automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@17258 e39458fd-73e7-0310-bf30-c45bca0a0e42

1 files changed, 256 insertions, 75 deletions

diff --git a/data/CVE/list b/data/CVE/list
index a31924d44f..064ff78429 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,185 @@
+CVE-2011-3576 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 ...)
+	TODO: check
+CVE-2011-3575 (Stack-based buffer overflow in the NSFComputeEvaluateExt function in ...)
+	TODO: check
+CVE-2011-3574
+	RESERVED
+CVE-2011-3573
+	RESERVED
+CVE-2011-3572
+	RESERVED
+CVE-2011-3571
+	RESERVED
+CVE-2011-3570
+	RESERVED
+CVE-2011-3569
+	RESERVED
+CVE-2011-3568
+	RESERVED
+CVE-2011-3567
+	RESERVED
+CVE-2011-3566
+	RESERVED
+CVE-2011-3565
+	RESERVED
+CVE-2011-3564
+	RESERVED
+CVE-2011-3563
+	RESERVED
+CVE-2011-3562
+	RESERVED
+CVE-2011-3561
+	RESERVED
+CVE-2011-3560
+	RESERVED
+CVE-2011-3559
+	RESERVED
+CVE-2011-3558
+	RESERVED
+CVE-2011-3557
+	RESERVED
+CVE-2011-3556
+	RESERVED
+CVE-2011-3555
+	RESERVED
+CVE-2011-3554
+	RESERVED
+CVE-2011-3553
+	RESERVED
+CVE-2011-3552
+	RESERVED
+CVE-2011-3551
+	RESERVED
+CVE-2011-3550
+	RESERVED
+CVE-2011-3549
+	RESERVED
+CVE-2011-3548
+	RESERVED
+CVE-2011-3547
+	RESERVED
+CVE-2011-3546
+	RESERVED
+CVE-2011-3545
+	RESERVED
+CVE-2011-3544
+	RESERVED
+CVE-2011-3543
+	RESERVED
+CVE-2011-3542
+	RESERVED
+CVE-2011-3541
+	RESERVED
+CVE-2011-3540
+	RESERVED
+CVE-2011-3539
+	RESERVED
+CVE-2011-3538
+	RESERVED
+CVE-2011-3537
+	RESERVED
+CVE-2011-3536
+	RESERVED
+CVE-2011-3535
+	RESERVED
+CVE-2011-3534
+	RESERVED
+CVE-2011-3533
+	RESERVED
+CVE-2011-3532
+	RESERVED
+CVE-2011-3531
+	RESERVED
+CVE-2011-3530
+	RESERVED
+CVE-2011-3529
+	RESERVED
+CVE-2011-3528
+	RESERVED
+CVE-2011-3527
+	RESERVED
+CVE-2011-3526
+	RESERVED
+CVE-2011-3525
+	RESERVED
+CVE-2011-3524
+	RESERVED
+CVE-2011-3523
+	RESERVED
+CVE-2011-3522
+	RESERVED
+CVE-2011-3521
+	RESERVED
+CVE-2011-3520
+	RESERVED
+CVE-2011-3519
+	RESERVED
+CVE-2011-3518
+	RESERVED
+CVE-2011-3517
+	RESERVED
+CVE-2011-3516
+	RESERVED
+CVE-2011-3515
+	RESERVED
+CVE-2011-3514
+	RESERVED
+CVE-2011-3513
+	RESERVED
+CVE-2011-3512
+	RESERVED
+CVE-2011-3511
+	RESERVED
+CVE-2011-3510
+	RESERVED
+CVE-2011-3509
+	RESERVED
+CVE-2011-3508
+	RESERVED
+CVE-2011-3507
+	RESERVED
+CVE-2011-3506
+	RESERVED
+CVE-2011-3505
+	RESERVED
+CVE-2011-3504
+	RESERVED
+CVE-2011-3503 (Untrusted search path vulnerability in eSignal 10.6.2425.1208, and ...)
+	TODO: check
+CVE-2011-3502 (The web server in Cogent DataHub 7.1.1.63 and earlier allows remote ...)
+	TODO: check
+CVE-2011-3501 (Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote ...)
+	TODO: check
+CVE-2011-3500 (Directory traversal vulnerability in the web server in Cogent DataHub ...)
+	TODO: check
+CVE-2011-3499 (Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote ...)
+	TODO: check
+CVE-2011-3498 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and ...)
+	TODO: check
+CVE-2011-3497 (service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote ...)
+	TODO: check
+CVE-2011-3496 (service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote ...)
+	TODO: check
+CVE-2011-3495 (Multiple directory traversal vulnerabilities in service.exe in ...)
+	TODO: check
+CVE-2011-3494 (WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to ...)
+	TODO: check
+CVE-2011-3493 (Multiple stack-based buffer overflows in the DH_OneSecondTick function ...)
+	TODO: check
+CVE-2011-3492 (Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and ...)
+	TODO: check
+CVE-2011-3491 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and ...)
+	TODO: check
+CVE-2011-3490 (Multiple stack-based buffer overflows in service.exe in Measuresoft ...)
+	TODO: check
+CVE-2011-3489 (RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and ...)
+	TODO: check
+CVE-2011-3488 (Use-after-free vulnerability in Equis MetaStock 11 and earlier allows ...)
+	TODO: check
+CVE-2011-3487 (Directory traversal vulnerability in CarelDataServer.exe in Carel ...)
+	TODO: check
+CVE-2011-3486 (Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to ...)
+	TODO: check
 CVE-2011-3485
 	RESERVED
 CVE-2011-3481 (The index_get_ids function in index.c in imapd in Cyrus IMAP Server ...)
@@ -116,10 +298,10 @@ CVE-2011-3426
 	RESERVED
 CVE-2011-3425
 	RESERVED
-CVE-2011-3424
-	RESERVED
-CVE-2011-3423
-	RESERVED
+CVE-2011-3424 (Session fixation vulnerability in the Managed File Transfer server in ...)
+	TODO: check
+CVE-2011-3423 (Cross-site scripting (XSS) vulnerability in the Managed File Transfer ...)
+	TODO: check
 CVE-2010-4839 (SQL injection vulnerability in the Event Registration plugin 5.32 and ...)
 	TODO: check
 CVE-2010-4838 (SQL injection vulnerability in the JSupport (com_jsupport) component ...)
@@ -384,8 +566,7 @@ CVE-2011-3347
 	RESERVED
 CVE-2011-3346
 	RESERVED
-CVE-2011-3345
-	RESERVED
+CVE-2011-3345 (ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ...)
 	- ofa-kernel <itp> (bug #541849)
 CVE-2011-3344
 	RESERVED
@@ -638,8 +819,8 @@ CVE-2011-3236
 	RESERVED
 CVE-2011-3235
 	RESERVED
-CVE-2011-3234
-	RESERVED
+CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle boxes, ...)
+	TODO: check
 CVE-2011-3233
 	RESERVED
 CVE-2011-3232
@@ -1578,10 +1759,10 @@ CVE-2011-2877
 	RESERVED
 CVE-2011-2876
 	RESERVED
-CVE-2011-2875
-	RESERVED
-CVE-2011-2874
-	RESERVED
+CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
+	TODO: check
+CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected pin ...)
+	TODO: check
 CVE-2011-2873
 	RESERVED
 CVE-2011-2872
@@ -1600,68 +1781,68 @@ CVE-2011-2866
 	RESERVED
 CVE-2011-2865
 	RESERVED
-CVE-2011-2864
-	RESERVED
+CVE-2011-2864 (Google Chrome before 14.0.835.163 does not properly handle Tibetan ...)
+	TODO: check
 CVE-2011-2863
 	RESERVED
-CVE-2011-2862
-	RESERVED
-CVE-2011-2861
-	RESERVED
-CVE-2011-2860
-	RESERVED
-CVE-2011-2859
-	RESERVED
-CVE-2011-2858
-	RESERVED
-CVE-2011-2857
-	RESERVED
-CVE-2011-2856
-	RESERVED
-CVE-2011-2855
-	RESERVED
-CVE-2011-2854
-	RESERVED
-CVE-2011-2853
-	RESERVED
-CVE-2011-2852
-	RESERVED
-CVE-2011-2851
-	RESERVED
-CVE-2011-2850
-	RESERVED
-CVE-2011-2849
-	RESERVED
-CVE-2011-2848
-	RESERVED
-CVE-2011-2847
-	RESERVED
-CVE-2011-2846
-	RESERVED
+CVE-2011-2862 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
+	TODO: check
+CVE-2011-2861 (Google Chrome before 14.0.835.163 does not properly handle strings in ...)
+	TODO: check
+CVE-2011-2860 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
+	TODO: check
+CVE-2011-2859 (Google Chrome before 14.0.835.163 uses incorrect permissions for ...)
+	TODO: check
+CVE-2011-2858 (Google Chrome before 14.0.835.163 does not properly handle triangle ...)
+	TODO: check
+CVE-2011-2857 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
+	TODO: check
+CVE-2011-2856 (Google V8, as used in Google Chrome before 14.0.835.163, allows remote ...)
+	TODO: check
+CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle Cascading ...)
+	TODO: check
+CVE-2011-2854 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
+	TODO: check
+CVE-2011-2853 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
+	TODO: check
+CVE-2011-2852 (Off-by-one error in Google V8, as used in Google Chrome before ...)
+	TODO: check
+CVE-2011-2851 (Google Chrome before 14.0.835.163 does not properly handle video, ...)
+	TODO: check
+CVE-2011-2850 (Google Chrome before 14.0.835.163 does not properly handle Khmer ...)
+	TODO: check
+CVE-2011-2849 (The WebSockets implementation in Google Chrome before 14.0.835.163 ...)
+	TODO: check
+CVE-2011-2848 (Google Chrome before 14.0.835.163 allows user-assisted remote ...)
+	TODO: check
+CVE-2011-2847 (Use-after-free vulnerability in the document loader in Google Chrome ...)
+	TODO: check
+CVE-2011-2846 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
+	TODO: check
 CVE-2011-2845
 	RESERVED
-CVE-2011-2844
-	RESERVED
-CVE-2011-2843
-	RESERVED
-CVE-2011-2842
-	RESERVED
-CVE-2011-2841
-	RESERVED
-CVE-2011-2840
-	RESERVED
+CVE-2011-2844 (Google Chrome before 14.0.835.163 does not properly process MP3 files, ...)
+	TODO: check
+CVE-2011-2843 (Google Chrome before 14.0.835.163 does not properly handle media ...)
+	TODO: check
+CVE-2011-2842 (The installer in Google Chrome before 14.0.835.163 on Mac OS X does ...)
+	TODO: check
+CVE-2011-2841 (Google Chrome before 14.0.835.163 does not properly perform garbage ...)
+	TODO: check
+CVE-2011-2840 (Google Chrome before 14.0.835.163 allows user-assisted remote ...)
+	TODO: check
 CVE-2011-2839 (The PDF implementation in Google Chrome before 13.0.782.215 on Linux ...)
 	- chromium-browser <not-affected> (Pdf plugin)
-CVE-2011-2838
-	RESERVED
-CVE-2011-2837
-	RESERVED
-CVE-2011-2836
-	RESERVED
-CVE-2011-2835
-	RESERVED
-CVE-2011-2834
-	RESERVED
+CVE-2011-2838 (Google Chrome before 14.0.835.163 does not properly consider the MIME ...)
+	TODO: check
+CVE-2011-2837 (Google Chrome before 14.0.835.163 on Linux does not use the PIC and ...)
+	TODO: check
+CVE-2011-2836 (Google Chrome before 14.0.835.163 does not require Infobar interaction ...)
+	TODO: check
+CVE-2011-2835 (Race condition in Google Chrome before 14.0.835.163 allows attackers ...)
+	TODO: check
+CVE-2011-2834 (Double free vulnerability in libxml2, as used in Google Chrome before ...)
+	TODO: check
 CVE-2011-2833
 	RESERVED
 CVE-2011-2832
@@ -1957,8 +2138,8 @@ CVE-2011-2740
 	RESERVED
 CVE-2011-2739
 	RESERVED
-CVE-2011-2738
-	RESERVED
+CVE-2011-2738 (Multiple unspecified vulnerabilities in Cisco Unified Service Monitor ...)
+	TODO: check
 CVE-2011-2737 (RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to ...)
 	NOT-FOR-US: RSA enVision
 CVE-2011-2736 (RSA enVision 4.x before 4 SP4 P3 places cleartext administrative ...)
@@ -4655,8 +4836,8 @@ CVE-2011-1742 (EMC Data Protection Advisor before 5.8.1 places cleartext account
 	NOT-FOR-US: EMC
 CVE-2011-1741 (Stack-based buffer overflow in ftserver.exe in the OpenText ...)
 	NOT-FOR-US: OpenText Hummingbird Client Connector
-CVE-2011-1740
-	RESERVED
+CVE-2011-1740 (EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote ...)
+	TODO: check
 CVE-2011-1739 (The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 ...)
 	NOT-FOR-US: FreeBSD mountd
 CVE-2011-1738 (HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in ...)
@@ -5967,7 +6148,7 @@ CVE-2011-1281 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 ...
 	NOT-FOR-US: MS Windows
 CVE-2011-1280 (The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server ...)
 	NOT-FOR-US: Microsoft InfoPath, SQL Server, SQL Server Management Studio Express, Visual Studio
-CVE-2011-1279 (Microsoft Excel 2002 SP3 and 2003 SP3; Office 2004 and 2008 for Mac, ...)
+CVE-2011-1279 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, ...)
 	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
 CVE-2011-1278 (Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly ...)
 	NOT-FOR-US: Microsoft Excel, Office
@@ -22103,7 +22284,7 @@ CVE-2010-XXXX [backup-manager: make sure password is not written to world-readab
 	NOTE: http://lists.debian.org/debian-release/2010/01/msg00181.html
 CVE-2010-XXXX [sudosh3: many security weaknesses]
 	- sudosh3 <removed> (high; bug #566142)
-CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash ActiveX ...)
+CVE-2010-0379 (Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX ...)
 	NOT-FOR-US: Macromedia Flash ActiveX
 CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as ...)
 	NOT-FOR-US: Adobe Flash
@@ -47900,7 +48081,7 @@ CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.
 	NOTE: closely related to CVE-2008-2108
 CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated ...)
 	NOT-FOR-US: Call of Duty
-CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.3, and 3.1.x before ...)
+CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before ...)
 	- bugzilla 3.0.4-1 (low)
 	[etch] - bugzilla <not-affected> (vulnerable code introduced in 2.23.4)
 CVE-2008-2104 (The WebService in Bugzilla 3.1.3 allows remote authenticated users ...)