automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14085 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2010-02-12 21:14:28 +0000
committer: Joey Hess <joeyh@debian.org> 2010-02-12 21:14:28 +0000
commit: 66be17ede23e813ff1091855f460e09d3d20a6c0 (patch)
tree: 7d76892709f75918f5166b898baec781f6ac117d /data/CVE
parent: 11379341b4a45fb02bb69191b87d08238271cf52 (diff)
3 files changed, 196 insertions, 62 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index a3ee2f3157..4544222043 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -1,3 +1,5 @@
+CVE-2001-1586
+	RESERVED
 CVE-2001-1585 (SSH protocol 2 (aka SSH-2) public key authentication in the ...)
 	- openssh <not-affected> (fixed in 2001)
 CVE-2001-1584 (CardBoard 2.4 greeting card CGI by Michael Barretto allows remote ...)
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 82997aad07..9dc9955b70 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -1,3 +1,7 @@
+CVE-2009-4642 (gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface ...)
+	TODO: check
+CVE-2009-4641 (gnome-screensaver 2.28.0 does not resume adherence to its activation ...)
+	TODO: check
 CVE-2009-4640 (Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote ...)
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
@@ -2398,8 +2402,8 @@ CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b,
 	NOTE: the dlopened path is always below /usr/lib/heartbeat, which isn't under control of an attacker
 	NOTE: From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
 	NOTE: might've been fixed earlier
-CVE-2009-3735
-	RESERVED
+CVE-2009-3735 (The ActiveScan Installer ActiveX control in as2stubie.dll before ...)
+	TODO: check
 CVE-2009-3734 (Unspecified vulnerability in the management console in the S2 Security ...)
 	NOT-FOR-US: S2 Security Linear eMerge Access Control System
 CVE-2009-XXXX [mandos 0600 file being included in initrd]
@@ -3640,8 +3644,10 @@ CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php
 	- gforge 4.8.1-3 (low)
 CVE-2009-3302
 	RESERVED
+	{DSA-1995-1}
 CVE-2009-3301
 	RESERVED
+	{DSA-1995-1}
 CVE-2009-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the Identity ...)
 	{DSA-1947-1}
 	- shibboleth-sp2 2.3+dfsg-1 (medium; bug #555608)
@@ -4524,8 +4530,10 @@ CVE-2009-2951 (Phenotype CMS before 2.9 does not use a random salt value for pas
 	NOT-FOR-US: Phenotype CMS
 CVE-2009-2950
 	RESERVED
+	{DSA-1995-1}
 CVE-2009-2949
 	RESERVED
+	{DSA-1995-1}
 CVE-2009-2948 (mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before ...)
 	{DSA-1908-1}
 	- samba 2:3.4.2-1 (medium; bug #550423)
@@ -11733,7 +11741,7 @@ CVE-2009-0219 (The PDF distiller in the Attachment Service in Research in Motion
 CVE-2009-0218 (Insecure method vulnerability in Particle Software IntraLaunch ...)
 	NOT-FOR-US: IntraLaunch Application Launcher ActiveX control
 CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsig) ...)
-	{DSA-1849-1}
+	{DSA-1995-1 DSA-1849-1}
 	- xml-security-c 1.4.0-4
 	- xmlsec1 1.2.12-1
 	- mono 2.4.2.3+dfsg-1
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index eeea9a13c4..40f1819fe0 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -1,13 +1,137 @@
+CVE-2010-0627
+	RESERVED
+CVE-2010-0626
+	RESERVED
+CVE-2010-0625
+	RESERVED
+CVE-2010-0624
+	RESERVED
+CVE-2010-0621
+	RESERVED
+CVE-2010-0620
+	RESERVED
+CVE-2010-0619
+	RESERVED
+CVE-2010-0618
+	RESERVED
+CVE-2010-0617 (Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI ...)
+	TODO: check
+CVE-2010-0616 (evalSMSI 2.1.03 stores passwords in cleartext in the database, which ...)
+	TODO: check
+CVE-2010-0615 (Cross-site scripting (XSS) vulnerability in assess.php in evalSMSI ...)
+	TODO: check
+CVE-2010-0614 (SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows ...)
+	TODO: check
+CVE-2010-0613 (Directory traversal vulnerability in viewfile.php in ARWScripts Fonts ...)
+	TODO: check
+CVE-2010-0612 (Unspecified vulnerability in DocumentManager before 4.0 has unknown ...)
+	TODO: check
+CVE-2010-0611 (Multiple SQL injection vulnerabilities in adminlogin.php in Baal ...)
+	TODO: check
+CVE-2010-0610 (Multiple SQL injection vulnerabilities in the Photoblog ...)
+	TODO: check
+CVE-2010-0609 (SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows ...)
+	TODO: check
+CVE-2010-0608 (SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows ...)
+	TODO: check
+CVE-2010-0607 (Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 ...)
+	TODO: check
+CVE-2010-0606 (Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket ...)
+	TODO: check
+CVE-2010-0605 (SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 ...)
+	TODO: check
+CVE-2010-0604
+	RESERVED
+CVE-2010-0603
+	RESERVED
+CVE-2010-0602
+	RESERVED
+CVE-2010-0601
+	RESERVED
+CVE-2010-0600
+	RESERVED
+CVE-2010-0599
+	RESERVED
+CVE-2010-0598
+	RESERVED
+CVE-2010-0597
+	RESERVED
+CVE-2010-0596
+	RESERVED
+CVE-2010-0595
+	RESERVED
+CVE-2010-0594
+	RESERVED
+CVE-2010-0593
+	RESERVED
+CVE-2010-0592
+	RESERVED
+CVE-2010-0591
+	RESERVED
+CVE-2010-0590
+	RESERVED
+CVE-2010-0589
+	RESERVED
+CVE-2010-0588
+	RESERVED
+CVE-2010-0587
+	RESERVED
+CVE-2010-0586
+	RESERVED
+CVE-2010-0585
+	RESERVED
+CVE-2010-0584
+	RESERVED
+CVE-2010-0583
+	RESERVED
+CVE-2010-0582
+	RESERVED
+CVE-2010-0581
+	RESERVED
+CVE-2010-0580
+	RESERVED
+CVE-2010-0579
+	RESERVED
+CVE-2010-0578
+	RESERVED
+CVE-2010-0577
+	RESERVED
+CVE-2010-0576
+	RESERVED
+CVE-2010-0575
+	RESERVED
+CVE-2010-0574
+	RESERVED
+CVE-2010-0573
+	RESERVED
+CVE-2010-0572
+	RESERVED
+CVE-2010-0571
+	RESERVED
+CVE-2010-0570
+	RESERVED
+CVE-2010-0569
+	RESERVED
+CVE-2010-0568
+	RESERVED
+CVE-2010-0567
+	RESERVED
+CVE-2010-0566
+	RESERVED
+CVE-2010-0565
+	RESERVED
 CVE-2010-XXXX [multiple mod_security issues]
 	- libapache-mod-security <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=563455
 	TODO: check
 CVE-2010-0623 [futex refcount leak]
+	RESERVED
 	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
 CVE-2010-0622 [futex null ptr dereference]
+	RESERVED
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <removed>
 CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in ...)
@@ -270,8 +394,8 @@ CVE-2010-0447
 	RESERVED
 CVE-2010-0446
 	RESERVED
-CVE-2010-0445
-	RESERVED
+CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, ...)
+	TODO: check
 CVE-2010-0444 (HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a ...)
 	TODO: check
 CVE-2010-0443 (Unspecified vulnerability in Record Management Services (RMS) before ...)
@@ -338,8 +462,7 @@ CVE-2010-0415 [info leak in sys move pages]
 	RESERVED
 	- linux-2.6 2.6.32-8
 	- linux-2.6.24 <removed>
-CVE-2010-0414 [gnome-screensaver vulnerability]
-	RESERVED
+CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate attackers ...)
 	- gnome-screensaver 2.28.2-1 (bug #569084)
 	[etch] - gnome-screensaver <not-affected> (Vulnerable code not present)
 	[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
@@ -812,12 +935,12 @@ CVE-2010-0254
 	RESERVED
 CVE-2010-0253
 	RESERVED
-CVE-2010-0252
-	RESERVED
+CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office Excel ...)
+	TODO: check
 CVE-2010-0251
 	RESERVED
-CVE-2010-0250
-	RESERVED
+CVE-2010-0250 (Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used ...)
+	TODO: check
 CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, ...)
 	NOT-FOR-US: Microsoft
 CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
@@ -830,16 +953,16 @@ CVE-2010-0245 (Microsoft Internet Explorer 8 does not properly handle objects in
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2010-0243
-	RESERVED
-CVE-2010-0242
-	RESERVED
-CVE-2010-0241
-	RESERVED
-CVE-2010-0240
-	RESERVED
-CVE-2010-0239
-	RESERVED
+CVE-2010-0243 (Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 ...)
+	TODO: check
+CVE-2010-0242 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
+	TODO: check
+CVE-2010-0241 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
+	TODO: check
+CVE-2010-0240 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
+	TODO: check
+CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
+	TODO: check
 CVE-2010-0238
 	RESERVED
 CVE-2010-0237
@@ -850,12 +973,12 @@ CVE-2010-0235
 	RESERVED
 CVE-2010-0234
 	RESERVED
-CVE-2010-0233
-	RESERVED
+CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
+	TODO: check
 CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2010-0231
-	RESERVED
+CVE-2010-0231 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
+	TODO: check
 CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen ...)
 	- postfix <not-affected> (SUSE-specific packaging issue)
 CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...)
@@ -1029,12 +1152,12 @@ CVE-2010-0147
 	RESERVED
 CVE-2010-0146
 	RESERVED
-CVE-2010-0145
-	RESERVED
-CVE-2010-0144
-	RESERVED
-CVE-2010-0143
-	RESERVED
+CVE-2010-0145 (Unspecified vulnerability in the embedded HTTPS server on the Cisco ...)
+	TODO: check
+CVE-2010-0144 (Unspecified vulnerability in the WebSafe DistributorServlet in the ...)
+	TODO: check
+CVE-2010-0143 (Unspecified vulnerability in the administrative interface in the ...)
+	TODO: check
 CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly ...)
 	NOT-FOR-US: Cisco Unified MeetingPlace
 CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly ...)
@@ -1049,6 +1172,7 @@ CVE-2010-0137 (Unspecified vulnerability in the sshd_child_handler process in th
 	NOT-FOR-US: Cisco IOS XR
 CVE-2010-0136
 	RESERVED
+	{DSA-1995-1}
 CVE-2010-0135
 	RESERVED
 CVE-2010-0134
@@ -1250,46 +1374,46 @@ CVE-2010-0037 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2
 	NOT-FOR-US: Apple Mac OS X
 CVE-2010-0036 (Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 ...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2010-0035
-	RESERVED
-CVE-2010-0034
-	RESERVED
-CVE-2010-0033
-	RESERVED
-CVE-2010-0032
-	RESERVED
-CVE-2010-0031
-	RESERVED
-CVE-2010-0030
-	RESERVED
-CVE-2010-0029
-	RESERVED
-CVE-2010-0028
-	RESERVED
-CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 7 and ...)
+CVE-2010-0035 (The Key Distribution Center (KDC) in Kerberos in Microsoft Windows ...)
+	TODO: check
+CVE-2010-0034 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 ...)
+	TODO: check
+CVE-2010-0033 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 ...)
+	TODO: check
+CVE-2010-0032 (Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 ...)
+	TODO: check
+CVE-2010-0031 (Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 ...)
+	TODO: check
+CVE-2010-0030 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...)
+	TODO: check
+CVE-2010-0029 (Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote ...)
+	TODO: check
+CVE-2010-0028 (Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and ...)
+	TODO: check
+CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 5.01, ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2010-0026
-	RESERVED
+CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server 2008 ...)
+	TODO: check
 CVE-2010-0025
 	RESERVED
 CVE-2010-0024
 	RESERVED
-CVE-2010-0023
-	RESERVED
-CVE-2010-0022
-	RESERVED
-CVE-2010-0021
-	RESERVED
-CVE-2010-0020
-	RESERVED
+CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 ...)
+	TODO: check
+CVE-2010-0022 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
+	TODO: check
+CVE-2010-0021 (Multiple race conditions in the SMB implementation in the Server ...)
+	TODO: check
+CVE-2010-0020 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
+	TODO: check
 CVE-2010-0019
 	RESERVED
 CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2010-0017
-	RESERVED
-CVE-2010-0016
-	RESERVED
+CVE-2010-0017 (Race condition in the SMB client implementation in Microsoft Windows ...)
+	TODO: check
+CVE-2010-0016 (The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 ...)
+	TODO: check
 CVE-2010-0015 (nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 ...)
 	{DSA-1973-1}
 	- eglibc 2.10.2-4 (medium; bug #560333)
author	Joey Hess <joeyh@debian.org>	2010-02-12 21:14:28 +0000
committer	Joey Hess <joeyh@debian.org>	2010-02-12 21:14:28 +0000
commit	66be17ede23e813ff1091855f460e09d3d20a6c0 (patch)
tree	7d76892709f75918f5166b898baec781f6ac117d /data/CVE
parent	11379341b4a45fb02bb69191b87d08238271cf52 (diff)