automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6140 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2007-07-13 09:14:07 +0000
committer: Joey Hess <joeyh@debian.org> 2007-07-13 09:14:07 +0000
commit: 48848a9adbb07ac6965ce2186f591b55dc3641f8 (patch)
tree: 4ebc93f9902f3569558b879ba003f15f28f78b32 /data
parent: 55c6cb1916bc6e846bfaf418f08cfc600785f157 (diff)
4 files changed, 191 insertions, 18 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list
index b0c2fa5ed8..878f4a5dfb 100644
--- a/data/CVE/1999.list
+++ b/data/CVE/1999.list
@@ -1,3 +1,5 @@
+CVE-1999-1592 (Multiple unspecified vulnerabilities in sendmail 5, as installed on ...)
+	TODO: check
 CVE-1999-1591 (Microsoft Internet Information Services (IIS) server 4.0 SP4, without ...)
 	TODO: check
 CVE-1999-1590 (Directory traversal vulnerability in Muhammad A. Muquit wwwcount ...)
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index 4de28e0da6..8b2010c0ea 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -2891,7 +2891,8 @@ CVE-2005-3563
 	REJECTED
 CVE-2005-3562
 	REJECTED
-CVE-2005-3561 ( ...)
+CVE-2005-3561
+	REJECTED
 	NOT-FOR-US: ATutor
 CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...)
 	NOT-FOR-US: Zone Labs
diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index 96ab33e924..dc844525f3 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -4259,14 +4259,14 @@ CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort
 	- snort <not-affected> (snort versions 2.3.x do not contain the DCE RPC preprocessor)
 CVE-2006-5275
 	RESERVED
-CVE-2006-5274
-	RESERVED
-CVE-2006-5273
-	RESERVED
-CVE-2006-5272
-	RESERVED
-CVE-2006-5271
-	RESERVED
+CVE-2006-5274 (Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ...)
+	TODO: check
+CVE-2006-5273 (Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through ...)
+	TODO: check
+CVE-2006-5272 (Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through ...)
+	TODO: check
+CVE-2006-5271 (Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ...)
+	TODO: check
 CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-5269
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index aa3c1d3500..7fb9a1ce2f 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,3 +1,173 @@
+CVE-2007-3761
+	RESERVED
+CVE-2007-3760
+	RESERVED
+CVE-2007-3759
+	RESERVED
+CVE-2007-3758
+	RESERVED
+CVE-2007-3757
+	RESERVED
+CVE-2007-3756
+	RESERVED
+CVE-2007-3755
+	RESERVED
+CVE-2007-3754
+	RESERVED
+CVE-2007-3753
+	RESERVED
+CVE-2007-3752
+	RESERVED
+CVE-2007-3751
+	RESERVED
+CVE-2007-3750
+	RESERVED
+CVE-2007-3749
+	RESERVED
+CVE-2007-3748
+	RESERVED
+CVE-2007-3747
+	RESERVED
+CVE-2007-3746
+	RESERVED
+CVE-2007-3745
+	RESERVED
+CVE-2007-3744
+	RESERVED
+CVE-2007-3743
+	RESERVED
+CVE-2007-3742
+	RESERVED
+CVE-2007-3741
+	RESERVED
+CVE-2007-3740
+	RESERVED
+CVE-2007-3739
+	RESERVED
+CVE-2007-3738
+	RESERVED
+CVE-2007-3737
+	RESERVED
+CVE-2007-3736
+	RESERVED
+CVE-2007-3735
+	RESERVED
+CVE-2007-3734
+	RESERVED
+CVE-2007-3733
+	RESERVED
+CVE-2007-3732
+	RESERVED
+CVE-2007-3731
+	RESERVED
+CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services 5.6 for ...)
+	TODO: check
+CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services 5.6 for ...)
+	TODO: check
+CVE-2007-3728 (Buffer overflow in lib/silcclient/client_notify.c of SILC Client and ...)
+	TODO: check
+CVE-2007-3727 (Multiple unspecified vulnerabilities in Webmatic before 2.7 have ...)
+	TODO: check
+CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp in ...)
+	TODO: check
+CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows ...)
+	TODO: check
+CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does not make ...)
+	TODO: check
+CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make use of ...)
+	TODO: check
+CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs scheduling ...)
+	TODO: check
+CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives preference to ...)
+	TODO: check
+CVE-2007-3720 (The process scheduler in the Linux kernel 2.4 performs scheduling ...)
+	TODO: check
+CVE-2007-3719 (The process scheduler in the Linux kernel 2.6.16 gives preference to ...)
+	TODO: check
+CVE-2007-3718 (Multiple unspecified vulnerabilities in the SVG parsing engine in ...)
+	TODO: check
+CVE-2007-3717 (rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call ...)
+	TODO: check
+CVE-2007-3716 (The Java XML Digital Signature implementation in Sun JDK and JRE 6 ...)
+	TODO: check
+CVE-2007-3715 (Sun Java System Application Server and Web Server 7.0 through 9.0 ...)
+	TODO: check
+CVE-2007-3714 (Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 ...)
+	TODO: check
+CVE-2007-3713 (Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow ...)
+	TODO: check
+CVE-2007-3712 (Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest &quot;is ...)
+	TODO: check
+CVE-2007-3711 (Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x ...)
+	TODO: check
+CVE-2007-3710 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-3709 (CRLF injection vulnerability in the redirect function in ...)
+	TODO: check
+CVE-2007-3708 (Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before ...)
+	TODO: check
+CVE-2007-3707 (Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 ...)
+	TODO: check
+CVE-2007-3706 (The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 ...)
+	TODO: check
+CVE-2007-3705 (SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to ...)
+	TODO: check
+CVE-2007-3704 (Entertainment CMS allows remote attackers to bypass authentication and ...)
+	TODO: check
+CVE-2007-3703 (Stack-based buffer overflow in a certain ActiveX control in sasatl.dll ...)
+	TODO: check
+CVE-2007-3702 (Directory traversal vulnerability in the load function in ...)
+	TODO: check
+CVE-2007-3701 (TippingPoint IPS before 20070710 does not properly handle a ...)
+	TODO: check
+CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity Server) ...)
+	TODO: check
+CVE-2007-3699
+	RESERVED
+CVE-2007-3698 (The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 ...)
+	TODO: check
+CVE-2007-3697 (PHP remote file inclusion vulnerability in phpbb/sendmsg.php in ...)
+	TODO: check
+CVE-2007-3696 (CA ERwin Data Model Validator (formerly AllFusion Data Model ...)
+	TODO: check
+CVE-2007-3695 (Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly ...)
+	TODO: check
+CVE-2007-3694
+	RESERVED
+CVE-2007-3693 (Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built ...)
+	TODO: check
+CVE-2007-3692 (Directory traversal vulnerability in download.cgi in EZFactory KDDI ...)
+	TODO: check
+CVE-2007-3691 (Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial ...)
+	TODO: check
+CVE-2007-3690 (The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal ...)
+	TODO: check
+CVE-2007-3689 (The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal ...)
+	TODO: check
+CVE-2007-3688 (Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear ...)
+	TODO: check
+CVE-2007-3687 (SQL injection vulnerability in inferno.php in the Inferno Technologies ...)
+	TODO: check
+CVE-2007-3686 (CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating ...)
+	TODO: check
+CVE-2007-3685 (Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive ...)
+	TODO: check
+CVE-2007-3684 (Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating ...)
+	TODO: check
+CVE-2007-3683 (SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and ...)
+	TODO: check
+CVE-2007-3682 (SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier ...)
+	TODO: check
+CVE-2007-3681 (The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in ...)
+	TODO: check
+CVE-2007-3680 (Stack-based buffer overflow in the odm_searchpath function in libodm ...)
+	TODO: check
+CVE-2007-3679
+	RESERVED
+CVE-2007-3678 (Stack-based buffer overflow in the MSWord text-import extension (Word ...)
+	TODO: check
+CVE-2007-3677 (Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow ...)
+	TODO: check
 CVE-2007-3676
 	RESERVED
 CVE-2007-3675
@@ -68,7 +238,7 @@ CVE-2007-3644
 	- libarchive <unfixed> (bug #432924; low)
 CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...)
 	TODO: check
-CVE-2007-3642 (The decode_choice function in net/netfilter/bf_conntrack_h323_asn1.c ...)
+CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c ...)
 	TODO: check
 CVE-2007-3641
 	RESERVED
@@ -342,8 +512,8 @@ CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox 1.5
 	TODO: check
 CVE-2007-3510
 	RESERVED
-CVE-2007-3509
-	RESERVED
+CVE-2007-3509 (Heap-based buffer overflow in the RPC subsystem in Symantec Backup ...)
+	TODO: check
 CVE-2007-3508 (** DISPUTED ** ...)
 	- glibc 2.6-2 (unimportant; bug #431858)
 	NOTE: Not security-relevant
@@ -355,7 +525,7 @@ CVE-2007-3506 (The ft_bitmap_assure_buffer function in src/base/ftbimap.c in Fre
 	[etch] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
 CVE-2007-3505 (Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 ...)
 	NOT-FOR-US: QuickTalk forum
-CVE-2007-3504 (Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java ...)
+CVE-2007-3504 (Directory traversal vulnerability in the PersistenceService in Sun ...)
 	- sun-java5 <not-affected>
 	NOTE: Sun Alert ID 102957 says issue is Windows only
 CVE-2007-3503 (The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML ...)
@@ -462,10 +632,10 @@ CVE-2007-3459 (A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax
 	NOT-FOR-US: Civitech Avax Vector
 CVE-2007-3458 (The libsldap library in Sun Solaris 8, 9, and 10 allows local users to ...)
 	NOT-FOR-US: Sun Solaris libsldap
-CVE-2007-3457
-	RESERVED
-CVE-2007-3456
-	RESERVED
+CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP ...)
+	TODO: check
+CVE-2007-3456 (Unspecified vulnerability in Adobe Flash Player 9.0.45.0 and earlier ...)
+	TODO: check
 CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan ...)
 	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
 CVE-2007-3454 (Buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro ...)
@@ -4247,7 +4417,7 @@ CVE-2007-1756 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Of
 	TODO: check
 CVE-2007-1755
 	RESERVED
-CVE-2007-1754 (Microsoft Office Publisher 2007 does not properly clear memory when ...)
+CVE-2007-1754 (PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear ...)
 	TODO: check
 CVE-2007-1753
 	RESERVED
author	Joey Hess <joeyh@debian.org>	2007-07-13 09:14:07 +0000
committer	Joey Hess <joeyh@debian.org>	2007-07-13 09:14:07 +0000
commit	48848a9adbb07ac6965ce2186f591b55dc3641f8 (patch)
tree	4ebc93f9902f3569558b879ba003f15f28f78b32 /data
parent	55c6cb1916bc6e846bfaf418f08cfc600785f157 (diff)