automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@17377 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2011-10-05 21:14:20 +0000
committer: Joey Hess <joeyh@debian.org> 2011-10-05 21:14:20 +0000
commit: 981c562b14ba70676b1a50307784a18489b6e7a6 (patch)
tree: 4527f2b051b1285d8717fde147b40cfba592d362 /data/CVE
parent: 9fff78b39a31979e1df076f58a043e72095c91a4 (diff)
4 files changed, 74 insertions, 33 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list
index d67e443ee4..af6111a209 100644
--- a/data/CVE/2000.list
+++ b/data/CVE/2000.list
@@ -1,3 +1,5 @@
+CVE-2000-1247 (The default configuration of the jserv-status handler in jserv.conf in ...)
+	TODO: check
 CVE-2000-1246 (NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 ...)
 	NOT-FOR-US: Novell NetWare
 CVE-2000-1245 (Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the ...)
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index a1a89e3e29..b52f4f87ce 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -1,3 +1,9 @@
+CVE-2008-7302 (SQL injection vulnerability in netinvoice.php in the nBill ...)
+	TODO: check
+CVE-2008-7301 (SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows ...)
+	TODO: check
+CVE-2008-7300 (The labeled networking implementation in Solaris Trusted Extensions in ...)
+	TODO: check
 CVE-2008-7299 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses ...)
 	NOT-FOR-US: Tivoli
 CVE-2008-7298 (The Android browser in Android cannot properly restrict modifications ...)
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index a0cae4c3d7..b6d2023c0c 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -1,3 +1,37 @@
+CVE-2010-4869 (SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote ...)
+	TODO: check
+CVE-2010-4868 (Cross-site scripting (XSS) vulnerability in search.php3 (aka ...)
+	TODO: check
+CVE-2010-4867 (Directory traversal vulnerability in search.php3 (aka search.php) in ...)
+	TODO: check
+CVE-2010-4866 (SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows ...)
+	TODO: check
+CVE-2010-4865 (SQL injection vulnerability in the JE Guestbook (com_jeguestbook) ...)
+	TODO: check
+CVE-2010-4864 (SQL injection vulnerability in the Club Manager (com_clubmanager) ...)
+	TODO: check
+CVE-2010-4863 (Cross-site scripting (XSS) vulnerability in admin/changedata.php in ...)
+	TODO: check
+CVE-2010-4862 (SQL injection vulnerability in the JExtensions JE Directory ...)
+	TODO: check
+CVE-2010-4861 (SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows ...)
+	TODO: check
+CVE-2010-4860 (SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 ...)
+	TODO: check
+CVE-2010-4859 (SQL injection vulnerability in index.php in WebAsyst Shop-Script ...)
+	TODO: check
+CVE-2010-4858 (Directory traversal vulnerability in team.rc5-72.php in DNET ...)
+	TODO: check
+CVE-2010-4857 (SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows ...)
+	TODO: check
+CVE-2010-4856 (SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote ...)
+	TODO: check
+CVE-2010-4855 (SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote ...)
+	TODO: check
+CVE-2010-4854 (SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when ...)
+	TODO: check
+CVE-2010-4853 (SQL injection vulnerability in the ccInvoices (com_ccinvoices) ...)
+	TODO: check
 CVE-2010-4852 (Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b ...)
 	TODO: check
 CVE-2010-4851 (Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote ...)
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index e639744ae3..7de215751c 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -1,3 +1,5 @@
+CVE-2011-3982 (The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 ...)
+	TODO: check
 CVE-2011-3981 (PHP remote file inclusion vulnerability in actions.php in the ...)
 	TODO: check
 CVE-2011-3980 (Unspecified vulnerability in the Drag Drop Mass Upload ...)
@@ -218,8 +220,7 @@ CVE-2011-3875
 	RESERVED
 CVE-2011-3874
 	RESERVED
-CVE-2011-3873
-	RESERVED
+CVE-2011-3873 (Google Chrome before 14.0.835.202 does not properly implement shader ...)
 	- chromium-browser 14.0.835.202~r103287-1
 	- libv8 <undetermined>
 CVE-2011-XXXX [Fix file indirectory injection]
@@ -1437,18 +1438,23 @@ CVE-2011-3328
 	RESERVED
 CVE-2011-3327
 	RESERVED
+	{DSA-2316-1}
 	- quagga 0.99.19-1
 CVE-2011-3326
 	RESERVED
+	{DSA-2316-1}
 	- quagga 0.99.19-1
 CVE-2011-3325
 	RESERVED
+	{DSA-2316-1}
 	- quagga 0.99.19-1
 CVE-2011-3324
 	RESERVED
+	{DSA-2316-1}
 	- quagga 0.99.19-1
 CVE-2011-3323
 	RESERVED
+	{DSA-2316-1}
 	- quagga 0.99.19-1
 CVE-2011-3322 (Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon ...)
 	NOT-FOR-US: Scadatec Limited Procyon SCADA
@@ -2177,7 +2183,7 @@ CVE-2011-3001 (Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMon
 	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
 	- iceape <not-affected> (Only affects Firefox >= 4)
 CVE-2011-3000 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before ...)
-	{DSA-2313-1 DSA-2312-1}
+	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
 	- icedove <unfixed>
 	- xulrunner <removed>
 	- iceweasel 7.0-1
@@ -2185,7 +2191,7 @@ CVE-2011-3000 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird befo
 	- iceape 2.0.14-8
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-2999 (Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before ...)
-	{DSA-2313-1 DSA-2312-1}
+	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
 	- icedove <unfixed>
 	- xulrunner <removed>
 	- iceweasel 7.0-1
@@ -2193,7 +2199,7 @@ CVE-2011-2999 (Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird befo
 	- iceape 2.0.14-8
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-2998 (Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote ...)
-	{DSA-2313-1 DSA-2312-1}
+	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
 	- icedove <unfixed>
 	- xulrunner <removed>
 	- iceweasel 7.0-1
@@ -2213,7 +2219,7 @@ CVE-2011-2996 (Unspecified vulnerability in the plugin API in Mozilla Firefox 3.
 	- iceweasel <not-affected> (Only affects MacOS)
 	- iceape <not-affected> (Only affects MacOS)
 CVE-2011-2995 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	{DSA-2313-1 DSA-2312-1}
+	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
 	- icedove <unfixed>
 	- xulrunner <removed>
 	- iceweasel 7.0-1
@@ -2577,28 +2583,22 @@ CVE-2011-2883 (The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Acce
 	NOT-FOR-US: Citrix Access Gateway
 CVE-2011-2882 (Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control ...)
 	NOT-FOR-US: Citrix Access Gateway
-CVE-2011-2881
-	RESERVED
+CVE-2011-2881 (Google Chrome before 14.0.835.202 does not properly handle Google V8 ...)
 	- chromium-browser 14.0.835.202~r103287-1
 	- libv8 <undetermined>
-CVE-2011-2880
-	RESERVED
+CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 ...)
 	- chromium-browser 14.0.835.202~r103287-1
 	- libv8 <undetermined>
-CVE-2011-2879
-	RESERVED
+CVE-2011-2879 (Google Chrome before 14.0.835.202 does not properly consider object ...)
 	- chromium-browser 14.0.835.202~r103287-1
 	- libv8 <undetermined>
-CVE-2011-2878
-	RESERVED
+CVE-2011-2878 (Google Chrome before 14.0.835.202 does not properly restrict access to ...)
 	- chromium-browser 14.0.835.202~r103287-1
 	- libv8 <undetermined>
-CVE-2011-2877
-	RESERVED
+CVE-2011-2877 (Google Chrome before 14.0.835.202 does not properly handle SVG text, ...)
 	- chromium-browser 14.0.835.202~r103287-1
 	- libv8 <undetermined>
-CVE-2011-2876
-	RESERVED
+CVE-2011-2876 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 ...)
 	- chromium-browser 14.0.835.202~r103287-1
 	- libv8 <undetermined>
 CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
@@ -3102,6 +3102,7 @@ CVE-2011-2714
 	NOT-FOR-US: Drupal data module
 CVE-2011-2713
 	RESERVED
+	{DSA-2315-1}
 	- libreoffice 1:3.4.3-1
 	- openoffice.org 1:3.3.0-1
 	NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
@@ -3777,8 +3778,8 @@ CVE-2011-2445
 	RESERVED
 CVE-2011-2444 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
 	TODO: check
-CVE-2011-2443
-	RESERVED
+CVE-2011-2443 (Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier ...)
+	TODO: check
 CVE-2011-2442 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x ...)
 	NOT-FOR-US: Adobe Reader and Acrobat
 CVE-2011-2441 (Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader ...)
@@ -3946,7 +3947,7 @@ CVE-2011-2373 (Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and
 	[lenny] - iceape <not-affected> (Only a stub package)
 	- icedove 3.1.11-1
 CVE-2011-2372 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before ...)
-	{DSA-2313-1 DSA-2312-1}
+	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
 	- icedove <unfixed>
 	- xulrunner <removed>
 	- iceweasel 7.0-1
@@ -5375,8 +5376,8 @@ CVE-2011-1828 (usb-creator-helper in usb-creator before 0.2.28.3 does not enforc
 CVE-2011-XXXX [spip DoS]
 	- spip <unfixed>
 	[squeeze] - spip 2.1.1-3squeeze1
-CVE-2011-1827
-	RESERVED
+CVE-2011-1827 (Multiple unspecified vulnerabilities in Check Point SSL Network ...)
+	TODO: check
 CVE-2011-1826 (Open redirect vulnerability in the Administrative Console in CA Arcot ...)
 	NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server
 CVE-2011-1825 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
@@ -5582,8 +5583,7 @@ CVE-2011-1767
 	{DSA-2264-1 DSA-2240-1}
 	- linux-2.6 2.6.34-1
 	[squeeze] - linux-2.6 2.6.32-34squeeze1
-CVE-2011-1764 [DKIM format string issue in exim4]
-	RESERVED
+CVE-2011-1764 (Format string vulnerability in the dkim_exim_verify_finish function in ...)
 	{DSA-2232-1}
 	- exim4 4.75-3 (high; bug #624670)
 	[lenny] - exim4 <not-affected> (vulnerable code not present)
@@ -6956,8 +6956,8 @@ CVE-2011-1223 (Buffer overflow in the Alternate Data Stream (aka ADS or named st
 	NOT-FOR-US: IBM Tivoli Storage Manager 
 CVE-2011-1222 (Buffer overflow in the Journal Based Backup (JBB) feature in the ...)
 	NOT-FOR-US: IBM Tivoli Storage Manager 
-CVE-2011-1221
-	RESERVED
+CVE-2011-1221 (Cross-zone scripting vulnerability in the RealPlayer ActiveX control ...)
+	TODO: check
 CVE-2011-1220 (Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM ...)
 	NOT-FOR-US: IBM Tivoli Management Framework
 CVE-2011-1219
@@ -7193,8 +7193,8 @@ CVE-2011-1160
 	RESERVED
 	{DSA-2264-1 DSA-2240-1}
 	- linux-2.6 2.6.38-4 (low)
-CVE-2011-1159
-	RESERVED
+CVE-2011-1159 (acpid.c in acpid before 2.0.9 does not properly handle a situation in ...)
+	TODO: check
 CVE-2011-1158 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...)
 	- feedparser 5.0.1-1 (low; bug #617998)
 	[squeeze] - feedparser <no-dsa> (Minor issue)
@@ -7485,8 +7485,7 @@ CVE-2011-1078
 	- linux-2.6 2.6.38-4 (low)
 CVE-2011-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva ...)
 	NOT-FOR-US: Apache Archiva
-CVE-2011-1076
-	RESERVED
+CVE-2011-1076 (net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows ...)
 	- linux-2.6 2.6.38-1
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
@@ -9116,8 +9115,8 @@ CVE-2011-0461 (/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.4
 	NOT-FOR-US: OpenSUSE aaa_base package
 CVE-2011-0460
 	RESERVED
-CVE-2011-0459
-	RESERVED
+CVE-2011-0459 (Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault ...)
+	TODO: check
 CVE-2011-0458 (Untrusted search path vulnerability in the Locate on Disk feature in ...)
 	NOT-FOR-US: Google Picasa
 CVE-2011-0457 (Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier ...)
author	Joey Hess <joeyh@debian.org>	2011-10-05 21:14:20 +0000
committer	Joey Hess <joeyh@debian.org>	2011-10-05 21:14:20 +0000
commit	981c562b14ba70676b1a50307784a18489b6e7a6 (patch)
tree	4527f2b051b1285d8717fde147b40cfba592d362 /data/CVE
parent	9fff78b39a31979e1df076f58a043e72095c91a4 (diff)