Cleanup double space after dot in notes to improve readability.

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@37391 e39458fd-73e7-0310-bf30-c45bca0a0e42

12 files changed, 30 insertions, 30 deletions

diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 94abf0951d..93476e5e18 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1000,7 +1000,7 @@ CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according
 CVE-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not report ...)
 	- net-tools <unfixed> (unimportant)
 	NOTE: This seems to be a misunderstanding of what the PROMISC flag
-	NOTE: is about.  ifconfig reports properly when it is set using
+	NOTE: is about. ifconfig reports properly when it is set using
 	NOTE: "ifconfig promisc".
 CVE-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of &quot;A0&quot; to encrypt ...)
 	NOT-FOR-US: Zaurus hardware
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index d2f077e6fd..8307be6da6 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -2813,7 +2813,7 @@ CVE-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows r
 	NOT-FOR-US: Historic mutt and Balsa issues, only a crasher anyway
 CVE-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...)
 	- mozilla 2:1.5-1
-	NOTE: May have been fixed in an earlier version.  Not clear how
+	NOTE: May have been fixed in an earlier version. Not clear how
 	NOTE: Mozilla's a/b versions map to the Debian version.
 CVE-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...)
 	- uw-imap 7:2002c
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index f4769b27a2..6170270ffc 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -5777,7 +5777,7 @@ CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1
 	[sarge] - openssh <no-dsa> (Minor issue)
 	NOTE: The directory traversal part has been fixed in OpenSSH 3.9p1.
 	NOTE: The "SUID/SGID across trust boundaries" issue remains, but is
-	NOTE: largely theoretic.  This is a rediscovery of CVE-2000-0992.
+	NOTE: largely theoretic. This is a rediscovery of CVE-2000-0992.
 	NOTE: jmm: 3.9p1 thus marked as fixed version
 CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...)
 	- apache 1.3.29.0.2-5
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index d7191c435c..47dee8be65 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -1339,7 +1339,7 @@ CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.
 	[sarge] - trac <unfixed> (medium)
 	NOTE: upstream bts at http://trac.edgewall.org/ticket/2473 claims this is
 	NOTE: fixed in http://trac.edgewall.org/changeset/2724 but it's a fairly
-	NOTE: invasive set of patches to backport.  basically most instances
+	NOTE: invasive set of patches to backport. basically most instances
 	NOTE: of input being escape()'d are no longer done so, and instead a
 	NOTE: Markup() function replaces them, and special checks are done
 	NOTE: on rendered HTML output to prevent XSS code from being displayed.
@@ -3398,7 +3398,7 @@ CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the vir
 	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
 	- php5 5.1.1-1 (bug #336654; low)
 	NOTE: According to CVE, this is a safe mode violation,
-	NOTE: therefore low impact.  (According to SuSE, it's an
+	NOTE: therefore low impact. (According to SuSE, it's an
 	NOTE: information leak.)
 CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...)
 	- php4 4:4.4.2-1 (bug #336645; bug #354678; low)
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 1a310d9e64..d99d276b39 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -1152,7 +1152,7 @@ CVE-2006-6731 (Multiple buffer overflows in Sun Java Development Kit (JDK) and J
 	- sun-java5 1.5.0-08-1
 CVE-2006-6730 (OpenBSD and NetBSD permit usermode code to kill the display server and ...)
 	NOTE: Access to DMA-capable hardware such as graphics cards can,
-	NOTE: by design, bypass security restrictions.  Not a real issue.
+	NOTE: by design, bypass security restrictions. Not a real issue.
 CVE-2006-6729 (Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier ...)
 	NOT-FOR-US: a-blog
 CVE-2006-6728 (Unspecified vulnerability in the info request mechanism in LAN ...)
@@ -10308,7 +10308,7 @@ CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP 5
 	- php4 4:4.4.4-1 (unimportant)
 	- php5 5.1.6-1 (unimportant)
 	NOTE: using a long enough path (>MAXPATHLEN) allows you to have
-	NOTE: tempnam create a file without the temp extension.  sounds like
+	NOTE: tempnam create a file without the temp extension. sounds like
 	NOTE: another shoot yourself in the foot issue, since the local user
 	NOTE: could just as easily create the file manually, and if the
 	NOTE: tempnam function is taking unsanitized input, it's an
@@ -11061,8 +11061,8 @@ CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before .
 	- pygresql 3.8-1.1 (medium)
 	[sarge] - pygresql <not-affected> (Already includes proper quoting)
 	NOTE: Beginning with version 7.5.4, postgresql is a transition
-	NOTE: package which does not contain actual code.  That's why
-	NOTE: it's marked as fixed here.  (Previous versions are vulnerable.)
+	NOTE: package which does not contain actual code. That's why
+	NOTE: it's marked as fixed here. (Previous versions are vulnerable.)
 	NOTE: The following packages needed to adapted to cope with the new system:
 	NOTE: psycopg 1.1.21-5 (bug #369230)
 	NOTE: python-pgsql 2.4.0-8 (bug #369250)
@@ -11075,8 +11075,8 @@ CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before .
 	- postgresql-7.4 1:7.4.13-1 (high)
 	- postgresql-8.1 8.1.4-1 (high)
 	NOTE: Beginning with version 7.5.4, postgresql is a transition
-	NOTE: package which does not contain actual code.  That's why
-	NOTE: it's marked as fixed here.  (Previous versions are vulnerable.)
+	NOTE: package which does not contain actual code. That's why
+	NOTE: it's marked as fixed here. (Previous versions are vulnerable.)
 CVE-2006-2312 (Argument injection vulnerability in the URI handler in Skype 2.0.*.104 ...)
 	NOT-FOR-US: Skype
 CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server and ...)
@@ -11533,7 +11533,7 @@ CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Tra
 	[sarge] - trac <unfixed> (medium)
 	NOTE: http://trac.edgewall.org/changeset/3201
 	NOTE: http://trac.edgewall.org/changeset/3287
-	NOTE: the second reference fixes a regression in the first.  i *believe*
+	NOTE: the second reference fixes a regression in the first. i *believe*
 	NOTE: that these correctly solve the problem, though we really ought
 	NOTE: to run this by upstream or the reporter.
 CVE-2006-2105 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 ...)
@@ -15224,7 +15224,7 @@ CVE-2006-0527 (BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder,
 	- bind 1:8.4.7-1 (low)
 	[sarge] - bind <no-dsa> (Architectual limitatiom, upgrade to BIND 9 as a a fix)
 	NOTE: BIND 8 is unsuitable for forwarder use because of its
-	NOTE: architecture.  Upgrade to BIND 9 as a fix.
+	NOTE: architecture. Upgrade to BIND 9 as a fix.
 	NOTE: This was fixed in sid by documenting it as an unfixable design limitation
 CVE-2006-0526 (The default configuration of the America Online (AOL) client software ...)
 	NOT-FOR-US: AOL
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 7c1053e0a8..fa2bd896ea 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -4802,7 +4802,7 @@ CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an untrus
 	[sarge] - openssh <no-dsa> (minor issue in weak security measure)
 	NOTE: An exploit needs limited control over the machine running a
 	NOTE: trusted X client, so this is only a slight privilege
-	NOTE: escalation.  The X Security extension is merely an afterthought
+	NOTE: escalation. The X Security extension is merely an afterthought
 	NOTE: and is unlikely to provide strong security guarantees.
 CVE-2007-4748 (Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream ...)
 	NOT-FOR-US: PowerPlayer
@@ -9345,7 +9345,7 @@ CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of serv
 	{DSA-1316-1}
 	- emacs21 21.4a+1-5.1 (bug #408929; low)
 	- emacs-snapshot <removed>
-	NOTE: The bug is not present in emacs22 22.2+1-1.  It was probably
+	NOTE: The bug is not present in emacs22 22.2+1-1. It was probably
 	NOTE: fixed before the first emacs22 upload.
 CVE-2007-2832 (Cross-site scripting (XSS) vulnerability in the web application ...)
 	NOT-FOR-US: Cisco
@@ -10467,7 +10467,7 @@ CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Obj
 	NOT-FOR-US: Microsoft Atlas
 CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ...)
 	- jquery <unfixed> (unimportant)
-	NOTE: the paper in this reference is a guideline on how to avoid writing unsafe jquery applications.  there really isn't anything to fix in the library itself.
+	NOTE: the paper in this reference is a guideline on how to avoid writing unsafe jquery applications. there really isn't anything to fix in the library itself.
 	NOTE: https://www.fortify.com/vulncat/en/vulncat/javascript/javascript_hijacking_ad_hoc_ajax.html
 CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...)
 	- gwt <removed> (unimportant; bug #563542)
@@ -12011,7 +12011,7 @@ CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2
 	[etch] - php4 6:4.4.4-8+etch1
 	[sarge] - php4 4:4.3.10-21
 	NOTE: This was fixed as a side-effect of previous security fixes, noting the
-	NOTE: status as of DSA-1286 as fixed version.  likewise the oldstable
+	NOTE: status as of DSA-1286 as fixed version. likewise the oldstable
 	NOTE: version was fixed.
 CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu ...)
 	NOT-FOR-US: Mambo module SWmenu
@@ -15485,7 +15485,7 @@ CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specif
 	[sarge] - slocate <not-affected> (Performs correct access checks)
 	[etch] - slocate <no-dsa> (Minor issue)
 	NOTE: slocate will allow users to find files in directories with the
-	NOTE: executable bit set but without the readable bit set.  This is
+	NOTE: executable bit set but without the readable bit set. This is
 	NOTE: an information leak.
 CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier ...)
 	NOT-FOR-US: uniForum
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index bcefc68ffd..4210bd9f45 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -7594,7 +7594,7 @@ CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; b
 	{DSA-1638-1 CVE-2006-5051}
 	- openssh 1:4.6p1-1 (low)
 	NOTE: The patch backported for CVE-2006-5051 was incorrect and did not
-	NOTE: fully address the issue.  The upstream fix in 4.4p1 was
+	NOTE: fully address the issue. The upstream fix in 4.4p1 was
 	NOTE: right, and it the next unstable upload after that was 4.6p1.
 CVE-2008-4100 (GNU adns 1.4 and earlier uses a fixed source port and sequential ...)
 	- adns 1.4-2 (unimportant; bug #492698)
@@ -8887,14 +8887,14 @@ CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) ...)
 	NOTE: Comment from tytso:
 	NOTE: Note: some people thinks this represents a security bug, since it
 	NOTE: might make the system go away while it is printing a large number of
-	NOTE: console messages, especially if a serial console is involved.  Hence,
+	NOTE: console messages, especially if a serial console is involved. Hence,
 	NOTE: it has been assigned CVE-2008-3528, but it requires that the attacker
 	NOTE: either has physical access to your machine to insert a USB disk with a
 	NOTE: corrupted filesystem image (at which point why not just hit the power
 	NOTE: button), or is otherwise able to convince the system administrator to
 	NOTE: mount an arbitrary filesystem image (at which point why not just
 	NOTE: include a setuid shell or world-writable hard disk device file or some
-	NOTE: such).  Me, I think they're just being silly.
+	NOTE: such). Me, I think they're just being silly.
 CVE-2008-3527 (arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects ...)
 	{DSA-1687-1}
 	- linux-2.6 2.6.21-1
@@ -11719,7 +11719,7 @@ CVE-2008-2321 (Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.
 CVE-2008-2320 (Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 ...)
 	NOT-FOR-US: Apple Mac OS X
 	NOTE: the original apple advisory (HT3613) is completely different from the current CVE
-	NOTE: description.  it claims that this is a webkit issue, which is completely wrong
+	NOTE: description. it claims that this is a webkit issue, which is completely wrong
 CVE-2008-2319
 	RESERVED
 CVE-2008-2318 (The WOHyperlink implementation in WebObjects in Apple Xcode tools ...)
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index f7c9021fce..dd802a3888 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -3187,7 +3187,7 @@ CVE-2009-3851 (Trusted Extensions in Sun Solaris 10 interferes with the operatio
 CVE-2009-3850 (Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to ...)
 	- blender <unfixed> (unimportant)
 	NOTE: attack vector is social engineering to get the user to open
-	NOTE: a malicious .blend file.  by design, blend files support
+	NOTE: a malicious .blend file. by design, blend files support
 	NOTE: all python operations, so ultimately any code can be executed
 CVE-2009-3849 (Multiple stack-based buffer overflows in HP OpenView Network Node ...)
 	NOT-FOR-US: HP OpenView Network Node Manager
@@ -11910,7 +11910,7 @@ CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux kern
 	NOTE: Original fix was incomplete/risky, see:
 	NOTE: <http://marc.info/?l=linux-kernel&m=123540732700371&w=2>
 	NOTE: Reproducer in <https://bugzilla.redhat.com/show_bug.cgi?id=486305>
-	NOTE: lacks initialzer for len.  Leak confirmed with fixed reproducer.
+	NOTE: lacks initialzer for len. Leak confirmed with fixed reproducer.
 CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux ...)
 	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
 	- linux-2.6 2.6.29-1 (low)
@@ -11996,8 +11996,8 @@ CVE-2009-XXXX [sysvinit: no-root option in expert installer exposes locally expl
 	NOTE: hardly a security issue, if an attacker has local access to the machine and you
 	NOTE: don't use encryption or something similar you have lost anyway
 	NOTE: - this ^ philosophy is flawed; it should not be trivial to get root just because you
-	NOTE:   have local access to the machine.  it is worth it to make it as difficult as
-	NOTE:   possible without impacting authorized users.  otherwise, why spend so much effort
+	NOTE:   have local access to the machine. it is worth it to make it as difficult as
+	NOTE:   possible without impacting authorized users. otherwise, why spend so much effort
 	NOTE:   to make sure xscreensaver, gdm, and login are rock solid?
 	NOTE: - i would like to track as low, rather than unimportant
 CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 ...)
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index b21be69756..fad9845a3a 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -8860,7 +8860,7 @@ CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; And
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43461
 	NOTE: the problem is that the standard-library strtod()
 	NOTE: parses "NAN(payload)" as a NaN with a user-defined payload, which is bad for the nan-boxing
-	NOTE: scheme used by webkit (and mozilla).  The fix is not to accept "NAN(payload)".
+	NOTE: scheme used by webkit (and mozilla). The fix is not to accept "NAN(payload)".
 	NOTE: test-case: -parseFloat("NAN(ffffeeeeeff0f)")
 	NOTE: reproduced with epiphany
 CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x ...)
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index fd3dd3a754..a586c41196 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -4394,7 +4394,7 @@ CVE-2011-3573 (Unspecified vulnerability in Oracle Communications Unified 7.0 al
 CVE-2011-3572
 	RESERVED
 CVE-2011-3571 (Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) ...)
-	NOTE: CVE was misused by Oracle.  Replaced by CVE-2012-0507.
+	NOTE: CVE was misused by Oracle. Replaced by CVE-2012-0507.
 CVE-2011-3570 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...)
 	NOT-FOR-US: Oracle Communications Unified
 CVE-2011-3569 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index d471ac208f..4cd62b09a9 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -39,7 +39,7 @@ CVE-2013-7440 [incorrect wildcard matching rules]
 	[squeeze] - python2.5 <no-dsa> (Minor issue)
 	NOTE: https://bugs.python.org/issue17997#msg194950
 	NOTE: https://hg.python.org/cpython/rev/10d0edadbcdd
-	NOTE: The CVE is only about refusing multiple wildcards.  Backporting that part only is not so difficult.
+	NOTE: The CVE is only about refusing multiple wildcards. Backporting that part only is not so difficult.
 CVE-2013-7439 (Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen ...)
 	{DSA-3224-1 DLA-199-1}
 	- libx11 2:1.6.0-1
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index ca5ca02a62..b7a7989acc 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -191,7 +191,7 @@ CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionalit
 	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8 (v2.2.0-rc2)
 	NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/4
 	NOTE: Per maintainer not a security issue:
-	NOTE: Qemu either leaks memory or loops infinitely.  Memory leakage can be easily
+	NOTE: Qemu either leaks memory or loops infinitely. Memory leakage can be easily
 	NOTE: mitigated using some kind of resource limits in security-sensitive environments,
 	NOTE: and looping can trivially be done inside the virtual machine just fine, achieving
 	NOTE: the same effect