automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@8156 e39458fd-73e7-0310-bf30-c45bca0a0e42

5 files changed, 126 insertions, 22 deletions

diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index b5bf036383..15c49cfcf5 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -2883,9 +2883,9 @@ CVE-2001-0313 (Borderware Firewall Server 6.1.2 allows remote attackers to cause
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows remote ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78 allows remote attackers to ...)
+CVE-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2001-0307 (Bajie HTTP JServer 0.78 allows remote attackers to execute arbitrary ...)
+CVE-2001-0307 (Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP Server ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index 4f7a79b7cc..c6914b42c3 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1,3 +1,13 @@
+CVE-2003-1544 (Unrestricted critical resource lock in Terminal Services for Windows ...)
+	TODO: check
+CVE-2003-1543 (Cross-site scripting (XSS) vulnerability in Bajie Http Web Server ...)
+	TODO: check
+CVE-2003-1542 (Directory traversal vulnerability in plugins/file.php in ...)
+	TODO: check
+CVE-2003-1541 (PlanetMoon Guestbook tr3.a stores sensitive information under the web ...)
+	TODO: check
+CVE-2003-1540 (WF-Chat 1.0 Beta stores sensitive information under the web root with ...)
+	TODO: check
 CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File ...)
 	NOT-FOR-US: ONEdotOH Simple File
 CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and ...)
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 7a4a2aba93..2bd64d9b26 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -1,3 +1,5 @@
+CVE-2006-7231 (SQL injection vulnerability in display.asp in Civica Software Civica ...)
+	TODO: check
 CVE-2006-7230 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...)
 	- pcre3 7.0-1
 	[sarge] - pcre3 4.5+7.4-1
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index f2d407a9ab..a760216123 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,8 +1,10 @@
+CVE-2007-6701 (Multiple stack-based buffer overflows in the Spooler service ...)
+	TODO: check
 CVE-2007-6700 (Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web ...)
 	NOT-FOR-US: web interface for the BGPD daemon
 CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control ...)
 	NOT-FOR-US: AIM PicEditor
-CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36, allows remote ...)
+CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote ...)
 	- openldap2.3 2.3.38-1
 	- openldap2.2 <removed>
 	- openldap2 <not-affected> (slapd not built)
@@ -623,8 +625,8 @@ CVE-2007-6433 (The getRenderedEjbql method in the org.jboss.seam.framework.Query
 	- jbosseam <itp> (bug #451956)
 CVE-2007-6432
 	RESERVED
-CVE-2007-6431
-	RESERVED
+CVE-2007-6431 (Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, ...)
+	TODO: check
 CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and ...)
 	- asterisk 1:1.4.16.2~dfsg-1 (low; bug #457063)
 	[etch] - asterisk <no-dsa> (Minor issue, eventually fix in a later DSA)
@@ -1272,10 +1274,10 @@ CVE-2007-6152
 CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows ...)
 	{DSA-1479-1}
 	- linux-2.6 2.6.23-2
-CVE-2007-6149
-	RESERVED
-CVE-2007-6148
-	RESERVED
+CVE-2007-6149 (Multiple integer overflows in the Edge server in Adobe Flash Media ...)
+	TODO: check
+CVE-2007-6148 (Use-after-free vulnerability in the Edge server in Adobe Flash Media ...)
+	TODO: check
 CVE-2007-6147 (Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE ...)
 	NOT-FOR-US: IAPR COMMENCE
 CVE-2007-6146 (Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on ...)
@@ -2129,7 +2131,7 @@ CVE-2007-5797 (SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw
 	NOT-FOR-US: Apache Geronimo
 CVE-2007-5796 (Cross-site scripting (XSS) vulnerability in the management console in ...)
 	NOT-FOR-US: Blue Coat ProxySG
-CVE-2007-5794 (Race condition in nss_ldap, when used in applications that use pthread ...)
+CVE-2007-5794 (Race condition in nss_ldap, when used in applications that are linked ...)
 	{DSA-1430-1}
 	- libnss-ldap 256-1 (bug #453868)
 CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows local ...)
@@ -2203,7 +2205,7 @@ CVE-2007-5765
 CVE-2007-5764 (Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, ...)
 	NOT-FOR-US: IBM AIX
 CVE-2007-5763
-	RESERVED
+	REJECTED
 CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, ...)
 	NOT-FOR-US: Novell NetWare Client
 CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 ...)
@@ -2215,8 +2217,8 @@ CVE-2007-5759
 	REJECTED
 CVE-2007-5758
 	RESERVED
-CVE-2007-5757
-	RESERVED
+CVE-2007-5757 (Untrusted search path vulnerability in db2pd in IBM DB2 Universal ...)
+	TODO: check
 CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in NPF.SYS ...)
 	NOT-FOR-US: WinPcap
 CVE-2007-5755 (Multiple stack-based buffer overflows in the AOL AmpX ActiveX control ...)
@@ -7098,8 +7100,8 @@ CVE-2007-3678 (Stack-based buffer overflow in the MSWord text-import extension (
 	NOT-FOR-US: QuarkXPress
 CVE-2007-3677 (Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow ...)
 	NOT-FOR-US: Maxsi eVisit Analyst
-CVE-2007-3676
-	RESERVED
+CVE-2007-3676 (IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before ...)
+	TODO: check
 CVE-2007-3675 (Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ...)
 	NOT-FOR-US: Kaspersky Online Scanner 
 CVE-2007-3674
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index 5d955f283e..47a2b19d83 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -1,3 +1,93 @@
+CVE-2008-0777
+	RESERVED
+CVE-2008-0776 (SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows ...)
+	TODO: check
+CVE-2008-0775 (Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple ...)
+	TODO: check
+CVE-2008-0774 (Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel ...)
+	TODO: check
+CVE-2008-0773 (SQL injection vulnerability in Phil Taylor Comments (com_comments, aka ...)
+	TODO: check
+CVE-2008-0772 (SQL injection vulnerability in index.php in the com_doc component for ...)
+	TODO: check
+CVE-2008-0771 (Multiple SQL injection vulnerabilities in default.asp in Site2Nite ...)
+	TODO: check
+CVE-2008-0770 (SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and ...)
+	TODO: check
+CVE-2008-0769 (Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through ...)
+	TODO: check
+CVE-2008-0768 (Multiple stack-based and heap-based buffer overflows in the Windows ...)
+	TODO: check
+CVE-2008-0767 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and ...)
+	TODO: check
+CVE-2008-0766 (Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print ...)
+	TODO: check
+CVE-2008-0765 (Multiple cross-site scripting (XSS) vulnerabilities in artmedic ...)
+	TODO: check
+CVE-2008-0764 (Format string vulnerability in the logging function in Larson Network ...)
+	TODO: check
+CVE-2008-0763 (Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print ...)
+	TODO: check
+CVE-2008-0762 (SQL injection vulnerability in index.php in the com_iomezun component ...)
+	TODO: check
+CVE-2008-0761 (SQL injection vulnerability in index.php in the Prince Clan Chess Club ...)
+	TODO: check
+CVE-2008-0760 (Directory traversal vulnerability in SafeNet Sentinel Protection ...)
+	TODO: check
+CVE-2008-0759 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and ...)
+	TODO: check
+CVE-2008-0758 (Multiple directory traversal vulnerabilities in the Zidget/HTTP ...)
+	TODO: check
+CVE-2008-0757 (Cross-site scripting (XSS) vulnerability in index.php in MercuryBoard ...)
+	TODO: check
+CVE-2008-0756 (The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; ...)
+	TODO: check
+CVE-2008-0755 (Format string vulnerability in the ReportSysLogEvent function in the ...)
+	TODO: check
+CVE-2008-0754 (Multiple SQL injection vulnerabilities in index.php in the Rapid ...)
+	TODO: check
+CVE-2008-0753 (SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 ...)
+	TODO: check
+CVE-2008-0752 (SQL injection vulnerability in index.php in the Neogallery ...)
+	TODO: check
+CVE-2008-0751 (Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 ...)
+	TODO: check
+CVE-2008-0750 (SQL injection vulnerability in philboard_forum.asp in Husrev ...)
+	TODO: check
+CVE-2008-0749 (Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS ...)
+	TODO: check
+CVE-2008-0748 (Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX ...)
+	TODO: check
+CVE-2008-0747 (Stack-based buffer overflow in COWON America jetAudio 7.0.5 and ...)
+	TODO: check
+CVE-2008-0746 (SQL injection vulnerability in index.php in the Gallery (com_gallery) ...)
+	TODO: check
+CVE-2008-0745 (Directory traversal vulnerability in aides/index.php in DomPHP 0.82 ...)
+	TODO: check
+CVE-2008-0744 (SQL injection vulnerability in user_login.asp in PreProjects.com Pre ...)
+	TODO: check
+CVE-2008-0743 (PHP remote file inclusion vulnerability in members_help.php in Joovili ...)
+	TODO: check
+CVE-2008-0742 (Multiple directory traversal vulnerabilities in PowerScripts PowerNews ...)
+	TODO: check
+CVE-2008-0741 (Unspecified vulnerability in the PropFilePasswordEncoder utility in ...)
+	TODO: check
+CVE-2008-0740 (IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 ...)
+	TODO: check
+CVE-2008-0739 (SQL injection vulnerability in admin/SA_shipFedExMeter.asp in ...)
+	TODO: check
+CVE-2008-0738 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, ...)
+	TODO: check
+CVE-2008-0737 (SQL injection vulnerability in admin/utilities_ConfigHelp.asp in ...)
+	TODO: check
+CVE-2008-0736 (admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly ...)
+	TODO: check
+CVE-2008-0735 (SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in ...)
+	TODO: check
+CVE-2008-0734 (SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, ...)
+	TODO: check
+CVE-2008-0733 (SQL injection vulnerability in index.php in CS Team Counter Strike ...)
+	TODO: check
 CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows symlinks ...)
 	NOT-FOR-US: Apache Geronimo
 CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not ...)
@@ -140,8 +230,8 @@ CVE-2008-0660 (Multiple stack-based buffer overflows in Aurigma Image Uploader .
 	NOT-FOR-US: Aurigma Image Uploader
 CVE-2008-0659 (Stack-based buffer overflow in Aurigma Image Uploader ActiveX control ...)
 	NOT-FOR-US: Aurigma Image Uploader
-CVE-2008-0658
-	RESERVED
+CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP ...)
+	TODO: check
 CVE-2008-0657 (Multiple unspecified vulnerabilities in the Java Runtime Environment ...)
 	- sun-java6 6-02-1
 	- sun-java5 1.5.0-14-1
@@ -180,8 +270,8 @@ CVE-2008-0641
 	RESERVED
 CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 ...)
 	NOT-FOR-US: Symantec Ghost Solution Suite
-CVE-2008-0639
-	RESERVED
+CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the ...)
+	TODO: check
 CVE-2008-0638
 	RESERVED
 CVE-2008-0637
@@ -745,7 +835,7 @@ CVE-2008-0403 (The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 do
 	NOT-FOR-US: Belkin Wireless firmware
 CVE-2008-0402 (Unspecified vulnerability in IBM WebSphere Business Modeler Basic and ...)
 	NOT-FOR-US: IBM WebSphere Business Modeler
-CVE-2008-0401 (Unspecified vulnerability in the HTTP server in IBM Tivoli ...)
+CVE-2008-0401 (Buffer overflow in the logging functionality of the HTTP server in IBM ...)
 	NOT-FOR-US: IBM Tivoli Provisioning Manager for OS Deployment before
 CVE-2008-0400 (Cross-site scripting (XSS) vulnerability in header.tpl.php in the ...)
 	NOT-FOR-US: Singapore
@@ -1395,7 +1485,7 @@ CVE-2008-0111
 	RESERVED
 CVE-2008-0110
 	RESERVED
-CVE-2008-0109 (Unspecified vulnerability in Word in Microsoft Office 2000 SP3, XP ...)
+CVE-2008-0109 (Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office ...)
 	NOT-FOR-US: Microsoft Office
 CVE-2008-0108 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, ...)
 	NOT-FOR-US: Microsoft Office
@@ -1463,7 +1553,7 @@ CVE-2008-0079
 	RESERVED
 CVE-2008-0078 (Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2008-0077 (Unspecified vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, ...)
+CVE-2008-0077 (Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-0076 (Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 ...)
 	NOT-FOR-US: Microsoft Internet Explorer