automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@26470 e39458fd-73e7-0310-bf30-c45bca0a0e42

4 files changed, 67 insertions, 61 deletions

diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index 68d8334261..4fbb51f28f 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -1,5 +1,4 @@
-CVE-2001-1593 [insecure use of /tmp]
-	RESERVED
+CVE-2001-1593 (The tempname_ensure function lib/routines.h in a2ps 4.14 and earlier, ...)
 	{DSA-2892-1}
 	- a2ps 1:4.14-1.2 (low; bug #737385)
 	[wheezy] - a2ps <no-dsa> (Minor issue)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 40f9a636cb..a9ad3fef20 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -1,3 +1,7 @@
+CVE-2012-6641 (Cross-site scripting (XSS) vulnerability in redirect.php in the ...)
+	TODO: check
+CVE-2012-6640 (Cross-site scripting (XSS) vulnerability in Horde Internet Mail ...)
+	TODO: check
 CVE-2012-6639
 	RESERVED
 	- cloud-init 0.7.1-1
@@ -509,8 +513,8 @@ CVE-2012-6431 (Symfony 2.0.x before 2.0.20 does not process URL encoded data ...
 	NOT-FOR-US: Symfony
 CVE-2012-6430 (Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms ...)
 	NOT-FOR-US: Open Solution Quick.Cart and Quick.Cms
-CVE-2012-6429
-	RESERVED
+CVE-2012-6429 (Buffer overflow in the PrepareSync method in the SyncService.dll ...)
+	TODO: check
 CVE-2012-6428 (Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 ...)
 	NOT-FOR-US: Carlo Gavazzi EOS-Box
 CVE-2012-6427 (Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with ...)
@@ -2428,8 +2432,8 @@ CVE-2012-5650 (Cross-site scripting (XSS) vulnerability in the Futon UI in Apach
 CVE-2012-5649 [JSONP arbitrary code execution with Adobe Flash]
 	RESERVED
 	- couchdb 1.2.0-5 (bug #698439)
-CVE-2012-5648
-	RESERVED
+CVE-2012-5648 (Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow ...)
+	TODO: check
 CVE-2012-5647 (Open redirect vulnerability in node-util/www/html/restorer.php in Red ...)
 	NOT-FOR-US: OpenShift
 CVE-2012-5646 (node-util/www/html/restorer.php in the Red Hat OpenShift Origin before ...)
@@ -2692,14 +2696,11 @@ CVE-2012-5568 (Apache Tomcat through 7.0.x allows remote attackers to cause a de
 	[wheezy] - tomcat6 <no-dsa> (Minor issue)
 	- tomcat7 <unfixed> (low)
 	[wheezy] - tomcat7 <no-dsa> (Minor issue)
-CVE-2012-5567
-	RESERVED
+CVE-2012-5567 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
 	- kronolith2 <not-affected> (Vulnerable code not present in 2.x codebase and later versions not yet packaged in sid)
-CVE-2012-5566
-	RESERVED
+CVE-2012-5566 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
 	- kronolith2 <not-affected> (Vulnerable code not present in 2.x codebase and later versions not yet packaged in sid)
-CVE-2012-5565
-	RESERVED
+CVE-2012-5565 (Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in ...)
 	NOT-FOR-US: This doesn't seem to be packaged in sid's Horde and the imp3 and dimp1 packages from stable do not include the affected code
 CVE-2012-5564 (android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users ...)
 	- android-tools <unfixed> (bug #688280)
@@ -4222,8 +4223,8 @@ CVE-2012-4922 (The tor_timegm function in common/util.c in Tor before 0.2.2.39,
 	- tor 0.2.3.22-rc-1
 CVE-2012-4921
 	RESERVED
-CVE-2012-4920
-	RESERVED
+CVE-2012-4920 (Directory traversal vulnerability in the zing_forum_output function in ...)
+	TODO: check
 CVE-2012-4919
 	RESERVED
 CVE-2012-4918 (Call of Duty Elite for iOS 2.0.1 does not properly validate the server ...)
@@ -10943,8 +10944,7 @@ CVE-2012-2217 (The HTC IQRD service for Android on the HTC EVO 4G before 4.67.65
 	NOT-FOR-US: Android
 CVE-2012-2216
 	RESERVED
-CVE-2012-2095 [wicd command execution with root privileges]
-	RESERVED
+CVE-2012-2095 (The SetWiredProperty function in the D-Bus interface in WICD before ...)
 	- wicd 1.7.2.4-1 (low; bug #668397)
 	[squeeze] - wicd 1.7.0+ds1-5+squeeze2
 CVE-2012-2215 (Directory traversal vulnerability in the Preboot Service in Novell ...)
@@ -11921,8 +11921,8 @@ CVE-2012-1836 (Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might all
 	- inspircd 2.0.5-0.1 (bug #667914)
 CVE-2012-1835 (Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One ...)
 	NOT-FOR-US: All-in-One Event Calendar plugin for WordPress
-CVE-2012-1834
-	RESERVED
+CVE-2012-1834 (Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head ...)
+	TODO: check
 CVE-2012-1833 (VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does ...)
 	NOT-FOR-US: Grails
 CVE-2012-1832 (WellinTech KingView 6.53 allows remote attackers to execute arbitrary ...)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 6bd935125a..c12eeb57ed 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -4346,8 +4346,7 @@ CVE-2013-5682
 	RESERVED
 CVE-2013-5681
 	RESERVED
-CVE-2013-5680 [heap overflow]
-	RESERVED
+CVE-2013-5680 (Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, ...)
 	- hylafax <not-affected> (Not built with LDAP support)
 	NOTE: http://www.securityfocus.com/archive/1/528943/30/0/threaded
 CVE-2013-5679 (The authenticated-encryption feature in the symmetric-encryption ...)
@@ -7819,6 +7818,7 @@ CVE-2013-4324 (spice-gtk 0.14, and possibly other versions, invokes the polkit .
 CVE-2013-4323
 	RESERVED
 CVE-2013-4322 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before ...)
+	{DSA-2897-1}
 	- tomcat6 6.0.39
 	- tomcat7 7.0.50
 	- tomcat8 <itp> (bug #722675)
@@ -7944,6 +7944,7 @@ CVE-2013-4287 (Algorithmic complexity vulnerability in Gem::Version::VERSION_PAT
 	NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
 	NOTE: it a potential elevated CPU consumption doesn't add any extra harm
 CVE-2013-4286 (Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before ...)
+	{DSA-2897-1}
 	- tomcat6 6.0.39
 	- tomcat7 7.0.47
 	- tomcat8 <itp> (bug #722675)
@@ -8975,8 +8976,8 @@ CVE-2013-3932
 	RESERVED
 CVE-2013-3931
 	RESERVED
-CVE-2013-3930
-	RESERVED
+CVE-2013-3930 (Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows ...)
+	TODO: check
 CVE-2013-3929 (Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2013-3928 (Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in ...)
@@ -12890,8 +12891,8 @@ CVE-2013-2289 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Batavi
 CVE-2013-2288
 	RESERVED
-CVE-2013-2287
-	RESERVED
+CVE-2013-2287 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2013-2286
 	RESERVED
 CVE-2013-2285
@@ -13610,6 +13611,7 @@ CVE-2013-2072 (Buffer overflow in the Python bindings for the xc_vcpu_setaffinit
 	[squeeze] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
 	[wheezy] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
 CVE-2013-2071 (java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat ...)
+	{DSA-2897-1}
 	- tomcat7 7.0.40-1 (bug #707704)
 	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54178
 CVE-2013-2070 (http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and ...)
@@ -13623,7 +13625,7 @@ CVE-2013-2069 (Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x befor
 CVE-2013-2068 (Multiple directory traversal vulnerabilities in the AgentController in ...)
 	NOT-FOR-US: RedHat CloudForms Management Engine
 CVE-2013-2067 (java/org/apache/catalina/authenticator/FormAuthenticator.java in the ...)
-	{DSA-2725-1}
+	{DSA-2897-1 DSA-2725-1}
 	- tomcat7 7.0.33
 	- tomcat6 6.0.37
 CVE-2013-2066 (Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to ...)
@@ -14024,8 +14026,7 @@ CVE-2013-1948 (converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-depe
 	NOT-FOR-US: Ruby gem md2pdf
 CVE-2013-1947 (kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers ...)
 	NOT-FOR-US: Ruby Gem kelredd-pruview
-CVE-2013-1946
-	RESERVED
+CVE-2013-1946 (The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and ...)
 	NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module
 CVE-2013-1945
 	RESERVED
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index eaadd524c4..6d140c485b 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -1,3 +1,11 @@
+CVE-2014-2730 (The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and ...)
+	TODO: check
+CVE-2014-2729
+	RESERVED
+CVE-2014-2728
+	RESERVED
+CVE-2014-2727
+	RESERVED
 CVE-2014-XXXX [Open redirector]
 	- redmine <unfixed> (bug #743828)
 	NOTE: https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3
@@ -311,8 +319,7 @@ CVE-2014-2602
 	RESERVED
 CVE-2014-2601
 	RESERVED
-CVE-2014-2600
-	RESERVED
+CVE-2014-2600 (Unspecified vulnerability in HP IceWall Identity Manager 4.0 through ...)
 	NOT-FOR-US: HP
 CVE-2014-2598
 	RESERVED
@@ -1180,8 +1187,7 @@ CVE-2014-2216
 	RESERVED
 CVE-2014-2215
 	RESERVED
-CVE-2014-2210
-	RESERVED
+CVE-2014-2210 (Multiple directory traversal vulnerabilities in CA ERwin Web Portal ...)
 	NOT-FOR-US: Erwin Web Portal
 CVE-2014-2209
 	RESERVED
@@ -1309,12 +1315,12 @@ CVE-2014-2147
 	RESERVED
 CVE-2014-2146
 	RESERVED
-CVE-2014-2145
-	RESERVED
-CVE-2014-2144
-	RESERVED
-CVE-2014-2143
-	RESERVED
+CVE-2014-2145 (Directory traversal vulnerability in the messaging API in Cisco Unity ...)
+	TODO: check
+CVE-2014-2144 (Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which ...)
+	TODO: check
+CVE-2014-2143 (The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE ...)
+	TODO: check
 CVE-2014-2142
 	RESERVED
 CVE-2014-2141
@@ -1365,14 +1371,14 @@ CVE-2014-2119 (The End User Safelist/Blocklist (aka SLBL) service in Cisco Async
 	NOT-FOR-US: Cisco AsyncOS
 CVE-2014-2118 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: Cisco PRSM
-CVE-2014-2117
-	RESERVED
-CVE-2014-2116
-	RESERVED
-CVE-2014-2115
-	RESERVED
-CVE-2014-2114
-	RESERVED
+CVE-2014-2117 (Multiple open redirect vulnerabilities in Cisco Emergency Responder ...)
+	TODO: check
+CVE-2014-2116 (Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers ...)
+	TODO: check
+CVE-2014-2115 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2014-2114 (Cross-site scripting (XSS) vulnerability in UserServlet in Cisco ...)
+	TODO: check
 CVE-2014-2113 (Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2014-2112 (The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows ...)
@@ -1848,6 +1854,7 @@ CVE-2014-2031 [logic error]
 	NOTE: https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093
 CVE-2014-2030
 	RESERVED
+	{DSA-2898-1}
 	- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
 	[squeeze] - imagemagick <not-affected> (CVE only for versions with r1448 applied)
 	NOTE: for the issue in newer imagemagick versions using "L%06ld" string.
@@ -1878,6 +1885,7 @@ CVE-2014-1959 (lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11
 	NOTE: introduced by https://www.gitorious.org/gnutls/gnutls/commit/60ee8a0eb9975d123002b1cffbefd60a8cd5fae6
 CVE-2014-1958 [PSD Images Processing RLE Decoding Buffer Overflow Vulnerability]
 	RESERVED
+	{DSA-2898-1}
 	- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
 	[squeeze] - imagemagick <not-affected> (DecodePSDPixels function is not present)
 	NOTE: squeeze: DecodePSDPixels not present but there was a rewrite from DecodeImage?
@@ -1902,6 +1910,7 @@ CVE-2014-1948 (OpenStack Image Registry and Delivery Service (Glance) 2013.2 thr
 	NOTE: https://launchpad.net/bugs/1275062
 CVE-2014-1947 [Buffer overflow vulnerability]
 	RESERVED
+	{DSA-2898-1}
 	- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
 	NOTE: http://trac.imagemagick.org/changeset/13736
 	- graphicsmagick <unfixed>
@@ -4053,8 +4062,8 @@ CVE-2014-0829 (Multiple buffer overflows in IBM Rational ClearCase 7.x before ..
 	NOT-FOR-US: IBM Rational ClearCase
 CVE-2014-0828 (Cross-site scripting (XSS) vulnerability in the WCM (Web Content ...)
 	NOT-FOR-US: IBM WebSphere Portal
-CVE-2014-0827
-	RESERVED
+CVE-2014-0827 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim ...)
+	TODO: check
 CVE-2014-0826
 	RESERVED
 CVE-2014-0825
@@ -4132,8 +4141,8 @@ CVE-2014-0791 (Integer overflow in the license_read_scope_list function in ...)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45
 	NOTE: A malicous license has simpler means to DoS a RDP client, e.g. by simply stating that no valid license exists etc.
-CVE-2014-0789
-	RESERVED
+CVE-2014-0789 (Multiple buffer overflows in the OPC Automation 2.0 Server Object ...)
+	TODO: check
 CVE-2014-0788
 	RESERVED
 CVE-2014-0787
@@ -4435,11 +4444,9 @@ CVE-2014-0640
 	RESERVED
 CVE-2014-0639
 	RESERVED
-CVE-2014-0638
-	RESERVED
+CVE-2014-0638 (Cross-site scripting (XSS) vulnerability in RSA Adaptive ...)
 	NOT-FOR-US: RSA Adaptive Authentication
-CVE-2014-0637
-	RESERVED
+CVE-2014-0637 (Cross-site scripting (XSS) vulnerability in the back-office ...)
 	NOT-FOR-US: RSA Adaptive Authentication
 CVE-2014-0636
 	RESERVED
@@ -4529,8 +4536,8 @@ CVE-2014-0594
 	RESERVED
 CVE-2014-0593
 	RESERVED
-CVE-2014-0592
-	RESERVED
+CVE-2014-0592 (Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used ...)
+	TODO: check
 CVE-2014-0591 (The query_findclosestnsec3 function in query.c in named in ISC BIND ...)
 	- bind9 1:9.9.5.dfsg-2 (bug #735190)
 	[wheezy] - bind9 <not-affected> (Only exploitable in combination with glibc 2.17 and later)
@@ -5083,7 +5090,7 @@ CVE-2014-0348
 CVE-2014-0347
 	RESERVED
 CVE-2014-0346
-	RESERVED
+	REJECTED
 CVE-2014-0345
 	RESERVED
 CVE-2014-0344 (Properties.do in ZOHO ManageEngine OpStor before build 8500 does not ...)
@@ -5100,8 +5107,8 @@ CVE-2014-0339 (Cross-site scripting (XSS) vulnerability in view.cgi in Webmin be
 	NOT-FOR-US: Webmin
 CVE-2014-0338 (Multiple cross-site scripting (XSS) vulnerabilities in the firewall ...)
 	NOT-FOR-US: WatchGuard Fireware XTM
-CVE-2014-0337
-	RESERVED
+CVE-2014-0337 (Cross-site scripting (XSS) vulnerability in the web interface on ...)
+	TODO: check
 CVE-2014-0336 (Cross-site request forgery (CSRF) vulnerability in the web client in ...)
 	NOT-FOR-US: Serena Dimensions CM
 CVE-2014-0335 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...)
@@ -5457,8 +5464,7 @@ CVE-2014-0162
 	RESERVED
 CVE-2014-0161
 	RESERVED
-CVE-2014-0160 [OpenSSL 1.0.1 TLS/DTLS heartbeat information disclosure]
-	RESERVED
+CVE-2014-0160 (The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before ...)
 	{DSA-2896-1}
 	- openssl 1.0.1g-1 (bug #743883)
 	[squeeze] - openssl <not-affected> (vulnerable code introduced in upstream commit 4817504)
@@ -5845,7 +5851,7 @@ CVE-2014-0052
 CVE-2014-0051
 	RESERVED
 CVE-2014-0050 (MultipartStream.java in Apache Commons FileUpload before 1.3.1, as ...)
-	{DSA-2856-1}
+	{DSA-2897-1 DSA-2856-1}
 	- libcommons-fileupload-java 1.3.1-1
 	- tomcat7 7.0.52-1
 	- tomcat6 <not-affected> (access to Manager application limited to authenticated administrators)