automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6868 e39458fd-73e7-0310-bf30-c45bca0a0e42

5 files changed, 185 insertions, 15 deletions

diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index aa3dac596e..ed1f6b464b 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -1,3 +1,7 @@
+CVE-2001-1585 (SSH protocol 2 (aka SSH-2) public key authentication in the ...)
+	TODO: check
+CVE-2001-1584 (CardBoard 2.4 greeting card CGI by Michael Barretto allows remote ...)
+	TODO: check
 CVE-2001-1583 (lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers ...)
 	NOT-FOR-US: Solaris
 CVE-2001-1582 (Buffer overflow in the LDAP naming services library (libsldap) in Sun ...)
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index e89147ee14..75b2c370a1 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -1,3 +1,79 @@
+CVE-2004-2725 (Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 ...)
+	TODO: check
+CVE-2004-2724 (LionMax Software Chat Anywhere 2.72a allows remote attackers to cause ...)
+	TODO: check
+CVE-2004-2723 (NessusWX 1.4.4 stores account passwords in plaintext in .session ...)
+	TODO: check
+CVE-2004-2722 (** DISPUTED ** ...)
+	TODO: check
+CVE-2004-2721 (The CheckGroup function in openSkat VTMF before 2.1 generates public ...)
+	TODO: check
+CVE-2004-2720 (Cross-site scripting (XSS) vulnerability in register.asp in Snitz ...)
+	TODO: check
+CVE-2004-2719 (Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail ...)
+	TODO: check
+CVE-2004-2718 (PHPMyChat 0.14.5 does not remove or protect setup.php3 after ...)
+	TODO: check
+CVE-2004-2717 (Multiple directory traversal vulnerabilities in admin.php3 in ...)
+	TODO: check
+CVE-2004-2716 (Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat ...)
+	TODO: check
+CVE-2004-2715 (edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass ...)
+	TODO: check
+CVE-2004-2714 (Unspecified vulnerability in Window Maker 0.80.2 and earlier allows ...)
+	TODO: check
+CVE-2004-2713 (** DISPUTED ** ...)
+	TODO: check
+CVE-2004-2712 (Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 ...)
+	TODO: check
+CVE-2004-2711 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 ...)
+	TODO: check
+CVE-2004-2710 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 ...)
+	TODO: check
+CVE-2004-2709 (Buffer overflow in the strip_html_tags method for Gyach Enhanced ...)
+	TODO: check
+CVE-2004-2708 (Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, ...)
+	TODO: check
+CVE-2004-2707 (Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) ...)
+	TODO: check
+CVE-2004-2706 (Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 ...)
+	TODO: check
+CVE-2004-2705 (Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) ...)
+	TODO: check
+CVE-2004-2704 (Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) ...)
+	TODO: check
+CVE-2004-2703 (Clearswift MIMEsweeper 5.0.5, when it has been upgraded from ...)
+	TODO: check
+CVE-2004-2702 (Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 ...)
+	TODO: check
+CVE-2004-2701 (Cross-site scripting (XSS) vulnerability in signin.aspx for ...)
+	TODO: check
+CVE-2004-2700 (Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 ...)
+	TODO: check
+CVE-2004-2699 (deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to ...)
+	TODO: check
+CVE-2004-2698 (Race condition in IMWheel 1.0.0pre11 and earlier, when running with ...)
+	TODO: check
+CVE-2004-2697 (The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 ...)
+	TODO: check
+CVE-2004-2696 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using ...)
+	TODO: check
+CVE-2004-2695 (SQL injection vulnerability in the Authorize.net callback code ...)
+	TODO: check
+CVE-2004-2694 (Microsoft Outlook Express 6.0 allows remote attackers to bypass ...)
+	TODO: check
+CVE-2004-2693 (HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries ...)
+	TODO: check
+CVE-2004-2692 (The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe ...)
+	TODO: check
+CVE-2004-2691 (Unspecified vulnerability in 3Com SuperStack 3 4400 switches with ...)
+	TODO: check
+CVE-2004-2690 (Unrestricted file upload vulnerability in the Administration Panel for ...)
+	TODO: check
+CVE-2004-2689 (NewsPHP allows remote attackers to gain unauthorized administrative ...)
+	TODO: check
+CVE-2004-2688 (Cross-site scripting (XSS) vulnerability in index.php in NewsPHP ...)
+	TODO: check
 CVE-2004-2687 (distcc 2.x, as used in XCode 1.5 and others, when not configured to ...)
 	- distcc 2.18.1-1 (low)
 	NOTE: since 2.18.1-1 there is the --allow switch to control network access
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index 8e4a7761e2..80f0bd245c 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -1,3 +1,21 @@
+CVE-2005-4871 (Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 ...)
+	TODO: check
+CVE-2005-4870 (Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) ...)
+	TODO: check
+CVE-2005-4869 (The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local ...)
+	TODO: check
+CVE-2005-4868 (Shared memory sections and events in IBM DB2 8.1 have default ...)
+	TODO: check
+CVE-2005-4867 (Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, ...)
+	TODO: check
+CVE-2005-4866 (Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 ...)
+	TODO: check
+CVE-2005-4865 (Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows ...)
+	TODO: check
+CVE-2005-4864 (Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows ...)
+	TODO: check
+CVE-2005-4863 (Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows ...)
+	TODO: check
 CVE-2005-4862 (The search functionality in XWiki 0.9.793 indexes cleartext user ...)
 	NOT-FOR-US: Xwiki
 CVE-2005-4861 (functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows ...)
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index d8f67e1ea0..f61fa5b2d9 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -4773,7 +4773,7 @@ CVE-2006-5045 (Unspecified vulnerability in PollXT component (com_pollxt) 1.22.0
 	NOT-FOR-US: PollXT component (com_pollxt) for Joomla!
 CVE-2006-5044 (Unspecified vulnerability in Prince Clan (Princeclan) Chess component ...)
 	NOT-FOR-US: Prince Clan (Princeclan) Chess componen (com_pcchess) for Mambo and Joomla!
-CVE-2006-5043 (Unspecified vulnerability in JoomlaBoard (com_joomlaboard) 1.1.1 and ...)
+CVE-2006-5043 (Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard ...)
 	NOT-FOR-US: JoomlaBoard (com_joomlaboard) for Joomla!
 CVE-2006-5042 (Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier ...)
 	NOT-FOR-US: mosMedia (com_mosmedia) for Joomla!
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 4c6d630093..146fc7734c 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,4 +1,76 @@
-CVE-2007-5225 (Unspecified vulnerability in Named Pipes on Sun Solaris 8 through 10 ...)
+CVE-2007-5261 (Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote ...)
+	TODO: check
+CVE-2007-5260 (ASP-CMS 1.0 stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2007-5259 (Cross-site request forgery (CSRF) vulnerability in Ilient SysAid ...)
+	TODO: check
+CVE-2007-5258 (PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha ...)
+	TODO: check
+CVE-2007-5257 (Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control ...)
+	TODO: check
+CVE-2007-5256 (Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and ...)
+	TODO: check
+CVE-2007-5255 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
+	TODO: check
+CVE-2007-5254 (VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions ...)
+	TODO: check
+CVE-2007-5253 (c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote ...)
+	TODO: check
+CVE-2007-5252 (Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, ...)
+	TODO: check
+CVE-2007-5251 (Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 ...)
+	TODO: check
+CVE-2007-5250 (The Windows dedicated server for the Unreal engine, as used by ...)
+	TODO: check
+CVE-2007-5249 (Multiple buffer overflows in the logging function in the Unreal ...)
+	TODO: check
+CVE-2007-5248 (Multiple format string vulnerabilities in the ID Software Doom 3 ...)
+	TODO: check
+CVE-2007-5247 (Multiple format string vulnerabilities in the Monolith Lithtech ...)
+	TODO: check
+CVE-2007-5246 (Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and ...)
+	TODO: check
+CVE-2007-5245 (Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and ...)
+	TODO: check
+CVE-2007-5244 (Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through ...)
+	TODO: check
+CVE-2007-5243 (Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 ...)
+	TODO: check
+CVE-2007-5242 (Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) ...)
+	TODO: check
+CVE-2007-5241 (Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows ...)
+	TODO: check
+CVE-2007-5240 (Visual truncation vulnerability in the Java Runtime Environment in Sun ...)
+	TODO: check
+CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE ...)
+	TODO: check
+CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE ...)
+	TODO: check
+CVE-2007-5237 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not ...)
+	TODO: check
+CVE-2007-5236 (Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK ...)
+	TODO: check
+CVE-2007-5235 (Cross-site scripting (XSS) vulnerability in index.php in Uebimiau ...)
+	TODO: check
+CVE-2007-5234 (PHP remote file inclusion vulnerability in upload/common/footer.php in ...)
+	TODO: check
+CVE-2007-5233 (SQL injection vulnerability in index.php in Web Template Management ...)
+	TODO: check
+CVE-2007-5232 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and ...)
+	TODO: check
+CVE-2007-5231 (Unrestricted file upload vulnerability in admin/upload_files.php in ...)
+	TODO: check
+CVE-2007-5230 (admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for ...)
+	TODO: check
+CVE-2007-5229 (Cross-site request forgery (CSRF) vulnerability in the FeedBurner ...)
+	TODO: check
+CVE-2007-5228 (Cross-site scripting (XSS) vulnerability in the subscription ...)
+	TODO: check
+CVE-2007-5227 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2007-5226 (irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to ...)
+	TODO: check
+CVE-2007-5225 (Integer signedness error in FIFO filesystems (named pipes) on Sun ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2007-5224 (inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows ...)
 	NOT-FOR-US: Original Photo Gallery
@@ -493,10 +565,10 @@ CVE-2007-4992
 	RESERVED
 CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) ...)
 	NOT-FOR-US: Microsoft Internet Security and Acceleration
-CVE-2007-4990
-	RESERVED
+CVE-2007-4990 (The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 ...)
+	TODO: check
 CVE-2007-4989
-	RESERVED
+	REJECTED
 CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick ...)
 	{DTSA-63-1}
 	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
@@ -1454,8 +1526,7 @@ CVE-2007-4569 (backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autolog
 	- kdebase 4:3.5.7-4
 	[sarge] - kdebase <not-affected> (problem not present in code)
 	NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt
-CVE-2007-4568 [multiple vulnerabilities in X font server]
-	RESERVED
+CVE-2007-4568 (Integer overflow in the build_range function in X.Org X Font Server ...)
 	- xfs 1:1.0.5-1
 CVE-2007-4567
 	RESERVED
@@ -2880,8 +2951,7 @@ CVE-2007-3920
 	RESERVED
 CVE-2007-3919
 	RESERVED
-CVE-2007-3918 [gforge xss]
-	RESERVED
+CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php in ...)
 	{DSA-1383-1}
 	- gforge 4.6.99+svn6094-1
 CVE-2007-3917
@@ -3142,9 +3212,11 @@ CVE-2007-3804 (The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before
 	NOT-FOR-US: Clavister CorePlus
 CVE-2007-3803 (The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does ...)
 	NOT-FOR-US: Clavister CorePlus
-CVE-2007-3802 (The Decomposer component in multiple Symantec products may allow ...)
+CVE-2007-3802
+	REJECTED
 	NOT-FOR-US: Symantec
-CVE-2007-3801 (The Decomposer component in multiple Symantec products allows remote ...)
+CVE-2007-3801
+	REJECTED
 	NOT-FOR-US: Symantec
 CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan) component ...)
 	NOT-FOR-US: Symantec
@@ -3413,8 +3485,8 @@ CVE-2007-3701 (TippingPoint IPS before 20070710 does not properly handle a ...)
 	NOT-FOR-US: TippingPoint IPS
 CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity Server) ...)
 	NOT-FOR-US: Sun Java System Access Manager
-CVE-2007-3699
-	RESERVED
+CVE-2007-3699 (The Decomposer component in multiple Symantec products allows remote ...)
+	TODO: check
 CVE-2007-3698 (The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 ...)
 	- sun-java5 1.5.0-12-1
 	- sun-java6 6-02-1
@@ -10918,8 +10990,8 @@ CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCser
 CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid URI ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: open_basedir bypasses not supported
-CVE-2007-0447
-	RESERVED
+CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple ...)
+	TODO: check
 CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard ...)
 	NOT-FOR-US: HP Mercury
 CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand ...)