automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11327 e39458fd-73e7-0310-bf30-c45bca0a0e42

3 files changed, 163 insertions, 13 deletions

diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index 2df5dc8cc3..1f084ad011 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -239,7 +239,7 @@ CVE-2001-1475 (SSH before 2.0, when using RC4 and password authentication, allow
 	NOT-FOR-US: Commercial SSH
 CVE-2001-1474 (SSH before 2.0 disables host key checking when connecting to the ...)
 	NOT-FOR-US: Commercial SSH
-CVE-2001-1473 (The SSH-1 protocol allows remote servers conduct man-in-the-middle ...)
+CVE-2001-1473 (The SSH-1 protocol allows remote servers to conduct man-in-the-middle ...)
 	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol.
 CVE-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 ...)
 	- phpbb2 2.0.6c-1
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index 462fba06ec..6295637559 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -1,3 +1,15 @@
+CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary ...)
+	TODO: check
+CVE-2008-6397 (rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite ...)
+	TODO: check
+CVE-2008-6396 (Cross-site scripting (XSS) vulnerability in account.php in Celerondude ...)
+	TODO: check
+CVE-2008-6395 (The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g ...)
+	TODO: check
+CVE-2008-6394 (SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and ...)
+	TODO: check
+CVE-2008-6393 (PSI Jabber client before 0.12.1 allows remote attackers to cause a ...)
+	TODO: check
 CVE-2008-6392 (SQL injection vulnerability in showads.php in Z1Exchange allows remote ...)
 	NOT-FOR-US: Z1Exchange
 CVE-2008-6391 (SQL injection vulnerability in main.asp in Jbook allows remote ...)
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 42484f23f1..b103602648 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -1,3 +1,141 @@
+CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...)
+	TODO: check
+CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 ...)
+	TODO: check
+CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL before 5.1.32 allows remote authenticated ...)
+	TODO: check
+CVE-2009-0818 (Cross-site scripting (XSS) vulnerability in the ...)
+	TODO: check
+CVE-2009-0817 (Cross-site scripting (XSS) vulnerability in the Protected Node module ...)
+	TODO: check
+CVE-2009-0816 (Cross-site scripting (XSS) vulnerability in the backend user interface ...)
+	TODO: check
+CVE-2009-0815 (The jumpUrl mechanism in class.tslib_fe.php in TYPO3 4.0 before ...)
+	TODO: check
+CVE-2009-0814 (Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 ...)
+	TODO: check
+CVE-2009-0813 (Insecure method vulnerability in the ImeraIEPlugin ActiveX control ...)
+	TODO: check
+CVE-2009-0812 (Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, ...)
+	TODO: check
+CVE-2009-0811 (Insecure method vulnerability in the SopCast SopCore ActiveX control ...)
+	TODO: check
+CVE-2009-0810 (SQL injection vulnerability in login.php in xGuestbook 2.0 allows ...)
+	TODO: check
+CVE-2009-0809 (The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release ...)
+	TODO: check
+CVE-2009-0808 (Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 ...)
+	TODO: check
+CVE-2009-0807 (zFeeder 1.6 allows remote attackers to gain administrative access via ...)
+	TODO: check
+CVE-2009-0806 (Unspecified vulnerability in OpenGoo before 1.2.1 allows remote ...)
+	TODO: check
+CVE-2009-0805 (Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a ...)
+	TODO: check
+CVE-2009-0804 (Ziproxy 2.6.0, when transparent interception mode is enabled, uses the ...)
+	TODO: check
+CVE-2009-0803 (SmoothWall SmoothGuardian, as used in SmoothWall Firewall, ...)
+	TODO: check
+CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, uses the ...)
+	TODO: check
+CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the HTTP ...)
+	TODO: check
+CVE-2009-0800
+	RESERVED
+CVE-2009-0799
+	RESERVED
+CVE-2009-0798
+	RESERVED
+CVE-2009-0797
+	RESERVED
+CVE-2009-0796
+	RESERVED
+CVE-2009-0795
+	RESERVED
+CVE-2009-0794
+	RESERVED
+CVE-2009-0793
+	RESERVED
+CVE-2009-0792
+	RESERVED
+CVE-2009-0791
+	RESERVED
+CVE-2009-0790
+	RESERVED
+CVE-2009-0789
+	RESERVED
+CVE-2009-0788
+	RESERVED
+CVE-2009-0787
+	RESERVED
+CVE-2009-0786
+	RESERVED
+CVE-2009-0785
+	RESERVED
+CVE-2009-0784
+	RESERVED
+CVE-2009-0783
+	RESERVED
+CVE-2009-0782
+	RESERVED
+CVE-2009-0781
+	RESERVED
+CVE-2009-0780 (The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and ...)
+	TODO: check
+CVE-2009-0779 (Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users ...)
+	TODO: check
+CVE-2009-0778
+	RESERVED
+CVE-2009-0777 (Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and ...)
+	TODO: check
+CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before ...)
+	TODO: check
+CVE-2009-0775 (Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird ...)
+	TODO: check
+CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...)
+	TODO: check
+CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird ...)
+	TODO: check
+CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...)
+	TODO: check
+CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before ...)
+	TODO: check
+CVE-2009-0770 (dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2009-0769 (QIP 2005 build 8082 allows remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2009-0768 (SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier ...)
+	TODO: check
+CVE-2009-0767 (Kipper 2.01 stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2009-0766 (Directory traversal vulnerability in default.php in Kipper 2.01 allows ...)
+	TODO: check
+CVE-2009-0765 (Directory traversal vulnerability in index.php in Kipper 2.01 allows ...)
+	TODO: check
+CVE-2009-0764 (Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 ...)
+	TODO: check
+CVE-2009-0763 (Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 ...)
+	TODO: check
+CVE-2009-0762 (Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment ...)
+	TODO: check
+CVE-2009-0761 (Cross-site scripting (XSS) vulnerability in online.asp in Team Board ...)
+	TODO: check
+CVE-2009-0760 (Team Board 1.x and 2.x stores sensitive information under the web root ...)
+	TODO: check
+CVE-2009-0759 (Multiple CRLF injection vulnerabilities in webadmin in ZNC before ...)
+	TODO: check
+CVE-2009-0758 (The originates_from_local_legacy_unicast_socket function in ...)
+	TODO: check
+CVE-2009-0757 (Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent ...)
+	TODO: check
+CVE-2009-0756 (The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 ...)
+	TODO: check
+CVE-2009-0755 (The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 ...)
+	TODO: check
+CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ...)
+	TODO: check
+CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 ...)
+	TODO: check
 CVE-2009-0752 (Unspecified vulnerability in Movable Type Pro and Community Solution ...)
 	TODO: check
 CVE-2009-0751 (Yaws before 1.80 allows remote attackers to cause a denial of service ...)
@@ -307,8 +445,8 @@ CVE-2009-0621 (Cisco ACE 4710 Application Control Engine Appliance before A1(8a)
 	NOT-FOR-US: Cisco
 CVE-2009-0620 (Cisco ACE Application Control Engine Module for Catalyst 6500 Switches ...)
 	NOT-FOR-US: Cisco
-CVE-2009-0619
-	RESERVED
+CVE-2009-0619 (Unspecified vulnerability in the Session Border Controller (SBC) ...)
+	TODO: check
 CVE-2009-0618 (Unspecified vulnerability in the Java agent in Cisco Application ...)
 	NOT-FOR-US: Cisco
 CVE-2009-0617 (Cisco Application Networking Manager (ANM) before 2.0 uses a default ...)
@@ -396,8 +534,8 @@ CVE-2009-0580
 	RESERVED
 CVE-2009-0579
 	RESERVED
-CVE-2009-0578
-	RESERVED
+CVE-2009-0578 (network-manager-applet in Ubuntu 8.10 does not properly verify ...)
+	TODO: check
 CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in CUPS ...)
 	NOT-FOR-US: RedHat specific, because they had a problem applying the fix for CVE-2008-3640
 CVE-2009-0576 (Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 ...)
@@ -871,16 +1009,16 @@ CVE-2009-0490 (Stack-based buffer overflow in the String_parse::get_nonspace_quo
 	NOTE: CVE id requested
 	[lenny] - audacity 1.3.5-2+lenny1
 CVE-2009-0368 (OpenSC before 0.11.7 allows physically proximate attackers to bypass ...)
+	{DSA-1734-1}
 	- opensc <unfixed>
 	[etch] - opensc <not-affected> (vulnerable code not present)
-CVE-2009-0367 [wesnoth python sandbox escape]
-	RESERVED
+CVE-2009-0367 (The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows ...)
 	- wesnoth 1:1.4.7-4
 CVE-2009-0366 [wesnoth server memory exhaustion]
 	RESERVED
 	- wesnoth 1:1.4.7-4
-CVE-2009-0365
-	RESERVED
+CVE-2009-0365 (The dbus request handler in (1) network-manager-applet and (2) ...)
+	TODO: check
 CVE-2009-0364
 	RESERVED
 CVE-2009-0363 (Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl ...)
@@ -1308,8 +1446,8 @@ CVE-2009-0188
 	RESERVED
 CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and ...)
 	NOT-FOR-US: Orbit Downloader
-CVE-2009-0186
-	RESERVED
+CVE-2009-0186 (Integer overflow in libsndfile 1.0.18, as used in Winamp and other ...)
+	TODO: check
 CVE-2009-0185
 	RESERVED
 CVE-2009-0184 (Multiple buffer overflows in the torrent parsing implementation in ...)
@@ -1626,8 +1764,8 @@ CVE-2009-0039
 	RESERVED
 CVE-2009-0038
 	RESERVED
-CVE-2009-0037
-	RESERVED
+CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through 7.19.3, ...)
+	TODO: check
 CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in ...)
 	- libvirt 0.5.1-7 (unimportant)
 	NOTE: not building libvirt proxy from libvirt source package