automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@7022 e39458fd-73e7-0310-bf30-c45bca0a0e42

4 files changed, 148 insertions, 13 deletions

diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index af330903cc..b5bf036383 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -3085,7 +3085,7 @@ CVE-2001-0107 (Veritas Backup agent on Linux allows remote attackers to cause a
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2001-0103 (CoffeeCup Direct and Free FTP clients useas weak encryption to store ...)
+CVE-2001-0103 (CoffeeCup Direct and Free FTP clients uses weak encryption to store ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2001-0102 ("Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 37e1ae794b..65e6e98542 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1,3 +1,5 @@
+CVE-2002-2306 (Sharman Networks KaZaA Media Desktop 1.7.1 allows remote attackers to ...)
+	TODO: check
 CVE-2002-2305 (SQL injection vulnerability in agentadmin.php in Immobilier allows ...)
 	NOT-FOR-US: Immobilier
 CVE-2002-2304 (SQL injection vulnerability in admin/auth/checksession.php in ...)
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index b2f381d35c..eb0983e6f2 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1,4 +1,58 @@
-CVE-2003-1373 (Direcory traversal vulnerability in auth.php for PhpBB 1.4.0 through ...)
+CVE-2003-1400 (Cross-site scripting (XSS) vulnerability in the Your_Account module ...)
+	TODO: check
+CVE-2003-1399 (eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, ...)
+	TODO: check
+CVE-2003-1398 (Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts ...)
+	TODO: check
+CVE-2003-1397 (The PluginContext object of Opera 6.05 and 7.0 allows remote attackers ...)
+	TODO: check
+CVE-2003-1396 (Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote ...)
+	TODO: check
+CVE-2003-1395 (Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to ...)
+	TODO: check
+CVE-2003-1394 (CoffeeCup Software Password Wizard 4.0 stores sensitive information ...)
+	TODO: check
+CVE-2003-1393 (Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to ...)
+	TODO: check
+CVE-2003-1392 (CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to ...)
+	TODO: check
+CVE-2003-1391 (RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the ...)
+	TODO: check
+CVE-2003-1390 (RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a ...)
+	TODO: check
+CVE-2003-1389 (RTS CryptoBuddy 1.2 and earlier truncates long passphrases without ...)
+	TODO: check
+CVE-2003-1388 (Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to ...)
+	TODO: check
+CVE-2003-1387 (Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, ...)
+	TODO: check
+CVE-2003-1386 (AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to ...)
+	TODO: check
+CVE-2003-1385 (ipchat.php in Invision Power Board 1.1.1 allows remote attackers to ...)
+	TODO: check
+CVE-2003-1384 (Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor ...)
+	TODO: check
+CVE-2003-1383 (WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2003-1382 (Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to ...)
+	TODO: check
+CVE-2003-1381 (Format string vulnerability in AMX 0.9.2 and earlier, a plugin for ...)
+	TODO: check
+CVE-2003-1380 (Directory traversal vulnerability in BisonFTP Server 4 release 2 ...)
+	TODO: check
+CVE-2003-1379 (clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to ...)
+	TODO: check
+CVE-2003-1378 (Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone ...)
+	TODO: check
+CVE-2003-1377 (Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) ...)
+	TODO: check
+CVE-2003-1376 (WinZip 8.0 uses weak random number generation for password protected ...)
+	TODO: check
+CVE-2003-1375 (Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local ...)
+	TODO: check
+CVE-2003-1374 (Buffer overflow in disable of HP-UX 11.0 may allow local users to ...)
+	TODO: check
+CVE-2003-1373 (Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through ...)
 	- phpbb2 <not-affected> (phpbb was the vulnerable one)
 CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in ...)
 	NOT-FOR-US: myPHPNuke
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 14064d20c5..4734bc56bc 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,3 +1,79 @@
+CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code when ...)
+	TODO: check
+CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a ...)
+	TODO: check
+CVE-2007-5577 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
+	TODO: check
+CVE-2007-5576 (BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic ...)
+	TODO: check
+CVE-2007-5575 (Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 ...)
+	TODO: check
+CVE-2007-5574 (PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 ...)
+	TODO: check
+CVE-2007-5573 (PHP remote file inclusion vulnerability in classes/core/language.php ...)
+	TODO: check
+CVE-2007-5572 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple ...)
+	TODO: check
+CVE-2007-5571 (Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, ...)
+	TODO: check
+CVE-2007-5570 (Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, ...)
+	TODO: check
+CVE-2007-5569 (Cisco PIX and ASA appliances with 7.1 and 7.2 software, when ...)
+	TODO: check
+CVE-2007-5568 (Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco ...)
+	TODO: check
+CVE-2007-5567 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-5566 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-5565 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-5564 (Multiple cross-site scripting (XSS) vulnerabilities in NSSboard ...)
+	TODO: check
+CVE-2007-5563 (Unspecified vulnerability in VirtueMart before 1.0.13 allows remote ...)
+	TODO: check
+CVE-2007-5562 (Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the ...)
+	TODO: check
+CVE-2007-5561 (Format string vulnerability in the logging function in the Oracle OPMN ...)
+	TODO: check
+CVE-2007-5560 (Heap-based buffer overflow in the Juniper HTTP Service allows remote ...)
+	TODO: check
+CVE-2007-5559 (Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows ...)
+	TODO: check
+CVE-2007-5558 (Integer overflow in the LG Mobile handset allows remote attackers to ...)
+	TODO: check
+CVE-2007-5557 (Unspecified vulnerability in the NEC mobile handset allows remote ...)
+	TODO: check
+CVE-2007-5556 (Unspecified vulnerability in the Avaya VoIP Handset allows remote ...)
+	TODO: check
+CVE-2007-5555 (Symantec Altiris Deployment Solution 6 allows local users to obtain ...)
+	TODO: check
+CVE-2007-5554 (Oracle allows remote attackers to obtain server memory contents via ...)
+	TODO: check
+CVE-2007-5553 (Unspecified vulnerability in rvd in TIBCO Rendezvous allows remote ...)
+	TODO: check
+CVE-2007-5552 (Integer overflow in Cisco IOS allows remote attackers to execute ...)
+	TODO: check
+CVE-2007-5551 (Off-by-one error in Cisco IOS allows remote attackers to execute ...)
+	TODO: check
+CVE-2007-5550 (Unspecified vulnerability in Cisco IOS allows remote attackers to ...)
+	TODO: check
+CVE-2007-5549 (Unspecified vulnerability in Command EXEC in Cisco IOS allows local ...)
+	TODO: check
+CVE-2007-5548 (Multiple stack-based buffer overflows in Command EXEC in Cisco IOS ...)
+	TODO: check
+CVE-2007-5547 (Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote ...)
+	TODO: check
+CVE-2007-5546 (Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow ...)
+	TODO: check
+CVE-2007-5545 (Format string vulnerability in TIBCO SmartPGM FX allows remote ...)
+	TODO: check
+CVE-2007-5544
+	RESERVED
+CVE-2007-5543
+	RESERVED
+CVE-2007-5542
+	RESERVED
 CVE-2007-5541 (Unspecified vulnerability in Opera before 9.24, when using an ...)
 	NOT-FOR-US: Opera
 CVE-2007-5540 (Unspecified vulnerability in Opera before 9.24 allows remote attackers ...)
@@ -132,8 +208,8 @@ CVE-2007-5475
 	RESERVED
 CVE-2007-5474
 	RESERVED
-CVE-2007-5473
-	RESERVED
+CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when ...)
+	TODO: check
 CVE-2007-5472
 	RESERVED
 CVE-2007-5488 (Multiple SQL injection vulnerabilities in cdr_addon_mysql in ...)
@@ -418,8 +494,10 @@ CVE-2007-5341
 	RESERVED
 CVE-2007-5340
 	RESERVED
+	{DSA-1391-1}
 CVE-2007-5339
 	RESERVED
+	{DSA-1391-1}
 CVE-2007-5338
 	RESERVED
 CVE-2007-5337
@@ -809,7 +887,7 @@ CVE-2007-5162 (The connect method in lib/net/http.rb in the (1) Net::HTTP and (2
 	- ruby1.9 <not-affected> (Vulnerable code no longer present)
 	- ruby1.8 <unfixed> (low; bug #444929)
 	NOTE: fix for 1.8 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504
-CVE-2007-5161 (Cross-site scripting (XSS) vulnerability in the internal browser in ...)
+CVE-2007-5161 (Cross-zone scripting vulnerability in the internal browser in ...)
 	NOT-FOR-US: Feedreader 3
 	NOTE: editor not included in native wordpress
 CVE-2007-5160 (Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche ...)
@@ -2068,8 +2146,8 @@ CVE-2007-4603 (Multiple SQL injection vulnerabilities in index.php in ACG News 1
 	NOT-FOR-US: ACG news
 CVE-2007-4602 (SQL injection vulnerability in cms/revert-content.php in Implied by ...)
 	NOT-FOR-US: Micro-CMS
-CVE-2007-4600
-	RESERVED
+CVE-2007-4600 (The &quot;Protect Worksheet&quot; functionality in Mathsoft Mathcad 12 through ...)
+	TODO: check
 CVE-2007-4599
 	RESERVED
 CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of &quot;12345&quot; for the manager ...)
@@ -3317,6 +3395,7 @@ CVE-2007-4035 (** DISPUTED ** ...)
 CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! ...)
 	NOT-FOR-US: Yahoo! Widgets
 CVE-2007-4033 (Buffer overflow in the intT1_EnvGetCompletePath function in ...)
+	{DSA-1390-1}
 	- t1lib 5.1.0-3 (bug #439927)
 	NOTE: originally posted as a php vuln, actually in libt1
 	NOTE: http://www.securityfocus.com/bid/25079 (particularly the discussions)
@@ -3736,13 +3815,13 @@ CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy)
 CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used ...)
 	NOT-FOR-US: TortoiseSVN on Windows
 CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x ...)
-	{DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
+	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
 	- iceweasel 2.0.0.6-1 (medium)
 	- xulrunner 1.8.1.6-1 (medium)
 	- iceape 1.1.3-2 (medium)
 	- icedove <unfixed> (medium)
 CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and ...)
-	{DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
+	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
 	- iceweasel 2.0.0.6-1 (medium)
 	- xulrunner 1.8.1.6-1 (medium)
 	- iceape 1.1.3-2 (medium)
@@ -4017,14 +4096,14 @@ CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox befor
 	- iceape 1.1.3-1 (high)
 	- xulrunner 1.8.1.5-1 (high)
 CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
-	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
 	- iceweasel 2.0.0.5-1 (high)
 	- icedove <unfixed> (low)
 	NOTE: Affects only broken setups, enabling js in Icedove is strongly not recommended
 	- iceape 1.1.3-1 (high)
 	- xulrunner 1.8.1.5-1 (high)
 CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
 	- iceweasel 2.0.0.5-1 (high)
 	- icedove 2.0.0.6-1 (high; bug #444010)
 	- iceape 1.1.3-1 (high)
@@ -5481,8 +5560,8 @@ CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat Enterpr
 CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on various Linux ...)
 	{DSA-1342-1}
 	- xfs 1:1.0.4-2
-CVE-2007-3102
-	RESERVED
+CVE-2007-3102 (Unspecified vulnerability in the linux_audit_record_event function in ...)
+	TODO: check
 CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF ...)
 	NOT-FOR-US: Apache MyFaces Tomahawk
 CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...)