automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5983 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2007-06-08 21:14:08 +0000
committer: Joey Hess <joeyh@debian.org> 2007-06-08 21:14:08 +0000
commit: 4cdd350314c907c336c4d523d09a4ea69b2101d4 (patch)
tree: f41ec8b2d9fbf950fc6dd2dcc22748baab442a91 /data
parent: a66638a30c5d56905c893938658e315bdcd582ea (diff)
3 files changed, 369 insertions, 45 deletions
diff --git a/data/CVE/2000.list b/data/CVE/2000.list
index f8ad2c5eeb..866851fdaa 100644
--- a/data/CVE/2000.list
+++ b/data/CVE/2000.list
@@ -1,3 +1,5 @@
+CVE-2000-1243 (Privacy leak in Dansie Shopping Cart 3.04, and probably earlier ...)
+	TODO: check
 CVE-2000-1242 (The HTTP service in American Power Conversion (APC) PowerChute uses a ...)
 	NOT-FOR-US: APC PowerChute
 CVE-2000-1241 (Unspecified vulnerability in Haakon Nilsen simple, integrated ...)
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index dd1cc4442d..3764756ec2 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -1,3 +1,5 @@
+CVE-2005-4840 (The Outlook Express Address Book control, when using Internet Explorer ...)
+	TODO: check
 CVE-2005-4839 (PureTLS before 0.9b5 does not clear optional Extensions and ...)
 	NOT-FOR-US: PureTLS
 CVE-2005-4838 (Multiple cross-site scripting (XSS) vulnerabilities in the example web ...)
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 80ac218a59..0b22f85999 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -1,3 +1,325 @@
+CVE-2007-3129
+	RESERVED
+CVE-2007-3128
+	RESERVED
+CVE-2007-3127
+	RESERVED
+CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a denial of ...)
+	TODO: check
+CVE-2007-3125 (Format string vulnerability in the inputAnswer function in file.c in ...)
+	TODO: check
+CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in ...)
+	TODO: check
+CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)
+	TODO: check
+CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)
+	TODO: check
+CVE-2007-3121 (Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the ...)
+	TODO: check
+CVE-2007-3120 (Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php ...)
+	TODO: check
+CVE-2007-3119 (SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi ...)
+	TODO: check
+CVE-2007-3118 (Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter ...)
+	TODO: check
+CVE-2007-3117 (Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 ...)
+	TODO: check
+CVE-2007-3116 (Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows ...)
+	TODO: check
+CVE-2007-3115 (Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, ...)
+	TODO: check
+CVE-2007-3114 (Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x ...)
+	TODO: check
+CVE-2007-3113 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...)
+	TODO: check
+CVE-2007-3112 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...)
+	TODO: check
+CVE-2007-3111 (Buffer overflow in the Provideo Camimage ActiveX control in ...)
+	TODO: check
+CVE-2007-3110 (Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 ...)
+	TODO: check
+CVE-2007-3109 (The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage ...)
+	TODO: check
+CVE-2007-3108
+	RESERVED
+CVE-2007-3107
+	RESERVED
+CVE-2007-3106
+	RESERVED
+CVE-2007-3105
+	RESERVED
+CVE-2007-3104
+	RESERVED
+CVE-2007-3103
+	RESERVED
+CVE-2007-3102
+	RESERVED
+CVE-2007-3101
+	RESERVED
+CVE-2007-3100
+	RESERVED
+CVE-2007-3099
+	RESERVED
+CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc ...)
+	TODO: check
+CVE-2007-3097 (my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers ...)
+	TODO: check
+CVE-2007-3096 (Directory traversal vulnerability in login.php in PBLang (PBL) ...)
+	TODO: check
+CVE-2007-3095 (Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and ...)
+	TODO: check
+CVE-2007-3094 (Unspecified vulnerability in the authentication mechanism in Solaris ...)
+	TODO: check
+CVE-2007-3093 (Unspecified vulnerability in the logging mechanism in Solaris ...)
+	TODO: check
+CVE-2007-3092 (Microsoft Internet Explorer 6 allows remote attackers to spoof the URL ...)
+	TODO: check
+CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 and 7 allows remote ...)
+	TODO: check
+CVE-2007-3090 (Mozilla Firefox does not properly manage a delay timer used in ...)
+	TODO: check
+CVE-2007-3089 (Mozilla Firefox does not prevent use of document.write to replace an ...)
+	TODO: check
+CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows remote ...)
+	TODO: check
+CVE-2007-3087 (Peercast places a cleartext password in a query string, which might ...)
+	TODO: check
+CVE-2007-3086 (Unrestricted critical resource lock in Agnitum Outpost Firewall PRO ...)
+	TODO: check
+CVE-2007-3085 (Multiple PHP remote file inclusion vulnerabilities in PBSite allow ...)
+	TODO: check
+CVE-2007-3084 (PHP remote file inclusion vulnerability in sampleblogger.php in Comdev ...)
+	TODO: check
+CVE-2007-3083 (Z-Blog 1.7 stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2007-3082 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 ...)
+	TODO: check
+CVE-2007-3081 (PHP remote file inclusion vulnerability in sampleecommerce.php in ...)
+	TODO: check
+CVE-2007-3080 (SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly ...)
+	TODO: check
+CVE-2007-3079 (listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to ...)
+	TODO: check
+CVE-2007-3078 (Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before ...)
+	TODO: check
+CVE-2007-3077 (SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and ...)
+	TODO: check
+CVE-2007-3076 (A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker ...)
+	TODO: check
+CVE-2007-3075 (Directory traversal vulnerability in Microsoft Internet Explorer ...)
+	TODO: check
+CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read ...)
+	TODO: check
+CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and ...)
+	TODO: check
+CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...)
+	TODO: check
+CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX ...)
+	TODO: check
+CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in BDigital Web ...)
+	TODO: check
+CVE-2007-3069 (xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session ...)
+	TODO: check
+CVE-2007-3068 (Stack-based buffer overflow in DVD X Player 4.1 Professional allows ...)
+	TODO: check
+CVE-2007-3067 (Cross-site scripting (XSS) vulnerability in the Attunement and Key ...)
+	TODO: check
+CVE-2007-3066 (Multiple PHP remote file inclusion vulnerabilities in php(Reactor) ...)
+	TODO: check
+CVE-2007-3065 (SQL injection vulnerability in viewimage.php in Particle Soft Particle ...)
+	TODO: check
+CVE-2007-3064 (Cross-site scripting (XSS) vulnerability in diary.php in My Databook ...)
+	TODO: check
+CVE-2007-3063 (SQL injection vulnerability in diary.php in My Databook allows remote ...)
+	TODO: check
+CVE-2007-3062 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
+	TODO: check
+CVE-2007-3061 (Cactushop 6 and earlier stores sensitive information under the web ...)
+	TODO: check
+CVE-2007-3060 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...)
+	TODO: check
+CVE-2007-3059 (SendCard 3.3.0 allows remote attackers to obtain sensitive information ...)
+	TODO: check
+CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail ...)
+	TODO: check
+CVE-2007-3057 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-3056 (Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN ...)
+	TODO: check
+CVE-2007-3055 (Cross-site scripting (XSS) vulnerability in index.php in Codelib ...)
+	TODO: check
+CVE-2007-3054 (Cross-site scripting (XSS) vulnerability in search.php in Codelib ...)
+	TODO: check
+CVE-2007-3053 (Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier ...)
+	TODO: check
+CVE-2007-3052 (SQL injection vulnerability in index.php in the PNphpBB2 1.2i and ...)
+	TODO: check
+CVE-2007-3051 (SQL injection vulnerability in inc/class_users.php in RevokeSoft ...)
+	TODO: check
+CVE-2007-3050 (Session fixation vulnerability in chameleon cms 3.0 and earlier allows ...)
+	TODO: check
+CVE-2007-3049 (Cross-site scripting (XSS) vulnerability in index.php in Buttercup web ...)
+	TODO: check
+CVE-2007-3048 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-3047 (The Vonage VoIP Telephone Adapter has a default administrator username ...)
+	TODO: check
+CVE-2007-3046 (Buffer overflow in Advanced Software Production Line Vortex Library ...)
+	TODO: check
+CVE-2007-3045 (Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on ...)
+	TODO: check
+CVE-2007-3044 (Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi ...)
+	TODO: check
+CVE-2007-3043 (Cross-site scripting (XSS) vulnerability in Collaboration - File ...)
+	TODO: check
+CVE-2007-3042 (Cross-site scripting (XSS) vulnerability in Meneame before 2 allows ...)
+	TODO: check
+CVE-2007-3041
+	RESERVED
+CVE-2007-3040
+	RESERVED
+CVE-2007-3039
+	RESERVED
+CVE-2007-3038
+	RESERVED
+CVE-2007-3037
+	RESERVED
+CVE-2007-3036
+	RESERVED
+CVE-2007-3035
+	RESERVED
+CVE-2007-3034
+	RESERVED
+CVE-2007-3033
+	RESERVED
+CVE-2007-3032
+	RESERVED
+CVE-2007-3031
+	RESERVED
+CVE-2007-3030
+	RESERVED
+CVE-2007-3029
+	RESERVED
+CVE-2007-3028
+	RESERVED
+CVE-2007-3027
+	RESERVED
+CVE-2007-3026
+	RESERVED
+CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before ...)
+	TODO: check
+CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)
+	TODO: check
+CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not ...)
+	TODO: check
+CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before ...)
+	TODO: check
+CVE-2007-3021 (Symantec Reporting Server 1.0.197.0, and other versions before ...)
+	TODO: check
+CVE-2007-3020
+	RESERVED
+CVE-2007-3019
+	RESERVED
+CVE-2007-3018
+	RESERVED
+CVE-2007-3017
+	RESERVED
+CVE-2007-3016
+	RESERVED
+CVE-2007-3015
+	RESERVED
+CVE-2007-3014
+	RESERVED
+CVE-2007-3013
+	RESERVED
+CVE-2007-3012
+	RESERVED
+CVE-2007-3011
+	RESERVED
+CVE-2007-3010
+	RESERVED
+CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent function in ...)
+	TODO: check
+CVE-2007-3008 (Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has ...)
+	TODO: check
+CVE-2007-3007 (PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode ...)
+	TODO: check
+CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted ...)
+	TODO: check
+CVE-2007-3005 (Unspecified vulnerability in the Sun Java Runtime Environment in JDK ...)
+	TODO: check
+CVE-2007-3004 (Buffer overflow in the image parsing implementation in the Sun Java ...)
+	TODO: check
+CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier ...)
+	TODO: check
+CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2007-3001 (Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife ...)
+	TODO: check
+CVE-2007-3000 (Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow ...)
+	TODO: check
+CVE-2007-2999 (Microsoft Windows Server 2003, when time restrictions are in effect ...)
+	TODO: check
+CVE-2007-2998 (The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS ...)
+	TODO: check
+CVE-2007-2997 (Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in ...)
+	TODO: check
+CVE-2007-2996 (Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM ...)
+	TODO: check
+CVE-2007-2995 (Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and ...)
+	TODO: check
+CVE-2007-2994 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote ...)
+	TODO: check
+CVE-2007-2993 (Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in ...)
+	TODO: check
+CVE-2007-2992 (Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka ...)
+	TODO: check
+CVE-2007-2991 (Cross-site scripting (XSS) vulnerability in includes/send.inc.php in ...)
+	TODO: check
+CVE-2007-2990 (Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 ...)
+	TODO: check
+CVE-2007-2989 (The libike library in Sun Solaris 9 before 20070529 contains a logic ...)
+	TODO: check
+CVE-2007-2988 (A certain admin script in Inout Meta Search Engine sends a redirect to ...)
+	TODO: check
+CVE-2007-2987 (Multiple buffer overflows in certain ActiveX controls in sasatl.dll in ...)
+	TODO: check
+CVE-2007-2986 (PHP remote file inclusion vulnerability in lib/live_status.lib.php in ...)
+	TODO: check
+CVE-2007-2985 (Pheap 2.0 allows remote attackers to bypass authentication by setting ...)
+	TODO: check
+CVE-2007-2984 (Multiple stack-based buffer overflows in the Media Technology Group ...)
+	TODO: check
+CVE-2007-2982 (Multiple buffer overflows in the British Telecommunications Business ...)
+	TODO: check
+CVE-2007-2981 (Buffer overflow in a certain ActiveX control in LEAD Technologies ...)
+	TODO: check
+CVE-2007-2980 (Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS ...)
+	TODO: check
+CVE-2007-2979 (Techno Dreams Web Directory / Search Engine 2.0 stores sensitive ...)
+	TODO: check
+CVE-2007-2978 (Session fixation vulnerability in eggblog 3.1.0 and earlier allows ...)
+	TODO: check
+CVE-2007-2977 (Buffer overflow in the receive function in submit/submitcommon.c in ...)
+	TODO: check
+CVE-2007-2976 (Centrinity FirstClass 8.3 and earlier, and Server and Internet ...)
+	TODO: check
+CVE-2007-2975 (Unspecified vulnerability in the built-in admin console in Ignite ...)
+	TODO: check
+CVE-2007-2974 (Buffer overflow in the file parsing engine in Avira Antivir Antivirus ...)
+	TODO: check
+CVE-2007-2973 (Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to ...)
+	TODO: check
+CVE-2007-2972 (The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 ...)
+	TODO: check
+CVE-2007-2971 (SQL injection vulnerability in getnewsitem.php in gCards 1.46 and ...)
+	TODO: check
+CVE-2007-2970 (Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi ...)
+	TODO: check
+CVE-2007-2969 (PHP remote file inclusion vulnerability in newsletter.php in ...)
+	TODO: check
+CVE-2007-2968 (Cross-site scripting (XSS) vulnerability in register.php in cpCommerce ...)
+	TODO: check
 CVE-2007-XXXX [wordpress SQL injection]
 	- wordpress <unfixed> (bug #428073)
 CVE-2007-XXXX [webpy HTTP response splitting vulnerability]
@@ -44,8 +366,7 @@ CVE-2007-2950
 	RESERVED
 CVE-2007-2949
 	RESERVED
-CVE-2007-2948 [stack overflow in mplayer cddb queries]
-	RESERVED
+CVE-2007-2948 (Multiple stack-based buffer overflows in stream/stream_cddb.c in ...)
 	- mplayer 1.0~rc1-14
 CVE-2007-2947 (Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha ...)
 	NOT-FOR-US: OpenBASE Alpha
@@ -103,12 +424,12 @@ CVE-2007-2921
 	RESERVED
 CVE-2007-2920
 	RESERVED
-CVE-2007-2919
-	RESERVED
-CVE-2007-2918
-	RESERVED
-CVE-2007-2917
-	RESERVED
+CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading ActiveX ...)
+	TODO: check
+CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in ...)
+	TODO: check
+CVE-2007-2917 (Multiple buffer overflows in a certain ActiveX control in odapi.dll in ...)
+	TODO: check
 CVE-2007-2916 (Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music ...)
 	NOT-FOR-US: GMTT Music Distro
 CVE-2007-2915 (Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows ...)
@@ -197,8 +518,7 @@ CVE-2007-2874
 	RESERVED
 CVE-2007-2873
 	RESERVED
-CVE-2007-2872 [php5 chunk_split() integer overflow]
-	RESERVED
+CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5 before ...)
 	- php5 <unfixed>
 	NOTE: Fix from 5.2.3 was ineffective
 CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
@@ -230,10 +550,10 @@ CVE-2007-2866 (Multiple SQL injection vulnerabilities in ...)
 	NOT-FOR-US: PHPEcho CMS
 CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin ...)
 	- phppgadmin 4.1.2-1 (low; bug #427151)
-CVE-2007-2864
-	RESERVED
-CVE-2007-2863
-	RESERVED
+CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before content ...)
+	TODO: check
+CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before content ...)
+	TODO: check
 CVE-2007-2862 (Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow ...)
 	NOT-FOR-US: CubeCart
 CVE-2007-2861 (Multiple PHP remote file inclusion vulnerabilities in Simple ...)
@@ -972,12 +1292,12 @@ CVE-2007-2516
 	RESERVED
 CVE-2007-2515
 	RESERVED
-CVE-2007-2514
-	RESERVED
-CVE-2007-2513
-	RESERVED
-CVE-2007-2512
-	RESERVED
+CVE-2007-2514 (Stack-based buffer overflow in XferWan.exe as used in multiple ...)
+	TODO: check
+CVE-2007-2513 (Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 ...)
+	TODO: check
+CVE-2007-2512 (Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and ...)
+	TODO: check
 CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in PHP ...)
 	{DTSA-39-1}
 	- php5 5.2.2-1 (unimportant)
@@ -1107,8 +1427,7 @@ CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels allows
 	NOT-FOR-US: Parallels
 CVE-2007-2453
 	RESERVED
-CVE-2007-2452 [locate heap buffer overflow]
-	RESERVED
+CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in ...)
 	- findutils 4.2.31-1 (low; bug #426862)
 CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES ...)
 	- linux-2.6 2.6.21-3
@@ -1195,8 +1514,8 @@ CVE-2007-XXXX [Tomcat does not enforce HTTPS for SSO cookies]
 	NOTE: SSO cookies sent over secure connections do not require
 	NOTE: secure connections, possibly defeating HTTPS encryption.
 	NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
-CVE-2007-2419
-	RESERVED
+CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll) in ...)
+	TODO: check
 CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging ...)
 	NOT-FOR-US: Cerulean Trillian
 CVE-2007-2417
@@ -1257,10 +1576,10 @@ CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allo
 	NOT-FOR-US: Apple
 CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear ...)
 	NOT-FOR-US: Apple
-CVE-2007-2388 (Unspecified vulnerability in Apple QuickTime for Java 7.1.6 on Mac OS ...)
+CVE-2007-2388 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not ...)
 	NOT-FOR-US: Apple
-CVE-2007-2387
-	RESERVED
+CVE-2007-2387 (Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel ...)
+	TODO: check
 CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 ...)
 	TODO: check
 CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object ...)
@@ -1506,8 +1825,8 @@ CVE-2007-2281
 	RESERVED
 CVE-2007-2280
 	RESERVED
-CVE-2007-2279
-	RESERVED
+CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage ...)
+	TODO: check
 CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 ...)
 	NOT-FOR-US: DCP-Portal
 CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote attackers to ...)
@@ -1599,8 +1918,8 @@ CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Cam
 	NOT-FOR-US: AXIS Camera Control
 CVE-2007-2238
 	RESERVED
-CVE-2007-2237
-	RESERVED
+CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows ...)
+	TODO: check
 CVE-2007-2236 (footer.php in PunBB 1.2.14 and earlier allows remote attackers to ...)
 	NOT-FOR-US: PunBB
 CVE-2007-2235 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 ...)
@@ -1960,7 +2279,7 @@ CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Rober
 	NOT-FOR-US: ActionPoll
 CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert ...)
 	NOT-FOR-US: ActionPoll
-CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0, when _BPX_BATCH_UMASK is ...)
+CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure ...)
 	NOT-FOR-US: IBM zOS
 CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows ...)
 	NOT-FOR-US: VCDGear
@@ -2380,7 +2699,7 @@ CVE-2007-1875
 	RESERVED
 CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions ...)
 	NOT-FOR-US: Adobe ColdFusion MX
-CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in mephisto 0.7.3 allows ...)
+CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows ...)
 	NOT-FOR-US: mephisto
 CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows ...)
 	NOT-FOR-US: toendaCMS
@@ -2403,8 +2722,8 @@ CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.
 	- php5 5.2.2-1
 CVE-2007-1863
 	RESERVED
-CVE-2007-1862
-	RESERVED
+CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...)
+	TODO: check
 CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...)
 	{DSA-1289-1}
 	- linux-2.6 2.6.21-1
@@ -2615,7 +2934,8 @@ CVE-2007-1771 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Ay System Solutions Web Content System
 CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental ...)
 	NOT-FOR-US: ArcSDE
-CVE-2007-1769 (Cross-site scripting (XSS) vulnerability in /search in Mephisto 0.7.3 ...)
+CVE-2007-1769
+	REJECTED
 	NOT-FOR-US: Mephisto
 CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Mephisto
@@ -3003,8 +3323,8 @@ CVE-2007-1596 (Multiple PHP remote file inclusion vulnerabilities in the NFN Add
 	NOT-FOR-US: NFN Address Book
 CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk ...)
 	- asterisk <unfixed> (low)
-CVE-2007-1593
-	RESERVED
+CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator (VVR) ...)
+	TODO: check
 CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
 	{DSA-1286-1}
 	- linux-2.6 2.6.20-1 (medium)
@@ -4382,7 +4702,7 @@ CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMo
 CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x ...)
 	- iceweasel 2.0.0.2+dfsg-2 (medium)
 CVE-2007-0993
-	RESERVED
+	REJECTED
 CVE-2007-0992
 	RESERVED
 CVE-2007-0991
@@ -4514,8 +4834,8 @@ CVE-2007-0935
 	RESERVED
 CVE-2007-0934
 	RESERVED
-CVE-2007-0933
-	RESERVED
+CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ ...)
+	TODO: check
 CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) ...)
 	NOT-FOR-US: Aruba Mobility Controller
 CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1) Aruba ...)
@@ -6499,10 +6819,10 @@ CVE-2007-0070
 	RESERVED
 CVE-2007-0069
 	RESERVED
-CVE-2007-0068
-	RESERVED
-CVE-2007-0067
-	RESERVED
+CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature ...)
+	TODO: check
+CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x ...)
+	TODO: check
 CVE-2007-0066
 	RESERVED
 CVE-2007-0065
author	Joey Hess <joeyh@debian.org>	2007-06-08 21:14:08 +0000
committer	Joey Hess <joeyh@debian.org>	2007-06-08 21:14:08 +0000
commit	4cdd350314c907c336c4d523d09a4ea69b2101d4 (patch)
tree	f41ec8b2d9fbf950fc6dd2dcc22748baab442a91 /data
parent	a66638a30c5d56905c893938658e315bdcd582ea (diff)