automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14411 e39458fd-73e7-0310-bf30-c45bca0a0e42

10 files changed, 85 insertions, 47 deletions

diff --git a/data/CVE/2000.list b/data/CVE/2000.list
index 7ea3e35b76..911c96aaf6 100644
--- a/data/CVE/2000.list
+++ b/data/CVE/2000.list
@@ -1,3 +1,7 @@
+CVE-2000-1246 (NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 ...)
+	TODO: check
+CVE-2000-1245 (Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the ...)
+	TODO: check
 CVE-2000-1244 (Computer Associates InoculateIT Agent for Exchange Server does not ...)
 	NOT-FOR-US: Exchange Server
 CVE-2000-1243 (Privacy leak in Dansie Shopping Cart 3.04, and probably earlier ...)
diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index 7df6c3086d..d579b9f588 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -1,3 +1,5 @@
+CVE-2001-1587 (NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows ...)
+	TODO: check
 CVE-2001-1586 (Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2001-1585 (SSH protocol 2 (aka SSH-2) public key authentication in the ...)
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index aefc44d807..e7a3d51082 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1,3 +1,9 @@
+CVE-2002-2434 (NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not ...)
+	TODO: check
+CVE-2002-2433 (NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows ...)
+	TODO: check
+CVE-2002-2432 (Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server ...)
+	TODO: check
 CVE-2002-2431 (Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows ...)
 	NOT-FOR-US: GoAhead WebServer
 CVE-2002-2430 (GoAhead WebServer before 2.1.1 allows remote attackers to cause a ...)
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index e8744be24c..c3c44f7787 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -1,3 +1,15 @@
+CVE-2003-1596 (NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not ...)
+	TODO: check
+CVE-2003-1595 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...)
+	TODO: check
+CVE-2003-1594 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...)
+	TODO: check
+CVE-2003-1593 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...)
+	TODO: check
+CVE-2003-1592 (Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell ...)
+	TODO: check
+CVE-2003-1591 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...)
+	TODO: check
 CVE-2003-1590 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 ...)
 	NOT-FOR-US: Sun ONE Web Server
 CVE-2003-1589 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 ...)
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index 3a265d2e9f..781c85e576 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -1,3 +1,5 @@
+CVE-2004-2767 (NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not ...)
+	TODO: check
 CVE-2004-2766 (Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server ...)
 	NOT-FOR-US: iPlanet Messaging Server/Sun ONE Messaging Server
 CVE-2004-2765 (Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE ...)
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index a4714bc228..413801b122 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -1,3 +1,7 @@
+CVE-2005-4888 (NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows ...)
+	TODO: check
+CVE-2005-4887 (NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 ...)
+	TODO: check
 CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the ...)
 	- linux-2.6 2.6.12-1
 	- linux-2.6.24 <not-affected> (fixed before 2.6.24)
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 3137a8bb02..5d081214cc 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,3 +1,7 @@
+CVE-2007-6735 (NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not ...)
+	TODO: check
+CVE-2007-6734 (NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 ...)
+	TODO: check
 CVE-2007-6733 (The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does ...)
 	- linux-2.6 2.6.10-1
 CVE-2007-6732 (Multiple buffer overflows in the dtt_load function in ...)
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index 9dc017c8ef..248173a59b 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -2495,6 +2495,7 @@ CVE-2008-6081 (SQL injection vulnerability in contact.php in Simple Customer 1.2
 CVE-2008-6080 (Directory traversal vulnerability in download.php in the ionFiles ...)
 	NOT-FOR-US: Joomla
 CVE-2008-6079 (Multiple unspecified vulnerabilities in imlib2 before 1.4.2 have ...)
+	{DSA-2029-1}
 	- imlib2 1.4.2-1 (bug #576469)
 	NOTE: poked upstream for more details
 CVE-2008-6078 (SQL injection vulnerability in open.php in the Private Messaging ...)
@@ -9284,8 +9285,8 @@ CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion dur
 	- libxml2 2.6.32.dfsg-3 (medium)
 CVE-2008-3280
 	RESERVED
-CVE-2008-3279
-	RESERVED
+CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...)
+	TODO: check
 CVE-2008-3278
 	RESERVED
 CVE-2008-3277
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 033cfea4b8..a9d987f9ca 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -1,3 +1,5 @@
+CVE-2009-4764 (Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that ...)
+	TODO: check
 CVE-2009-4763 (Unspecified vulnerability in the ClickHeat plugin, as used in ...)
 	NOT-FOR-US: ClickHeat plugin
 CVE-2009-4762 (MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs ...)
@@ -3069,13 +3071,13 @@ CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink
 CVE-2009-3611 (common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes ...)
 	- backintime 0.9.26-3 (bug #543785)
 CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...)
-	{DSA-1941-1}
+	{DSA-2028-1 DSA-1941-1}
 	- xpdf 3.02-2 (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
 	- kdegraphics 4:4.0 (medium; bug #551290)
 	- swftools <removed> (medium; bug #551291)
 CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...)
-	{DSA-1941-1}
+	{DSA-2028-1 DSA-1941-1}
 	- xpdf 3.02-2 (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
 	- kdegraphics 4:4.0 (medium; bug #551290)
@@ -3084,7 +3086,7 @@ CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data functi
 	{DSA-1941-1}
 	- poppler 0.12.2-1 (medium; bug #551289)
 CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ...)
-	{DSA-1941-1}
+	{DSA-2028-1 DSA-1941-1}
 	- xpdf 3.02-2 (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
 	- kdegraphics 4:4.0 (medium; bug #551290)
@@ -3093,13 +3095,13 @@ CVE-2009-3605 (Multiple integer overflows in Poppler 0.10.5 and earlier allow re
 	{DSA-1941-1}
 	- poppler 0.12.2-1 (medium; bug #551289)
 CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...)
-	{DSA-1941-1}
+	{DSA-2028-1 DSA-1941-1}
 	- xpdf 3.02-2 (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
 	- kdegraphics 4:4.0 (medium; bug #551290)
 	- swftools <removed> (medium; bug #551291)
 CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...)
-	{DSA-1941-1}
+	{DSA-2028-1 DSA-1941-1}
 	- xpdf 3.02-2 (medium; bug #551287)
 	- poppler 0.12.2-1 (medium; bug #551289)
 	- kdegraphics 4:4.0 (medium; bug #551290)
@@ -4837,8 +4839,7 @@ CVE-2009-2937 (Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet
 	- planet-venus 0~bzr116-1 (low; bug #546179)
 	[lenny] - planet-venus 0~bzr95-2+lenny1
 	[etch] - planet-venus <no-dsa> (Minor issue)
-CVE-2009-2936 [varnish] 
-	RESERVED
+CVE-2009-2936 (** DISPUTED ** The Command Line Interface (aka Server CLI or ...)
 	- varnish 2.1.0-2 (unimportant)
 	NOTE: Only a security issue if used against best practices
 CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...)
@@ -5127,8 +5128,8 @@ CVE-2009-2824 (Multiple buffer overflows in Apple Type Services (ATS) in Apple M
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2823 (The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the ...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2009-2822
-	RESERVED
+CVE-2009-2822 (AirPort Utility before 5.5.1 for Apple AirPort Base Station does not ...)
+	TODO: check
 CVE-2009-2821
 	RESERVED
 CVE-2009-2820 (The web interface in CUPS before 1.4.2, as used on Apple Mac OS X ...)
@@ -9580,7 +9581,7 @@ CVE-2009-1189 (The _dbus_validate_signature_with_reason function ...)
 	NOTE: remote signature spoofing possible, and this was supposed to be
 	NOTE: originally fixed with the updates for CVE-2008-3834
 CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the ...)
-	{DSA-1941-1}
+	{DSA-2028-1 DSA-1941-1}
 	- poppler 0.10.6-1 (medium; bug #524806)
 	[etch] - poppler <not-affected> (SplashBitmap code not present)
 	- xpdf 3.02-2 (bug #575779)
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 9c32126f65..e40ddc3709 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -1,3 +1,17 @@
+CVE-2010-1244 (Cross-site request forgery (CSRF) vulnerability in ...)
+	TODO: check
+CVE-2010-1243 (The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 ...)
+	TODO: check
+CVE-2010-1242 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web ...)
+	TODO: check
+CVE-2010-1241 (The custom heap management system in Adobe Reader 9.3.1 allows remote ...)
+	TODO: check
+CVE-2010-1240 (Adobe Reader 9.3.1 on Windows does not restrict the contents of one ...)
+	TODO: check
+CVE-2010-1239 (Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute ...)
+	TODO: check
+CVE-2010-1238 (MoinMoin 1.7.1 allows remote attackers to bypass the textcha ...)
+	TODO: check
 CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to ...)
 	- webkit 1.1.90-1
 	- kdelibs <undetermined>
@@ -959,16 +973,14 @@ CVE-2010-0830
 	RESERVED
 CVE-2010-0829
 	RESERVED
-CVE-2010-0828 [moin despam action xss]
-	RESERVED
+CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in the ...)
 	{DSA-2024-1}
 	- moin 1.9.2-3 (low; bug #575995)
 CVE-2010-0827
 	RESERVED
-CVE-2010-0826
-	RESERVED
-CVE-2010-0825 [emacs Race condition]
-	RESERVED
+CVE-2010-0826 (The Free Software Foundation (FSF) Berkeley DB NSS module (aka ...)
+	TODO: check
+CVE-2010-0825 (lib-src/movemail.c in movemail in emacs 22 and 23 allows local users ...)
 	- emacs21 <removed>
 	- emacs22 <unfixed>
 	- xemacs21 <unfixed>
@@ -1165,7 +1177,7 @@ CVE-2010-0752 (The week_post_page function in the Weekly Archive by Node Type mo
 CVE-2010-1144 [zabbix SQL injection]
 	RESERVED
 	- zabbix <unfixed>
-        TODO: File bug
+	TODO: File bug
 CVE-2010-0750 [policykit information disclosure]
 	RESERVED
 	- policykit <not-affected> (pkexec introduced in 0.92)
@@ -1179,10 +1191,10 @@ CVE-2010-0748
 	[lenny] - transmission <not-affected> (Support for Magnet links not yet available)
 CVE-2010-0746 [DeviceKit privilege escalation via pluggable storage device labels]
 	RESERVED
-        - devicekit-disks 1.0.0~git20100212.aae17d9-1
-        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178
-        NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2
-        NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235
+	- devicekit-disks 1.0.0~git20100212.aae17d9-1
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178
+	NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2
+	NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235
 CVE-2010-0745 [dovecot DoS]
 	RESERVED
 	- dovecot 1:1.2.11-1 (low)
@@ -1332,8 +1344,8 @@ CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source
 	- asterisk <unfixed>
 	[lenny] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed)
 	[squeeze] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed)
-CVE-2010-0684
-	RESERVED
+CVE-2010-0684 (Cross-site scripting (XSS) vulnerability in createDestination.action ...)
+	TODO: check
 CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator ...)
 	NOT-FOR-US: TIBCO Administrator
 CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...)
@@ -1515,8 +1527,8 @@ CVE-2010-0627
 	RESERVED
 CVE-2010-0626
 	RESERVED
-CVE-2010-0625
-	RESERVED
+CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP ...)
+	TODO: check
 CVE-2010-0624 (Heap-based buffer overflow in the rmt_read__ function in ...)
 	- cpio 2.11-1 (low)
 	- tar 1.23-1 (low)
@@ -2606,57 +2618,48 @@ CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBC
 	NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent 
 CVE-2010-0183
 	RESERVED
-CVE-2010-0182 [XMLDocument::load() doesn't check nsIContentPolicy]
-	RESERVED
+CVE-2010-0182 (The XMLDocument::load function in Mozilla Firefox before 3.5.9 and ...)
 	- xulrunner <unfixed> (low)
 	[lenny] - xulrunner <no-dsa> (Minor issue, no upstream fix for 3.0 series)
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0181 [Image src redirect to mailto: URL opens email editor]
-	RESERVED
+CVE-2010-0181 (Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey ...)
 	- xulrunner 1.9.1.9-1 (unimportant)
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-0180
 	RESERVED
-CVE-2010-0179
-	RESERVED
+CVE-2010-0179 (Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey ...)
 	{DSA-2027-1}
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0178 [Chrome privilege escalation via forced URL drag and drop]
-	RESERVED
+CVE-2010-0178 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...)
 	{DSA-2027-1}
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0177 [Dangling pointer vulnerability in nsPluginArray]
-	RESERVED
+CVE-2010-0177 (The window.navigator.plugins object in Mozilla Firefox before 3.0.19, ...)
 	{DSA-2027-1}
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0176 [Dangling pointer vulnerability in nsTreeContentView]
-	RESERVED
+CVE-2010-0176 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...)
 	{DSA-2027-1}
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0175 [Remote code execution with use-after-free in nsTreeSelection]
-	RESERVED
+CVE-2010-0175 (Use-after-free vulnerability in the nsTreeSelection implementation in ...)
 	{DSA-2027-1}
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0174 [crashes in the browser engine]
-	RESERVED
+CVE-2010-0174 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-2027-1}
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
-CVE-2010-0173 [crashes in the browser engine]
-	RESERVED
+CVE-2010-0173 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- xulrunner 1.9.1.9-1
 	- iceape 2.0.4-1
 	[lenny] - iceape <not-affected> (Only a stub package)
@@ -3081,8 +3084,7 @@ CVE-2010-0010 (Integer overflow in the ap_proxy_send_fb function in ...)
 	NOTE: Exploitability is fairly limited: Can only be exploited by a malicious server,
 	NOTE: not by a client. No sane person uses apache 1.3 as forward proxy and in reverse
 	NOTE: proxy situations, the backend server is usually trusted, anyway.
-CVE-2010-0009 [Apache CouchDB Timing Attack Vulnerability]
-	RESERVED
+CVE-2010-0009 (Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain ...)
 	- couchdb <unfixed> (bug #576304)
 	NOTE: I don't really see the security implications?
 CVE-2010-0008 (The SCTP implementation in the Linux kernel before 2.6.23 allows ...)