automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5058 e39458fd-73e7-0310-bf30-c45bca0a0e42

2 files changed, 207 insertions, 16 deletions

diff --git a/data/CVE/1999.list b/data/CVE/1999.list
index 53ac13620f..d6b1f4f431 100644
--- a/data/CVE/1999.list
+++ b/data/CVE/1999.list
@@ -1,3 +1,5 @@
+CVE-1999-1590 (Directory traversal vulnerability in Muhammad A. Muquit wwwcount ...)
+	TODO: check
 CVE-1999-1589 (Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users ...)
 	NOT-FOR-US: IBM AIX
 CVE-1999-1588 (Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 ...)
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 0b20502fce..a1b8492489 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -1,3 +1,195 @@
+CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to ...)
+	TODO: check
+CVE-2006-6272 (Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP ...)
+	TODO: check
+CVE-2006-6271 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 ...)
+	TODO: check
+CVE-2006-6270 (Multiple SQL injection vulnerabilities in ASPMForum allow remote ...)
+	TODO: check
+CVE-2006-6269 (Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM ...)
+	TODO: check
+CVE-2006-6268 (SQL injection vulnerability in system/core/profile/profile.inc.php in ...)
+	TODO: check
+CVE-2006-6267 (PostNuke 0.7.5.0, and certain minor versions, allows remote attackers ...)
+	TODO: check
+CVE-2006-6266 (Teredo clients, when following item 6 of RFC4380 section 5.2.3, start ...)
+	TODO: check
+CVE-2006-6265 (Teredo clients, when located behind a restricted NAT, allow remote ...)
+	TODO: check
+CVE-2006-6264 (Teredo creates trusted peer entries for arbitrary incoming source ...)
+	TODO: check
+CVE-2006-6263 (Teredo clients, when source routing is enabled, recognize a Routing ...)
+	TODO: check
+CVE-2006-6262 (Directory traversal vulnerability in mboard.php in PHPJunkYard (aka ...)
+	TODO: check
+CVE-2006-6261 (Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows ...)
+	TODO: check
+CVE-2006-6260 (SQL injection vulnerability in login.asp in Redbinaria Sistema ...)
+	TODO: check
+CVE-2006-6259 (Multiple directory traversal vulnerabilities in (a) ...)
+	TODO: check
+CVE-2006-6258 (The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the ...)
+	TODO: check
+CVE-2006-6257 (The file manager in AlternC 0.9.5 and earlier, when warnings are ...)
+	TODO: check
+CVE-2006-6256 (Cross-site scripting (XSS) vulnerability in the file manager in ...)
+	TODO: check
+CVE-2006-6255 (Direct static code injection vulnerability in util.php in the NukeAI ...)
+	TODO: check
+CVE-2006-6254 (administration/telecharger.php in Cahier de texte 2.0 allows remote ...)
+	TODO: check
+CVE-2006-6253 (Cahier de texte 2.0 stores sensitive information under the web root, ...)
+	TODO: check
+CVE-2006-6252 (Microsoft Windows Live Messenger 8.0 and earlier, when gestual ...)
+	TODO: check
+CVE-2006-6251 (Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote ...)
+	TODO: check
+CVE-2006-6250 (Format string vulnerability in Songbird Media Player 0.2 and earlier ...)
+	TODO: check
+CVE-2006-6249 (Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and ...)
+	TODO: check
+CVE-2006-6248 (index.php in GPhotos 1.5 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2006-6247 (Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery ...)
+	TODO: check
+CVE-2006-6246 (Photo Organizer 2.32b and earlier does not properly check the ...)
+	TODO: check
+CVE-2006-6245 (Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b ...)
+	TODO: check
+CVE-2006-6244 (Coalescent Systems freePBX (formerly Asterisk Management Portal) ...)
+	TODO: check
+CVE-2006-6243 (Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow ...)
+	TODO: check
+CVE-2006-6242 (Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and ...)
+	TODO: check
+CVE-2006-6241 (Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to ...)
+	TODO: check
+CVE-2006-6240 (Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 ...)
+	TODO: check
+CVE-2006-6239 (webadmin in MailEnable NetWebAdmin Profession 2.32 and Enterprise 2.32 ...)
+	TODO: check
+CVE-2006-6238 (The AutoFill feature in Apple Safari 2.0.4 does not properly verify ...)
+	TODO: check
+CVE-2006-6237 (SQL injection vulnerability in the decode_cookie function in ...)
+	TODO: check
+CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...)
+	TODO: check
+CVE-2006-6235
+	RESERVED
+CVE-2006-6234 (Multiple SQL injection vulnerabilities in the Content module in ...)
+	TODO: check
+CVE-2006-6233 (SQL injection vulnerability in the Downloads module for unknown ...)
+	TODO: check
+CVE-2006-6232 (PHP remote file inclusion vulnerability in admin/index.php in ...)
+	TODO: check
+CVE-2006-6231 (vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2006-6230 (SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote ...)
+	TODO: check
+CVE-2006-6229 (Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs ...)
+	TODO: check
+CVE-2006-6228 (Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar ...)
+	TODO: check
+CVE-2006-6227 (The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and ...)
+	TODO: check
+CVE-2006-6226 (Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, ...)
+	TODO: check
+CVE-2006-6225 (Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 ...)
+	TODO: check
+CVE-2006-6224 (PHP remote file inclusion vulnerability in the installation scripts in ...)
+	TODO: check
+CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search Appliance ...)
+	TODO: check
+CVE-2006-6222
+	RESERVED
+CVE-2006-6221
+	RESERVED
+CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes ...)
+	TODO: check
+CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+	TODO: check
+CVE-2006-6218 (Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow ...)
+	TODO: check
+CVE-2006-6217 (PHP remote file inclusion vulnerability in formdisp.php in the Mermaid ...)
+	TODO: check
+CVE-2006-6216 (SQL injection vulnerability in admin_hacks_list.php in the Nivisec ...)
+	TODO: check
+CVE-2006-6215 (Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper ...)
+	TODO: check
+CVE-2006-6214 (SQL injection vulnerability in wallpaper.php in Wallpaper Website ...)
+	TODO: check
+CVE-2006-6213 (index.php in PEGames uses the extract function to overwrite critical ...)
+	TODO: check
+CVE-2006-6212 (PHP remote file inclusion vulnerability in centre.php in Site News ...)
+	TODO: check
+CVE-2006-6211 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 ...)
+	TODO: check
+CVE-2006-6210 (SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows ...)
+	TODO: check
+CVE-2006-6209 (Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart ...)
+	TODO: check
+CVE-2006-6208 (Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds ...)
+	TODO: check
+CVE-2006-6207 (SQL injection vulnerability in products.asp in Evolve shopping cart ...)
+	TODO: check
+CVE-2006-6206 (SQL injection vulnerability in item.asp in WarHound General Shopping ...)
+	TODO: check
+CVE-2006-6205 (Multiple cross-site scripting (XSS) vulnerabilities in result.asp in ...)
+	TODO: check
+CVE-2006-6204 (Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow ...)
+	TODO: check
+CVE-2006-6203 (Directory traversal vulnerability in startdown.php in the Flyspray ME ...)
+	TODO: check
+CVE-2006-6202 (PHP remote file inclusion vulnerability in modules/NukeAI/util.php in ...)
+	TODO: check
+CVE-2006-6201 (Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by ...)
+	TODO: check
+CVE-2006-6200 (Multiple SQL injection vulnerabilities in the (1) rate_article and (2) ...)
+	TODO: check
+CVE-2006-6199 (Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and ...)
+	TODO: check
+CVE-2006-6198 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...)
+	TODO: check
+CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in b2evolution ...)
+	TODO: check
+CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
+	TODO: check
+CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery ...)
+	TODO: check
+CVE-2006-6194 (Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey ...)
+	TODO: check
+CVE-2006-6193 (SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier ...)
+	TODO: check
+CVE-2006-6192 (Unspecified scripts in the admin directory in 8pixel.net SimpleBlog ...)
+	TODO: check
+CVE-2006-6191 (SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog ...)
+	TODO: check
+CVE-2006-6190 (SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 ...)
+	TODO: check
+CVE-2006-6189 (SQL injection vulnerability in displayCalendar.asp in ClickTech Click ...)
+	TODO: check
+CVE-2006-6188 (Cross-site scripting (XSS) vulnerability in view_search.asp in ...)
+	TODO: check
+CVE-2006-6187 (Multiple SQL injection vulnerabilities in ClickTech Click Gallery ...)
+	TODO: check
+CVE-2006-6186 (Multiple directory traversal vulnerabilities in enomphp 4.0 allow ...)
+	TODO: check
+CVE-2006-6185 (Directory traversal vulnerability in script.php in Wabbit PHP Gallery ...)
+	TODO: check
+CVE-2006-6184 (Multiple stack-based buffer overflows in Allied Telesyn TFTP Server ...)
+	TODO: check
+CVE-2006-6183 (Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and ...)
+	TODO: check
+CVE-2006-6182 (The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop ...)
+	TODO: check
+CVE-2006-6181 (Multiple SQL injection vulnerabilities in default.asp in ClickTech ...)
+	TODO: check
+CVE-2006-6180 (Cross-site scripting (XSS) vulnerability in articles.asp in ...)
+	TODO: check
+CVE-2006-6179 (Buffer overflow in ...)
+	TODO: check
+CVE-2006-6178 (Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for ...)
+	TODO: check
 CVE-2006-XXXX [libxslt segfault / DoS]
 	- libxslt 1.1.18-3 (low)
 	[sarge] - libxslt <not-affected> (vulnerability added later)
@@ -99,7 +291,7 @@ CVE-2006-6131 (Untrusted search path vulnerability in (1) WSAdminServer and (2)
 	NOT-FOR-US: Kerio WebSTAR
 CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial of ...)
 	NOTE: NOT-FOR-US (Apple Mac OS X)
-CVE-2006-6169 (Buffer overflow in the ask_outfile_name function in openfile.c for ...)
+CVE-2006-6169 (Heap-based buffer overflow in the ask_outfile_name function in ...)
 	- gnupg 1.4.5-3 (medium)
 	- gnupg2 <unfixed> (medium; bug #400777)
 CVE-2006-XXXX [several security issues in phpmyadmin]
@@ -127,8 +319,7 @@ CVE-2006-6122 (Multiple buffer overflows in TIN before 1.8.2 have unspecified im
 	- tin 1:1.8.2-1
 CVE-2006-6121 (Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers ...)
 	NOT-FOR-US: Acer
-CVE-2006-6120 [KOffice PowerPoint Files Integer Overflow Vulnerability]
-	RESERVED
+CVE-2006-6120 (Integer overflow in the KPresenter import filter for Microsoft ...)
 	- koffice 1:1.6.1-1 (bug #401230; medium)
 CVE-2006-6119 (mmgallery 1.55 allows remote attackers to obtain sensitive information ...)
 	NOT-FOR-US: mmgallery
@@ -229,8 +420,7 @@ CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping C
 	NOT-FOR-US: Enthrallweb eShopping Cart
 CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in ...)
 	NOT-FOR-US: BPG-InfoTech Easy Publisher
-CVE-2006-6071 [TWiki Authentication Bypass Vulnerability]
-	RESERVED
+CVE-2006-6071 (TWiki 4.0.5 and earlier, when running under Apache 1.3 using ...)
 	- twiki 1:4.0.5-2 (bug #401303)
 CVE-2006-6070 (SQL injection vulnerability in module/account/register/register.asp in ...)
 	NOT-FOR-US: ASP Nuke
@@ -680,8 +870,8 @@ CVE-2006-5856
 	RESERVED
 CVE-2006-5855
 	RESERVED
-CVE-2006-5854
-	RESERVED
+CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll) in ...)
+	TODO: check
 CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy ...)
 	NOT-FOR-US: Immediacy CMS
 CVE-2006-5852 (Untrusted search path vulnerability in openexec in OpenBase SQL before ...)
@@ -896,10 +1086,9 @@ CVE-2006-5753
 	RESERVED
 CVE-2006-5752
 	RESERVED
-CVE-2006-5751 [Linux Kernel "get_fdb_entries()" Integer Overflow Vulnerability]
-	RESERVED
+CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
 	- linux-2.6 <unfixed> (medium)
-CVE-2006-5750 (Directory traversal vulnerability in JBoss Application Server ...)
+CVE-2006-5750 (Directory traversal vulnerability in the DeploymentFileRepository ...)
 	NOT-FOR-US: JBoss
 CVE-2006-5749
 	RESERVED
@@ -2041,7 +2230,7 @@ CVE-2006-5223 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: User Viewed Posts Tracker module for phpBB
 CVE-2006-5222 (Multiple PHP remote file inclusion vulnerabilities in Dimension of ...)
 	NOT-FOR-US: Dimension of phpBB
-CVE-2006-5221 (Multiple SQL injection vulnerabilities in Cahier de textes 2.0 allow ...)
+CVE-2006-5221 (Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow ...)
 	NOT-FOR-US: Cahier de textes
 CVE-2006-5220 (Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, ...)
 	NOT-FOR-US: WebYep
@@ -3583,8 +3772,7 @@ CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local user
 	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-4515
 	RESERVED
-CVE-2006-4514 [unspecified libgsf security issue (IDEF1622)]
-	RESERVED
+CVE-2006-4514 (Heap-based buffer overflow in the ole_info_read_metabat function in ...)
 	{DSA-1221-1}
 	- libgsf 1.14.2-1
 CVE-2006-4513 (Multiple integer overflows in the WV library in wvWare (formerly ...)
@@ -6461,7 +6649,8 @@ CVE-2006-3250 (Heap-based buffer overflow in Windows Live Messenger 8.0 allows .
 	NOT-FOR-US: Windows Live Messenger
 CVE-2006-3249 (** DISPUTED ** ...)
 	NOT-FOR-US: Phorum
-CVE-2006-3248 (SQL injection vulnerability in calendar.php in Codewalkers PHP Event ...)
+CVE-2006-3248
+	REJECTED
 	NOT-FOR-US: PHP Event Calendar
 CVE-2006-3247 (Multiple cross-site scripting (XSS) vulnerabilities in show.php in ...)
 	NOT-FOR-US: GL-SH Deaf Forum
@@ -7721,7 +7910,7 @@ CVE-2006-2695 (admin/upprocess.php in DGNews 1.5 and earlier allows remote attac
 	NOT-FOR-US: DGNews
 CVE-2006-2694 (Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro ...)
 	NOT-FOR-US: EzUpload
-CVE-2006-2693 (Directory traversal vulnerability in admin_hacks_list.php in Nivisec ...)
+CVE-2006-2693 (Directory traversal vulnerability in admin/admin_hacks_list.php in ...)
 	NOT-FOR-US: Nivisec
 CVE-2006-2692 (Multiple unspecified vulnerabilities in aMuleWeb for AMule before ...)
 	- amule 2.1.2-1 (medium)
@@ -8529,7 +8718,7 @@ CVE-2006-2317 (Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and ea
 	NOT-FOR-US: Ideal Science
 CVE-2006-2316 (S24EvMon.exe in the Intel PROset/Wireless software, possibly ...)
 	NOT-FOR-US: Intel Windows software
-CVE-2006-2315 (PHP remote file inclusion vulnerability in session.inc.php in ...)
+CVE-2006-2315 (** DISPUTED ** ...)
 	NOT-FOR-US: ISPConfig
 CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...)
 	{DSA-1087-1}