automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6153 e39458fd-73e7-0310-bf30-c45bca0a0e42

4 files changed, 277 insertions, 66 deletions

diff --git a/data/CVE/1999.list b/data/CVE/1999.list
index 878f4a5dfb..8810df6b48 100644
--- a/data/CVE/1999.list
+++ b/data/CVE/1999.list
@@ -2839,7 +2839,7 @@ CVE-1999-0527 (The permissions for system-critical data in an anonymous FTP acco
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0524 (ICMP information such as netmask and timestamp is allowed from ...)
+CVE-1999-0524 (ICMP information such as (1) netmask and (2) timestamp is allowed from ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index c2291c430d..51942432a9 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -3381,7 +3381,7 @@ CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial o
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...)
 	- apache2 2.0.55-4 (bug #351246; low)
-        [sarge] - apache2 2.0.54-5sarge2
+	[sarge] - apache2 2.0.54-5sarge2
 CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...)
 	{DSA-1017-1}
 	- linux-2.6 2.6.15-4
@@ -3402,7 +3402,7 @@ CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module o
 	{DSA-1167-1}
 	- apache 1.3.34-2 (bug #343466; low)
 	- apache2 2.0.55-4 (bug #343467; bug #349793; low)
-        [sarge] - apache2 2.0.54-5sarge2
+	[sarge] - apache2 2.0.54-5sarge2
 	NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected
 	NOTE: Means oldstable and stable are affected
 CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...)
@@ -4458,7 +4458,7 @@ CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice
 	- koffice 1:1.3.5-5 (bug #333497; medium)
 CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain ...)
 	- apache2 2.0.55-1 (bug #340337; low)
-        [sarge] - apache2 2.0.54-5sarge2
+	[sarge] - apache2 2.0.54-5sarge2
 	NOTE: this occurs in the binary package apache2-mpm-worker
 CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...)
 	{DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1}
@@ -7003,8 +7003,7 @@ CVE-2005-1926
 	RESERVED
 CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...)
 	NOT-FOR-US: Tikiwiki
-CVE-2005-1924 [squirrelmail gpg plugin]
-	RESERVED
+CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote ...)
 	NOT-FOR-US: External Squirrelmail plugin not packaged in Debian
 CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...)
 	{DSA-737-1 DTSA-3-1}
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 900ccbfb10..1c4cac89a7 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -3213,9 +3213,9 @@ CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux .
 	- linux-2.6 <unfixed>
 CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...)
 	- apache2 <unfixed> (low)
-        [sarge] - apache2 2.0.54-5sarge2
+	[sarge] - apache2 2.0.54-5sarge2
 	- apache <removed> (low)
-        TODO: sf, when was this fixed in apache2 for unstable?
+	TODO: sf, when was this fixed in apache2 for unstable?
 CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
 	{DSA-1233}
 	- linux-2.6 2.6.18-8 (medium)
@@ -4252,10 +4252,10 @@ CVE-2006-5280 (PHP remote file inclusion vulnerability in includes/import-archiv
 	NOT-FOR-US: communityPortals
 CVE-2006-5279
 	RESERVED
-CVE-2006-5278
-	RESERVED
-CVE-2006-5277
-	RESERVED
+CVE-2006-5278 (Integer overflow in the Real-Time Information Server (RIS) Data ...)
+	TODO: check
+CVE-2006-5277 (Off-by-one error in the Certificate Trust List (CTL) Provider service ...)
+	TODO: check
 CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort ...)
 	- snort <not-affected> (snort versions 2.3.x do not contain the DCE RPC preprocessor)
 CVE-2006-5275
@@ -5918,6 +5918,7 @@ CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS
 CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 ...)
 	NOT-FOR-US: Novell eDirectory
 CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...)
+	{DSA-1335-1}
 	TODO: check
 CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...)
 	NOT-FOR-US: Qbik WinGate
@@ -6725,8 +6726,8 @@ CVE-2006-4171
 	RESERVED
 CVE-2006-4170
 	REJECTED
-CVE-2006-4169
-	RESERVED
+CVE-2006-4169 (Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin ...)
+	TODO: check
 CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in ...)
 	{DSA-1310-1}
 	- libexif 0.6.16-1 (bug #430012)
@@ -7279,7 +7280,7 @@ CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows
 CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 ...)
 	{DSA-1167-1}
 	- apache2 2.0.55-4.1 (bug #381376; low)
-        [sarge] - apache2 2.0.54-5sarge2
+	[sarge] - apache2 2.0.54-5sarge2
 	- apache 1.3.34-3 (bug #381381; low)
 CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. ...)
 	NOT-FOR-US: PHP Forge
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 7bdf836258..2553e2ffa4 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,3 +1,221 @@
+CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital Management ...)
+	TODO: check
+CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer Relationship ...)
+	TODO: check
+CVE-2007-3868 (Multiple unspecified vulnerabilities in PeopleTools in Oracle ...)
+	TODO: check
+CVE-2007-3867 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
+	TODO: check
+CVE-2007-3866 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
+	TODO: check
+CVE-2007-3865 (Unspecified vulnerability in the Oracle Customer Intelligence ...)
+	TODO: check
+CVE-2007-3864 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
+	TODO: check
+CVE-2007-3863 (Unspecified vulnerability in Oracle JDeveloper for Application Server ...)
+	TODO: check
+CVE-2007-3862 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and ...)
+	TODO: check
+CVE-2007-3861 (Unspecified vulnerability in Oracle Jdeveloper in Oracle Application ...)
+	TODO: check
+CVE-2007-3860 (Unspecified vulnerability in Oracle Application Express (formerly ...)
+	TODO: check
+CVE-2007-3859 (Unspecified vulnerability in the Oracle Internet Directory component ...)
+	TODO: check
+CVE-2007-3858 (Multiple unspecified vulnerabilities in in Oracle Database 10.2.0.3 ...)
+	TODO: check
+CVE-2007-3857 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow ...)
+	TODO: check
+CVE-2007-3856 (Unspecified vulnerability in the Oracle Data Mining component for ...)
+	TODO: check
+CVE-2007-3855 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...)
+	TODO: check
+CVE-2007-3854 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...)
+	TODO: check
+CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
+	TODO: check
+CVE-2007-3852
+	RESERVED
+CVE-2007-3851
+	RESERVED
+CVE-2007-3850
+	RESERVED
+CVE-2007-3849
+	RESERVED
+CVE-2007-3848
+	RESERVED
+CVE-2007-3847
+	RESERVED
+CVE-2007-3846
+	RESERVED
+CVE-2007-3845
+	RESERVED
+CVE-2007-3844
+	RESERVED
+CVE-2007-3843
+	RESERVED
+CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise ...)
+	TODO: check
+CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux ...)
+	TODO: check
+CVE-2007-3840 (SQL injection vulnerability in referralUrl.php in Traffic Stats allows ...)
+	TODO: check
+CVE-2007-3839 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in ...)
+	TODO: check
+CVE-2007-3838 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in ...)
+	TODO: check
+CVE-2007-3837 (Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC ...)
+	TODO: check
+CVE-2007-3836 (Format string vulnerability in HydraIRC 0.3.151 allows remote ...)
+	TODO: check
+CVE-2007-3835 (Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and ...)
+	TODO: check
+CVE-2007-3834 (Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH ...)
+	TODO: check
+CVE-2007-3833 (The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios ...)
+	TODO: check
+CVE-2007-3832 (Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in ...)
+	TODO: check
+CVE-2007-3831 (PHP remote file inclusion in main.php in ISS Proventia Network IPS ...)
+	TODO: check
+CVE-2007-3830 (Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia ...)
+	TODO: check
+CVE-2007-3829 (Multiple stack-based buffer overflows in (a) InterActual Player ...)
+	TODO: check
+CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows ...)
+	TODO: check
+CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain (aka ...)
+	TODO: check
+CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote ...)
+	TODO: check
+CVE-2007-3825
+	RESERVED
+CVE-2007-3824 (SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows ...)
+	TODO: check
+CVE-2007-3823 (The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows ...)
+	TODO: check
+CVE-2007-3822 (Multiple cross-site scripting (XSS) vulnerabilities in Webcit before ...)
+	TODO: check
+CVE-2007-3821 (Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 ...)
+	TODO: check
+CVE-2007-3820 (konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to ...)
+	TODO: check
+CVE-2007-3819 (Opera 9.21 allows remote attackers to spoof the data: URI scheme in ...)
+	TODO: check
+CVE-2007-3818 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module ...)
+	TODO: check
+CVE-2007-3817 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module ...)
+	TODO: check
+CVE-2007-3816 (JWIG might allow context-dependent attackers to cause a denial of ...)
+	TODO: check
+CVE-2007-3815 (Buffer overflow in pirs32.exe in Poslovni informator Republike ...)
+	TODO: check
+CVE-2007-3814 (Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote ...)
+	TODO: check
+CVE-2007-3813 (PHP remote file inclusion vulnerability in include/user.php in the ...)
+	TODO: check
+CVE-2007-3812 (SQL injection vulnerability in forums.php in CMScout 1.23 and earlier ...)
+	TODO: check
+CVE-2007-3811 (Multiple SQL injection vulnerabilities in eSyndiCat allow remote ...)
+	TODO: check
+CVE-2007-3810 (SQL injection vulnerability in index.php in Realtor 747 allows remote ...)
+	TODO: check
+CVE-2007-3809 (Multiple SQL injection vulnerabilities in Prozilla Directory Script ...)
+	TODO: check
+CVE-2007-3808 (SQL injection vulnerability in includes/search.php in paFileDB 3.6 ...)
+	TODO: check
+CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum ...)
+	TODO: check
+CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent attackers to ...)
+	TODO: check
+CVE-2007-3805 (The IKE implementation in Clavister CorePlus before 8.80.03, and ...)
+	TODO: check
+CVE-2007-3804 (The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before ...)
+	TODO: check
+CVE-2007-3803 (The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does ...)
+	TODO: check
+CVE-2007-3802 (The Decomposer component in multiple Symantec products may allow ...)
+	TODO: check
+CVE-2007-3801 (The Decomposer component in multiple Symantec products allows remote ...)
+	TODO: check
+CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan) component ...)
+	TODO: check
+CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7 and ...)
+	TODO: check
+CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 ...)
+	TODO: check
+CVE-2007-3797
+	RESERVED
+CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for ...)
+	TODO: check
+CVE-2007-3795 (Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, ...)
+	TODO: check
+CVE-2007-3794 (Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit ...)
+	TODO: check
+CVE-2007-3793 (SQL injection vulnerability in Job Management Partner 1/NETM/DM ...)
+	TODO: check
+CVE-2007-3792 (Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold ...)
+	TODO: check
+CVE-2007-3791 (Buffer overflow in the w_read function in sockets.c in Cami Sardinha ...)
+	TODO: check
+CVE-2007-3790 (The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 ...)
+	TODO: check
+CVE-2007-3789 (SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows ...)
+	TODO: check
+CVE-2007-3788 (The eSoft InstaGate EX2 UTM device stores the admin password within ...)
+	TODO: check
+CVE-2007-3787 (The eSoft InstaGate EX2 UTM device does not require entry of the old ...)
+	TODO: check
+CVE-2007-3786 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-3785 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
+	TODO: check
+CVE-2007-3784 (Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router ...)
+	TODO: check
+CVE-2007-3783 (SQL injection vulnerability in default.asp in enVivo!CMS allows remote ...)
+	TODO: check
+CVE-2007-3782 (MySQL Community Server before 5.0.45 allows remote authenticated users ...)
+	TODO: check
+CVE-2007-3781 (MySQL Community Server before 5.0.45 does not require privileges such ...)
+	TODO: check
+CVE-2007-3780 (MySQL Community Server before 5.0.45 allows remote attackers to cause ...)
+	TODO: check
+CVE-2007-3779 (PHP local file inclusion vulnerability in gpg_pop_init.php in the ...)
+	TODO: check
+CVE-2007-3778 (The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for ...)
+	TODO: check
+CVE-2007-3777 (avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free ...)
+	TODO: check
+CVE-2007-3776 (Cisco Unified Communications Manager (CUCM, formerly CallManager) and ...)
+	TODO: check
+CVE-2007-3775 (Unspecified vulnerability in Cisco Unified Communications Manager ...)
+	TODO: check
+CVE-2007-3774 (Dvbbs 7.1.0 SP1 stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2007-3773 (Cross-site request forgery (CSRF) vulnerability in the Email-Template ...)
+	TODO: check
+CVE-2007-3772 (Directory traversal vulnerability in news/show.php in PsNews 1.1 ...)
+	TODO: check
+CVE-2007-3771 (Stack-based buffer overflow in the Internet E-mail Auto-Protect ...)
+	TODO: check
+CVE-2007-3770 (The terminal_helper_execute function in terminal/terminal.c in Xfce ...)
+	TODO: check
+CVE-2007-3769 (Cross-site scripting (XSS) vulnerability in the mirrored server ...)
+	TODO: check
+CVE-2007-3768 (The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote ...)
+	TODO: check
+CVE-2007-3767
+	RESERVED
+CVE-2007-3766
+	RESERVED
+CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW ...)
+	TODO: check
+CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and ...)
+	TODO: check
+CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and ...)
+	TODO: check
+CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in ...)
+	TODO: check
 CVE-2007-XXXX [konqueror data: URL address bar spoofing]
 	- kdebase <unfixed> (bug #433072; low)
 	NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2
@@ -47,21 +265,16 @@ CVE-2007-3740
 	RESERVED
 CVE-2007-3739
 	RESERVED
-CVE-2007-3738 [Firefox XPCNativeWrapper code injection]
-	RESERVED
+CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 ...)
 	- iceweasel <unfixed> (medium)
-CVE-2007-3737 [Firefox insecure event handler code injection]
-	RESERVED
+CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute ...)
 	- iceweasel <unfixed>
-CVE-2007-3736 [Firefox addEventListener() and setTimeout () same-origin bypass]
-	RESERVED
+CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
 	- iceweasel <unfixed> (high)
-CVE-2007-3735 [memory corruption in layout engine]
-	RESERVED
+CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
 	- iceweasel <unfixed> (high)
 	- icedove <unfixed> (high)
-CVE-2007-3734 [memory corruption in js engine]
-	RESERVED
+CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel <unfixed> (high)
 	- icedove <unfixed> (high)
 CVE-2007-3733
@@ -184,8 +397,8 @@ CVE-2007-3675
 	RESERVED
 CVE-2007-3674
 	RESERVED
-CVE-2007-3673
-	RESERVED
+CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...)
+	TODO: check
 CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in ...)
 	TODO: check
 CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...)
@@ -241,18 +454,15 @@ CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3
 	TODO: check
 CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ...)
 	TODO: check
-CVE-2007-3645
-	RESERVED
+CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...)
 	- libarchive 2.2.4-1 (bug #432924; low)
-CVE-2007-3644
-	RESERVED
+CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...)
 	- libarchive 2.2.4-1 (bug #432924; low)
 CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...)
 	TODO: check
 CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c ...)
 	TODO: check
-CVE-2007-3641
-	RESERVED
+CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not ...)
 	- libarchive 2.2.4-1 (bug #432924; low)
 CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...)
 	TODO: check
@@ -264,7 +474,7 @@ CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attac
 	TODO: check
 CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...)
 	TODO: check
-CVE-2007-3635 (Unspecified vulnerability in the G/PGP (GPG) Plugin before 2.1 for ...)
+CVE-2007-3635 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before ...)
 	TODO: check
 CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for ...)
 	TODO: check
@@ -406,8 +616,8 @@ CVE-2007-3566
 	RESERVED
 CVE-2007-3565
 	RESERVED
-CVE-2007-3564 [curl doesn't check certificate parameters in GNUTLS mode]
-	RESERVED
+CVE-2007-3564 (libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does ...)
+	{DSA-1333-1}
 	- curl <unfixed> (low)
 CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV Arcade ...)
 	TODO: check
@@ -648,11 +858,11 @@ CVE-2007-3458 (The libsldap library in Sun Solaris 8, 9, and 10 allows local use
 	NOT-FOR-US: Sun Solaris libsldap
 CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP ...)
 	TODO: check
-CVE-2007-3456 (Unspecified vulnerability in Adobe Flash Player 9.0.45.0 and earlier ...)
+CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might ...)
 	TODO: check
 CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan ...)
 	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
-CVE-2007-3454 (Buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro ...)
+CVE-2007-3454 (Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in ...)
 	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
 CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows ...)
 	NOT-FOR-US: Papoo
@@ -1018,7 +1228,7 @@ CVE-2007-3287
 	RESERVED
 CVE-2007-3286
 	RESERVED
-CVE-2007-3285 (Mozilla Firefox allows remote attackers to bypass file type checks via ...)
+CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote ...)
 	- iceweasel <unfixed> (low)
 	- iceape <unfixed> (low)
 	- firefox <removed> (low)
@@ -1437,8 +1647,8 @@ CVE-2007-3105
 	RESERVED
 CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat Enterprise ...)
 	- linux-2.6 <unfixed>
-CVE-2007-3103
-	RESERVED
+CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat ...)
+	TODO: check
 CVE-2007-3102
 	RESERVED
 CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF ...)
@@ -1471,7 +1681,7 @@ CVE-2007-3090 (Mozilla Firefox does not properly manage a delay timer used in ..
 	- firefox <removed> (medium)
 	- mozilla <removed> (medium)
 	- xulrunner <unfixed> (medium)
-CVE-2007-3089 (Mozilla Firefox does not prevent use of document.write to replace an ...)
+CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write ...)
 	- iceweasel <unfixed> (low)
 	- iceape <unfixed> (low)
 	- firefox <removed> (low)
@@ -1623,18 +1833,18 @@ CVE-2007-3020
 	RESERVED
 CVE-2007-3019
 	RESERVED
-CVE-2007-3018
-	RESERVED
-CVE-2007-3017
-	RESERVED
+CVE-2007-3018 (activeWeb contentserver CMS before 5.6.2964 does not limit the ...)
+	TODO: check
+CVE-2007-3017 (The WYSIWYG editor applet in activeWeb contentserver CMS before ...)
+	TODO: check
 CVE-2007-3016
 	RESERVED
 CVE-2007-3015
 	RESERVED
-CVE-2007-3014
-	RESERVED
-CVE-2007-3013
-	RESERVED
+CVE-2007-3014 (Multiple cross-site scripting (XSS) vulnerabilities in activeWeb ...)
+	TODO: check
+CVE-2007-3013 (SQL injection vulnerability in activeWeb contentserver before 5.6.2964 ...)
+	TODO: check
 CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch ...)
 	TODO: check
 CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens ...)
@@ -1773,6 +1983,7 @@ CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KV
 CVE-2007-2950
 	RESERVED
 CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in the ...)
+	{DSA-1335-1}
 	- gimp 2.2.16-1 (medium)
 	- ingimp 2.2.16.20070710-1
 	NOTE: http://secunia.com/secunia_research/2007-63/advisory
@@ -2237,7 +2448,7 @@ CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted .
 CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...)
 	NOT-FOR-US: PrecisionID
 CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and ...)
-	{DSA-1302-1}
+	{DSA-1334-1 DSA-1302-1}
 	- freetype 2.2.1-6 (bug #425625)
 CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under the ...)
 	NOT-FOR-US: RunawaySoft
@@ -2978,8 +3189,8 @@ CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll) in
 	NOT-FOR-US: Macrovision
 CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging ...)
 	NOT-FOR-US: Cerulean Trillian
-CVE-2007-2417
-	RESERVED
+CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software ...)
+	TODO: check
 CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote ...)
 	NOT-FOR-US: E-Annu
 CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...)
@@ -3008,8 +3219,8 @@ CVE-2007-2404
 	RESERVED
 CVE-2007-2403
 	RESERVED
-CVE-2007-2402
-	RESERVED
+CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not perform ...)
+	TODO: check
 CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, and ...)
 	NOT-FOR-US: Apple
 CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, ...)
@@ -3018,18 +3229,18 @@ CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, and 10.4.9 and later performs an
 	NOT-FOR-US: Apple
 CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers ...)
 	NOT-FOR-US: Apple Safari
-CVE-2007-2397
-	RESERVED
-CVE-2007-2396
-	RESERVED
+CVE-2007-2397 (QuickTime for Java in Apple Quicktime before 7.2 does not properly ...)
+	TODO: check
+CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime before ...)
+	TODO: check
 CVE-2007-2395
 	RESERVED
-CVE-2007-2394
-	RESERVED
-CVE-2007-2393
-	RESERVED
-CVE-2007-2392
-	RESERVED
+CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and ...)
+	TODO: check
+CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2 allows ...)
+	TODO: check
+CVE-2007-2392 (Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows ...)
+	TODO: check
 CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 ...)
 	NOT-FOR-US: Apple
 CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows ...)
@@ -4192,7 +4403,7 @@ CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.
 	- php5 5.2.2-1
 CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server (httpd), ...)
 	- apache2 2.2.4-1 (low)
-        [sarge] - apache2 2.0.54-5sarge2
+	[sarge] - apache2 2.0.54-5sarge2
 	TODO: check apache 1
 	NOTE: see http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?view=markup&pathrev=551944
 CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...)