Index: vuln.xml
===================================================================
RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.2141
diff -u -r1.2141 vuln.xml
--- vuln.xml	19 Apr 2010 07:13:42 -0000	1.2141
+++ vuln.xml	19 Apr 2010 10:32:26 -0000
@@ -34,6 +34,117 @@
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="c8c31c41-49ed-11df-83fb-0015587e2cc1">
+    <topic>curl -- libcurl buffer overflow vulnerability</topic>
+    <affects>
+      <package>
+	<name>curl</name>
+	<range>
+	  <ge>7.10.5</ge>
+	  <lt>7.20.0</lt>
+	</range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The cURL project reports in a security advisory:</p>
+	<blockquote cite="http://curl.haxx.se/docs/adv_20100209.html">
+	  <p>Using the affected libcurl version to download compressed
+	    content over HTTP, an application can ask libcurl to
+	    automatically uncompress data. When doing so, libcurl
+	    can wrongly send data up to 64K in size to the callback
+	    which thus is much larger than the documented maximum
+	    size.</p>
+	  <p>An application that blindly trusts libcurl's max limit
+	    for a fixed buffer size or similar is then a possible
+	    target for a buffer overflow vulnerability.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2010-0734</cvename>
+      <url>http://curl.haxx.se/docs/adv_20100209.html</url>
+      <url>http://www.debian.org/security/2010/dsa-2023</url>
+      <url>http://www.openwall.com/lists/oss-security/2010/02/09/5</url>
+    </references>
+    <dates>
+      <discovery>2010-02-09</discovery>
+      <entry>2010-04-19</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="a04a3c13-4932-11df-83fb-0015587e2cc1">
+    <topic>ejabberd -- queue overload denial of service vulnerability</topic>
+    <affects>
+      <package>
+	<name>ejabberd</name>
+	<range><lt>2.1.3</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The Red Hat security response team reports:</p>
+	<blockquote cite="http://www.openwall.com/lists/oss-security/2010/01/29/1">
+	  <p>A remotely exploitable DoS from XMPP client to ejabberd
+	    server via too many "client2server" messages (causing the
+	    message queue on the server to get overloaded, leading
+	    to server crash) has been found.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <bid>38003</bid>
+      <cvename>CVE-2010-0305</cvename>
+      <url>http://secunia.com/advisories/38337</url>
+      <url>http://support.process-one.net/browse/EJAB-1173</url>
+      <url>http://www.openwall.com/lists/oss-security/2010/01/29/1</url>
+      <url>http://xforce.iss.net/xforce/xfdb/56025</url>
+    </references>
+    <dates>
+      <discovery>2010-01-29</discovery>
+      <entry>2010-04-19</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="3b7967f1-49e8-11df-83fb-0015587e2cc1">
+    <topic>irssi -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>irssi</name>
+	<range><lt>0.8.15</lt></range>
+      </package>
+      <package>
+	<name>zh-irssi</name>
+	<range><lt>0.8.15</lt></range>
+      </package>
+      <package>
+	<name>irssi-devel</name>
+	<range><lt>20100325</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Two vulnerabilities have found in irssi. The first issue can allow
+	  man-in-the-middle attacks due to a missing comparison of
+	  SSL server hostnames and the certificate domain names
+	  (e.g. CN).</p>
+	<p>A second vulnerability, related to nick matching code,
+	  can be triggered by remote attackers in order to crash
+	  an irsii client upon leaving a channel.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2010-1155</cvename>
+      <cvename>CVE-2010-1156</cvename>
+      <url>http://xforce.iss.net/xforce/xfdb/57790</url>
+      <url>http://xforce.iss.net/xforce/xfdb/57791</url>
+    </references>
+    <dates>
+      <discovery>2010-04-16</discovery>
+      <entry>2010-04-19</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="a30573dc-4893-11df-a5f9-001641aeabdf">
     <topic>krb5 -- remote denial of service vulnerability</topic>
     <affects>