automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11542 e39458fd-73e7-0310-bf30-c45bca0a0e42

7 files changed, 42 insertions, 14 deletions

diff --git a/data/CVE/2001.list b/data/CVE/2001.list
index 1f084ad011..b2c3af03d3 100644
--- a/data/CVE/2001.list
+++ b/data/CVE/2001.list
@@ -130,7 +130,7 @@ CVE-2001-1529 (Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows
 	NOT-FOR-US: AIX
 CVE-2001-1528 (AmTote International homebet program returns different error messages ...)
 	NOT-FOR-US: AmTote International homebet
-CVE-2001-1527 (easyNews 1.5 and earlier stores adminstration passwords in cleartext ...)
+CVE-2001-1527 (easyNews 1.5 and earlier stores administration passwords in cleartext ...)
 	NOT-FOR-US: easynews
 CVE-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action in ...)
 	NOT-FOR-US: easynews
@@ -261,7 +261,7 @@ CVE-2001-1465 (SurfControl SuperScout only filters packets containing both an HT
 	NOT-FOR-US: SurfControl SuperScout
 CVE-2001-1464 (Crystal Reports, when displaying data for a password protected ...)
 	NOT-FOR-US: Crystal Reports
-CVE-2001-1463 (The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the ...)
+CVE-2001-1463 (The remote administration client for RhinoSoft Serv-U 3.0 sends the ...)
 	NOT-FOR-US: RhinoSoft Serv-U
 CVE-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, ...)
 	NOT-FOR-US: RSA Security SecurID
diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index 40ff109c22..c39a4b6e5a 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -302,7 +302,7 @@ CVE-2002-2281 (Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communica
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2002-2280 (syslogd on OpenBSD 2.9 through 3.2 does not change the source IP ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of aldap 0.09 ...)
+CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of aldap ...)
 	NOT-FOR-US: aldap
 CVE-2002-2278 (Cross-site scripting (XSS) vulnerability in mod_search/index.php in ...)
 	NOT-FOR-US: PortailPHP
@@ -937,7 +937,7 @@ CVE-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.
 	NOT-FOR-US: Solaris
 CVE-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...)
 	NOT-FOR-US: Watchguard SOHO
-CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass ...)
+CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass ...)
 	NOT-FOR-US: IPFilter
 CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...)
 	NOT-FOR-US: Proprietary PGP
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index f910a867f6..a10a0d9dc5 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -3266,7 +3266,7 @@ CVE-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to
 	NOT-FOR-US: Star Wars Battlefront
 CVE-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...)
 	NOT-FOR-US: Star Wars Battlefront
-CVE-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges to ...)
+CVE-2004-1193 (Prevx Home 1.0 allows local users with administrator privileges to ...)
 	NOT-FOR-US: Prevex Home
 CVE-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...)
 	NOT-FOR-US: Citadel/UX
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index e384bb582e..32c8fb0db7 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -9786,7 +9786,7 @@ CVE-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kerne
 	- kernel-source-2.4.27 <not-affected> (There is no epoll in kernel 2.4)
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.1)
 	[sarge] - kernel-source-2.6.8 2.6.8-14
-CVE-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain ...)
+CVE-2005-0735 (newsscript.pl for NewsScript allows remote attackers to gain ...)
 	NOT-FOR-US: newsscript
 CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
 	NOT-FOR-US: PY Software Active Webcam WebServer
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index d5144bb791..9c475d9101 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -5377,8 +5377,8 @@ CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has
 	{DSA-1566-1 DSA-1438-1}
 	- tar 1.18-1 (low; bug #441444)
 	- cpio 2.9-5 (low; bug #449222)
-CVE-2007-4475
-	RESERVED
+CVE-2007-4475 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control ...)
+	TODO: check
 CVE-2007-4474 (Multiple stack-based buffer overflows in the IBM Lotus Domino Web ...)
 	NOT-FOR-US: IBM Lotus Domino Web Access
 CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly validate ...)
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index ff520679de..b4bb076d54 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -1,3 +1,17 @@
+CVE-2008-6579 (Nortel Communication Server 1000 4.50.x allows remote attackers to ...)
+	TODO: check
+CVE-2008-6578 (Multiple unspecified vulnerabilities in Nortel Communication Server ...)
+	TODO: check
+CVE-2008-6577 (Nortel MG1000S, Signaling Server, and Call Server on the ...)
+	TODO: check
+CVE-2008-6576 (Unspecified vulnerability in the &quot;session limitation technique&quot; in the ...)
+	TODO: check
+CVE-2008-6575 (Unspecified vulnerability in the SIP server in SIP Enablement Services ...)
+	TODO: check
+CVE-2008-6574 (Unspecified vulnerability in SIP Enablement Services (SES) in Avaya ...)
+	TODO: check
+CVE-2008-6573 (Multiple SQL injection vulnerabilities in Avaya SIP Enablement ...)
+	TODO: check
 CVE-2008-6572 (SQL injection vulnerability in search_results.php in ABK-Soft ...)
 	NOT-FOR-US: ABK-Soft AbleDating
 CVE-2008-6571 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
@@ -3938,8 +3952,8 @@ CVE-2008-4827 (Multiple heap-based buffer overflows in the AddTab method in the
 	NOT-FOR-US: ComponentOne SizerOne
 CVE-2008-4826
 	RESERVED
-CVE-2008-4825
-	RESERVED
+CVE-2008-4825 (Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other ...)
+	TODO: check
 CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player ...)
@@ -6225,8 +6239,8 @@ CVE-2008-3872 (Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0,
 	- flashplugin-nonfree 1:1.4
 	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
 	NOTE: automatically downloads latest update from adobe which is 9.0.124.0 currently
-CVE-2008-3871
-	RESERVED
+CVE-2008-3871 (Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and ...)
+	TODO: check
 CVE-2008-3870
 	RESERVED
 CVE-2008-3869
@@ -13003,6 +13017,7 @@ CVE-2008-1038 (PHP remote file inclusion vulnerability in mod/mod.extmanager.php
 CVE-2008-1037 (Cross-site scripting (XSS) vulnerability in the file listing function ...)
 	NOT-FOR-US: Packeteer PacketShaper
 CVE-2008-1036 (The International Components for Unicode (ICU) library in Apple Mac OS ...)
+	{DSA-1762-1}
 	- icu 4.0.1-1
 CVE-2008-1035 (Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows ...)
 	NOT-FOR-US: Apple iCal
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 336af5cfda..c219f1e71e 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -1,3 +1,15 @@
+CVE-2009-1221
+	RESERVED
+CVE-2009-1220 (Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in ...)
+	TODO: check
+CVE-2009-1219 (Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun ...)
+	TODO: check
+CVE-2009-1218 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar ...)
+	TODO: check
+CVE-2009-1217 (Off-by-one error in the GpFont::SetData function in gdiplus.dll in ...)
+	TODO: check
+CVE-2009-1216 (Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c ...)
+	TODO: check
 CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create or ...)
 	- screen <unfixed> (bug #521123)
 	[etch] - screen <not-affected> (etch version predates #433338)
@@ -14,7 +26,7 @@ CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the .
 	NOT-FOR-US: PrecisionID Datamatrix ActiveX control
 CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is enabled, uses ...)
 	NOT-FOR-US: Blue Coat ProxySG
-CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector ...)
+CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in ...)
 	- wireshark <unfixed>
 	TODO: File bug
 CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows ...)
@@ -26,7 +38,8 @@ CVE-2009-1207 (Race condition in the dircmp script in Sun Solaris 8 through 10,
 	NOT-FOR-US: Solaris
 CVE-2009-1206 (Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI ...)
 	NOT-FOR-US: Cafe Access Analyzer CGI Professional
-CVE-2009-1205 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control ...)
+CVE-2009-1205
+	REJECTED
 	NOT-FOR-US: EAI WebViewer3D ActiveX control
 CVE-2009-1204 (Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) ...)
 	NOT-FOR-US: TikiWiki