automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6685 e39458fd-73e7-0310-bf30-c45bca0a0e42

5 files changed, 102 insertions, 22 deletions

diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index 0f59d0c8d5..a9d6a9b338 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -1,3 +1,7 @@
+CVE-2001-1583 (lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers ...)
+	TODO: check
+CVE-2001-1582 (Buffer overflow in the LDAP naming services library (libsldap) in Sun ...)
+	TODO: check
 CVE-2001-1581 (The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows ...)
 	NOT-FOR-US: MAILsweeper
 CVE-2001-XXXX [crypt++ passes passwords through the command line]
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 23e96768ef..1d56f412f9 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1,3 +1,5 @@
+CVE-2002-2226 (Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote ...)
+	TODO: check
 CVE-2002-2225 (SafeNet VPN client allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: SafeNet VPN
 CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 ...)
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index 0eea26e089..67b7e6ec38 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1,3 +1,11 @@
+CVE-2003-1339 (Stack-based buffer overflow in eZnet.exe, as used in eZ (a) ...)
+	TODO: check
+CVE-2003-1338 (CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and ...)
+	TODO: check
+CVE-2003-1337 (Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and ...)
+	TODO: check
+CVE-2003-1336 (Buffer overflow in mIRC before 6.11 allows remote attackers to execute ...)
+	TODO: check
 CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple ...)
 	NOT-FOR-US: snif
 CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge ...)
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index 1ce6a8fd71..9aa2caa203 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -1,3 +1,7 @@
+CVE-2004-2687 (distcc 2.x, as used in XCode 1.5 and others, when not configured to ...)
+	TODO: check
+CVE-2004-2686 (Directory traversal vulnerability in the vfs_getvfssw function in ...)
+	TODO: check
 CVE-2004-2685 (Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote ...)
 	NOT-FOR-US: Ccproxy
 CVE-2004-2684 (Unspecified vulnerability in the %template package in InterSystems ...)
@@ -3060,7 +3064,7 @@ CVE-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced
 	NOT-FOR-US: Advanced Guestbook
 CVE-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...)
 	NOT-FOR-US: Blog Torrent
-CVE-2004-1211 (Multiple buffer overflows in Mercury/32 4.01a allow remote ...)
+CVE-2004-1211 (Multiple buffer overflows in the IMAP service in Mercury/32 4.01a ...)
 	NOT-FOR-US: Mercury Mail
 CVE-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...)
 	NOT-FOR-US: IpCop
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 051a2f9a7d..24a87e73fd 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,3 +1,69 @@
+CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+	TODO: check
+CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView ...)
+	TODO: check
+CVE-2007-5050 (Directory traversal vulnerability in index.php in Neuron News 1.0 ...)
+	TODO: check
+CVE-2007-5049 (Stack-based buffer overflow in the StreamPredictor::getNextLine ...)
+	TODO: check
+CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote ...)
+	TODO: check
+CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly validate ...)
+	TODO: check
+CVE-2007-5046 (Cross-site scripting (XSS) vulnerability in the Webmail interface for ...)
+	TODO: check
+CVE-2007-5045 (Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, ...)
+	TODO: check
+CVE-2007-5044 (ZoneAlarm Pro 7.0.362.000 does not properly validate certain ...)
+	TODO: check
+CVE-2007-5043 (Kaspersky Internet Security 7.0.0.125 does not properly validate ...)
+	TODO: check
+CVE-2007-5042 (Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain ...)
+	TODO: check
+CVE-2007-5041 (G DATA InternetSecurity 2007 does not properly validate certain ...)
+	TODO: check
+CVE-2007-5040 (Ghost Security Suite alpha 1.200 does not properly validate certain ...)
+	TODO: check
+CVE-2007-5039 (Ghost Security Suite beta 1.110 does not properly validate certain ...)
+	TODO: check
+CVE-2007-5038 (The offer_account_by_email function in User.pm in the WebService for ...)
+	TODO: check
+CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in ...)
+	TODO: check
+CVE-2007-5036 (Multiple buffer overflows in the AirDefense Airsensor M520 with ...)
+	TODO: check
+CVE-2007-5035 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-5034 (ELinks before 0.11.3, when sending a POST request for an https URL, ...)
+	TODO: check
+CVE-2007-5033 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 ...)
+	TODO: check
+CVE-2007-5032 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
+	TODO: check
+CVE-2007-5031 (The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in ...)
+	TODO: check
+CVE-2007-5030 (Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to ...)
+	TODO: check
+CVE-2007-5029 (Dibbler 0.6.0 does not verify that certain length parameters are ...)
+	TODO: check
+CVE-2007-5028 (Dibbler 0.6.0 on Linux uses weak world-writable permissions for ...)
+	TODO: check
+CVE-2007-5027 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in ...)
+	TODO: check
+CVE-2007-5026 (dBlog CMS, probably 2.0, stores sensitive information under the web ...)
+	TODO: check
+CVE-2007-5025 (Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 ...)
+	TODO: check
+CVE-2007-5024 (EMC VMware Server before 1.0.4 Build 56528 writes passwords in ...)
+	TODO: check
+CVE-2007-5023 (Unquoted Windows search path vulnerability in EMC VMware Workstation ...)
+	TODO: check
+CVE-2007-5022 (Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) ...)
+	TODO: check
+CVE-2007-5021 (Buffer overflow in the Client Acceptor Daemon (CAD) in certain IBM ...)
+	TODO: check
+CVE-2007-5020 (Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows ...)
+	TODO: check
 CVE-2007-XXXX [mimep insecure tempfile usage and insecure calls to LaTeX and dvips]
 	- mp 3.7.1-8
 CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in Java ...)
@@ -58,8 +124,8 @@ CVE-2007-4993
 	RESERVED
 CVE-2007-4992
 	RESERVED
-CVE-2007-4991
-	RESERVED
+CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) ...)
+	TODO: check
 CVE-2007-4990
 	RESERVED
 CVE-2007-4989
@@ -999,8 +1065,7 @@ CVE-2007-4571
 	RESERVED
 CVE-2007-4570
 	RESERVED
-CVE-2007-4569 [unauthorized login problem in kdm]
-	RESERVED
+CVE-2007-4569 (backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is ...)
 	- kdebase 4:3.5.7-4
 	NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt
 CVE-2007-4568
@@ -1160,10 +1225,10 @@ CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American
 	NOT-FOR-US: American Financing eMail Image Upload
 CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...)
 	NOT-FOR-US: Grandstream SIP Phone
-CVE-2007-4497
-	RESERVED
-CVE-2007-4496
-	RESERVED
+CVE-2007-4497 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...)
+	TODO: check
+CVE-2007-4496 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...)
+	TODO: check
 CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on ...)
 	NOT-FOR-US: Solaris
 CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before ...)
@@ -2092,11 +2157,9 @@ CVE-2007-4068 (Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remo
 	NOT-FOR-US: Webyapar
 CVE-2007-4067 (Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ...)
 	NOT-FOR-US: Clever Internet ActiveX Suite
-CVE-2007-4066
-	RESERVED
+CVE-2007-4066 (Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow ...)
 	NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
-CVE-2007-4065
-	RESERVED
+CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 ...)
 	NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
 CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...)
 	- drupal 4.7.7-1 (low)
@@ -2431,8 +2494,7 @@ CVE-2007-3918
 	RESERVED
 CVE-2007-3917
 	RESERVED
-CVE-2007-3916 [skktools insecure tempfile]
-	RESERVED
+CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local users ...)
 	- skktools 1.2+0.20061004-3
 CVE-2007-3915
 	RESERVED
@@ -4309,7 +4371,7 @@ CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when run
 	NOTE: Not reproducibly reliably by an attacker, mostly a bug
 	NOTE: This is fixed by 9a08e732533b940d2d31f4e9999dfee5e1ca3914
 	NOTE: in Linus' tree.
-CVE-2007-3106 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...)
+CVE-2007-3106 (lib/info.c in libvorbis 1.1.2, and possibly other versions before ...)
 	- libvorbis 1.2.0.dfsg-1 (medium)
 CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) ...)
 	{DSA-1363-1}
@@ -11304,12 +11366,12 @@ CVE-2007-0065
 	RESERVED
 CVE-2007-0064
 	RESERVED
-CVE-2007-0063
-	RESERVED
-CVE-2007-0062
-	RESERVED
-CVE-2007-0061
-	RESERVED
+CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation before ...)
+	TODO: check
+CVE-2007-0062 (Integer overflow in the DHCP server in EMC VMware Workstation before ...)
+	TODO: check
+CVE-2007-0061 (The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and ...)
+	TODO: check
 CVE-2007-0060 (Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in ...)
 	NOT-FOR-US: CA
 CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 ...)