automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@4250 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2006-06-16 21:14:30 +0000
committer: Joey Hess <joeyh@debian.org> 2006-06-16 21:14:30 +0000
commit: 5a9f25618deeb72f01f2535fb8c8e867c41b21d2 (patch)
tree: 7c90f89677c8ac55fc3522fbd9640d9899d7745e
parent: 21fcb5a23a39050b4a8c6526ed75f5ae70fa1a98 (diff)
5 files changed, 116 insertions, 14 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list
index e20aad2d21..7bf588a10d 100644
--- a/data/CVE/1999.list
+++ b/data/CVE/1999.list
@@ -1,3 +1,5 @@
+CVE-1999-1589 (Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users ...)
+	TODO: check
 CVE-1999-1588 (Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 ...)
 	NOT-FOR-US: Sun Solaris
 CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier ...)
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 5262b15c91..7042de99dc 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1,3 +1,7 @@
+CVE-2002-2215 (The imap_header function in the IMAP functionality for PHP before ...)
+	TODO: check
+CVE-2002-2214 (The php_if_imap_mime_header_decode function in the IMAP functionality ...)
+	TODO: check
 CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when ...)
 	NOT-FOR-US: Infoblox DNS One
 CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when ...)
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index 8c00f5637c..fa19786729 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1,3 +1,7 @@
+CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP ...)
+	TODO: check
+CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote attackers to ...)
+	TODO: check
 CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x ...)
 	- sun-java5 1.5.0-06-1 (low)
 CVE-2003-1300 (Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May ...)
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index 3ba780048d..f71984440e 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -5623,6 +5623,7 @@ CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge
 	NOTE: Direct flooding is possible as well in most circumstances.
 	NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian
 CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...)
+	{DSA-1094-1}
 	- gforge (bug #328224; medium)
 	NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian
 CVE-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...)
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 40144828fa..64d9bc8ec9 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -1,3 +1,97 @@
+CVE-2006-3057 (Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) ...)
+	TODO: check
+CVE-2006-3056 (SQL injection vulnerability in language.php in VBZooM 1.01 allows ...)
+	TODO: check
+CVE-2006-3055 (Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote ...)
+	TODO: check
+CVE-2006-3054 (Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote ...)
+	TODO: check
+CVE-2006-3053 (PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 ...)
+	TODO: check
+CVE-2006-3052 (Cross-site scripting (XSS) vulnerability in Event Registration allows ...)
+	TODO: check
+CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0 and ...)
+	TODO: check
+CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0 and ...)
+	TODO: check
+CVE-2006-3049 (Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in ...)
+	TODO: check
+CVE-2006-3048 (SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier ...)
+	TODO: check
+CVE-2006-3047 (Cross-site scripting (XSS) vulnerability in tikiwiki 1.9.3.2 and ...)
+	TODO: check
+CVE-2006-3046 (Unspecified vulnerability in the admin login feature in Subtext 1.5, ...)
+	TODO: check
+CVE-2006-3045 (PHP remote file inclusion vulnerability in manage_songs.php in Foing ...)
+	TODO: check
+CVE-2006-3044 (Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows ...)
+	TODO: check
+CVE-2006-3043 (Cross-site scripting (XSS) vulnerability in search.cfm in CFXe-CMS 2.0 ...)
+	TODO: check
+CVE-2006-3042 (Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 ...)
+	TODO: check
+CVE-2006-3041 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-3040 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-3039 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...)
+	TODO: check
+CVE-2006-3038 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...)
+	TODO: check
+CVE-2006-3037 (Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ...)
+	TODO: check
+CVE-2006-3036 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2006-3035 (Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in ...)
+	TODO: check
+CVE-2006-3034 (MyScrapbook 3.1 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2006-3033 (Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows ...)
+	TODO: check
+CVE-2006-3032 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP ...)
+	TODO: check
+CVE-2006-3031 (Multiple cross-site scripting (XSS) vulnerabilities in index.asp in ...)
+	TODO: check
+CVE-2006-3030 (Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping ...)
+	TODO: check
+CVE-2006-3029 (Cross-site scripting (XSS) vulnerability in default.asp in ClickTech ...)
+	TODO: check
+CVE-2006-3028 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-3027 (Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and ...)
+	TODO: check
+CVE-2006-3026 (Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery ...)
+	TODO: check
+CVE-2006-3025 (Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea ...)
+	TODO: check
+CVE-2006-3024 (Multiple cross-site scripting (XSS) vulnerabilities in EvGenius ...)
+	TODO: check
+CVE-2006-3023 (Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp ...)
+	TODO: check
+CVE-2006-3022 (Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery ...)
+	TODO: check
+CVE-2006-3021 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar ...)
+	TODO: check
+CVE-2006-3020 (Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp ...)
+	TODO: check
+CVE-2006-3019 (Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 ...)
+	TODO: check
+CVE-2006-3018 (Unspecified vulnerability in the session extension functionality in ...)
+	TODO: check
+CVE-2006-3017 (Unspecified vulnerability in PHP before 5.1.3 can prevent a variable ...)
+	TODO: check
+CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...)
+	TODO: check
+CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows ...)
+	TODO: check
+CVE-2006-3014
+	RESERVED
+CVE-2006-3013
+	RESERVED
+CVE-2006-3012
+	RESERVED
+CVE-2006-3011
+	RESERVED
 CVE-2006-XXXX [snarf: crash on invalid response to the PASV command]
 	- snarf 7.0-5
 CVE-2006-3010 (Multiple SQL injection vulnerabilities in Open Business Management ...)
@@ -192,8 +286,7 @@ CVE-2006-2918
 	RESERVED
 CVE-2006-2917
 	RESERVED
-CVE-2006-2916 [artswrapper local root]
-	RESERVED
+CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...)
 	- arts <unfixed> (bug filed; low)
 	NOTE: artswrapper is not suid root by default, but README.Debian describes it
 CVE-2006-2915
@@ -208,8 +301,8 @@ CVE-2006-2911
 	RESERVED
 CVE-2006-2910
 	RESERVED
-CVE-2006-2909
-	RESERVED
+CVE-2006-2909 (Stack-based buffer overflow in the info tip shell extension ...)
+	TODO: check
 CVE-2006-2908 (The domecode function in inc/functions_post.php in MyBulletinBoard ...)
 	NOT-FOR-US: MyBB
 CVE-2006-2907
@@ -591,7 +684,7 @@ CVE-2006-2762 (PHP remote file inclusion vulnerability in includes/config.php in
 	- webcalendar 1.0.4-1 (medium)
 CVE-2006-2761 (SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, ...)
 	NOT-FOR-US: Hitachi
-CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nForum 0.91 allows ...)
+CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 ...)
 	NOT-FOR-US: 4nForum
 CVE-2006-2759 (jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary ...)
 	TODO: check
@@ -820,6 +913,7 @@ CVE-2006-2646 (Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, all
 CVE-2006-2645 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Plume
 CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote authenticated ...)
+	{DSA-1075-1}
 	- awstats 6.5-2 (bug #365910)
 CVE-2006-XXXX [libxine1 overflow via a specially-crafted AVI file]
 	- xine-lib 1.1.1-2 (bug #369876; medium)
@@ -1242,8 +1336,7 @@ CVE-2006-2451
 	RESERVED
 CVE-2006-2450
 	RESERVED
-CVE-2006-2449 [kdm arbitrary file read via symlink]
-	RESERVED
+CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users ...)
 	- kdebase <unfixed> (bug filed; medium)
 CVE-2006-2448
 	RESERVED
@@ -1381,7 +1474,7 @@ CVE-2006-2382 (Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP
 	NOT-FOR-US: Microsoft
 CVE-2006-2381
 	RESERVED
-CVE-2006-2380 (Microsoft Windows XP SP1 and SP2, Server 2003 SP1 and earlier, Windows ...)
+CVE-2006-2380 (Microsoft Windows 2000 SP4 does not properly validate an RPC server ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-2379 (Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows ...)
 	NOT-FOR-US: Microsoft
@@ -1787,15 +1880,13 @@ CVE-2006-2199
 	RESERVED
 CVE-2006-2198
 	RESERVED
-CVE-2006-2197 [wv2 integer overflow]
-	RESERVED
+CVE-2006-2197 (Integer overflow in wv2 before 0.2.2 might allow context-dependent ...)
 	{DSA-1100}
 	- wv2 <unfixed> (medium)
 CVE-2006-2196 [pinball loads levels and compiled plugins from user-controllable locations]
 	RESERVED
 	- pinball 0.3.1-6
-CVE-2006-2195 [horde XSS]
-	RESERVED
+CVE-2006-2195 (Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before ...)
 	{DSA-1099-1 DSA-1098-1}
 	- horde3 3.1.1-3
 CVE-2006-2194
@@ -4135,7 +4226,7 @@ CVE-2006-1195 (The enet_protocol_handle_send_fragment function in protocol.c for
 	NOT-FOR-US: Enet lib (Cube, Sauerbraten)
 CVE-2006-1194 (Integer signedness error in the enet_protocol_handle_incoming_commands ...)
 	NOT-FOR-US: Enet lib (Cube, Sauerbraten)
-CVE-2006-1193 (Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook ...)
+CVE-2006-1193 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...)
 	TODO: check
 CVE-2006-1192 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
 	NOT-FOR-US: Microsoft
@@ -4176,7 +4267,7 @@ CVE-2006-1175 (The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe fo
 	TODO: check
 CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other versions ...)
 	- shadow 1:4.0.15-10 (low)
-CVE-2006-1173 (Unspecified vulnerability in HP Tru64 UNIX 4.0F PK8 up to 5.1B-3 and ...)
+CVE-2006-1173 (Sendmail before 8.13.7 allows remote attackers to cause a denial of ...)
 	- sendmail 8.13.7-1 (low)
 CVE-2006-1172 (Stack-based buffer overflow in the createPKCS10 function in ...)
 	NOT-FOR-US: ActiveX control
author	Joey Hess <joeyh@debian.org>	2006-06-16 21:14:30 +0000
committer	Joey Hess <joeyh@debian.org>	2006-06-16 21:14:30 +0000
commit	5a9f25618deeb72f01f2535fb8c8e867c41b21d2 (patch)
tree	7c90f89677c8ac55fc3522fbd9640d9899d7745e
parent	21fcb5a23a39050b4a8c6526ed75f5ae70fa1a98 (diff)