From d7c6d3725ba25fa3a4fbaa0d598dfc815a067dac Mon Sep 17 00:00:00 2001
From: eik <eik@FreeBSD.org>
Date: Sun, 15 Aug 2004 17:22:09 +0000
Subject: phpGedView, jftpgw

---
 ports-mgmt/portaudit-db/database/portaudit.txt   |  1 +
 ports-mgmt/portaudit-db/database/portaudit.xlist |  1 +
 ports-mgmt/portaudit-db/database/portaudit.xml   | 27 ++++++++++++++++++++++++
 3 files changed, 29 insertions(+)

(limited to 'ports-mgmt')

diff --git a/ports-mgmt/portaudit-db/database/portaudit.txt b/ports-mgmt/portaudit-db/database/portaudit.txt
index 2f9b71c87d55..983be2663146 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.txt
+++ b/ports-mgmt/portaudit-db/database/portaudit.txt
@@ -65,3 +65,4 @@ cfengine2<2.1.8|http://www.coresecurity.com/common/showdoc.php?idx=387&idxseccio
 libxine<=1.0.r5_1|http://www.open-security.org/advisories/6 http://secunia.com/advisories/12194 http://sourceforge.net/mailarchive/forum.php?thread_id=5143955&forum_id=11923|libxine vcd MRL input identifier management overflow|bef4515b-eaa9-11d8-9440-000347a4fa7d
 rsync<2.6.2_2|http://lists.samba.org/archive/rsync-announce/2004/000017.html|security hole in non-chroot rsync daemon|2689f4cb-ec4c-11d8-9440-000347a4fa7d
 sympa<4.1.2|http://secunia.com/advisories/12286 http://www.sympa.org/release.html|Sympa unauthorized list creation security issue|4a160c54-ed46-11d8-81b0-000347a4fa7d
+phpgedview<2.65.5|http://sourceforge.net/forum/forum.php?forum_id=344342 http://secunia.com/advisories/10602 http://www.osvdb.org/3473 http://www.osvdb.org/3474 http://www.osvdb.org/3475 http://www.osvdb.org/3476 http://www.osvdb.org/3477 http://www.osvdb.org/3478 http://www.osvdb.org/3479 http://www.osvdb.org/3480 http://www.osvdb.org/3481 http://www.osvdb.org/3482 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0067 http://www.securityfocus.com/archive/1/349698|phpGedView: muliple vulnerabilities|c35d4cae-eed0-11d8-81b0-000347a4fa7d
diff --git a/ports-mgmt/portaudit-db/database/portaudit.xlist b/ports-mgmt/portaudit-db/database/portaudit.xlist
index 122e7ffb681c..63ace396044c 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.xlist
+++ b/ports-mgmt/portaudit-db/database/portaudit.xlist
@@ -18,3 +18,4 @@ f9e3e60b-e650-11d8-9b0a-000347a4fa7d
 abe47a5a-e23c-11d8-9b0a-000347a4fa7d
 a713c0f9-ec54-11d8-9440-000347a4fa7d
 5b8f9a02-ec93-11d8-b913-000c41e2cdad
+65a17a3f-ed6e-11d8-aff1-00061bc2ad93
diff --git a/ports-mgmt/portaudit-db/database/portaudit.xml b/ports-mgmt/portaudit-db/database/portaudit.xml
index 9a35be7de91a..d180a376dde3 100644
--- a/ports-mgmt/portaudit-db/database/portaudit.xml
+++ b/ports-mgmt/portaudit-db/database/portaudit.xml
@@ -776,4 +776,31 @@ This file is in the public domain.
       <modified>2004-08-12</modified>
     </dates>
   </vuln>
+
+  <vuln vid="65a17a3f-ed6e-11d8-aff1-00061bc2ad93">
+    <topic>jftpgw remote syslog format string vulnerability</topic>
+    <affects>
+      <package>
+        <name>jftpgw</name>
+        <range><lt>0.13.5</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+        <p>Remote authenticated users can execute arbitrary code by
+	  passing a malicious string containing format specifiers.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CAN-2004-0448</cvename>
+      <bid>10438</bid>
+      <url>http://secunia.com/advisories/11732</url>
+      <url>http://www.debian.org/security/2004/dsa-510</url>
+    </references>
+    <dates>
+      <discovery>2004-05-29</discovery>
+      <entry>2004-08-13</entry>
+    </dates>
+  </vuln>
+
 </vuxml>
-- 
cgit