impact</h1>
+	<p>An attacker can inject specially crafted packets into the
+	   network which, when processed by tcpdump, could lead to a
+	   denial-of-service. After the attack, tcpdump would no
+	   longer capture traffic, and would potentially use all
+	   available processor time.</p>
       </body>
     </description>
     <references>
@@ -23067,19 +23087,19 @@ Note:  Please add new entries to the beginning of this file.
 	<blockquote cite="http://www.kde.org/info/security/advisory-20050215-1.txt">
 	  <h1>Overview</h1>
 	  <p>KStars includes support for the Instrument Neutral
-            Distributed Interface (INDI). The build system of this
-            extra 3rd party software contained an installation hook to
-            install fliccd (part of INDI) as SUID root
-            application.</p>
-          <p>Erik Sjölund discovered that the code contains several
-            vulnerabilities that allow stack based buffer
-            overflows.</p>
+	    Distributed Interface (INDI). The build system of this
+	    extra 3rd party software contained an installation hook to
+	    install fliccd (part of INDI) as SUID root
+	    application.</p>
+	  <p>Erik Sjölund discovered that the code contains several
+	    vulnerabilities that allow stack based buffer
+	    overflows.</p>
 	  <h1>Impact</h1>
 	  <p>If the fliccd binary is installed as suid root, it
-            enables root privilege escalation for local users, or, if
-            the daemon is actually running (which it does not by
-            default) and is running as root, remote root privilege
-            escalation.</p>
+	    enables root privilege escalation for local users, or, if
+	    the daemon is actually running (which it does not by
+	    default) and is running as root, remote root privilege
+	    escalation.</p>
 	</blockquote>
       </body>
     </description>
@@ -23314,7 +23334,7 @@ Note:  Please add new entries to the beginning of this file.
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Tavis Ormandy discovered several integer overflows in xli's
-	  image size handling.  A maliciously crafted image may be able
+	  image size handling.	A maliciously crafted image may be able
 	  to cause a heap buffer overflow and execute arbitrary code.</p>
       </body>
     </description>
@@ -23410,7 +23430,7 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Stanislav Brabec discovered errors in yamt's path name
 	  handling that lead to buffer overflows and directory traversal
 	  issues.  When processing a file with a maliciously crafted ID3
-	  tag, yamt might overwrite arbitrary files or possibly execute 
+	  tag, yamt might overwrite arbitrary files or possibly execute
 	  arbitrary code.</p>
 	<p>The SuSE package ChangeLog contains:</p>
 	<blockquote>
@@ -23859,7 +23879,7 @@ Note:  Please add new entries to the beginning of this file.
 	  root exploit in the software.  In order to be able to
 	  succesfully exploit this vulnerability cdrdao must be
 	  installed setuid root.  When succesfully exploited a local
-	  user might get escalated privileges.  By default this port is
+	  user might get escalated privileges.	By default this port is
 	  not installed setuid root.</p>
       </body>
     </description>
@@ -23956,8 +23976,8 @@ Note:  Please add new entries to the beginning of this file.
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<h1>Problem description and impact</h1>
-	<p>When running on processors supporting Hyper-Threading Technology, it is
-	  possible for a malicious thread to monitor the execution of another
+	<p>When running on processors supporting Hyper-Threading Technology, it
+	  is possible for a malicious thread to monitor the execution of another
 	  thread.</p>
 	<p>Information may be disclosed to local users, allowing in many
 	  cases for privilege escalation.  For example, on a multi-user
@@ -23996,13 +24016,13 @@ Note:  Please add new entries to the beginning of this file.
     <topic>leafnode -- fetchnews denial-of-service triggered by transmission abort/timeout</topic>
     <affects>
       <package>
-        <name>leafnode</name>
-        <range><ge>1.9.48</ge><lt>1.11.2</lt></range>
+	<name>leafnode</name>
+	<range><ge>1.9.48</ge><lt>1.11.2</lt></range>
       </package>
     </affects>
     <description>
        <body xmlns="http://www.w3.org/1999/xhtml">
-         <p>When an upstream server aborts the transmission or stops sending
+	 <p>When an upstream server aborts the transmission or stops sending
 	   data after the fetchnews program has requested an article header
 	   or body, fetchnews may crash, without querying further servers
 	   that are configured. This can prevent articles from being fetched.
@@ -24346,7 +24366,7 @@ Note:  Please add new entries to the beginning of this file.
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The groffer script in the groff package 1.18 and later versions
-	  allows local users to overwrite files via a symlink attack 
+	  allows local users to overwrite files via a symlink attack
 	  on temporary files.</p>
       </body>
     </description>
@@ -24772,7 +24792,7 @@ Note:  Please add new entries to the beginning of this file.
 	<blockquote cite="http://www.debian.org/security/2005/dsa-706">
 	  <p>Ulf Härnhammar from the Debian Security Audit Project
 	  discovered a buffer overflow in axel, a light download
-	  accelerator.  When reading remote input the program did
+	  accelerator.	When reading remote input the program did
 	  not check if a part of the input can overflow a buffer
 	  and maybe trigger the execution of arbitrary code.</p>
 	</blockquote>
@@ -25714,23 +25734,23 @@ Note:  Please add new entries to the beginning of this file.
     <topic>mozilla -- heap buffer overflow in GIF image processing</topic>
     <affects>
       <package>
-        <name>firefox</name>
-        <range><lt>1.0.2,1</lt></range>
+	<name>firefox</name>
+	<range><lt>1.0.2,1</lt></range>
       </package>
       <package>
 	<name>thunderbird</name>
-        <name>linux-firefox</name>
-        <range><lt>1.0.2</lt></range>
+	<name>linux-firefox</name>
+	<range><lt>1.0.2</lt></range>
       </package>
       <package>
-        <name>mozilla</name>
-        <range><lt>1.7.6,2</lt></range>
+	<name>mozilla</name>
+	<range><lt>1.7.6,2</lt></range>
 	<range><ge>1.8.*,2</ge></range>
       </package>
       <package>
-        <name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7.6</lt></range>
+	<name>linux-mozilla</name>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7.6</lt></range>
 	<range><ge>1.8.*</ge></range>
       </package>
       <package>
@@ -25739,35 +25759,35 @@ Note:  Please add new entries to the beginning of this file.
       </package>
       <package>
 	<!-- These ports are obsolete. -->
-        <name>de-linux-mozillafirebird</name>
+	<name>de-linux-mozillafirebird</name>
 	<name>el-linux-mozillafirebird</name>
-        <name>ja-linux-mozillafirebird-gtk1</name>
-        <name>ja-mozillafirebird-gtk2</name>
-        <name>linux-mozillafirebird</name>
-        <name>ru-linux-mozillafirebird</name>
-        <name>zhCN-linux-mozillafirebird</name>
-        <name>zhTW-linux-mozillafirebird</name>
+	<name>ja-linux-mozillafirebird-gtk1</name>
+	<name>ja-mozillafirebird-gtk2</name>
+	<name>linux-mozillafirebird</name>
+	<name>ru-linux-mozillafirebird</name>
+	<name>zhCN-linux-mozillafirebird</name>
+	<name>zhTW-linux-mozillafirebird</name>
 	<range><ge>0</ge></range>
       </package>
       <package>
 	<!-- These package names are obsolete. -->
-        <name>de-linux-netscape</name>
-        <name>de-netscape7</name>
-        <name>fr-linux-netscape</name>
-        <name>fr-netscape7</name>
-        <name>ja-linux-netscape</name>
-        <name>ja-netscape7</name>
-        <name>linux-netscape</name>
-        <name>linux-phoenix</name>
-        <name>mozilla+ipv6</name>
-        <name>mozilla-embedded</name>
-        <name>mozilla-firebird</name>
-        <name>mozilla-gtk1</name>
-        <name>mozilla-gtk2</name>
-        <name>mozilla-gtk</name>
-        <name>mozilla-thunderbird</name>
-        <name>phoenix</name>
-        <name>pt_BR-netscape7</name>
+	<name>de-linux-netscape</name>
+	<name>de-netscape7</name>
+	<name>fr-linux-netscape</name>
+	<name>fr-netscape7</name>
+	<name>ja-linux-netscape</name>
+	<name>ja-netscape7</name>
+	<name>linux-netscape</name>
+	<name>linux-phoenix</name>
+	<name>mozilla+ipv6</name>
+	<name>mozilla-embedded</name>
+	<name>mozilla-firebird</name>
+	<name>mozilla-gtk1</name>
+	<name>mozilla-gtk2</name>
+	<name>mozilla-gtk</name>
+	<name>mozilla-thunderbird</name>
+	<name>phoenix</name>
+	<name>pt_BR-netscape7</name>
 	<range><ge>0</ge></range>
       </package>
     </affects>
@@ -26218,20 +26238,20 @@ Note:  Please add new entries to the beginning of this file.
     <topic>postnuke -- SQL injection vulnerabilities</topic>
     <affects>
       <package>
-        <name>postnuke</name>
-        <range><lt>0.760</lt></range>
+	<name>postnuke</name>
+	<range><lt>0.760</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Two separate SQL injection vulnerabilites have been
-           identified in the PostNuke PHP content management
-           system. An attacker can use this vulnerability to
-           potentially insert executable PHP code into the content
-           management system (to view all files within the PHP scope,
-           for instance). Various other SQL injection vulnerabilities
-           exist, which give attackers the ability to run SQL queries
-           on any tables within the database.</p>
+	<p>Two separate SQL injection vulnerabilites have been
+	   identified in the PostNuke PHP content management
+	   system. An attacker can use this vulnerability to
+	   potentially insert executable PHP code into the content
+	   management system (to view all files within the PHP scope,
+	   for instance). Various other SQL injection vulnerabilities
+	   exist, which give attackers the ability to run SQL queries
+	   on any tables within the database.</p>
       </body>
     </description>
     <references>
@@ -26251,20 +26271,20 @@ Note:  Please add new entries to the beginning of this file.
     <topic>postnuke -- cross-site scripting (XSS) vulnerabilities</topic>
     <affects>
       <package>
-        <name>postnuke</name>
-        <range><lt>0.760</lt></range>
+	<name>postnuke</name>
+	<range><lt>0.760</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>A cross-site scripting vulnerability is present in the
-           PostNuke PHP content management system. By passing data
-           injected through exploitable errors in input validation, an
-           attacker can insert code which will run on the machine of
-           anybody viewing the page. It is feasible that this attack
-           could be used to retrieve session information from cookies,
-           thereby allowing the attacker to gain administrative access
-           to the CMS.</p>
+	<p>A cross-site scripting vulnerability is present in the
+	   PostNuke PHP content management system. By passing data
+	   injected through exploitable errors in input validation, an
+	   attacker can insert code which will run on the machine of
+	   anybody viewing the page. It is feasible that this attack
+	   could be used to retrieve session information from cookies,
+	   thereby allowing the attacker to gain administrative access
+	   to the CMS.</p>
       </body>
     </description>
     <references>
@@ -26282,15 +26302,15 @@ Note:  Please add new entries to the beginning of this file.
      <topic>realplayer -- remote heap overflow</topic>
     <affects>
       <package>
-        <name>linux-realplayer</name>
-        <range><le>10.0.2</le></range>
+	<name>linux-realplayer</name>
+	<range><le>10.0.2</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Two exploits have been identified in the Linux RealPlayer client.
-           RealNetworks states:</p>
-        <blockquote cite="http://service.real.com/help/faq/security/050224_player/EN/">
+	<p>Two exploits have been identified in the Linux RealPlayer client.
+	   RealNetworks states:</p>
+	<blockquote cite="http://service.real.com/help/faq/security/050224_player/EN/">
 	  <p>RealNetworks, Inc. has addressed recently discovered
 	     security vulnerabilities that offered the potential for
 	     an attacker to run arbitrary or malicious code on a
@@ -26367,12 +26387,12 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The uim developers reports:</p>
 	<blockquote cite="http://lists.freedesktop.org/pipermail/uim/2005-February/000996.html">
-	  <p>Takumi ASAKI discovered that uim always trusts environment variables. 
-             But this is not correct behavior, sometimes environment variables 
-             shouldn't be trusted. This bug causes privilege escalation when libuim 
-             is linked against setuid/setgid application. Since GTK+ prohibits 
-             setuid/setgid applications, the bug appears only in 'immodule for Qt' 
-             enabled Qt. (Normal Qt is also safe.)</p>
+	  <p>Takumi ASAKI discovered that uim always trusts environment
+	    variables.	But this is not correct behavior, sometimes environment
+	    variables shouldn't be trusted. This bug causes privilege escalation
+	    when libuim is linked against setuid/setgid application. Since GTK+
+	    prohibits setuid/setgid applications, the bug appears only in
+	    'immodule for Qt' enabled Qt. (Normal Qt is also safe.)</p>
 	</blockquote>
       </body>
     </description>
@@ -26392,17 +26412,17 @@ Note:  Please add new entries to the beginning of this file.
     <topic>lighttpd -- script source disclosure vulnerability</topic>
     <affects>
       <package>
-        <name>lighttpd</name>
-        <range><lt>1.3.8</lt></range>
+	<name>lighttpd</name>
+	<range><lt>1.3.8</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>The lighttpd website reports:</p>
+	<p>The lighttpd website reports:</p>
 	<blockquote cite="http://article.gmane.org/gmane.comp.web.lighttpd/1171">
-          <p>In lighttpd 1.3.7 and below it is possible to fetch the source
-            files which should be handled by CGI or FastCGI applications.</p>
-        </blockquote>
+	  <p>In lighttpd 1.3.7 and below it is possible to fetch the source
+	    files which should be handled by CGI or FastCGI applications.</p>
+	</blockquote>
 	<p>The vulnerability is in the handling of urlencoded trailing
 	  NUL bytes.  Installations that do not use CGI or FastCGI are
 	  not affected.</p>
@@ -26425,26 +26445,26 @@ Note:  Please add new entries to the beginning of this file.
     <topic>phpbb -- privilege elevation and path disclosure</topic>
     <affects>
       <package>
-        <name>phpbb</name>
-        <range><lt>2.0.13</lt></range>
+	<name>phpbb</name>
+	<range><lt>2.0.13</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>The phpbb developer group reports:</p>
-        <blockquote cite="http://www.phpbb.com/phpBB/viewtopic.php?t=267563">
-          <p>phpBB Group announces the release of phpBB 2.0.13, the
+	<p>The phpbb developer group reports:</p>
+	<blockquote cite="http://www.phpbb.com/phpBB/viewtopic.php?t=267563">
+	  <p>phpBB Group announces the release of phpBB 2.0.13, the
 	    "Beware of the furries" edition. This release addresses two
 	    recent security exploits, one of them critical. They were
 	    reported a few days after .12 was released and no one is
 	    more annoyed than us, having to release a new version ini
 	    such a short period of time. Fortunately both fixes are
 	    easy and in each case just one line needs to be edited.</p>
-        </blockquote>
+	</blockquote>
       </body>
     </description>
     <references>
-        <url>http://www.phpbb.com/phpBB/viewtopic.php?t=267563</url>
+	<url>http://www.phpbb.com/phpBB/viewtopic.php?t=267563</url>
 	<bid>12678</bid>
     </references>
     <dates>
@@ -26585,17 +26605,17 @@ Note:  Please add new entries to the beginning of this file.
     <topic>mozilla -- insecure temporary directory vulnerability</topic>
     <affects>
       <package>
-        <name>firefox</name>
-        <range><lt>1.0.1,1</lt></range>
+	<name>firefox</name>
+	<range><lt>1.0.1,1</lt></range>
       </package>
       <package>
-        <name>mozilla</name>
-        <range><lt>1.7.6,2</lt></range>
+	<name>mozilla</name>
+	<range><lt>1.7.6,2</lt></range>
       </package>
       <package>
-        <name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7.6</lt></range>
+	<name>linux-mozilla</name>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7.6</lt></range>
       </package>
       <package>
 	<name>netscape7</name>
@@ -26603,35 +26623,35 @@ Note:  Please add new entries to the beginning of this file.
       </package>
       <package>
 	<!-- These ports are obsolete. -->
-        <name>de-linux-mozillafirebird</name>
+	<name>de-linux-mozillafirebird</name>
 	<name>el-linux-mozillafirebird</name>
-        <name>ja-linux-mozillafirebird-gtk1</name>
-        <name>ja-mozillafirebird-gtk2</name>
-        <name>linux-mozillafirebird</name>
-        <name>ru-linux-mozillafirebird</name>
-        <name>zhCN-linux-mozillafirebird</name>
-        <name>zhTW-linux-mozillafirebird</name>
+	<name>ja-linux-mozillafirebird-gtk1</name>
+	<name>ja-mozillafirebird-gtk2</name>
+	<name>linux-mozillafirebird</name>
+	<name>ru-linux-mozillafirebird</name>
+	<name>zhCN-linux-mozillafirebird</name>
+	<name>zhTW-linux-mozillafirebird</name>
 	<range><ge>0</ge></range>
       </package>
       <package>
 	<!-- These package names are obsolete. -->
-        <name>de-linux-netscape</name>
-        <name>de-netscape7</name>
-        <name>fr-linux-netscape</name>
-        <name>fr-netscape7</name>
-        <name>ja-linux-netscape</name>
-        <name>ja-netscape7</name>
-        <name>linux-netscape</name>
-        <name>linux-phoenix</name>
-        <name>mozilla+ipv6</name>
-        <name>mozilla-embedded</name>
-        <name>mozilla-firebird</name>
-        <name>mozilla-gtk1</name>
-        <name>mozilla-gtk2</name>
-        <name>mozilla-gtk</name>
-        <name>mozilla-thunderbird</name>
-        <name>phoenix</name>
-        <name>pt_BR-netscape7</name>
+	<name>de-linux-netscape</name>
+	<name>de-netscape7</name>
+	<name>fr-linux-netscape</name>
+	<name>fr-netscape7</name>
+	<name>ja-linux-netscape</name>
+	<name>ja-netscape7</name>
+	<name>linux-netscape</name>
+	<name>linux-phoenix</name>
+	<name>mozilla+ipv6</name>
+	<name>mozilla-embedded</name>
+	<name>mozilla-firebird</name>
+	<name>mozilla-gtk1</name>
+	<name>mozilla-gtk2</name>
+	<name>mozilla-gtk</name>
+	<name>mozilla-thunderbird</name>
+	<name>phoenix</name>
+	<name>pt_BR-netscape7</name>
 	<range><ge>0</ge></range>
       </package>
     </affects>
@@ -26661,17 +26681,17 @@ Note:  Please add new entries to the beginning of this file.
     <topic>mozilla -- arbitrary code execution vulnerability</topic>
     <affects>
       <package>
-        <name>firefox</name>
-        <range><lt>1.0.1,1</lt></range>
+	<name>firefox</name>
+	<range><lt>1.0.1,1</lt></range>
       </package>
       <package>
-        <name>mozilla</name>
-        <range><lt>1.7.6,2</lt></range>
+	<name>mozilla</name>
+	<range><lt>1.7.6,2</lt></range>
       </package>
       <package>
-        <name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7.6</lt></range>
+	<name>linux-mozilla</name>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7.6</lt></range>
       </package>
       <package>
 	<name>netscape7</name>
@@ -26679,35 +26699,35 @@ Note:  Please add new entries to the beginning of this file.
       </package>
       <package>
 	<!-- These ports are obsolete. -->
-        <name>de-linux-mozillafirebird</name>
+	<name>de-linux-mozillafirebird</name>
 	<name>el-linux-mozillafirebird</name>
-        <name>ja-linux-mozillafirebird-gtk1</name>
-        <name>ja-mozillafirebird-gtk2</name>
-        <name>linux-mozillafirebird</name>
-        <name>ru-linux-mozillafirebird</name>
-        <name>zhCN-linux-mozillafirebird</name>
-        <name>zhTW-linux-mozillafirebird</name>
+	<name>ja-linux-mozillafirebird-gtk1</name>
+	<name>ja-mozillafirebird-gtk2</name>
+	<name>linux-mozillafirebird</name>
+	<name>ru-linux-mozillafirebird</name>
+	<name>zhCN-linux-mozillafirebird</name>
+	<name>zhTW-linux-mozillafirebird</name>
 	<range><ge>0</ge></range>
       </package>
       <package>
 	<!-- These package names are obsolete. -->
-        <name>de-linux-netscape</name>
-        <name>de-netscape7</name>
-        <name>fr-linux-netscape</name>
-        <name>fr-netscape7</name>
-        <name>ja-linux-netscape</name>
-        <name>ja-netscape7</name>
-        <name>linux-netscape</name>
-        <name>linux-phoenix</name>
-        <name>mozilla+ipv6</name>
-        <name>mozilla-embedded</name>
-        <name>mozilla-firebird</name>
-        <name>mozilla-gtk1</name>
-        <name>mozilla-gtk2</name>
-        <name>mozilla-gtk</name>
-        <name>mozilla-thunderbird</name>
-        <name>phoenix</name>
-        <name>pt_BR-netscape7</name>
+	<name>de-linux-netscape</name>
+	<name>de-netscape7</name>
+	<name>fr-linux-netscape</name>
+	<name>fr-netscape7</name>
+	<name>ja-linux-netscape</name>
+	<name>ja-netscape7</name>
+	<name>linux-netscape</name>
+	<name>linux-phoenix</name>
+	<name>mozilla+ipv6</name>
+	<name>mozilla-embedded</name>
+	<name>mozilla-firebird</name>
+	<name>mozilla-gtk1</name>
+	<name>mozilla-gtk2</name>
+	<name>mozilla-gtk</name>
+	<name>mozilla-thunderbird</name>
+	<name>phoenix</name>
+	<name>pt_BR-netscape7</name>
 	<range><ge>0</ge></range>
       </package>
     </affects>
@@ -26887,13 +26907,13 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Simon Tatham reports:</p>
 	<blockquote cite="http://lists.tartarus.org/pipermail/putty-announce/2005/000012.html">
 	  <p>This version fixes a security hole in previous versions
-            of PuTTY, which can allow a malicious SFTP server to
-            attack your client. If you use either PSCP or PSFTP, you
-            should upgrade. Users of the main PuTTY program are not
-            affected. (However, note that the server must have passed
-            host key verification before this attack can be launched,
-            so a man-in-the-middle shouldn't be able to attack you if
-            you're careful.)</p>
+	    of PuTTY, which can allow a malicious SFTP server to
+	    attack your client. If you use either PSCP or PSFTP, you
+	    should upgrade. Users of the main PuTTY program are not
+	    affected. (However, note that the server must have passed
+	    host key verification before this attack can be launched,
+	    so a man-in-the-middle shouldn't be able to attack you if
+	    you're careful.)</p>
 	</blockquote>
       </body>
     </description>
@@ -27064,7 +27084,7 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Giovanni Delvecchio reports:</p>
 	<blockquote cite="http://www.zone-h.org/advisories/read/id=6503">
 	  <p>Opera for linux uses "kfmclient exec" as "Default
-	    Application" to handle saved files.	 This could be used by
+	    Application" to handle saved files.  This could be used by
 	    malicious remote users to execute arbitrary shell commands
 	    on a target system.</p>
 	</blockquote>
@@ -27438,7 +27458,8 @@ Note:  Please add new entries to the beginning of this file.
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>An Ethreal Security Advisories reports:</p>
 	<blockquote cite="http://www.ethereal.com/appnotes/enpa-sa-00017.html">
-	  <p>Issues have been discovered in the following protocol dissectors:</p>
+	  <p>Issues have been discovered in the following protocol
+	    dissectors:</p>
 	  <ul>
 	    <li>The COPS dissector could go into an infinite
 	      loop. CVE: CAN-2005-0006</li>
@@ -27480,19 +27501,19 @@ Note:  Please add new entries to the beginning of this file.
     <topic>squid -- correct handling of oversized HTTP reply headers</topic>
     <affects>
       <package>
-        <name>squid</name>
-        <range><lt>2.5.7_12</lt></range>
+	<name>squid</name>
+	<range><lt>2.5.7_12</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>The squid patches page notes:</p>
-        <blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch">
-          <p>This patch addresses a HTTP protocol mismatch related to oversized
-            reply headers. In addition it enhances the cache.log reporting on
-            reply header parsing failures to make it easier to track down which
-            sites are malfunctioning.</p>
-        </blockquote>
+	<p>The squid patches page notes:</p>
+	<blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch">
+	  <p>This patch addresses a HTTP protocol mismatch related to oversized
+	    reply headers. In addition it enhances the cache.log reporting on
+	    reply header parsing failures to make it easier to track down which
+	    sites are malfunctioning.</p>
+	</blockquote>
 	<p>It is believed that this bug may lead to cache pollution or
 	  allow access controls to be bypassed.</p>
       </body>
@@ -27524,7 +27545,7 @@ Note:  Please add new entries to the beginning of this file.
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-      	<p>According to Python Security Advisory PSF-2005-001,</p>
+	<p>According to Python Security Advisory PSF-2005-001,</p>
 	<blockquote cite="http://www.python.org/security/PSF-2005-001/">
 	  <p>The Python development team has discovered a flaw in
 	    the <code>SimpleXMLRPCServer</code> library module which
@@ -27532,7 +27553,7 @@ Note:  Please add new entries to the beginning of this file.
 	    registered object or its module or possibly other modules.
 	    The flaw only affects Python XML-RPC servers that use the
 	    <code>register_instance()</code> method to register an object
-	    without a <code>_dispatch()</code> method.  Servers using
+	    without a <code>_dispatch()</code> method.	Servers using
 	    only <code>register_function()</code> are not affected.</p>
 	  <p>On vulnerable XML-RPC servers, a remote attacker may
 	    be able to view or modify globals of the module(s)
@@ -27584,7 +27605,7 @@ Note:  Please add new entries to the beginning of this file.
 	    very long. <em>(CVE-2005-0156)</em>.</li>
 	</ul>
 	<p><strong>Note:</strong> By default, no set-user-ID perl
-	  binary is installed.  An administrator must enable it
+	  binary is installed.	An administrator must enable it
 	  manually at build time with the <code>ENABLE_SUIDPERL</code>
 	  port flag.</p>
       </body>
@@ -27670,14 +27691,14 @@ Note:  Please add new entries to the beginning of this file.
    </affects>
    <description>
     <body xmlns="http://www.w3.org/1999/xhtml">
-      <p>The newspost program uses a function named socket_getline to
-      read server responses from the network socket. Unfortunately this
-      function does not check the length of the buffer in which the read
-      data is stored and only stops reading when a newline character is found.</p>
-      <p>A malicious NNTP server could use this bug to cause a buffer
-      overflow by sending an overly long response. Such an overflow allows
-      arbitrary code to be executed, with the privileges of the newspost
-      process, on the affected systems.</p>
+      <p>The newspost program uses a function named socket_getline to read
+	server responses from the network socket. Unfortunately this function
+	does not check the length of the buffer in which the read data is stored
+	and only stops reading when a newline character is found.</p>
+      <p>A malicious NNTP server could use this bug to cause a buffer overflow
+	by sending an overly long response. Such an overflow allows arbitrary
+	code to be executed, with the privileges of the newspost process, on the
+	affected systems.</p>
     </body>
    </description>
    <references>
@@ -27727,7 +27748,8 @@ Note:  Please add new entries to the beginning of this file.
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>According to the Squid Proxy Cache Security Update Advisory SQUID-2005:3,</p>
+	<p>According to the Squid Proxy Cache Security Update Advisory
+	  SQUID-2005:3,</p>
 	<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2005_3.txt">
 	  <p>The WCCP recvfrom() call accepts more data than will fit in
 	    the allocated buffer.  An attacker may send a larger-than-normal
@@ -27926,32 +27948,32 @@ Note:  Please add new entries to the beginning of this file.
     <topic>squid -- possible cache-poisoning via malformed HTTP responses</topic>
     <affects>
       <package>
-        <name>squid</name>
-        <range><lt>2.5.7_9</lt></range>
+	<name>squid</name>
+	<range><lt>2.5.7_9</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>The squid patches page notes:</p>
-        <blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing">
-          <p>This patch makes Squid considerably stricter while
-            parsing the HTTP protocol.</p>
-          <ol>
-            <li>A Content-length header should only appear once in a
-              valid request or response. Multiple Content-length
-              headers, in conjunction with specially crafted requests,
-              may allow Squid's cache to be poisoned with bad content
-              in certain situations.</li>
-            <li>CR characters is only allowed as part of the CR NL
-              line terminator, not alone. This to ensure that all
-              involved agrees on the structure of HTTP headers.</li>
-            <li>Rejects requests/responses that have whitespace in an
-              HTTP header name.</li>
-          </ol>
-        </blockquote>
-        <p>To enable these strict parsing rules, update to at least
-          squid-2.5.7_9 and specify <code>relaxed_header_parser
-          off</code> in squid.conf.</p>
+	<p>The squid patches page notes:</p>
+	<blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing">
+	  <p>This patch makes Squid considerably stricter while
+	    parsing the HTTP protocol.</p>
+	  <ol>
+	    <li>A Content-length header should only appear once in a
+	      valid request or response. Multiple Content-length
+	      headers, in conjunction with specially crafted requests,
+	      may allow Squid's cache to be poisoned with bad content
+	      in certain situations.</li>
+	    <li>CR characters is only allowed as part of the CR NL
+	      line terminator, not alone. This to ensure that all
+	      involved agrees on the structure of HTTP headers.</li>
+	    <li>Rejects requests/responses that have whitespace in an
+	      HTTP header name.</li>
+	  </ol>
+	</blockquote>
+	<p>To enable these strict parsing rules, update to at least
+	  squid-2.5.7_9 and specify <code>relaxed_header_parser
+	  off</code> in squid.conf.</p>
       </body>
     </description>
     <references>
@@ -28005,49 +28027,49 @@ Note:  Please add new entries to the beginning of this file.
     <topic>web browsers -- window injection vulnerabilities</topic>
     <affects>
       <package>
-        <name>firefox</name>
-        <range><lt>1.0.1,1</lt></range>
+	<name>firefox</name>
+	<range><lt>1.0.1,1</lt></range>
       </package>
       <package>
-        <name>mozilla</name>
-        <range><lt>1.7.6,2</lt></range>
+	<name>mozilla</name>
+	<range><lt>1.7.6,2</lt></range>
       </package>
       <package>
-        <name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7.6</lt></range>
+	<name>linux-mozilla</name>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7.6</lt></range>
       </package>
       <package>
-        <name>de-linux-mozillafirebird</name>
+	<name>de-linux-mozillafirebird</name>
 	<name>el-linux-mozillafirebird</name>
-        <name>ja-linux-mozillafirebird-gtk1</name>
-        <name>ja-mozillafirebird-gtk2</name>
-        <name>linux-mozillafirebird</name>
-        <name>ru-linux-mozillafirebird</name>
-        <name>zhCN-linux-mozillafirebird</name>
-        <name>zhTW-linux-mozillafirebird</name>
-        <name>de-netscape7</name>
-        <name>fr-netscape7</name>
-        <name>ja-netscape7</name>
-        <name>netscape7</name>
-        <name>pt_BR-netscape7</name>
-        <name>mozilla-gtk1</name>
+	<name>ja-linux-mozillafirebird-gtk1</name>
+	<name>ja-mozillafirebird-gtk2</name>
+	<name>linux-mozillafirebird</name>
+	<name>ru-linux-mozillafirebird</name>
+	<name>zhCN-linux-mozillafirebird</name>
+	<name>zhTW-linux-mozillafirebird</name>
+	<name>de-netscape7</name>
+	<name>fr-netscape7</name>
+	<name>ja-netscape7</name>
+	<name>netscape7</name>
+	<name>pt_BR-netscape7</name>
+	<name>mozilla-gtk1</name>
 	<range><ge>0</ge></range>
       </package>
       <package>
 	<!-- These package names are obsolete. -->
-        <name>de-linux-netscape</name>
-        <name>fr-linux-netscape</name>
-        <name>ja-linux-netscape</name>
-        <name>linux-netscape</name>
-        <name>linux-phoenix</name>
-        <name>mozilla+ipv6</name>
-        <name>mozilla-embedded</name>
-        <name>mozilla-firebird</name>
-        <name>mozilla-gtk2</name>
-        <name>mozilla-gtk</name>
-        <name>mozilla-thunderbird</name>
-        <name>phoenix</name>
+	<name>de-linux-netscape</name>
+	<name>fr-linux-netscape</name>
+	<name>ja-linux-netscape</name>
+	<name>linux-netscape</name>
+	<name>linux-phoenix</name>
+	<name>mozilla+ipv6</name>
+	<name>mozilla-embedded</name>
+	<name>mozilla-firebird</name>
+	<name>mozilla-gtk2</name>
+	<name>mozilla-gtk</name>
+	<name>mozilla-thunderbird</name>
+	<name>phoenix</name>
 	<range><ge>0</ge></range>
       </package>
       <package>
@@ -28122,7 +28144,7 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Manigandan Radhakrishnan discovered a security
 	  vulnerability in YAMT which can lead to execution of
 	  arbitrary commands with the privileges of the user running
-	  YAMT when sorting based on MP3 tags.  The problem exist in
+	  YAMT when sorting based on MP3 tags.	The problem exist in
 	  the <code>id3tag_sort()</code> routine which does not
 	  properly sanitize the artist tag from the MP3 file before
 	  using it as an argument to the mv command.</p>
@@ -28294,35 +28316,35 @@ Note:  Please add new entries to the beginning of this file.
 	<p>Marc Schoenefeld reports:</p>
 	<blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110088923127820">
 	  <p>Opera 7.54 is vulnerable to leakage of the java sandbox,
-            allowing malicious applets to gain unacceptable
-            privileges. This allows them to be used for information
-            gathering (spying) of local identity information and
-            system configurations as well as causing annoying crash
-            effects.</p>
+	    allowing malicious applets to gain unacceptable
+	    privileges. This allows them to be used for information
+	    gathering (spying) of local identity information and
+	    system configurations as well as causing annoying crash
+	    effects.</p>
 	  <p>Opera 754 <em>[sic]</em> which was released Aug 5,2004 is
-            vulnerable to the XSLT processor covert channel attack,
-            which was corrected with JRE 1.4.2_05 [released in July
-            04], but in disadvantage to the users the opera packaging
-            guys chose to bundle the JRE 1.4.2_04 <em>[...]</em></p>
+	    vulnerable to the XSLT processor covert channel attack,
+	    which was corrected with JRE 1.4.2_05 [released in July
+	    04], but in disadvantage to the users the opera packaging
+	    guys chose to bundle the JRE 1.4.2_04 <em>[...]</em></p>
 	  <p>Internal pointer DoS exploitation: Opera.jar contains the
-            opera replacement of the java plugin. It therefore handles
-            communication between javascript and the Java VM via the
-            liveconnect protocol. The public class EcmaScriptObject
-            exposes a system memory pointer to the java address space,
-            by constructing a special variant of this type an internal
-            cache table can be polluted by false entries that infer
-            proper function of the JSObject class and in the following
-            proof-of-concept crash the browser.</p>
+	    opera replacement of the java plugin. It therefore handles
+	    communication between javascript and the Java VM via the
+	    liveconnect protocol. The public class EcmaScriptObject
+	    exposes a system memory pointer to the java address space,
+	    by constructing a special variant of this type an internal
+	    cache table can be polluted by false entries that infer
+	    proper function of the JSObject class and in the following
+	    proof-of-concept crash the browser.</p>
 	  <p>Exposure of location of local java installation Sniffing
-            the URL classpath allows to retrieve the URLs of the
-            bootstrap class path and therefore the JDK installation
-            directory.</p>
+	    the URL classpath allows to retrieve the URLs of the
+	    bootstrap class path and therefore the JDK installation
+	    directory.</p>
 	  <p>Exposure of local user name to an untrusted applet An
-            attacker could use the sun.security.krb5.Credentials class
-            to retrieve the name of the currently logged in user and
-            parse his home directory from the information which is
-            provided by the thrown
-            java.security.AccessControlException.</p>
+	    attacker could use the sun.security.krb5.Credentials class
+	    to retrieve the name of the currently logged in user and
+	    parse his home directory from the information which is
+	    provided by the thrown
+	    java.security.AccessControlException.</p>
 	</blockquote>
       </body>
     </description>
@@ -28410,10 +28432,10 @@ Note:  Please add new entries to the beginning of this file.
 	<p>An NGSSoftware Insight Security Research Advisory reports:</p>
 	<blockquote cite="http://www.ngssoftware.com/advisories/real-03full.txt">
 	  <p>Two vulnerabilities have been discovered in RealPlayer
-            which may potentially be leveraged to allow remote code
-            execution, or may used in combination with the Real
-            Metadata Package File Deletion vulnerability to reliably
-            delete files from a users system.</p>
+	    which may potentially be leveraged to allow remote code
+	    execution, or may used in combination with the Real
+	    Metadata Package File Deletion vulnerability to reliably
+	    delete files from a users system.</p>
 	</blockquote>
       </body>
     </description>
@@ -28479,7 +28501,7 @@ Note:  Please add new entries to the beginning of this file.
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>eGroupWare contains a bug in the JiNN component that allows
-  	  a remote attacker to download arbitrary files.</p>
+	  a remote attacker to download arbitrary files.</p>
       </body>
     </description>
     <references>
@@ -28510,9 +28532,9 @@ Note:  Please add new entries to the beginning of this file.
 	  critical vulnerabilities in the Quake II engine:</p>
 	<blockquote cite="http://secur1ty.net/advisories/001">
 	  <p>Due to unchecked input at various stages in the server,
-            remote users are able to cause the server to crash, reveal
-            sensitive information or potentially execute arbitrary
-            code.</p>
+	    remote users are able to cause the server to crash, reveal
+	    sensitive information or potentially execute arbitrary
+	    code.</p>
 	</blockquote>
       </body>
     </description>
@@ -28728,34 +28750,34 @@ Note:  Please add new entries to the beginning of this file.
     <topic>mozilla -- insecure permissions for some downloaded files</topic>
     <affects>
       <package>
-        <name>thunderbird</name>
+	<name>thunderbird</name>
 	<range><lt>0.9</lt></range>
       </package>
       <package>
-        <name>de-linux-mozillafirebird</name>
+	<name>de-linux-mozillafirebird</name>
 	<name>el-linux-mozillafirebird</name>
-        <name>firefox</name>
-        <name>ja-linux-mozillafirebird-gtk1</name>
-        <name>ja-mozillafirebird-gtk2</name>
-        <name>linux-mozillafirebird</name>
-        <name>ru-linux-mozillafirebird</name>
-        <name>zhCN-linux-mozillafirebird</name>
-        <name>zhTW-linux-mozillafirebird</name>
+	<name>firefox</name>
+	<name>ja-linux-mozillafirebird-gtk1</name>
+	<name>ja-mozillafirebird-gtk2</name>
+	<name>linux-mozillafirebird</name>
+	<name>ru-linux-mozillafirebird</name>
+	<name>zhCN-linux-mozillafirebird</name>
+	<name>zhTW-linux-mozillafirebird</name>
 	<range><lt>1.0.r2,1</lt></range>
       </package>
       <package>
-        <name>de-netscape7</name>
-        <name>fr-netscape7</name>
-        <name>ja-netscape7</name>
-        <name>netscape7</name>
-        <name>pt_BR-netscape7</name>
+	<name>de-netscape7</name>
+	<name>fr-netscape7</name>
+	<name>ja-netscape7</name>
+	<name>netscape7</name>
+	<name>pt_BR-netscape7</name>
 	<range><le>7.2</le></range>
       </package>
       <package>
-        <name>mozilla-gtk1</name>
-        <name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7.5</lt></range>
+	<name>mozilla-gtk1</name>
+	<name>linux-mozilla</name>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7.5</lt></range>
       </package>
       <package>
 	<name>mozilla</name>
@@ -28763,18 +28785,18 @@ Note:  Please add new entries to the beginning of this file.
       </package>
       <package>
 	<!-- These package names are obsolete. -->
-        <name>de-linux-netscape</name>
-        <name>fr-linux-netscape</name>
-        <name>ja-linux-netscape</name>
-        <name>linux-netscape</name>
-        <name>linux-phoenix</name>
-        <name>mozilla+ipv6</name>
-        <name>mozilla-embedded</name>
-        <name>mozilla-firebird</name>
-        <name>mozilla-gtk2</name>
-        <name>mozilla-gtk</name>
-        <name>mozilla-thunderbird</name>
-        <name>phoenix</name>
+	<name>de-linux-netscape</name>
+	<name>fr-linux-netscape</name>
+	<name>ja-linux-netscape</name>
+	<name>linux-netscape</name>
+	<name>linux-phoenix</name>
+	<name>mozilla+ipv6</name>
+	<name>mozilla-embedded</name>
+	<name>mozilla-firebird</name>
+	<name>mozilla-gtk2</name>
+	<name>mozilla-gtk</name>
+	<name>mozilla-thunderbird</name>
+	<name>phoenix</name>
 	<range><ge>0</ge></range>
       </package>
     </affects>
@@ -29035,18 +29057,18 @@ Note:  Please add new entries to the beginning of this file.
     <topic>mozilla -- heap overflow in NNTP handler</topic>
     <affects>
       <package>
-        <name>de-netscape7</name>
-        <name>fr-netscape7</name>
-        <name>ja-netscape7</name>
-        <name>netscape7</name>
-        <name>pt_BR-netscape7</name>
+	<name>de-netscape7</name>
+	<name>fr-netscape7</name>
+	<name>ja-netscape7</name>
+	<name>netscape7</name>
+	<name>pt_BR-netscape7</name>
 	<range><gt>0</gt></range>
       </package>
       <package>
-        <name>mozilla-gtk1</name>
-        <name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7.5</lt></range>
+	<name>mozilla-gtk1</name>
+	<name>linux-mozilla</name>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7.5</lt></range>
       </package>
       <package>
 	<name>mozilla</name>
@@ -29054,14 +29076,14 @@ Note:  Please add new entries to the beginning of this file.
       </package>
       <package>
 	<!-- These package names are obsolete. -->
-        <name>de-linux-netscape</name>
-        <name>fr-linux-netscape</name>
-        <name>ja-linux-netscape</name>
-        <name>linux-netscape</name>
-        <name>mozilla+ipv6</name>
-        <name>mozilla-embedded</name>
-        <name>mozilla-gtk2</name>
-        <name>mozilla-gtk</name>
+	<name>de-linux-netscape</name>
+	<name>fr-linux-netscape</name>
+	<name>ja-linux-netscape</name>
+	<name>linux-netscape</name>
+	<name>mozilla+ipv6</name>
+	<name>mozilla-embedded</name>
+	<name>mozilla-gtk2</name>
+	<name>mozilla-gtk</name>
 	<range><ge>0</ge></range>
       </package>
     </affects>
@@ -29326,8 +29348,8 @@ http_access deny Gopher</pre>
     <topic>xshisen -- local buffer overflows</topic>
     <affects>
       <package>
-        <name>xshisen</name>
-        <range><lt>1.36_1</lt></range>
+	<name>xshisen</name>
+	<range><lt>1.36_1</lt></range>
       </package>
     </affects>
     <description>
@@ -29335,8 +29357,8 @@ http_access deny Gopher</pre>
 	<p>Steve Kemp has found buffer overflows in the handling
 	  of the command line flag -KCONV and the XSHISENLIB environment
 	  variable.  Ulf Härnhammer has detected an unbounded copy from
-          the GECOS field to a char array.  All overflows can be exploited
-          to gain group games privileges.</p>
+	  the GECOS field to a char array.  All overflows can be exploited
+	  to gain group games privileges.</p>
       </body>
     </description>
     <references>
@@ -29356,19 +29378,19 @@ http_access deny Gopher</pre>
     <topic>helvis -- arbitrary file deletion problem</topic>
     <affects>
       <package>
-        <name>ko-helvis</name>
-        <range><le>1.8h2_1</le></range>
+	<name>ko-helvis</name>
+	<range><le>1.8h2_1</le></range>
       </package>
       <package>
-        <name>helvis</name>
-        <range><le>1.8h2_1</le></range>
+	<name>helvis</name>
+	<range><le>1.8h2_1</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>The setuid root elvprsv utility, used to preserve
+	<p>The setuid root elvprsv utility, used to preserve
 	 recovery helvis files, can be abused by local users to delete
-        with root privileges.</p>
+	with root privileges.</p>
 	<p>The problem is that elvprsv deletes files when it thinks they
 	have become corrupt. When elvprsv is pointed to a normal file then
 	it will almost always think the file is corrupt and deletes it.
@@ -29391,12 +29413,12 @@ http_access deny Gopher</pre>
     <topic>helvis -- information leak vulnerabilities</topic>
     <affects>
       <package>
-        <name>ko-helvis</name>
-        <range><le>1.8h2_1</le></range>
+	<name>ko-helvis</name>
+	<range><le>1.8h2_1</le></range>
       </package>
       <package>
-        <name>helvis</name>
-        <range><le>1.8h2_1</le></range>
+	<name>helvis</name>
+	<range><le>1.8h2_1</le></range>
       </package>
     </affects>
     <description>
@@ -29450,16 +29472,16 @@ http_access deny Gopher</pre>
     <topic>tnftp -- mget does not check for directory escapes</topic>
     <affects>
       <package>
-        <name>tnftp</name>
-        <range><lt>20050103</lt></range>
+	<name>tnftp</name>
+	<range><lt>20050103</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>When downloading a batch of files from an FTP server the
-         mget command does not check for directory escapes.  A
-         specially crafted file on the FTP server could then
-         potentially overwrite an existing file of the user.</p>
+	<p>When downloading a batch of files from an FTP server the
+	 mget command does not check for directory escapes.  A
+	 specially crafted file on the FTP server could then
+	 potentially overwrite an existing file of the user.</p>
       </body>
     </description>
     <references>
@@ -29654,13 +29676,13 @@ http_access deny Gopher</pre>
     <topic>exim -- two buffer overflow vulnerabilities</topic>
     <affects>
       <package>
-        <name>exim</name>
-        <name>exim-ldap</name>
-        <name>exim-ldap2</name>
-        <name>exim-mysql</name>
-        <name>exim-postgresql</name>
-        <name>exim-sa-exim</name>
-        <range><lt>4.43+28_1</lt></range>
+	<name>exim</name>
+	<name>exim-ldap</name>
+	<name>exim-ldap2</name>
+	<name>exim-mysql</name>
+	<name>exim-postgresql</name>
+	<name>exim-sa-exim</name>
+	<range><lt>4.43+28_1</lt></range>
       </package>
     </affects>
     <description>
@@ -29693,10 +29715,10 @@ http_access deny Gopher</pre>
     <topic>mpg123 -- playlist processing buffer overflow vulnerability</topic>
     <affects>
       <package>
-        <name>mpg123</name>
-        <name>mpg123-nas</name>
-        <name>mpg123-esound</name>
-        <range><le>0.59r_15</le></range>
+	<name>mpg123</name>
+	<name>mpg123-nas</name>
+	<name>mpg123-esound</name>
+	<range><le>0.59r_15</le></range>
       </package>
     </affects>
     <description>
@@ -29729,8 +29751,8 @@ http_access deny Gopher</pre>
     <topic>greed -- insecure GRX file processing</topic>
     <affects>
       <package>
-        <name>greed</name>
-        <range><le>0.81p</le></range>
+	<name>greed</name>
+	<range><le>0.81p</le></range>
       </package>
     </affects>
     <description>
@@ -29739,7 +29761,8 @@ http_access deny Gopher</pre>
 	URL handling code. This bug can especially be a problem when greed is
 	used to process GRX (GetRight) files that originate from untrusted
 	sources.</p>
-	<p>The bug finder, Manigandan Radhakrishnan, gave the following description:</p>
+	<p>The bug finder, Manigandan Radhakrishnan, gave the following
+	  description:</p>
 	<blockquote cite="http://tigger.uic.edu/~jlongs2/holes/greed.txt">
 	  <p>Here are the bugs. First, in main.c, DownloadLoop() uses strcat()
 	    to copy an input filename to the end of a 128-byte COMMAND array.
@@ -29765,19 +29788,22 @@ http_access deny Gopher</pre>
     <topic>golddig -- local buffer overflow vulnerabilities</topic>
     <affects>
       <package>
-        <name>golddig</name>
-        <range><le>2.0</le></range>
+	<name>golddig</name>
+	<range><le>2.0</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Two buffer overflow vulnerabilities where detected. Both issues can
-	be used by local users to gain group games privileges on affected systems.</p>
-        <p>The first overflow exists in the map name handling and can be triggered
-        when a very long name is given to the program during command-line execution</p>
-         <p>The second overflow exists in the username processing while writing
-	the players score to disk. Excessivly long usernames, set via the USER environment
-	variable, are stored without any length checks in a memory buffer.</p>
+	<p>Two buffer overflow vulnerabilities where detected. Both issues can
+	  be used by local users to gain group games privileges on affected
+	  systems.</p>
+	<p>The first overflow exists in the map name handling and can be
+	  triggered when a very long name is given to the program during
+	  command-line execution</p>
+	<p>The second overflow exists in the username processing while writing
+	  the players score to disk. Excessivly long usernames, set via the USER
+	  environment variable, are stored without any length checks in a memory
+	  buffer.</p>
       </body>
     </description>
     <references>
@@ -30062,7 +30088,7 @@ http_access deny Gopher</pre>
 	<range><lt>3.00_5</lt></range>
       </package>
       <package>
-        <name>kdegraphics</name>
+	<name>kdegraphics</name>
 	<range><lt>3.3.2_1</lt></range>
       </package>
       <package>
@@ -30074,8 +30100,8 @@ http_access deny Gopher</pre>
 	<range><le>2.0.2_6</le></range>
       </package>
       <package>
-        <name>cups-base</name>
-        <range><le>1.1.22.0</le></range>
+	<name>cups-base</name>
+	<range><le>1.1.22.0</le></range>
       </package>
       <package>
 	<name>koffice</name>
@@ -30316,40 +30342,40 @@ http_access deny Gopher</pre>
     <topic>php -- multiple vulnerabilities</topic>
     <affects>
       <package>
-        <name>mod_php4-twig</name>
-        <name>php4-cgi</name>
-        <name>php4-cli</name>
-        <name>php4-dtc</name>
-        <name>php4-horde</name>
-        <name>php4-nms</name>
-        <name>php4</name>
-        <range><lt>4.3.10</lt></range>
+	<name>mod_php4-twig</name>
+	<name>php4-cgi</name>
+	<name>php4-cli</name>
+	<name>php4-dtc</name>
+	<name>php4-horde</name>
+	<name>php4-nms</name>
+	<name>php4</name>
+	<range><lt>4.3.10</lt></range>
       </package>
       <package>
-        <name>mod_php</name>
-        <name>mod_php4</name>
+	<name>mod_php</name>
+	<name>mod_php4</name>
 	<range><ge>4</ge><lt>4.3.10,1</lt></range>
       </package>
       <package>
-        <name>php5</name>
-        <name>php5-cgi</name>
-        <name>php5-cli</name>
-        <range><lt>5.0.3</lt></range>
+	<name>php5</name>
+	<name>php5-cgi</name>
+	<name>php5-cli</name>
+	<range><lt>5.0.3</lt></range>
       </package>
       <package>
-        <name>mod_php5</name>
-        <range><lt>5.0.3,1</lt></range>
+	<name>mod_php5</name>
+	<range><lt>5.0.3,1</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Secunia reports:</p>
 	<blockquote cite="http://secunia.com/advisories/13481/">
-          <p>Multiple vulnerabilities have been reported in PHP,
-             which can be exploited to gain escalated privileges,
-             bypass certain security restrictions, gain knowledge
-             of sensitive information, or compromise a vulnerable
-             system.</p>
+	  <p>Multiple vulnerabilities have been reported in PHP,
+	     which can be exploited to gain escalated privileges,
+	     bypass certain security restrictions, gain knowledge
+	     of sensitive information, or compromise a vulnerable
+	     system.</p>
 	</blockquote>
       </body>
     </description>
@@ -30371,28 +30397,28 @@ http_access deny Gopher</pre>
      <topic>mysql -- GRANT access restriction problem</topic>
      <affects>
        <package>
-         <name>mysql-server</name>
-         <range><le>3.23.58_3</le></range>
-         <range><ge>4.*</ge><lt>4.0.21</lt></range>
+	 <name>mysql-server</name>
+	 <range><le>3.23.58_3</le></range>
+	 <range><ge>4.*</ge><lt>4.0.21</lt></range>
        </package>
      </affects>
      <description>
        <body xmlns="http://www.w3.org/1999/xhtml">
-         <p>When a user is granted access to a database with a name containing an
-         underscore and the underscore is not escaped then that user might
-         also be able to access other, similarly named, databases on the
-         affected system. </p>
-        <p>The problem is that the underscore is seen as a wildcard by MySQL
-        and therefore it is possible that an admin might accidently GRANT
-        a user access to multiple databases.</p>
+	 <p>When a user is granted access to a database with a name containing
+	   an underscore and the underscore is not escaped then that user might
+	   also be able to access other, similarly named, databases on the
+	   affected system. </p>
+	 <p>The problem is that the underscore is seen as a wildcard by MySQL
+	   and therefore it is possible that an admin might accidently GRANT a
+	   user access to multiple databases.</p>
        </body>
      </description>
      <references>
-        <cvename>CVE-2004-0957</cvename>
-        <bid>11435</bid>
-        <url>http://bugs.mysql.com/bug.php?id=3933</url>
-        <url>http://rhn.redhat.com/errata/RHSA-2004-611.html</url>
-        <url>http://www.openpkg.org/security/OpenPKG-SA-2004.045-mysql.html</url>
+	<cvename>CVE-2004-0957</cvename>
+	<bid>11435</bid>
+	<url>http://bugs.mysql.com/bug.php?id=3933</url>
+	<url>http://rhn.redhat.com/errata/RHSA-2004-611.html</url>
+	<url>http://www.openpkg.org/security/OpenPKG-SA-2004.045-mysql.html</url>
      </references>
      <dates>
        <discovery>2004-03-29</discovery>
@@ -30405,31 +30431,31 @@ http_access deny Gopher</pre>
      <topic>mysql -- ALTER MERGE denial of service vulnerability</topic>
      <affects>
        <package>
-         <name>mysql-server</name>
-         <range><le>3.23.58_3</le></range>
-         <range><ge>4.*</ge><lt>4.0.21</lt></range>
-         <range><ge>4.1.*</ge><lt>4.1.1</lt></range>
+	 <name>mysql-server</name>
+	 <range><le>3.23.58_3</le></range>
+	 <range><ge>4.*</ge><lt>4.0.21</lt></range>
+	 <range><ge>4.1.*</ge><lt>4.1.1</lt></range>
        </package>
      </affects>
      <description>
        <body xmlns="http://www.w3.org/1999/xhtml">
-         <p>Dean Ellis reported a denial of service vulnerability in the MySQL server:</p>
-        <blockquote cite="http://bugs.mysql.com/bug.php?id=4017">
-                <p>
-                Multiple threads ALTERing the same (or different) MERGE tables to change the
-                UNION eventually crash the server or hang the individual threads.
-                </p>
-        </blockquote>
-        <p>Note that a script demonstrating the problem is included in the
-        MySQL bug report. Attackers that have control of a MySQL account
-        can easily use a modified version of that script during an attack. </p>
+	 <p>Dean Ellis reported a denial of service vulnerability in the MySQL
+	   server:</p>
+	 <blockquote cite="http://bugs.mysql.com/bug.php?id=4017">
+	   <p> Multiple threads ALTERing the same (or different) MERGE tables to
+	     change the UNION eventually crash the server or hang the individual
+	     threads.</p>
+	 </blockquote>
+	 <p>Note that a script demonstrating the problem is included in the
+	   MySQL bug report. Attackers that have control of a MySQL account can
+	   easily use a modified version of that script during an attack.</p>
        </body>
      </description>
      <references>
-        <cvename>CVE-2004-0837</cvename>
-        <bid>11357</bid>
-        <url>http://bugs.mysql.com/bug.php?id=2408</url>
-        <url>http://rhn.redhat.com/errata/RHSA-2004-611.html</url>
+	<cvename>CVE-2004-0837</cvename>
+	<bid>11357</bid>
+	<url>http://bugs.mysql.com/bug.php?id=2408</url>
+	<url>http://rhn.redhat.com/errata/RHSA-2004-611.html</url>
      </references>
      <dates>
        <discovery>2004-01-15</discovery>
@@ -30442,18 +30468,18 @@ http_access deny Gopher</pre>
      <topic>mysql -- FTS request denial of service vulnerability</topic>
      <affects>
        <package>
-         <name>mysql-server</name>
-         <range><ge>4.*</ge><lt>4.0.21</lt></range>
+	 <name>mysql-server</name>
+	 <range><ge>4.*</ge><lt>4.0.21</lt></range>
        </package>
      </affects>
      <description>
        <body xmlns="http://www.w3.org/1999/xhtml">
-         <p>A special crafted MySQL FTS request can cause the server to crash.
-         Malicious MySQL users can abuse this bug in a denial of service
-         attack against systems running an affected MySQL daemon. </p>
-         <p>Note that because this bug is related to the parsing of requests,
-         it may happen that this bug is triggered accidently by a user when he
-         or she makes a typo. </p>
+	 <p>A special crafted MySQL FTS request can cause the server to crash.
+	 Malicious MySQL users can abuse this bug in a denial of service
+	 attack against systems running an affected MySQL daemon. </p>
+	 <p>Note that because this bug is related to the parsing of requests,
+	 it may happen that this bug is triggered accidently by a user when he
+	 or she makes a typo. </p>
        </body>
      </description>
      <references>
@@ -30471,40 +30497,41 @@ http_access deny Gopher</pre>
      <topic>mysql -- mysql_real_connect buffer overflow vulnerability</topic>
      <affects>
        <package>
-         <name>mysql-server</name>
-         <range><le>3.23.58_3</le></range>
-         <range><ge>4.*</ge><lt>4.0.21</lt></range>
+	 <name>mysql-server</name>
+	 <range><le>3.23.58_3</le></range>
+	 <range><ge>4.*</ge><lt>4.0.21</lt></range>
        </package>
        <package>
-         <name>mysql-client</name>
-         <range><le>3.23.58_3</le></range>
-         <range><ge>4.*</ge><lt>4.0.21</lt></range>
+	 <name>mysql-client</name>
+	 <range><le>3.23.58_3</le></range>
+	 <range><ge>4.*</ge><lt>4.0.21</lt></range>
        </package>
      </affects>
      <description>
        <body xmlns="http://www.w3.org/1999/xhtml">
-         <p>The mysql_real_connect function doesn't properly handle DNS replies
-         by copying the IP address into a buffer without any length checking.
-         A specially crafted DNS reply may therefore be used to cause a
-         buffer overflow on affected systems.</p>
-         <p>Note that whether this issue can be exploitable depends on the system library responsible for
-         the gethostbyname function. The bug finder, Lukasz Wojtow, explaines this with the following words:</p>
-         <blockquote cite="http://bugs.mysql.com/bug.php?id=4017">
-                <p>In glibc there is a limitation for an IP address to have only 4
-                bytes (obviously), but generally speaking the length of the address
-                comes with a response for dns query (i know it sounds funny but
-                read rfc1035 if you don't believe). This bug can occur on libraries
-                where gethostbyname function takes length from dns's response</p>
-         </blockquote>
+	 <p>The mysql_real_connect function doesn't properly handle DNS replies
+	   by copying the IP address into a buffer without any length checking.
+	   A specially crafted DNS reply may therefore be used to cause a buffer
+	   overflow on affected systems.</p>
+	 <p>Note that whether this issue can be exploitable depends on the
+	   system library responsible for the gethostbyname function. The bug
+	   finder, Lukasz Wojtow, explaines this with the following words:</p>
+	 <blockquote cite="http://bugs.mysql.com/bug.php?id=4017">
+	   <p>In glibc there is a limitation for an IP address to have only 4
+	     bytes (obviously), but generally speaking the length of the address
+	     comes with a response for dns query (i know it sounds funny but
+	     read rfc1035 if you don't believe). This bug can occur on libraries
+	     where gethostbyname function takes length from dns's response</p>
+	 </blockquote>
        </body>
      </description>
      <references>
-        <cvename>CVE-2004-0836</cvename>
-        <bid>10981</bid>
-        <url>http://bugs.mysql.com/bug.php?id=4017</url>
-        <url>http://lists.mysql.com/internals/14726</url>
-        <url>http://rhn.redhat.com/errata/RHSA-2004-611.html</url>
-        <url>http://www.osvdb.org/displayvuln.php?osvdb_id=10658</url>
+	<cvename>CVE-2004-0836</cvename>
+	<bid>10981</bid>
+	<url>http://bugs.mysql.com/bug.php?id=4017</url>
+	<url>http://lists.mysql.com/internals/14726</url>
+	<url>http://rhn.redhat.com/errata/RHSA-2004-611.html</url>
+	<url>http://www.osvdb.org/displayvuln.php?osvdb_id=10658</url>
      </references>
      <dates>
        <discovery>2004-06-04</discovery>
@@ -30517,29 +30544,29 @@ http_access deny Gopher</pre>
      <topic>mysql -- erroneous access restrictions applied to table renames</topic>
      <affects>
        <package>
-         <name>mysql-server</name>
-         <range><le>3.23.58_3</le></range>
-         <range><ge>4.*</ge><lt>4.0.21</lt></range>
+	 <name>mysql-server</name>
+	 <range><le>3.23.58_3</le></range>
+	 <range><ge>4.*</ge><lt>4.0.21</lt></range>
        </package>
      </affects>
      <description>
        <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>A Red Hat advisory reports:</p>
-        <blockquote cite="http://rhn.redhat.com/errata/RHSA-2004-611.html">
-                <p>Oleksandr Byelkin discovered that "ALTER TABLE ... RENAME"
-                checked the CREATE/INSERT rights of the old table instead of the new one.</p>
-        </blockquote>
-                <p>Table access restrictions, on the affected MySQL servers,
-                may accidently or intentially be bypassed due to this
-                bug.</p>
+	<p>A Red Hat advisory reports:</p>
+	<blockquote cite="http://rhn.redhat.com/errata/RHSA-2004-611.html">
+	  <p>Oleksandr Byelkin discovered that "ALTER TABLE ... RENAME" checked
+	    the CREATE/INSERT rights of the old table instead of the new
+	    one.</p>
+	</blockquote>
+	<p>Table access restrictions, on the affected MySQL servers, may
+	  accidently or intentially be bypassed due to this bug.</p>
        </body>
      </description>
      <references>
-        <cvename>CVE-2004-0835</cvename>
-        <bid>11357</bid>
-        <url>http://bugs.mysql.com/bug.php?id=3270</url>
-        <url>http://rhn.redhat.com/errata/RHSA-2004-611.html</url>
-        <url>http://xforce.iss.net/xforce/xfdb/17666</url>
+	<cvename>CVE-2004-0835</cvename>
+	<bid>11357</bid>
+	<url>http://bugs.mysql.com/bug.php?id=3270</url>
+	<url>http://rhn.redhat.com/errata/RHSA-2004-611.html</url>
+	<url>http://xforce.iss.net/xforce/xfdb/17666</url>
      </references>
      <dates>
        <discovery>2004-03-23</discovery>
@@ -30594,10 +30621,10 @@ http_access deny Gopher</pre>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>A phpMyAdmin security announcement reports:</p>
 	<blockquote cite="http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4">
-          <p>File disclosure: on systems where the UploadDir mecanism
-            is active, read_dump.php can be called with a crafted
-            form; using the fact that the sql_localfile variable is
-            not sanitized can lead to a file disclosure.</p>
+	  <p>File disclosure: on systems where the UploadDir mecanism
+	    is active, read_dump.php can be called with a crafted
+	    form; using the fact that the sql_localfile variable is
+	    not sanitized can lead to a file disclosure.</p>
 	</blockquote>
 	<p>Enabling <q>PHP safe mode</q> on the server can be used as
 	  a workaround for this vulnerability.</p>
@@ -30635,19 +30662,19 @@ http_access deny Gopher</pre>
 	  vulnerabilities in wget:</p>
 	<blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110269474112384">
 	  <p>Wget erroneously thinks that the current directory is a
-            fair game, and will happily write in any file in and below
-            it.  Malicious HTTP response or malicious HTML file can
-            redirect wget to a file that is vital to the system, and
-            wget will create/append/overwrite it.</p>
+	    fair game, and will happily write in any file in and below
+	    it.  Malicious HTTP response or malicious HTML file can
+	    redirect wget to a file that is vital to the system, and
+	    wget will create/append/overwrite it.</p>
 	  <p>Wget apparently has at least two methods of
-            ``sanitizing'' the potentially malicious data it receives
-            from the HTTP stream, therefore a malicious redirects can
-            pass the check.  We haven't find a way to trick wget into
-            writing above the parent directory, which doesn't mean
-            it's not possible.</p>
+	    ``sanitizing'' the potentially malicious data it receives
+	    from the HTTP stream, therefore a malicious redirects can
+	    pass the check.  We haven't find a way to trick wget into
+	    writing above the parent directory, which doesn't mean
+	    it's not possible.</p>
 	  <p>Malicious HTTP response can overwrite parts of the
-            terminal so that the user will not notice anything wrong,
-            or will believe the error was not fatal.</p>
+	    terminal so that the user will not notice anything wrong,
+	    or will believe the error was not fatal.</p>
 	</blockquote>
       </body>
     </description>
@@ -30678,7 +30705,7 @@ http_access deny Gopher</pre>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>When browsing SMB shares with Konqueror, shares with
 	  authentication show up with hidden password in the browser
-	  bar.  It is possible to store the URL as a shortcut on the
+	  bar.	It is possible to store the URL as a shortcut on the
 	  desktop where the password is then available in plain text.</p>
       </body>
     </description>
@@ -30751,7 +30778,7 @@ http_access deny Gopher</pre>
       </references>
       <dates>
 	<discovery>2004-11-23</discovery>
-        <entry>2004-12-09</entry>
+	<entry>2004-12-09</entry>
       </dates>
   </vuln>
 
@@ -30863,9 +30890,10 @@ http_access deny Gopher</pre>
 	<p>Jason Wies identified both rssh &amp; scponly have a vulnerability
 	  that allows arbitrary command execution.  He reports:</p>
 	<blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=110202047507273">
-	  <p>The problem is compounded when you recognize that the main use of rssh and
-	    scponly is to allow file transfers, which in turn allows a malicious user to
-	    transfer and execute entire custom scripts on the remote machine.</p>
+	  <p>The problem is compounded when you recognize that the main use of
+	    rssh and scponly is to allow file transfers, which in turn allows a
+	    malicious user to transfer and execute entire custom scripts on the
+	    remote machine.</p>
 	</blockquote>
       </body>
     </description>
@@ -31521,22 +31549,22 @@ http_access deny Gopher</pre>
   <topic>samba -- potential remote DoS vulnerability</topic>
     <affects>
       <package>
-        <name>samba</name>
+	<name>samba</name>
 	<range><ge>3</ge><lt>3.0.8,1</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
       <p>Karol Wiesek at iDEFENSE reports:</p>
-        <blockquote cite="http://us4.samba.org/samba/security/CAN-2004-0930.html">
-          <p>A remote attacker could cause an smbd process to consume
-            abnormal amounts of system resources due to an input
-            validation error when matching filenames containing
-            wildcard characters.</p>
-	</blockquote>
-        <p>Although samba.org classifies this as a DoS vulnerability,
-          several members of the security community believe it may be
-          exploitable for arbitrary code execution.</p>
+	<blockquote cite="http://us4.samba.org/samba/security/CAN-2004-0930.html">
+	  <p>A remote attacker could cause an smbd process to consume
+	    abnormal amounts of system resources due to an input
+	    validation error when matching filenames containing
+	    wildcard characters.</p>
+	</blockquote>
+	<p>Although samba.org classifies this as a DoS vulnerability,
+	  several members of the security community believe it may be
+	  exploitable for arbitrary code execution.</p>
       </body>
     </description>
     <references>
@@ -31623,13 +31651,13 @@ http_access deny Gopher</pre>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>A siyahsapka.org advisory reads:</p>
 	<blockquote cite="http://deicide.siyahsapka.org/hafiye_esc.txt">
-          <p>Hafiye-1.0 doesnt filter the payload when printing it to
-            the terminal.  A malicious attacker can send packets with
+	  <p>Hafiye-1.0 doesnt filter the payload when printing it to
+	    the terminal.  A malicious attacker can send packets with
 	    escape sequence payloads to exploit this vulnerability.</p>
-          <p>If Hafiye has been started with -n packet count option ,
-            the vulnerability could allow remote code execution.  For
-            remote code execution the victim must press Enter after
-            program exit.</p>
+	  <p>If Hafiye has been started with -n packet count option ,
+	    the vulnerability could allow remote code execution.  For
+	    remote code execution the victim must press Enter after
+	    program exit.</p>
 	</blockquote>
 	<p>Note that it appears that this bug can only be exploited in
 	  conjunction with a terminal emulator that honors the
@@ -31651,17 +31679,17 @@ http_access deny Gopher</pre>
     <topic>ez-ipupdate -- format string vulnerability</topic>
     <affects>
       <package>
-         <name>ez-ipupdate</name>
-         <range><lt>3.0.11b8_2</lt></range>
+	 <name>ez-ipupdate</name>
+	 <range><lt>3.0.11b8_2</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Data supplied by a remote server is used as the format string
-          instead of as parameters in a syslog() call.  This may lead
-          to crashes or potential running of arbitrary code.  It is
-          only a problem when running in daemon mode (very common) and
-          when using some service types.</p>
+	<p>Data supplied by a remote server is used as the format string
+	  instead of as parameters in a syslog() call.	This may lead
+	  to crashes or potential running of arbitrary code.  It is
+	  only a problem when running in daemon mode (very common) and
+	  when using some service types.</p>
       </body>
     </description>
     <references>
@@ -31841,15 +31869,15 @@ http_access deny Gopher</pre>
 	<range><le>1.3.31</le></range>
       </package>
       <package>
-        <name>apache+ipv6</name>
-        <range><lt>1.3.33</lt></range>
+	<name>apache+ipv6</name>
+	<range><lt>1.3.33</lt></range>
       </package>
       <package>
 	<name>apache+ssl</name>
 	<range><le>1.3.29.1.55</le></range>
       </package>
       <package>
-        <name>ru-apache</name>
+	<name>ru-apache</name>
 	<range><lt>1.3.33+30.21</lt></range>
       </package>
       <package>
@@ -31921,11 +31949,11 @@ http_access deny Gopher</pre>
 	<p>infamous41md reports about the GD Graphics Library:</p>
 	<blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=109882489302099">
 	  <p>There is an integer overflow when allocating memory in
-            the routine that handles loading PNG image files.  This
-            later leads to heap data structures being overwritten.  If
-            an attacker tricked a user into loading a malicious PNG
-            image, they could leverage this into executing arbitrary
-            code in the context of the user opening image.</p>
+	    the routine that handles loading PNG image files.  This
+	    later leads to heap data structures being overwritten.  If
+	    an attacker tricked a user into loading a malicious PNG
+	    image, they could leverage this into executing arbitrary
+	    code in the context of the user opening image.</p>
 	</blockquote>
       </body>
     </description>
@@ -32022,9 +32050,9 @@ http_access deny Gopher</pre>
     <topic>horde -- cross-site scripting vulnerability in help window</topic>
     <affects>
       <package>
-        <name>horde</name>
+	<name>horde</name>
 	<name>horde-devel</name>
-        <range><lt>2.2.7</lt></range>
+	<range><lt>2.2.7</lt></range>
       </package>
     </affects>
     <description>
@@ -32109,7 +32137,7 @@ http_access deny Gopher</pre>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Chris Evans discovered several integer arithmetic overflows
-	  in the xpdf 2 and xpdf 3 code bases.  The flaws have impacts
+	  in the xpdf 2 and xpdf 3 code bases.	The flaws have impacts
 	  ranging from denial-of-service to arbitrary code execution.</p>
       </body>
     </description>
@@ -32263,9 +32291,9 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Sean <q>infamous42md</q> reports that a malicous GroupWise
-          messaging server may be able to exploit a heap buffer
-          overflow in gaim, leading to arbitrary code execution.</p>
+	<p>Sean <q>infamous42md</q> reports that a malicous GroupWise
+	  messaging server may be able to exploit a heap buffer
+	  overflow in gaim, leading to arbitrary code execution.</p>
       </body>
     </description>
     <references>
@@ -32442,11 +32470,11 @@ http_access deny Gopher</pre>
 	  following issues have been fixed:</p>
 	<blockquote cite="http://marc.theaimsgroup.com/?l=apache-httpd-announce&amp;m=109527608022322">
 	  <p>A segfault in mod_ssl which can be triggered by a
-            malicious remote server, if proxying to SSL servers has
-            been configured.  [CAN-2004-0751]</p>
+	    malicious remote server, if proxying to SSL servers has
+	    been configured.  [CAN-2004-0751]</p>
 	  <p>A potential infinite loop in mod_ssl which could be
-            triggered given particular timing of a connection
-            abort.  [CAN-2004-0748]</p>
+	    triggered given particular timing of a connection
+	    abort.  [CAN-2004-0748]</p>
 	</blockquote>
       </body>
     </description>
@@ -32604,13 +32632,13 @@ http_access deny Gopher</pre>
 	  consequences of imwheel's handling of the process ID file (PID
 	  file):</p>
 	<blockquote cite="http://www.caughq.org/advisories/CAU-2004-0002.txt">
-          <p>imwheel exclusively uses a predictably named PID file for
-            management of multiple imwheel processes. A race condition
-            exists when the -k command-line option is used to kill
-            existing imwheel processes. This race condition may be
-            used by a local user to Denial of Service another user
-            using imwheel, lead to resource exhaustion of the host
-            system, or append data to arbitrary files.</p>
+	  <p>imwheel exclusively uses a predictably named PID file for
+	    management of multiple imwheel processes. A race condition
+	    exists when the -k command-line option is used to kill
+	    existing imwheel processes. This race condition may be
+	    used by a local user to Denial of Service another user
+	    using imwheel, lead to resource exhaustion of the host
+	    system, or append data to arbitrary files.</p>
 	</blockquote>
       </body>
     </description>
@@ -32777,7 +32805,7 @@ http_access deny Gopher</pre>
     <topic>icecast -- HTTP header overflow</topic>
     <affects>
       <package>
-        <name>icecast2</name>
+	<name>icecast2</name>
 	<range><lt>2.0.2,1</lt></range>
       </package>
     </affects>
@@ -32833,19 +32861,19 @@ http_access deny Gopher</pre>
     <affects>
       <package>
 	<name>xerces-c2</name>
-        <range><lt>2.6.0</lt></range>
+	<range><lt>2.6.0</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Amit Klein reports about Xerces-C++:</p>
-        <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=109674050017645">
-          <p>An attacker can craft a malicious XML document, which
-            uses XML attributes in a way that inflicts a denial of
-            service condition on the target machine (XML parser).  The
-            result of this attack is that the XML parser consumes all
-            the CPU.</p>
-        </blockquote>
+	<p>Amit Klein reports about Xerces-C++:</p>
+	<blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=109674050017645">
+	  <p>An attacker can craft a malicious XML document, which
+	    uses XML attributes in a way that inflicts a denial of
+	    service condition on the target machine (XML parser).  The
+	    result of this attack is that the XML parser consumes all
+	    the CPU.</p>
+	</blockquote>
       </body>
     </description>
     <references>
@@ -32864,13 +32892,13 @@ http_access deny Gopher</pre>
     <affects>
       <package>
 	<name>wordpress</name>
-        <range><lt>1.2.1</lt></range>
+	<range><lt>1.2.1</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Pages in the administration panel of Wordpress are
-          vulnerable for XSS attacks.</p>
+	<p>Pages in the administration panel of Wordpress are
+	  vulnerable for XSS attacks.</p>
       </body>
     </description>
     <references>
@@ -32947,15 +32975,15 @@ http_access deny Gopher</pre>
     <affects>
       <package>
 	<name>cups-base</name>
-        <range><lt>1.1.22</lt></range>
+	<range><lt>1.1.22</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Certain methods of authenticated remote printing in CUPS
-          can disclose user names and passwords in the log files.</p>
-        <p>A workaround for this problem is to set more strict
-          access permissions on the CUPS logfiles.</p>
+	<p>Certain methods of authenticated remote printing in CUPS
+	  can disclose user names and passwords in the log files.</p>
+	<p>A workaround for this problem is to set more strict
+	  access permissions on the CUPS logfiles.</p>
       </body>
     </description>
     <references>
@@ -32979,7 +33007,7 @@ http_access deny Gopher</pre>
 	<range><lt>2.2.5</lt></range>
       </package>
       <package>
-        <name>freeamp</name>
+	<name>freeamp</name>
 	<range><gt>0</gt></range>
       </package>
     </affects>
@@ -33039,10 +33067,10 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Chris Evans discovered several heap buffer overflows in
-          libtiff's RLE decoder.  These overflows could be triggered
-          by a specially-crafted TIFF image file, resulting in an
-          application crash and possibly arbitrary code execution.</p>
+	<p>Chris Evans discovered several heap buffer overflows in
+	  libtiff's RLE decoder.  These overflows could be triggered
+	  by a specially-crafted TIFF image file, resulting in an
+	  application crash and possibly arbitrary code execution.</p>
       </body>
     </description>
     <references>
@@ -33062,7 +33090,7 @@ http_access deny Gopher</pre>
     <affects>
       <package>
 	<name>sharutils</name>
-        <range><lt>4.2.1_2</lt></range>
+	<range><lt>4.2.1_2</lt></range>
       </package>
     </affects>
     <description>
@@ -33160,8 +33188,8 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>The Cyrus SASL DIGEST-MD5 plugin contains a potential
-          buffer overflow when quoting is required in the output.</p>
+	<p>The Cyrus SASL DIGEST-MD5 plugin contains a potential
+	  buffer overflow when quoting is required in the output.</p>
       </body>
     </description>
     <references>
@@ -33184,13 +33212,13 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>The Cyrus SASL library, libsasl, contains functions which
-          may load dynamic libraries.  These libraries may be loaded
-          from the path specified by the environmental variable
-          SASL_PATH, which in some situations may be fully controlled
-          by a local attacker.  Thus, if a set-user-ID application
-          (such as chsh) utilizes libsasl, it may be possible for a
-          local attacker to gain superuser privileges.</p>
+	<p>The Cyrus SASL library, libsasl, contains functions which
+	  may load dynamic libraries.  These libraries may be loaded
+	  from the path specified by the environmental variable
+	  SASL_PATH, which in some situations may be fully controlled
+	  by a local attacker.	Thus, if a set-user-ID application
+	  (such as chsh) utilizes libsasl, it may be possible for a
+	  local attacker to gain superuser privileges.</p>
       </body>
     </description>
     <references>
@@ -33207,13 +33235,13 @@ http_access deny Gopher</pre>
     <topic>imp3 -- XSS hole in the HTML viewer</topic>
     <affects>
       <package>
-        <name>imp</name>
-        <range><lt>3.2.6</lt></range>
+	<name>imp</name>
+	<range><lt>3.2.6</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>The script vulnerabilities can only be exposed with
+	<p>The script vulnerabilities can only be exposed with
 	  certain browsers and allow XSS attacks when viewing
 	  HTML messages with the HTML MIME viewer</p>
       </body>
@@ -33238,10 +33266,10 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Jon Nistor reported that the FreeBSD port of bmon was
-         installed set-user-ID root, and executes commands using
-         relative paths.  This could allow local user to easily obtain
-         root privileges.</p>
+	<p>Jon Nistor reported that the FreeBSD port of bmon was
+	 installed set-user-ID root, and executes commands using
+	 relative paths.  This could allow local user to easily obtain
+	 root privileges.</p>
       </body>
     </description>
     <references>
@@ -33257,12 +33285,12 @@ http_access deny Gopher</pre>
     <topic>gnutls -- certificate chain verification DoS</topic>
     <affects>
       <package>
-        <name>gnutls</name>
-        <range><lt>1.0.17</lt></range>
+	<name>gnutls</name>
+	<range><lt>1.0.17</lt></range>
       </package>
       <package>
-        <name>gnutls-devel</name>
-        <range><ge>1.1.*</ge><lt>1.1.12</lt></range>
+	<name>gnutls-devel</name>
+	<range><ge>1.1.*</ge><lt>1.1.12</lt></range>
       </package>
     </affects>
     <description>
@@ -33271,14 +33299,14 @@ http_access deny Gopher</pre>
 	  verification procedures of GnuTLS that may result in a
 	  denial-of-service vulnerability:</p>
 	<blockquote cite="http://www.hornik.sk/SA/SA-20040802.txt">
-          <p>The certificate chain should be verified from last root
-            certificate to the first certificate.  Otherwise a lot
-            of unauthorized CPU processing can be forced to check
-            certificate signatures signed with arbitrary RSA/DSA keys
+	  <p>The certificate chain should be verified from last root
+	    certificate to the first certificate.  Otherwise a lot
+	    of unauthorized CPU processing can be forced to check
+	    certificate signatures signed with arbitrary RSA/DSA keys
 	    chosen by attacker.</p>
-          <p>In GnuTLS the signatures are checked from first to last
-            certificate, there is no limit on size of keys and no
-            limit on length of certificate chain.</p>
+	  <p>In GnuTLS the signatures are checked from first to last
+	    certificate, there is no limit on size of keys and no
+	    limit on length of certificate chain.</p>
 	</blockquote>
       </body>
     </description>
@@ -33296,22 +33324,22 @@ http_access deny Gopher</pre>
     <topic>php -- vulnerability in RFC 1867 file upload processing</topic>
     <affects>
       <package>
-        <name>php4</name>
-        <name>php4-cgi</name>
-        <range><le>4.3.8_2</le></range>
+	<name>php4</name>
+	<name>php4-cgi</name>
+	<range><le>4.3.8_2</le></range>
       </package>
       <package>
-        <name>mod_php4</name>
-        <range><le>4.3.8_2,1</le></range>
+	<name>mod_php4</name>
+	<range><le>4.3.8_2,1</le></range>
       </package>
       <package>
-        <name>php5</name>
-        <name>php5-cgi</name>
-        <range><le>5.0.1</le></range>
+	<name>php5</name>
+	<name>php5-cgi</name>
+	<range><le>5.0.1</le></range>
       </package>
       <package>
-        <name>mod_php5</name>
-        <range><le>5.0.1,1</le></range>
+	<name>mod_php5</name>
+	<range><le>5.0.1,1</le></range>
       </package>
     </affects>
     <description>
@@ -33339,39 +33367,39 @@ http_access deny Gopher</pre>
     <topic>php -- php_variables memory disclosure</topic>
     <affects>
       <package>
-        <name>mod_php4-twig</name>
-        <name>php4-cgi</name>
-        <name>php4-cli</name>
-        <name>php4-dtc</name>
-        <name>php4-horde</name>
-        <name>php4-nms</name>
-        <name>php4</name>
-        <range><le>4.3.8_2</le></range>
+	<name>mod_php4-twig</name>
+	<name>php4-cgi</name>
+	<name>php4-cli</name>
+	<name>php4-dtc</name>
+	<name>php4-horde</name>
+	<name>php4-nms</name>
+	<name>php4</name>
+	<range><le>4.3.8_2</le></range>
       </package>
       <package>
-        <name>mod_php</name>
-        <name>mod_php4</name>
+	<name>mod_php</name>
+	<name>mod_php4</name>
 	<range><ge>4</ge><le>4.3.8_2,1</le></range>
       </package>
       <package>
-        <name>php5</name>
-        <name>php5-cgi</name>
-        <name>php5-cli</name>
-        <range><le>5.0.1</le></range>
+	<name>php5</name>
+	<name>php5-cgi</name>
+	<name>php5-cli</name>
+	<range><le>5.0.1</le></range>
       </package>
       <package>
-        <name>mod_php5</name>
-        <range><le>5.0.1,1</le></range>
+	<name>mod_php5</name>
+	<range><le>5.0.1,1</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Stefano Di Paola reports:</p>
 	<blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=109527531130492">
-          <p>Bad array parsing in php_variables.c could lead to show
-            arbitrary memory content such as pieces of php code
-            and other data.  This affects all GET, POST or COOKIES
-            variables.</p>
+	  <p>Bad array parsing in php_variables.c could lead to show
+	    arbitrary memory content such as pieces of php code
+	    and other data.  This affects all GET, POST or COOKIES
+	    variables.</p>
 	</blockquote>
       </body>
     </description>
@@ -33397,20 +33425,20 @@ http_access deny Gopher</pre>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>In a Bugtraq posting, infamous41md(at)hotpop.com reported:</p>
 	<blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=109302498125092">
-          <p>there are at least 5 exploitable buffer and heap
-            overflows in the image handling code. this allows someone
-            to craft a malicious image, trick a user into viewing the
-            file in xv, and upon viewing that image execute arbitrary
-            code under privileges of the user viewing image. note
-            the AT LEAST part of the above sentence. there is such a
-            plethora of bad code that I just stopped reading after
-            a while. there are at least 100 calls to sprintf() and
-            strcpy() with no regards for bounds of buffers. 95% of
-            these deal with program arguments or filenames, so they
-            are of no interest to exploit. however I just got sick of
-            reading this code after not too long. so im sure there are
-            still other overflows in the image handling code for other
-            image types.</p>
+	  <p>there are at least 5 exploitable buffer and heap
+	    overflows in the image handling code. this allows someone
+	    to craft a malicious image, trick a user into viewing the
+	    file in xv, and upon viewing that image execute arbitrary
+	    code under privileges of the user viewing image. note
+	    the AT LEAST part of the above sentence. there is such a
+	    plethora of bad code that I just stopped reading after
+	    a while. there are at least 100 calls to sprintf() and
+	    strcpy() with no regards for bounds of buffers. 95% of
+	    these deal with program arguments or filenames, so they
+	    are of no interest to exploit. however I just got sick of
+	    reading this code after not too long. so im sure there are
+	    still other overflows in the image handling code for other
+	    image types.</p>
 	</blockquote>
 	<p>The posting also included an exploit.</p>
       </body>
@@ -33428,18 +33456,18 @@ http_access deny Gopher</pre>
   <vuln vid="8c33b299-163b-11d9-ac1b-000d614f7fad">
     <topic>getmail -- symlink vulnerability during maildir delivery</topic>
       <affects>
-        <package>
+	<package>
 	  <name>getmail</name>
 	  <range><lt>3.2.5</lt></range>
 	</package>
       </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>David Watson reports a symlink vulnerability in getmail.
-          If run as root (not the recommended mode of operation), a
-          local user may be able to cause getmail to write files in
-          arbitrary directories via a symlink attack on subdirectories
-          of the maildir.</p>
+	<p>David Watson reports a symlink vulnerability in getmail.
+	  If run as root (not the recommended mode of operation), a
+	  local user may be able to cause getmail to write files in
+	  arbitrary directories via a symlink attack on subdirectories
+	  of the maildir.</p>
       </body>
     </description>
     <references>
@@ -33464,18 +33492,18 @@ http_access deny Gopher</pre>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The syscons CONS_SCRSHOT <a href="http://www.freebsd.org/cgi/man.cgi?query=ioctl">ioctl(2)</a>
-          does insufficient validation of its input arguments.  In
-          particular, negative coordinates or large coordinates may
-          cause unexpected behavior.</p>
-        <p>It may be possible to cause the CONS_SCRSHOT ioctl to
-          return portions of kernel memory.  Such memory might
-          contain sensitive information, such as portions of the
-          file cache or terminal buffers.  This information might be
-          directly useful, or it might be leveraged to obtain elevated
-          privileges in some way.  For example, a terminal buffer
-          might include a user-entered password.</p>
-        <p>This bug may be exploitable by users who have access to the
-          physical console or can otherwise open a /dev/ttyv* device
+	  does insufficient validation of its input arguments.	In
+	  particular, negative coordinates or large coordinates may
+	  cause unexpected behavior.</p>
+	<p>It may be possible to cause the CONS_SCRSHOT ioctl to
+	  return portions of kernel memory.  Such memory might
+	  contain sensitive information, such as portions of the
+	  file cache or terminal buffers.  This information might be
+	  directly useful, or it might be leveraged to obtain elevated
+	  privileges in some way.  For example, a terminal buffer
+	  might include a user-entered password.</p>
+	<p>This bug may be exploitable by users who have access to the
+	  physical console or can otherwise open a /dev/ttyv* device
 	  node.</p>
       </body>
     </description>
@@ -33520,7 +33548,7 @@ http_access deny Gopher</pre>
     <topic>distcc -- incorrect parsing of IP access control rules</topic>
     <affects>
       <package>
-        <name>distcc</name>
+	<name>distcc</name>
 	<range><lt>2.16</lt></range>
       </package>
     </affects>
@@ -33546,34 +33574,34 @@ http_access deny Gopher</pre>
     <topic>mozilla -- scripting vulnerabilities</topic>
     <affects>
       <package>
-        <name>thunderbird</name>
+	<name>thunderbird</name>
 	<range><lt>0.8</lt></range>
       </package>
       <package>
-        <name>de-linux-mozillafirebird</name>
+	<name>de-linux-mozillafirebird</name>
 	<name>el-linux-mozillafirebird</name>
-        <name>firefox</name>
-        <name>ja-linux-mozillafirebird-gtk1</name>
-        <name>ja-mozillafirebird-gtk2</name>
-        <name>linux-mozillafirebird</name>
-        <name>ru-linux-mozillafirebird</name>
-        <name>zhCN-linux-mozillafirebird</name>
-        <name>zhTW-linux-mozillafirebird</name>
+	<name>firefox</name>
+	<name>ja-linux-mozillafirebird-gtk1</name>
+	<name>ja-mozillafirebird-gtk2</name>
+	<name>linux-mozillafirebird</name>
+	<name>ru-linux-mozillafirebird</name>
+	<name>zhCN-linux-mozillafirebird</name>
+	<name>zhTW-linux-mozillafirebird</name>
 	<range><lt>1.p</lt></range>
       </package>
       <package>
-        <name>de-netscape7</name>
-        <name>fr-netscape7</name>
-        <name>ja-netscape7</name>
-        <name>netscape7</name>
-        <name>pt_BR-netscape7</name>
+	<name>de-netscape7</name>
+	<name>fr-netscape7</name>
+	<name>ja-netscape7</name>
+	<name>netscape7</name>
+	<name>pt_BR-netscape7</name>
 	<range><le>7.2</le></range>
       </package>
       <package>
-        <name>mozilla-gtk1</name>
-        <name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7.3</lt></range>
+	<name>mozilla-gtk1</name>
+	<name>linux-mozilla</name>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7.3</lt></range>
       </package>
       <package>
 	<name>mozilla</name>
@@ -33581,18 +33609,18 @@ http_access deny Gopher</pre>
       </package>
       <package>
 	<!-- These package names are obsolete. -->
-        <name>de-linux-netscape</name>
-        <name>fr-linux-netscape</name>
-        <name>ja-linux-netscape</name>
-        <name>linux-netscape</name>
-        <name>linux-phoenix</name>
-        <name>mozilla+ipv6</name>
-        <name>mozilla-embedded</name>
-        <name>mozilla-firebird</name>
-        <name>mozilla-gtk2</name>
-        <name>mozilla-gtk</name>
-        <name>mozilla-thunderbird</name>
-        <name>phoenix</name>
+	<name>de-linux-netscape</name>
+	<name>fr-linux-netscape</name>
+	<name>ja-linux-netscape</name>
+	<name>linux-netscape</name>
+	<name>linux-phoenix</name>
+	<name>mozilla+ipv6</name>
+	<name>mozilla-embedded</name>
+	<name>mozilla-firebird</name>
+	<name>mozilla-gtk2</name>
+	<name>mozilla-gtk</name>
+	<name>mozilla-thunderbird</name>
+	<name>phoenix</name>
 	<range><ge>0</ge></range>
       </package>
     </affects>
@@ -33616,23 +33644,23 @@ http_access deny Gopher</pre>
 	  <dt>CVE-2004-0908</dt>
 	  <dd>
 	    <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html">
-              <p>Untrusted javascript code can read and write to the
-                clipboard, stealing any sensitive data the user might
-                have copied. <strong>Workaround:</strong> disable
-                javascript</p>
+	      <p>Untrusted javascript code can read and write to the
+		clipboard, stealing any sensitive data the user might
+		have copied. <strong>Workaround:</strong> disable
+		javascript</p>
 	    </blockquote>
 	  </dd>
 	  <dt>CVE-2004-0909</dt>
 	  <dd>
 	    <blockquote cite="http://www.mozilla.org/projects/security/known-vulnerabilities.html">
-              <p>Signed scripts requesting enhanced abilities could
-                construct the request in a way that led to a confusing
-                grant dialog, possibly fooling the user into thinking
-                the privilege requested was inconsequential while
-                actually obtaining explicit permission to run and
-                install software. <strong>Workaround:</strong> Never
-                grant enhanced abilities of any kind to untrusted web
-                pages.</p>
+	      <p>Signed scripts requesting enhanced abilities could
+		construct the request in a way that led to a confusing
+		grant dialog, possibly fooling the user into thinking
+		the privilege requested was inconsequential while
+		actually obtaining explicit permission to run and
+		install software. <strong>Workaround:</strong> Never
+		grant enhanced abilities of any kind to untrusted web
+		pages.</p>
 	    </blockquote>
 	  </dd>
 	</dl>
@@ -33656,34 +33684,34 @@ http_access deny Gopher</pre>
     <topic>mozilla -- users may be lured into bypassing security dialogs</topic>
     <affects>
       <package>
-        <name>thunderbird</name>
+	<name>thunderbird</name>
 	<range><lt>0.7</lt></range>
       </package>
       <package>
-        <name>de-linux-mozillafirebird</name>
+	<name>de-linux-mozillafirebird</name>
 	<name>el-linux-mozillafirebird</name>
-        <name>firefox</name>
-        <name>ja-linux-mozillafirebird-gtk1</name>
-        <name>ja-mozillafirebird-gtk2</name>
-        <name>linux-mozillafirebird</name>
-        <name>ru-linux-mozillafirebird</name>
-        <name>zhCN-linux-mozillafirebird</name>
-        <name>zhTW-linux-mozillafirebird</name>
+	<name>firefox</name>
+	<name>ja-linux-mozillafirebird-gtk1</name>
+	<name>ja-mozillafirebird-gtk2</name>
+	<name>linux-mozillafirebird</name>
+	<name>ru-linux-mozillafirebird</name>
+	<name>zhCN-linux-mozillafirebird</name>
+	<name>zhTW-linux-mozillafirebird</name>
 	<range><lt>0.9.2</lt></range>
       </package>
       <package>
-        <name>de-netscape7</name>
-        <name>fr-netscape7</name>
-        <name>ja-netscape7</name>
-        <name>netscape7</name>
-        <name>pt_BR-netscape7</name>
+	<name>de-netscape7</name>
+	<name>fr-netscape7</name>
+	<name>ja-netscape7</name>
+	<name>netscape7</name>
+	<name>pt_BR-netscape7</name>
 	<range><le>7.2</le></range>
       </package>
       <package>
-        <name>mozilla-gtk1</name>
-        <name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7</lt></range>
+	<name>mozilla-gtk1</name>
+	<name>linux-mozilla</name>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7</lt></range>
       </package>
       <package>
 	<name>mozilla</name>
@@ -33691,18 +33719,18 @@ http_access deny Gopher</pre>
       </package>
       <package>
 	<!-- These package names are obsolete. -->
-        <name>de-linux-netscape</name>
-        <name>fr-linux-netscape</name>
-        <name>ja-linux-netscape</name>
-        <name>linux-netscape</name>
-        <name>linux-phoenix</name>
-        <name>mozilla+ipv6</name>
-        <name>mozilla-embedded</name>
-        <name>mozilla-firebird</name>
-        <name>mozilla-gtk2</name>
-        <name>mozilla-gtk</name>
-        <name>mozilla-thunderbird</name>
-        <name>phoenix</name>
+	<name>de-linux-netscape</name>
+	<name>fr-linux-netscape</name>
+	<name>ja-linux-netscape</name>
+	<name>linux-netscape</name>
+	<name>linux-phoenix</name>
+	<name>mozilla+ipv6</name>
+	<name>mozilla-embedded</name>
+	<name>mozilla-firebird</name>
+	<name>mozilla-gtk2</name>
+	<name>mozilla-gtk</name>
+	<name>mozilla-thunderbird</name>
+	<name>phoenix</name>
 	<range><ge>0</ge></range>
       </package>
     </affects>
@@ -33732,34 +33760,34 @@ http_access deny Gopher</pre>
     <topic>mozilla -- hostname spoofing bug</topic>
     <affects>
       <package>
-        <name>thunderbird</name>
+	<name>thunderbird</name>
 	<range><lt>0.7</lt></range>
       </package>
       <package>
-        <name>de-linux-mozillafirebird</name>
+	<name>de-linux-mozillafirebird</name>
 	<name>el-linux-mozillafirebird</name>
-        <name>firefox</name>
-        <name>ja-linux-mozillafirebird-gtk1</name>
-        <name>ja-mozillafirebird-gtk2</name>
-        <name>linux-mozillafirebird</name>
-        <name>ru-linux-mozillafirebird</name>
-        <name>zhCN-linux-mozillafirebird</name>
-        <name>zhTW-linux-mozillafirebird</name>
+	<name>firefox</name>
+	<name>ja-linux-mozillafirebird-gtk1</name>
+	<name>ja-mozillafirebird-gtk2</name>
+	<name>linux-mozillafirebird</name>
+	<name>ru-linux-mozillafirebird</name>
+	<name>zhCN-linux-mozillafirebird</name>
+	<name>zhTW-linux-mozillafirebird</name>
 	<range><lt>0.9.2</lt></range>
       </package>
       <package>
-        <name>de-netscape7</name>
-        <name>fr-netscape7</name>
-        <name>ja-netscape7</name>
-        <name>netscape7</name>
-        <name>pt_BR-netscape7</name>
+	<name>de-netscape7</name>
+	<name>fr-netscape7</name>
+	<name>ja-netscape7</name>
+	<name>netscape7</name>
+	<name>pt_BR-netscape7</name>
 	<range><le>7.2</le></range>
       </package>
       <package>
-        <name>mozilla-gtk1</name>
-        <name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7</lt></range>
+	<name>mozilla-gtk1</name>
+	<name>linux-mozilla</name>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7</lt></range>
       </package>
       <package>
 	<name>mozilla</name>
@@ -33767,18 +33795,18 @@ http_access deny Gopher</pre>
       </package>
       <package>
 	<!-- These package names are obsolete. -->
-        <name>de-linux-netscape</name>
-        <name>fr-linux-netscape</name>
-        <name>ja-linux-netscape</name>
-        <name>linux-netscape</name>
-        <name>linux-phoenix</name>
-        <name>mozilla+ipv6</name>
-        <name>mozilla-embedded</name>
-        <name>mozilla-firebird</name>
-        <name>mozilla-gtk2</name>
-        <name>mozilla-gtk</name>
-        <name>mozilla-thunderbird</name>
-        <name>phoenix</name>
+	<name>de-linux-netscape</name>
+	<name>fr-linux-netscape</name>
+	<name>ja-linux-netscape</name>
+	<name>linux-netscape</name>
+	<name>linux-phoenix</name>
+	<name>mozilla+ipv6</name>
+	<name>mozilla-embedded</name>
+	<name>mozilla-firebird</name>
+	<name>mozilla-gtk2</name>
+	<name>mozilla-gtk</name>
+	<name>mozilla-thunderbird</name>
+	<name>phoenix</name>
 	<range><ge>0</ge></range>
       </package>
     </affects>
@@ -33819,18 +33847,18 @@ http_access deny Gopher</pre>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>According to a Samba Team security notice:</p>
 	<blockquote cite="http://www.samba.org/samba/news/#security_2.2.12">
-          <p>A security vulnerability has been located in Samba
-            2.2.x &lt;= 2.2.11 and Samba 3.0.x &lt;= 3.0.5. A remote
-            attacker may be able to gain access to files which exist
-            outside of the share's defined path. Such files must still
-            be readable by the account used for the connection.</p>
-        </blockquote>
+	  <p>A security vulnerability has been located in Samba
+	    2.2.x &lt;= 2.2.11 and Samba 3.0.x &lt;= 3.0.5. A remote
+	    attacker may be able to gain access to files which exist
+	    outside of the share's defined path. Such files must still
+	    be readable by the account used for the connection.</p>
+	</blockquote>
 	<blockquote cite="http://www.samba.org/samba/news/#errata_05oct">
-          <p>The original notice for CAN-2004-0815 indicated that
-            Samba 3.0.x &lt;= 3.0.5 was vulnerable to the security
-            issue. After further research, Samba developers have
-            confirmed that only Samba 3.0.2a and earlier releases
-            contain the exploitable code.</p>
+	  <p>The original notice for CAN-2004-0815 indicated that
+	    Samba 3.0.x &lt;= 3.0.5 was vulnerable to the security
+	    issue. After further research, Samba developers have
+	    confirmed that only Samba 3.0.2a and earlier releases
+	    contain the exploitable code.</p>
 	</blockquote>
       </body>
     </description>
@@ -33849,38 +33877,38 @@ http_access deny Gopher</pre>
     <topic>mozilla -- BMP decoder vulnerabilities</topic>
     <affects>
       <package>
-        <name>thunderbird</name>
+	<name>thunderbird</name>
 	<range><lt>0.7.3_1</lt></range>
       </package>
       <package>
-        <name>de-linux-mozillafirebird</name>
+	<name>de-linux-mozillafirebird</name>
 	<name>el-linux-mozillafirebird</name>
-        <name>firefox</name>
-        <name>ja-linux-mozillafirebird-gtk1</name>
-        <name>ja-mozillafirebird-gtk2</name>
-        <name>linux-mozillafirebird</name>
-        <name>linux-phoenix</name>
-        <name>phoenix</name>
-        <name>ru-linux-mozillafirebird</name>
-        <name>zhCN-linux-mozillafirebird</name>
-        <name>zhTW-linux-mozillafirebird</name>
+	<name>firefox</name>
+	<name>ja-linux-mozillafirebird-gtk1</name>
+	<name>ja-mozillafirebird-gtk2</name>
+	<name>linux-mozillafirebird</name>
+	<name>linux-phoenix</name>
+	<name>phoenix</name>
+	<name>ru-linux-mozillafirebird</name>
+	<name>zhCN-linux-mozillafirebird</name>
+	<name>zhTW-linux-mozillafirebird</name>
 	<range><lt>0.9.3_1</lt></range>
       </package>
       <package>
-        <name>de-netscape7</name>
-        <name>fr-netscape7</name>
-        <name>ja-netscape7</name>
-        <name>netscape7</name>
-        <name>pt_BR-netscape7</name>
+	<name>de-netscape7</name>
+	<name>fr-netscape7</name>
+	<name>ja-netscape7</name>
+	<name>netscape7</name>
+	<name>pt_BR-netscape7</name>
 	<range><le>7.2</le></range>
       </package>
       <package>
-        <name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7.3</lt></range>
+	<name>linux-mozilla</name>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7.3</lt></range>
       </package>
       <package>
-        <name>mozilla-gtk1</name>
+	<name>mozilla-gtk1</name>
 	<range><lt>1.7.2_3</lt></range>
       </package>
       <package>
@@ -33890,16 +33918,16 @@ http_access deny Gopher</pre>
       </package>
       <package>
 	<!-- These package names are obsolete. -->
-        <name>mozilla+ipv6</name>
-        <name>mozilla-embedded</name>
-        <name>mozilla-firebird</name>
-        <name>mozilla-gtk</name>
-        <name>mozilla-gtk2</name>
-        <name>mozilla-thunderbird</name>
-        <name>linux-netscape</name>
-        <name>de-linux-netscape</name>
-        <name>fr-linux-netscape</name>
-        <name>ja-linux-netscape</name>
+	<name>mozilla+ipv6</name>
+	<name>mozilla-embedded</name>
+	<name>mozilla-firebird</name>
+	<name>mozilla-gtk</name>
+	<name>mozilla-gtk2</name>
+	<name>mozilla-thunderbird</name>
+	<name>linux-netscape</name>
+	<name>de-linux-netscape</name>
+	<name>fr-linux-netscape</name>
+	<name>ja-linux-netscape</name>
 	<range><ge>0</ge></range>
       </package>
     </affects>
@@ -33946,9 +33974,9 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Georgi Guninski discovered a stack buffer overflow which
-          may be triggered when viewing email messages with vCard
-          attachments.</p>
+	<p>Georgi Guninski discovered a stack buffer overflow which
+	  may be triggered when viewing email messages with vCard
+	  attachments.</p>
       </body>
     </description>
     <references>
@@ -34101,7 +34129,7 @@ http_access deny Gopher</pre>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Stefan Esser of e-matters discovered a condition within PHP
-	  that may lead to remote execution of arbitrary code.  The
+	  that may lead to remote execution of arbitrary code.	The
 	  memory_limit facility is used to notify functions when memory
 	  contraints have been met. Under certain conditions, the entry
 	  into this facility is able to interrupt functions such as
@@ -34152,12 +34180,12 @@ http_access deny Gopher</pre>
 	  <p>mod_authz_svn, the Apache httpd module which does path-based
 	    authorization on Subversion repositories, is not correctly
 	    protecting all metadata on unreadable paths.</p>
-          <p>This security issue is not about revealing the contents
-            of protected files: it only reveals metadata about
-            protected areas such as paths and log messages.  This may
-            or may not be important to your organization, depending
-            on how you're using path-based authorization, and the
-            sensitivity of the metadata. </p>
+	  <p>This security issue is not about revealing the contents
+	    of protected files: it only reveals metadata about
+	    protected areas such as paths and log messages.  This may
+	    or may not be important to your organization, depending
+	    on how you're using path-based authorization, and the
+	    sensitivity of the metadata. </p>
 	</blockquote>
       </body>
     </description>
@@ -34223,9 +34251,9 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>There is a buffer overflow in the prepared statements API
-          (libmysqlclient) when a statement containing thousands of
-          placeholders is executed.</p>
+	<p>There is a buffer overflow in the prepared statements API
+	  (libmysqlclient) when a statement containing thousands of
+	  placeholders is executed.</p>
       </body>
     </description>
     <references>
@@ -34247,9 +34275,9 @@ http_access deny Gopher</pre>
 	<range><lt>0.9</lt></range>
       </package>
       <package>
-        <name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7</lt></range>
+	<name>linux-mozilla</name>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7</lt></range>
       </package>
       <package>
 	<name>mozilla</name>
@@ -34286,9 +34314,9 @@ http_access deny Gopher</pre>
 	<range><lt>0.9.3</lt></range>
       </package>
       <package>
-        <name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7.2</lt></range>
+	<name>linux-mozilla</name>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7.2</lt></range>
       </package>
       <package>
 	<name>mozilla</name>
@@ -34334,11 +34362,11 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>A malicious web page can cause an automated file upload
-          from the victim's machine when viewed with Mozilla with
-          Javascript enabled.  This is due to a bug permitting
-          default values for type="file" &lt;input&gt; elements in
-          certain situations.</p>
+	<p>A malicious web page can cause an automated file upload
+	  from the victim's machine when viewed with Mozilla with
+	  Javascript enabled.  This is due to a bug permitting
+	  default values for type="file" &lt;input&gt; elements in
+	  certain situations.</p>
       </body>
     </description>
     <references>
@@ -34356,33 +34384,33 @@ http_access deny Gopher</pre>
     <topic>mozilla -- built-in CA certificates may be overridden</topic>
     <affects>
       <package>
-        <name>firefox</name>
-        <range><lt>0.9.3</lt></range>
+	<name>firefox</name>
+	<range><lt>0.9.3</lt></range>
       </package>
       <package>
-        <name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7.2</lt></range>
+	<name>linux-mozilla</name>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7.2</lt></range>
       </package>
       <package>
-        <name>mozilla</name>
-        <range><lt>1.7.2,2</lt></range>
-        <range><ge>1.8.a,2</ge></range>
+	<name>mozilla</name>
+	<range><lt>1.7.2,2</lt></range>
+	<range><ge>1.8.a,2</ge></range>
       </package>
       <package>
-        <name>mozilla-gtk1</name>
-        <range><lt>1.7.2</lt></range>
+	<name>mozilla-gtk1</name>
+	<range><lt>1.7.2</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Under some situations, Mozilla will automatically import
-          a certificate from an email message or web site.  This
-          behavior can be used as a denial-of-service attack: if the
-          certificate has a distinguished name (DN) identical to one
-          of the built-in Certificate Authorities (CAs), then Mozilla
-          will no longer be able to certify sites with certificates
-          issued from that CA.</p>
+	<p>Under some situations, Mozilla will automatically import
+	  a certificate from an email message or web site.  This
+	  behavior can be used as a denial-of-service attack: if the
+	  certificate has a distinguished name (DN) identical to one
+	  of the built-in Certificate Authorities (CAs), then Mozilla
+	  will no longer be able to certify sites with certificates
+	  issued from that CA.</p>
       </body>
     </description>
     <references>
@@ -34407,19 +34435,19 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>rssh expands command line paramters before invoking chroot.
-          This could result in the disclosure to the client of file
-          names outside of the chroot directory.  A posting by the rssh
+	<p>rssh expands command line paramters before invoking chroot.
+	  This could result in the disclosure to the client of file
+	  names outside of the chroot directory.  A posting by the rssh
 	  author explains:</p>
 	<blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&amp;m=108787373022844">
-          <p>The cause of the problem identified by Mr. McCaw is that
-            rssh expanded command-line arguments prior to entering
-            the chroot jail.  This bug DOES NOT allow a user to
-            access any of the files outside the jail, but can allow
-            them to discover what files are in a directory which is
-            outside the jail, if their credentials on the server would
-            normally allow them read/execute access in the specified
-            directory.</p>
+	  <p>The cause of the problem identified by Mr. McCaw is that
+	    rssh expanded command-line arguments prior to entering
+	    the chroot jail.  This bug DOES NOT allow a user to
+	    access any of the files outside the jail, but can allow
+	    them to discover what files are in a directory which is
+	    outside the jail, if their credentials on the server would
+	    normally allow them read/execute access in the specified
+	    directory.</p>
 	</blockquote>
       </body>
     </description>
@@ -34447,16 +34475,16 @@ http_access deny Gopher</pre>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>An iDEFENSE security advisory reports:</p>
 	<blockquote cite="http://www.idefense.com/application/poi/display?id=141&amp;type=vulnerabilities">
-          <p>Remote exploitation of an input validation error in
-            version 1.2 of GNU radiusd could allow a denial of
-            service.</p>
-          <p>The vulnerability specifically exists within
-            the asn_decode_string() function defined in
-            snmplib/asn1.c. When a very large unsigned number is
-            supplied, it is possible that an integer overflow will
-            occur in the bounds-checking code. The daemon will then
-            attempt to reference unallocated memory, resulting in an
-            access violation that causes the process to terminate.</p>
+	  <p>Remote exploitation of an input validation error in
+	    version 1.2 of GNU radiusd could allow a denial of
+	    service.</p>
+	  <p>The vulnerability specifically exists within
+	    the asn_decode_string() function defined in
+	    snmplib/asn1.c. When a very large unsigned number is
+	    supplied, it is possible that an integer overflow will
+	    occur in the bounds-checking code. The daemon will then
+	    attempt to reference unallocated memory, resulting in an
+	    access violation that causes the process to terminate.</p>
 	</blockquote>
       </body>
     </description>
@@ -34481,9 +34509,9 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>A new feature of sudo 1.6.8 called "sudoedit" (a safe
-          editing facility) may allow users to read files to which
-          they normally have no access.</p>
+	<p>A new feature of sudo 1.6.8 called "sudoedit" (a safe
+	  editing facility) may allow users to read files to which
+	  they normally have no access.</p>
       </body>
     </description>
     <references>
@@ -34554,10 +34582,10 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>A number of vulnerabilities were discovered in CVS by
+	<p>A number of vulnerabilities were discovered in CVS by
 	  Stefan Esser, Sebastian Krahmer, and Derek Price.</p>
 	<ul>
-          <li>Insufficient input validation while processing "Entry"
+	  <li>Insufficient input validation while processing "Entry"
 	    lines.  (CVE-2004-0414)</li>
 	  <li>A double-free resulting from erroneous state handling while
 	    processing "Argumentx" commands. (CVE-2004-0416)</li>
@@ -34570,18 +34598,18 @@ http_access deny Gopher</pre>
 	    from CVSROOT.</li>
 	  <li>Various other integer overflows.</li>
 	</ul>
-        <p>Additionally, iDEFENSE reports an undocumented command-line
-          flag used in debugging does not perform input validation on
-          the given path names.</p>
-        <p>CVS servers ("cvs server" or :pserver: modes) are
-          affected by these vulnerabilities.  They vary in impact
-          but include information disclosure (the iDEFENSE-reported
-          bug), denial-of-service (CVE-2004-0414, CVE-2004-0416,
-          CVE-2004-0417 and other bugs), or possibly arbitrary code
-          execution (CVE-2004-0418).  In very special situations where
-          the attacker may somehow influence the contents of CVS
-          configuration files in CVSROOT, additional attacks may be
-          possible.</p>
+	<p>Additionally, iDEFENSE reports an undocumented command-line
+	  flag used in debugging does not perform input validation on
+	  the given path names.</p>
+	<p>CVS servers ("cvs server" or :pserver: modes) are
+	  affected by these vulnerabilities.  They vary in impact
+	  but include information disclosure (the iDEFENSE-reported
+	  bug), denial-of-service (CVE-2004-0414, CVE-2004-0416,
+	  CVE-2004-0417 and other bugs), or possibly arbitrary code
+	  execution (CVE-2004-0418).  In very special situations where
+	  the attacker may somehow influence the contents of CVS
+	  configuration files in CVSROOT, additional attacks may be
+	  possible.</p>
       </body>
     </description>
     <references>
@@ -34630,8 +34658,8 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Chris Evans discovered several flaws in the gdk-pixbuf
-          XPM image decoder:</p>
+	<p>Chris Evans discovered several flaws in the gdk-pixbuf
+	  XPM image decoder:</p>
 	<ul>
 	  <li>Heap-based overflow in pixbuf_create_from_xpm</li>
 	  <li>Stack-based overflow in xpm_extract_color</li>
@@ -34705,11 +34733,11 @@ http_access deny Gopher</pre>
 	</ul>
 	<p>The X11R6.8.1 release announcement reads:</p>
 	<blockquote cite="http://freedesktop.org/pipermail/xorg/2004-September/003172.html">
-          <p>This version is purely a security release, addressing
-            multiple integer and stack overflows in libXpm, the X
-            Pixmap library; all known versions of X (both XFree86
-            and X.Org) are affected, so all users of X are strongly
-            encouraged to upgrade.</p>
+	  <p>This version is purely a security release, addressing
+	    multiple integer and stack overflows in libXpm, the X
+	    Pixmap library; all known versions of X (both XFree86
+	    and X.Org) are affected, so all users of X are strongly
+	    encouraged to upgrade.</p>
 	</blockquote>
       </body>
     </description>
@@ -34824,11 +34852,11 @@ http_access deny Gopher</pre>
 	  files (the main `httpd.conf' and `.htaccess' files).
 	  According to a SITIC advisory:</p>
 	<blockquote cite="http://lists.netsys.com/pipermail/full-disclosure/2004-September/026463.html">
-          <p>The buffer overflow occurs when expanding ${ENVVAR}
-            constructs in .htaccess or httpd.conf files. The function
-            ap_resolve_env() in server/util.c copies data from
-            environment variables to the character array tmp with
-            strcat(3), leading to a buffer overflow. </p>
+	  <p>The buffer overflow occurs when expanding ${ENVVAR}
+	    constructs in .htaccess or httpd.conf files. The function
+	    ap_resolve_env() in server/util.c copies data from
+	    environment variables to the character array tmp with
+	    strcat(3), leading to a buffer overflow. </p>
 	</blockquote>
       </body>
     </description>
@@ -34855,12 +34883,12 @@ http_access deny Gopher</pre>
 	<p>The Webmin developers documented a security issue in the
 	  release notes for version 1.160:</p>
 	<blockquote cite="http://www.webmin.com/changes-1.160.html">
-          <p>Fixed a security hole in the maketemp.pl script, used
-            to create the /tmp/.webmin directory at install time. If
-            an un-trusted user creates this directory before Webmin
-            is installed, he could create in it a symbolic link
-            pointing to a critical file on the system, which would be
-            overwritten when Webmin writes to the link filename.</p>
+	  <p>Fixed a security hole in the maketemp.pl script, used
+	    to create the /tmp/.webmin directory at install time. If
+	    an un-trusted user creates this directory before Webmin
+	    is installed, he could create in it a symbolic link
+	    pointing to a critical file on the system, which would be
+	    overwritten when Webmin writes to the link filename.</p>
 	</blockquote>
       </body>
     </description>
@@ -34879,13 +34907,13 @@ http_access deny Gopher</pre>
     <topic>samba3 DoS attack</topic>
     <affects>
       <package>
-        <name>samba3</name>
-        <range><lt>3.0.7,1</lt></range>
+	<name>samba3</name>
+	<range><lt>3.0.7,1</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Code found in nmbd and smbd may allow a remote attacker
+	<p>Code found in nmbd and smbd may allow a remote attacker
 	  to effectively crash the nmbd server or use the smbd
 	  server to exhaust the system memory.</p>
       </body>
@@ -34923,9 +34951,9 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>zen-parse discovered a heap buffer overflow in Mozilla's
-          POP client implementation.  A malicious POP server
-          could exploit this vulnerability to cause Mozilla to execute
+	<p>zen-parse discovered a heap buffer overflow in Mozilla's
+	  POP client implementation.  A malicious POP server
+	  could exploit this vulnerability to cause Mozilla to execute
 	  arbitrary code.</p>
       </body>
     </description>
@@ -34949,8 +34977,8 @@ http_access deny Gopher</pre>
       </package>
       <package>
 	<name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <name>mozilla-gtk1</name>
+	<name>linux-mozilla-devel</name>
+	<name>mozilla-gtk1</name>
 	<range><lt>1.7</lt></range>
       </package>
       <package>
@@ -34964,15 +34992,15 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>zen-parse discovered and iDEFENSE reported an exploitable
-          integer overflow in a scriptable Mozilla component
-          `SOAPParameter':</p>
+	<p>zen-parse discovered and iDEFENSE reported an exploitable
+	  integer overflow in a scriptable Mozilla component
+	  `SOAPParameter':</p>
 	<blockquote cite="http://www.idefense.com/application/poi/display?id=117&amp;type=vulnerabilities">
-          <p>Improper input validation to the SOAPParameter object
-            constructor in Netscape and Mozilla allows execution of
-            arbitrary code.  The SOAPParameter object's constructor
-            contains an integer overflow which allows controllable
-            heap corruption.  A web page can be constructed to
+	  <p>Improper input validation to the SOAPParameter object
+	    constructor in Netscape and Mozilla allows execution of
+	    arbitrary code.  The SOAPParameter object's constructor
+	    contains an integer overflow which allows controllable
+	    heap corruption.  A web page can be constructed to
 	    leverage this into remote execution of arbitrary code.</p>
 	</blockquote>
       </body>
@@ -35025,12 +35053,12 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>OpenOffice creates a working directory in /tmp on startup,
-          and uses this directory to temporarily store document
-          content.  However, the permissions of the created directory
-          may allow other user on the system to read these files,
-          potentially exposing information the user likely assumed was
-          inaccessible.</p>
+	<p>OpenOffice creates a working directory in /tmp on startup,
+	  and uses this directory to temporarily store document
+	  content.  However, the permissions of the created directory
+	  may allow other user on the system to read these files,
+	  potentially exposing information the user likely assumed was
+	  inaccessible.</p>
       </body>
     </description>
     <references>
@@ -35049,18 +35077,18 @@ http_access deny Gopher</pre>
     <topic>mpg123 buffer overflow</topic>
     <affects>
       <package>
-        <name>mpg123</name>
-        <name>mpg123-nas</name>
-        <name>mpg123-esound</name>
-        <range><le>0.59r</le></range>
+	<name>mpg123</name>
+	<name>mpg123-nas</name>
+	<name>mpg123-esound</name>
+	<range><le>0.59r</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>The mpg123 software version 0.59r contains a
-          buffer overflow vulnerability which may permit
-          the execution of arbitrary code as the owner of
-          the mpg123 process.</p>
+	<p>The mpg123 software version 0.59r contains a
+	  buffer overflow vulnerability which may permit
+	  the execution of arbitrary code as the owner of
+	  the mpg123 process.</p>
       </body>
     </description>
     <references>
@@ -35117,17 +35145,17 @@ http_access deny Gopher</pre>
 	<range><ge>7.50</ge><lt>7.52</lt></range>
       </package>
       <package>
-        <name>firefox</name>
+	<name>firefox</name>
 	<range><lt>0.9</lt></range>
       </package>
       <package>
-        <name>linux-mozilla</name>
-        <name>linux-mozilla-devel</name>
-        <name>mozilla-gtk1</name>
+	<name>linux-mozilla</name>
+	<name>linux-mozilla-devel</name>
+	<name>mozilla-gtk1</name>
 	<range><lt>1.7</lt></range>
       </package>
       <package>
-        <name>mozilla</name>
+	<name>mozilla</name>
 	<range><lt>1.7,2</lt></range>
       </package>
       <package>
@@ -35140,9 +35168,9 @@ http_access deny Gopher</pre>
 	<p>A class of bugs affecting many web browsers in the same way
 	  was discovered.  A Secunia advisory reports:</p>
 	<blockquote cite="http://secunia.com/advisories/11978">
-          <p>The problem is that the browsers don't check if a target
-            frame belongs to a website containing a malicious link,
-            which therefore doesn't prevent one browser window from
+	  <p>The problem is that the browsers don't check if a target
+	    frame belongs to a website containing a malicious link,
+	    which therefore doesn't prevent one browser window from
 	    loading content in a named frame in another window.</p>
 	  <p>Successful exploitation allows a malicious website to load
 	    arbitrary content in an arbitrary frame in another browser
@@ -35150,11 +35178,11 @@ http_access deny Gopher</pre>
 	</blockquote>
 	<p>A KDE Security Advisory reports:</p>
 	<blockquote cite="http://www.kde.org/info/security/advisory-20040811-3.txt">
-          <p>A malicious website could abuse Konqueror to insert
-            its own frames into the page of an otherwise trusted
-            website. As a result the user may unknowingly send
-            confidential information intended for the trusted website
-            to the malicious website.</p>
+	  <p>A malicious website could abuse Konqueror to insert
+	    its own frames into the page of an otherwise trusted
+	    website. As a result the user may unknowingly send
+	    confidential information intended for the trusted website
+	    to the malicious website.</p>
 	</blockquote>
 	<p>Secunia has provided a demonstration of the vulnerability at <a href="http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/">http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/</a>.</p>
       </body>
@@ -35354,9 +35382,9 @@ http_access deny Gopher</pre>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>According to the SpamAssassin 2.64 release announcement:</p>
 	<blockquote cite="http://marc.theaimsgroup.com/?l=spamassassin-announce&amp;m=109168121628767">
-          <p>Security fix prevents a denial of service attack open
-            to certain malformed messages; this DoS affects all
-            SpamAssassin 2.5x and 2.6x versions to date.</p>
+	  <p>Security fix prevents a denial of service attack open
+	    to certain malformed messages; this DoS affects all
+	    SpamAssassin 2.5x and 2.6x versions to date.</p>
 	</blockquote>
 	<p>The issue appears to be triggered by overly long message
 	  headers.</p>
@@ -35393,24 +35421,24 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>lukemftpd(8) is an enhanced BSD FTP server produced
-          within the NetBSD project.  The sources for lukemftpd are
-          shipped with some versions of FreeBSD, however it is not
-          built or installed by default.  The build system option
-          WANT_LUKEMFTPD must be set to build and install lukemftpd.
-          [<strong>NOTE</strong>: An exception is FreeBSD 4.7-RELEASE,
-          wherein lukemftpd was installed, but not enabled, by
+	<p>lukemftpd(8) is an enhanced BSD FTP server produced
+	  within the NetBSD project.  The sources for lukemftpd are
+	  shipped with some versions of FreeBSD, however it is not
+	  built or installed by default.  The build system option
+	  WANT_LUKEMFTPD must be set to build and install lukemftpd.
+	  [<strong>NOTE</strong>: An exception is FreeBSD 4.7-RELEASE,
+	  wherein lukemftpd was installed, but not enabled, by
 	  default.]</p>
-        <p>Przemyslaw Frasunek discovered several vulnerabilities
-          in lukemftpd arising from races in the out-of-band signal
-          handling code used to implement the ABOR command.  As a
-          result of these races, the internal state of the FTP server
-          may be manipulated in unexpected ways.</p>
-        <p>A remote attacker may be able to cause FTP commands to
-          be executed with the privileges of the running lukemftpd
-          process.  This may be a low-privilege `ftp' user if the `-r'
-          command line option is specified, or it may be superuser
-          privileges if `-r' is *not* specified.</p>
+	<p>Przemyslaw Frasunek discovered several vulnerabilities
+	  in lukemftpd arising from races in the out-of-band signal
+	  handling code used to implement the ABOR command.  As a
+	  result of these races, the internal state of the FTP server
+	  may be manipulated in unexpected ways.</p>
+	<p>A remote attacker may be able to cause FTP commands to
+	  be executed with the privileges of the running lukemftpd
+	  process.  This may be a low-privilege `ftp' user if the `-r'
+	  command line option is specified, or it may be superuser
+	  privileges if `-r' is *not* specified.</p>
       </body>
     </description>
     <references>
@@ -35431,17 +35459,17 @@ http_access deny Gopher</pre>
     <topic>MySQL authentication bypass / buffer overflow</topic>
     <affects>
       <package>
-        <name>mysql-server</name>
-        <range><ge>4.1</ge><lt>4.1.3</lt></range>
-        <range><ge>5</ge><le>5.0.0_2</le></range>
+	<name>mysql-server</name>
+	<range><ge>4.1</ge><lt>4.1.3</lt></range>
+	<range><ge>5</ge><le>5.0.0_2</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>By submitting a carefully crafted authentication packet, it is possible
-          for an attacker to bypass password authentication in MySQL 4.1. Using a
-          similar method, a stack buffer used in the authentication mechanism can
-          be overflowed.</p>
+	<p>By submitting a carefully crafted authentication packet, it is
+	  possible for an attacker to bypass password authentication in MySQL
+	  4.1. Using a similar method, a stack buffer used in the authentication
+	  mechanism can be overflowed.</p>
       </body>
     </description>
     <references>
@@ -35467,22 +35495,22 @@ http_access deny Gopher</pre>
     <topic>Ruby insecure file permissions in the CGI session management</topic>
     <affects>
       <package>
-        <name>ruby</name>
-        <range><lt>1.6.8.2004.07.26</lt></range>
-        <range><ge>1.7.0</ge><lt>1.8.1.2004.07.23</lt></range>
+	<name>ruby</name>
+	<range><lt>1.6.8.2004.07.26</lt></range>
+	<range><ge>1.7.0</ge><lt>1.8.1.2004.07.23</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>According to a Debian Security Advisory:</p>
 	<blockquote cite="http://www.debian.org/security/2004/dsa-537">
-          <p>Andres Salomon noticed a problem in the CGI session
-            management of Ruby, an object-oriented scripting language.
-            CGI::Session's FileStore (and presumably PStore [...])
-            implementations store session information insecurely.
-            They simply create files, ignoring permission issues.
-            This can lead an attacker who has also shell access to the
-            webserver to take over a session.</p>
+	  <p>Andres Salomon noticed a problem in the CGI session
+	    management of Ruby, an object-oriented scripting language.
+	    CGI::Session's FileStore (and presumably PStore [...])
+	    implementations store session information insecurely.
+	    They simply create files, ignoring permission issues.
+	    This can lead an attacker who has also shell access to the
+	    webserver to take over a session.</p>
 	</blockquote>
       </body>
     </description>
@@ -35503,22 +35531,22 @@ http_access deny Gopher</pre>
     <topic>nss -- exploitable buffer overflow in SSLv2 protocol handler</topic>
     <affects>
       <package>
-        <name>nss</name>
-        <range><lt>3.9.2</lt></range>
+	<name>nss</name>
+	<range><lt>3.9.2</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>ISS X-Force reports that a remotely exploitable buffer
-          overflow exists in the Netscape Security Services (NSS)
+	<p>ISS X-Force reports that a remotely exploitable buffer
+	  overflow exists in the Netscape Security Services (NSS)
 	  library's implementation of SSLv2.  From their advisory:</p>
 	<blockquote cite="http://xforce.iss.net/xforce/alerts/id/180">
-          <p>The NSS library contains a flaw in SSLv2 record parsing
-            that may lead to remote compromise. When parsing the
-            first record in an SSLv2 negotiation, the client hello
-            message, the server fails to validate the length of a
-            record field. As a result, it is possible for an attacker
-            to trigger a heap-based overflow of arbitrary length.</p>
+	  <p>The NSS library contains a flaw in SSLv2 record parsing
+	    that may lead to remote compromise. When parsing the
+	    first record in an SSLv2 negotiation, the client hello
+	    message, the server fails to validate the length of a
+	    record field. As a result, it is possible for an attacker
+	    to trigger a heap-based overflow of arbitrary length.</p>
 	</blockquote>
 	<p>Note that the vulnerable NSS library is also present in
 	  Mozilla-based browsers.  However, it is not believed that
@@ -35542,8 +35570,8 @@ http_access deny Gopher</pre>
     <topic>ripMIME -- decoding bug allowing content filter bypass</topic>
     <affects>
       <package>
-        <name>ripmime</name>
-        <range><lt>1.3.2.3</lt></range>
+	<name>ripmime</name>
+	<range><lt>1.3.2.3</lt></range>
       </package>
     </affects>
     <description>
@@ -35555,9 +35583,9 @@ http_access deny Gopher</pre>
 	  bypassed.</p>
 	<p>The ripMIME CHANGELOG file says:</p>
 	<blockquote cite="http://www.pldaniels.com/ripmime/CHANGELOG">
-          <p>There's viruses going around exploiting the ability to
-            hide the majority of their data in an attachment by using
-            blank lines and other tricks to make scanning systems
+	  <p>There's viruses going around exploiting the ability to
+	    hide the majority of their data in an attachment by using
+	    blank lines and other tricks to make scanning systems
 	    prematurely terminate their base64 decoding.</p>
 	</blockquote>
       </body>
@@ -35579,16 +35607,16 @@ http_access deny Gopher</pre>
     <topic>moinmoin -- ACL group bypass</topic>
     <affects>
       <package>
-        <name>moinmoin</name>
-        <range><lt>1.2.3</lt></range>
+	<name>moinmoin</name>
+	<range><lt>1.2.3</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>The moinmoin package contains two bugs with ACLs and anonymous
+	<p>The moinmoin package contains two bugs with ACLs and anonymous
 	  users.  Both bugs may permit anonymous users to gain access to
 	  administrative functions; for example the delete function.</p>
-        <p>There is no known workaround, the vulnerability exists regardless
+	<p>There is no known workaround, the vulnerability exists regardless
 	  if a site is using ACLs or not.</p>
       </body>
     </description>
@@ -35610,8 +35638,8 @@ http_access deny Gopher</pre>
     <topic>rsync -- path sanitizing vulnerability</topic>
     <affects>
       <package>
-        <name>rsync</name>
-        <range><lt>2.6.2_2</lt></range>
+	<name>rsync</name>
+	<range><lt>2.6.2_2</lt></range>
       </package>
     </affects>
     <description>
@@ -35682,8 +35710,8 @@ http_access deny Gopher</pre>
     <topic>SoX buffer overflows when handling .WAV files</topic>
     <affects>
       <package>
-        <name>sox</name>
-        <range><gt>12.17.1</gt><le>12.17.4_1</le></range>
+	<name>sox</name>
+	<range><gt>12.17.1</gt><le>12.17.4_1</le></range>
       </package>
     </affects>
     <description>
@@ -35712,29 +35740,29 @@ http_access deny Gopher</pre>
     <topic>kdelibs -- konqueror cross-domain cookie injection</topic>
     <affects>
       <package>
-        <name>kdelibs</name>
-        <range><lt>3.2.3_3</lt></range>
+	<name>kdelibs</name>
+	<range><lt>3.2.3_3</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>According to a KDE Security Advisory:</p>
 	<blockquote cite="http://www.kde.org/info/security/advisory-20040823-1.txt">
-          <p>WESTPOINT internet reconnaissance services alerted the
-            KDE security team that the KDE web browser Konqueror
-            allows websites to set cookies for certain country
-            specific secondary top level domains.</p>
-          <p>Web sites operating under the affected domains can
-           set HTTP cookies in such a way that the Konqueror web
-           browser will send them to all other web sites operating
-           under the same domain.  A malicious website can use
-           this as part of a session fixation attack. See e.g.
-           http://www.acros.si/papers/session_fixation.pdf</p>
-         <p>Affected are all country specific secondary top level
-          domains that use more than 2 characters in the secondary
-          part of the domain name and that use a secondary part other
-          than com, net, mil, org, gov, edu or int. Examples of
-          affected domains are .ltd.uk, .plc.uk and .firm.in</p>
+	  <p>WESTPOINT internet reconnaissance services alerted the
+	    KDE security team that the KDE web browser Konqueror
+	    allows websites to set cookies for certain country
+	    specific secondary top level domains.</p>
+	  <p>Web sites operating under the affected domains can
+	   set HTTP cookies in such a way that the Konqueror web
+	   browser will send them to all other web sites operating
+	   under the same domain.  A malicious website can use
+	   this as part of a session fixation attack. See e.g.
+	   http://www.acros.si/papers/session_fixation.pdf</p>
+	 <p>Affected are all country specific secondary top level
+	  domains that use more than 2 characters in the secondary
+	  part of the domain name and that use a secondary part other
+	  than com, net, mil, org, gov, edu or int. Examples of
+	  affected domains are .ltd.uk, .plc.uk and .firm.in</p>
 	<p>It should be noted that popular domains such as .co.uk, .co.in
 	  and .com are NOT affected.</p>
 	</blockquote>
@@ -35792,13 +35820,13 @@ http_access deny Gopher</pre>
     <topic>Arbitrary code execution via a format string vulnerability in jftpgw</topic>
     <affects>
       <package>
-        <name>jftpgw</name>
-        <range><lt>0.13.5</lt></range>
+	<name>jftpgw</name>
+	<range><lt>0.13.5</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>The log functions in jftpgw may allow
+	<p>The log functions in jftpgw may allow
 	  remotely authenticated user to execute
 	  arbitrary code via the format string
 	  specifiers in certain syslog messages.</p>
@@ -35827,13 +35855,13 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Qt contains several vulnerabilities related to image
-          loading, including possible crashes when loading corrupt
-          GIF, BMP, or JPEG images.  Most seriously, Chris Evans
-          reports that the BMP crash is actually due to a heap
-          buffer overflow.  It is believed that an attacker may be
-          able to construct a BMP image that could cause a Qt-using
-          application to execute arbitrary code when it is loaded.</p>
+	<p>Qt contains several vulnerabilities related to image
+	  loading, including possible crashes when loading corrupt
+	  GIF, BMP, or JPEG images.  Most seriously, Chris Evans
+	  reports that the BMP crash is actually due to a heap
+	  buffer overflow.  It is believed that an attacker may be
+	  able to construct a BMP image that could cause a Qt-using
+	  application to execute arbitrary code when it is loaded.</p>
       </body>
     </description>
     <references>
@@ -35889,11 +35917,11 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>According to Christian Hammers:</p>
+	<p>According to Christian Hammers:</p>
 	<blockquote cite="http://packages.debian.org/changelogs/pool/main/m/mysql-dfsg/mysql-dfsg_4.0.20-11/changelog">
-          <p>[mysqlhotcopy created] temporary files in /tmp which
-            had predictable filenames and such could be used for a
-            tempfile run attack.</p>
+	  <p>[mysqlhotcopy created] temporary files in /tmp which
+	    had predictable filenames and such could be used for a
+	    tempfile run attack.</p>
 	</blockquote>
 	<p>Jeroen van Wolffelaar is credited with discovering the issue.</p>
       </body>
@@ -35914,7 +35942,7 @@ http_access deny Gopher</pre>
     <affects>
       <package>
 	<name>samba</name>
-        <range><ge>3</ge><lt>3.0.5,1</lt></range>
+	<range><ge>3</ge><lt>3.0.5,1</lt></range>
 	<range><lt>2.2.10</lt></range>
       </package>
       <package>
@@ -35924,15 +35952,15 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Evgeny Demidov discovered that the Samba server has a
-          buffer overflow in the Samba Web Administration Tool (SWAT)
-          on decoding Base64 data during HTTP Basic Authentication.
-          Versions 3.0.2 through 3.0.4 are affected.</p>
-        <p>Another buffer overflow bug has been found in the code
-          used to support the "mangling method = hash" smb.conf
-          option. The default setting for this parameter is "mangling
-          method = hash2" and therefore not vulnerable. Versions
-          between 2.2.0 through 2.2.9 and 3.0.0 through 3.0.4 are affected.
+	<p>Evgeny Demidov discovered that the Samba server has a
+	  buffer overflow in the Samba Web Administration Tool (SWAT)
+	  on decoding Base64 data during HTTP Basic Authentication.
+	  Versions 3.0.2 through 3.0.4 are affected.</p>
+	<p>Another buffer overflow bug has been found in the code
+	  used to support the "mangling method = hash" smb.conf
+	  option. The default setting for this parameter is "mangling
+	  method = hash2" and therefore not vulnerable. Versions
+	  between 2.2.0 through 2.2.9 and 3.0.0 through 3.0.4 are affected.
 	  </p>
       </body>
     </description>
@@ -35958,25 +35986,25 @@ http_access deny Gopher</pre>
     <topic>Mozilla / Firefox user interface spoofing vulnerability</topic>
     <affects>
       <package>
-        <name>firefox</name>
-        <range><le>0.9.1_1</le></range>
+	<name>firefox</name>
+	<range><le>0.9.1_1</le></range>
       </package>
       <package>
-        <name>linux-mozilla</name>
-        <range><le>1.7.1</le></range>
+	<name>linux-mozilla</name>
+	<range><le>1.7.1</le></range>
       </package>
       <package>
-        <name>linux-mozilla-devel</name>
-        <range><le>1.7.1</le></range>
+	<name>linux-mozilla-devel</name>
+	<range><le>1.7.1</le></range>
       </package>
       <package>
-        <name>mozilla</name>
-        <range><le>1.7.1,2</le></range>
-        <range><ge>1.8.a,2</ge><le>1.8.a2,2</le></range>
+	<name>mozilla</name>
+	<range><le>1.7.1,2</le></range>
+	<range><ge>1.8.a,2</ge><le>1.8.a2,2</le></range>
       </package>
       <package>
-        <name>mozilla-gtk1</name>
-        <range><le>1.7.1_1</le></range>
+	<name>mozilla-gtk1</name>
+	<range><le>1.7.1_1</le></range>
       </package>
     </affects>
     <description>
@@ -36011,70 +36039,70 @@ http_access deny Gopher</pre>
     <topic>libpng stack-based buffer overflow and other code concerns</topic>
     <affects>
       <package>
-        <name>png</name>
-        <range><le>1.2.5_7</le></range>
+	<name>png</name>
+	<range><le>1.2.5_7</le></range>
       </package>
       <package>
-        <name>linux-png</name>
-        <range><le>1.0.14_3</le></range>
-        <range><ge>1.2</ge><le>1.2.2</le></range>
+	<name>linux-png</name>
+	<range><le>1.0.14_3</le></range>
+	<range><ge>1.2</ge><le>1.2.2</le></range>
       </package>
       <package>
-        <name>firefox</name>
-        <range><lt>0.9.3</lt></range>
+	<name>firefox</name>
+	<range><lt>0.9.3</lt></range>
       </package>
       <package>
-        <name>thunderbird</name>
-        <range><lt>0.7.3</lt></range>
+	<name>thunderbird</name>
+	<range><lt>0.7.3</lt></range>
       </package>
       <package>
-        <name>linux-mozilla</name>
-        <range><lt>1.7.2</lt></range>
+	<name>linux-mozilla</name>
+	<range><lt>1.7.2</lt></range>
       </package>
       <package>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7.2</lt></range>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7.2</lt></range>
       </package>
       <package>
-        <name>mozilla</name>
-        <range><lt>1.7.2,2</lt></range>
-        <range><ge>1.8.a,2</ge><le>1.8.a2,2</le></range>
+	<name>mozilla</name>
+	<range><lt>1.7.2,2</lt></range>
+	<range><ge>1.8.a,2</ge><le>1.8.a2,2</le></range>
       </package>
       <package>
-        <name>mozilla-gtk1</name>
-        <range><lt>1.7.2</lt></range>
+	<name>mozilla-gtk1</name>
+	<range><lt>1.7.2</lt></range>
       </package>
       <package>
-        <name>netscape-communicator</name>
-        <name>netscape-navigator</name>
-        <range><le>4.78</le></range>
+	<name>netscape-communicator</name>
+	<name>netscape-navigator</name>
+	<range><le>4.78</le></range>
       </package>
       <package>
-        <name>linux-netscape-communicator</name>
-        <name>linux-netscape-navigator</name>
-        <name>ko-netscape-navigator-linux</name>
-        <name>ko-netscape-communicator-linux</name>
-        <name>ja-netscape-communicator-linux</name>
-        <name>ja-netscape-navigator-linux</name>
-        <range><le>4.8</le></range>
+	<name>linux-netscape-communicator</name>
+	<name>linux-netscape-navigator</name>
+	<name>ko-netscape-navigator-linux</name>
+	<name>ko-netscape-communicator-linux</name>
+	<name>ja-netscape-communicator-linux</name>
+	<name>ja-netscape-navigator-linux</name>
+	<range><le>4.8</le></range>
       </package>
       <package>
-        <name>netscape7</name>
-        <name>ja-netscape7</name>
-        <range><le>7.1</le></range>
+	<name>netscape7</name>
+	<name>ja-netscape7</name>
+	<range><le>7.1</le></range>
       </package>
       <package>
-        <name>pt_BR-netscape7</name>
-        <name>fr-netscape7</name>
-        <name>de-netscape7</name>
-        <range><le>7.02</le></range>
+	<name>pt_BR-netscape7</name>
+	<name>fr-netscape7</name>
+	<name>de-netscape7</name>
+	<range><le>7.02</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Chris Evans has discovered multiple vulnerabilities in libpng,
-          which can be exploited by malicious people to compromise a
-          vulnerable system or cause a DoS (Denial of Service).</p>
+	<p>Chris Evans has discovered multiple vulnerabilities in libpng,
+	  which can be exploited by malicious people to compromise a
+	  vulnerable system or cause a DoS (Denial of Service).</p>
       </body>
     </description>
     <references>
@@ -36119,7 +36147,7 @@ http_access deny Gopher</pre>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>According to a KDE Security Advisory, KDE may sometimes
 	  create temporary files without properly checking the ownership
-	  and type of the target path.  This could allow a local
+	  and type of the target path.	This could allow a local
 	  attacker to cause KDE applications to overwrite arbitrary
 	  files.</p>
       </body>
@@ -36155,9 +36183,9 @@ http_access deny Gopher</pre>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Sebastian Krahmer discovered several remotely exploitable
-          buffer overflow vulnerabilities in the MSN component of
-          gaim.</p>
+	<p>Sebastian Krahmer discovered several remotely exploitable
+	  buffer overflow vulnerabilities in the MSN component of
+	  gaim.</p>
 	<blockquote cite="http://gaim.sourceforge.net/security/?id=0">
 	  <p>In two places in the MSN protocol plugins (object.c and
 	    slp.c), strncpy was used incorrectly; the size of the array
@@ -36192,17 +36220,17 @@ http_access deny Gopher</pre>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>An iDEFENSE security advisory reports:</p>
 	<blockquote cite="www.idefense.com/application/poi/display?id=124&amp;type=vulnerabilities">
-          <p>Remote exploitation of an input validation error in the
-            uudecoding feature of Adobe Acrobat Reader (Unix) 5.0
-            allows an attacker to execute arbitrary code.</p>
-          <p>The Unix and Linux versions of Adobe Acrobat Reader 5.0
-            automatically attempt to convert uuencoded documents
-            back into their original format.  The vulnerability
-            specifically exists in the failure of Acrobat Reader to
-            check for the backtick shell metacharacter in the filename
-            before executing a command with a shell. This allows a
-            maliciously constructed filename to execute arbitrary
-            programs.</p>
+	  <p>Remote exploitation of an input validation error in the
+	    uudecoding feature of Adobe Acrobat Reader (Unix) 5.0
+	    allows an attacker to execute arbitrary code.</p>
+	  <p>The Unix and Linux versions of Adobe Acrobat Reader 5.0
+	    automatically attempt to convert uuencoded documents
+	    back into their original format.  The vulnerability
+	    specifically exists in the failure of Acrobat Reader to
+	    check for the backtick shell metacharacter in the filename
+	    before executing a command with a shell. This allows a
+	    maliciously constructed filename to execute arbitrary
+	    programs.</p>
 	</blockquote>
       </body>
     </description>
@@ -36290,7 +36318,7 @@ http_access deny Gopher</pre>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Steve Grubb reports a buffer read overrun in
-	  libpng's png_format_buffer function.  A specially
+	  libpng's png_format_buffer function.	A specially
 	  constructed PNG image processed by an application using
 	  libpng may trigger the buffer read overrun and possibly
 	  result in an application crash.</p>
@@ -36319,31 +36347,31 @@ http_access deny Gopher</pre>
     <topic>Mozilla certificate spoofing</topic>
     <affects>
       <package>
-        <name>firefox</name>
-        <range><ge>0.9.1</ge><le>0.9.2</le></range>
+	<name>firefox</name>
+	<range><ge>0.9.1</ge><le>0.9.2</le></range>
       </package>
       <package>
-        <name>linux-mozilla</name>
-        <range><lt>1.7.2</lt></range>
+	<name>linux-mozilla</name>
+	<range><lt>1.7.2</lt></range>
       </package>
       <package>
-        <name>linux-mozilla-devel</name>
-        <range><lt>1.7.2</lt></range>
+	<name>linux-mozilla-devel</name>
+	<range><lt>1.7.2</lt></range>
       </package>
       <package>
-        <name>mozilla</name>
-        <range><lt>1.7.2,2</lt></range>
-        <range><ge>1.8,2</ge><le>1.8.a2,2</le></range>
+	<name>mozilla</name>
+	<range><lt>1.7.2,2</lt></range>
+	<range><ge>1.8,2</ge><le>1.8.a2,2</le></range>
       </package>
       <package>
-        <name>mozilla-gtk1</name>
-        <range><lt>1.7.2</lt></range>
+	<name>mozilla-gtk1</name>
+	<range><lt>1.7.2</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Mozilla and Mozilla Firefox contains a flaw that may
-          allow a malicious user to spoof SSL certification.</p>
+	<p>Mozilla and Mozilla Firefox contains a flaw that may
+	  allow a malicious user to spoof SSL certification.</p>
       </body>
     </description>
     <references>
@@ -36366,15 +36394,15 @@ http_access deny Gopher</pre>
     <topic>ImageMagick png vulnerability fix</topic>
     <affects>
       <package>
-        <name>ImageMagick</name>
-        <name>ImageMagick-nox11</name>
-        <range><lt>6.0.4.2</lt></range>
+	<name>ImageMagick</name>
+	<name>ImageMagick-nox11</name>
+	<range><lt>6.0.4.2</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Glenn Randers-Pehrson has contributed a fix for the png
-          vulnerabilities discovered by Chris Evans.</p>
+	<p>Glenn Randers-Pehrson has contributed a fix for the png
+	  vulnerabilities discovered by Chris Evans.</p>
       </body>
     </description>
     <references>
@@ -36607,19 +36635,19 @@ http_access deny Gopher</pre>
     <topic>"Content-Type" XSS vulnerability affecting other webmail systems</topic>
     <affects>
       <package>
-        <name>openwebmail</name>
-        <range><le>2.32</le></range>
+	<name>openwebmail</name>
+	<range><le>2.32</le></range>
       </package>
       <package>
-        <name>ilohamail</name>
-        <range><lt>0.8.13</lt></range>
+	<name>ilohamail</name>
+	<range><lt>0.8.13</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>Roman Medina-Heigl Hernandez did a survey which other webmail systems
-          where vulnerable to a bug he discovered in SquirrelMail. This advisory
-          summarizes the results.</p>
+	<p>Roman Medina-Heigl Hernandez did a survey which other webmail systems
+	  where vulnerable to a bug he discovered in SquirrelMail. This advisory
+	  summarizes the results.</p>
       </body>
     </description>
     <references>
@@ -37597,7 +37625,7 @@ http_access deny Gopher</pre>
 	  validation.  However, if the hostname component of a URI
 	  begins with a `-', it may be treated as an option by an external
 	  command.  This could have undesirable side-effects, from
-	  denial-of-service to code execution.  The impact is very
+	  denial-of-service to code execution.	The impact is very
 	  dependent on local configuration.</p>
 	<p>After the iDEFENSE advisory was published, the KDE team
 	  discovered similar problems in KDE's URI handlers.</p>
@@ -37688,7 +37716,7 @@ http_access deny Gopher</pre>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Some scripts installed with xine create temporary files
 	  insecurely.  It is recommended that these scripts (xine-check,
-	  xine-bugreport) not be used.  They are not needed for normal
+	  xine-bugreport) not be used.	They are not needed for normal
 	  operation.</p>
       </body>
     </description>
@@ -37979,7 +38007,7 @@ http_access deny Gopher</pre>
 	may be held in a reassembly queue.  A remote attacker may
 	conduct a low-bandwidth denial-of-service attack against
 	a machine providing services based on TCP (there are many
-	such services, including HTTP, SMTP, and FTP).  By sending
+	such services, including HTTP, SMTP, and FTP).	By sending
 	many out-of-sequence TCP segments, the attacker can cause
 	the target machine to consume all available memory buffers
 	(``mbufs''), likely leading to a system crash. </p>
@@ -38576,7 +38604,7 @@ http_access deny Gopher</pre>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Stefan Esser of e-matters found almost a dozen remotely
-	  exploitable vulnerabilities in Gaim.  From the e-matters
+	  exploitable vulnerabilities in Gaim.	From the e-matters
 	  advisory:</p>
 	<blockquote cite="http://security.e-matters.de/advisories/012004.txt">
 	  <p>While developing a custom add-on, an integer overflow
@@ -38840,7 +38868,7 @@ http_access deny Gopher</pre>
 	<p>Ulf Härnhammar discovered several vulnerabilities in GNU
 	  Anubis.</p>
 	<ul>
-	  <li>Unsafe uses of `sscanf'.  The `%s' format specifier is
+	  <li>Unsafe uses of `sscanf'.	The `%s' format specifier is
 	    used, which allows a classical buffer overflow.  (auth.c)</li>
 	  <li>Format string bugs invoking `syslog'.  (log.c, errs.c,
 	    ssl.c)</li>
@@ -39416,9 +39444,9 @@ misc.c:
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>Yuuichi Teranishi reported a crash in libxml2's URI handling
-	  when a long URL is supplied.  The implementation in nanohttp.c
+	  when a long URL is supplied.	The implementation in nanohttp.c
 	  and nanoftp.c uses a 4K stack buffer, and longer URLs will
-	  overwrite the stack.  This could result in denial-of-service
+	  overwrite the stack.	This could result in denial-of-service
 	  or arbitrary code execution in applications using libxml2
 	  to parse documents.</p>
       </body>
@@ -39996,14 +40024,14 @@ misc.c:
 	  author:</p>
 	<blockquote cite="http://lists.gnupg.org/pipermail/gnupg-devel/2003-November/020570.html">
 	  <p>Phong Nguyen identified a severe bug in the way GnuPG
-	    creates and uses ElGamal keys for signing.  This is
+	    creates and uses ElGamal keys for signing.	This is
 	    a significant security failure which can lead to a
 	    compromise of almost all ElGamal keys used for signing.
 	    Note that this is a real world vulnerability which will
 	    reveal your private key within a few seconds.</p>
 	  <p>...</p>
 	  <p>Please <em>take immediate action and revoke your ElGamal
-	    signing keys</em>.  Furthermore you should take whatever
+	    signing keys</em>.	Furthermore you should take whatever
 	    measures necessary to limit the damage done for signed or
 	    encrypted documents using that key.</p>
 	  <p>Note that the standard keys as generated by GnuPG (DSA
@@ -40215,7 +40243,7 @@ misc.c:
 	</blockquote>
 	<p>Additionally, a US-CERT Technical Cyber Security Alert reports:</p>
 	<blockquote cite="http://www.us-cert.gov/cas/techalerts/TA04-356A.html">
-          <p>phpBB contains an user input validation problem with
+	  <p>phpBB contains an user input validation problem with
 	    regard to the parsing of the URL. An intruder can deface a
 	    phpBB website, execute arbitrary commands, or gain
 	    administrative privileges on a compromised bulletin
@@ -40346,7 +40374,8 @@ misc.c:
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>The squid patches page notes:</p>
 	<blockquote cite="http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-NTLM-scheme_assert">
-	  <p>Squid may crash with the above error [FATAL: Incorrect scheme in auth header] when given certain request sentences.</p>
+	  <p>Squid may crash with the above error [FATAL: Incorrect scheme in
+	    auth header] when given certain request sentences.</p>
 	  <p>Workaround: disable NTLM authentication.</p>
 	</blockquote>
       </body>
@@ -40375,7 +40404,7 @@ misc.c:
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
-        <p>If magic quotes are off there's a SQL injection when
+	<p>If magic quotes are off there's a SQL injection when
 	  sending a forgotten password.  It's possible to overwrite
 	  the admin password and to take over the whole system.  In
 	  some files in the admin section there are some cross site
@@ -40402,3 +40431,4 @@ misc.c:
   </vuln>
 </vuxml>
 <!-- Note:  Please add new entries to the beginning of this file. -->
+<!-- ex: set ts=8 tw=80 sw=2: -->