automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@19224 e39458fd-73e7-0310-bf30-c45bca0a0e42

4 files changed, 265 insertions, 41 deletions

diff --git a/data/CVE/2002.list b/data/CVE/2002.list
index e199d57d49..f88955e702 100644
--- a/data/CVE/2002.list
+++ b/data/CVE/2002.list
@@ -1228,7 +1228,7 @@ CVE-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and
 	NOT-FOR-US: MyNewsGroups
 CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...)
 	- monkey 0.9.2-1
-    NOTE: Vulnerable code verified not be present in any Debian version
+	NOTE: Vulnerable code verified not be present in any Debian version
 CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute ...)
 	NOT-FOR-US: WS_FTP Pro
 CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly ...)
diff --git a/data/CVE/2003.list b/data/CVE/2003.list
index d4b2dfb243..926712f0ce 100644
--- a/data/CVE/2003.list
+++ b/data/CVE/2003.list
@@ -2334,9 +2334,9 @@ CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication modu
 CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...)
 	{DSA-335}
 	- mantis 0.17.5-6
-CVE-2003-0498 (CachÃ© Database 5.x installs the /cachesys/csp directory with insecure ...)
+CVE-2003-0498 (Caché Database 5.x installs the /cachesys/csp directory with insecure ...)
 	NOT-FOR-US: Intersystems Cache database
-CVE-2003-0497 (CachÃ© Database 5.x installs /cachesys/bin/cache with world-writable ...)
+CVE-2003-0497 (Caché Database 5.x installs /cachesys/bin/cache with world-writable ...)
 	NOT-FOR-US: Intersystems Cache database
 CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...)
 	NOT-FOR-US: Microsoft
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index f7d6452ec5..d1ca062de7 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -305,9 +305,11 @@ CVE-2011-4958 [silverstripe:XSS]
 	NOTE: http://seclists.org/oss-sec/2012/q2/209
 CVE-2011-4957
 	RESERVED
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 CVE-2011-4956
 	RESERVED
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 CVE-2011-4955
 	RESERVED
@@ -5111,21 +5113,27 @@ CVE-2011-3131
 	RESERVED
 	- xen 4.1.2-1
 CVE-2011-3130 (wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before ...)
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
 CVE-2011-3129 (The file upload functionality WordPress 3.1 before 3.1.3 and 3.2 ...)
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
 CVE-2011-3128 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached ...)
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
 CVE-2011-3127 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent ...)
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
 CVE-2011-3126 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote ...)
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
 CVE-2011-3125 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...)
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
 CVE-2011-3124 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, ...)
@@ -5133,6 +5141,7 @@ CVE-2011-3124 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Lin
 CVE-2011-3123 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, ...)
 	NOT-FOR-US: InfoSphere
 CVE-2011-3122 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...)
+	{DSA-2670-1}
 	- wordpress 3.2.1+dfsg-1
 	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
 	NOTE: original advisory seems to be http://technet.microsoft.com/en-us/security/msvr/msvr11-010
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 3b38a49916..9fdbe2ee02 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -1,3 +1,217 @@
+CVE-2012-2623
+	RESERVED
+CVE-2012-2622
+	RESERVED
+CVE-2012-2621
+	RESERVED
+CVE-2012-2620
+	RESERVED
+CVE-2012-2619
+	RESERVED
+CVE-2012-2618
+	RESERVED
+CVE-2012-2617
+	RESERVED
+CVE-2012-2616
+	RESERVED
+CVE-2012-2615
+	RESERVED
+CVE-2012-2614
+	RESERVED
+CVE-2012-2613
+	RESERVED
+CVE-2012-2612
+	RESERVED
+CVE-2012-2611
+	RESERVED
+CVE-2012-2610
+	RESERVED
+CVE-2012-2609
+	RESERVED
+CVE-2012-2608
+	RESERVED
+CVE-2012-2607
+	RESERVED
+CVE-2012-2606
+	RESERVED
+CVE-2012-2605
+	RESERVED
+CVE-2012-2604
+	RESERVED
+CVE-2012-2603
+	RESERVED
+CVE-2012-2602
+	RESERVED
+CVE-2012-2601
+	RESERVED
+CVE-2012-2600
+	RESERVED
+CVE-2012-2599
+	RESERVED
+CVE-2012-2598
+	RESERVED
+CVE-2012-2597
+	RESERVED
+CVE-2012-2596
+	RESERVED
+CVE-2012-2595
+	RESERVED
+CVE-2012-2594
+	RESERVED
+CVE-2012-2593
+	RESERVED
+CVE-2012-2592
+	RESERVED
+CVE-2012-2591
+	RESERVED
+CVE-2012-2590
+	RESERVED
+CVE-2012-2589
+	RESERVED
+CVE-2012-2588
+	RESERVED
+CVE-2012-2587
+	RESERVED
+CVE-2012-2586
+	RESERVED
+CVE-2012-2585
+	RESERVED
+CVE-2012-2584
+	RESERVED
+CVE-2012-2583
+	RESERVED
+CVE-2012-2582
+	RESERVED
+CVE-2012-2581
+	RESERVED
+CVE-2012-2580
+	RESERVED
+CVE-2012-2579
+	RESERVED
+CVE-2012-2578
+	RESERVED
+CVE-2012-2577
+	RESERVED
+CVE-2012-2576
+	RESERVED
+CVE-2012-2575
+	RESERVED
+CVE-2012-2574
+	RESERVED
+CVE-2012-2573
+	RESERVED
+CVE-2012-2572
+	RESERVED
+CVE-2012-2571
+	RESERVED
+CVE-2012-2570
+	RESERVED
+CVE-2012-2569
+	RESERVED
+CVE-2012-2568
+	RESERVED
+CVE-2012-2567
+	RESERVED
+CVE-2012-2566
+	RESERVED
+CVE-2012-2565
+	RESERVED
+CVE-2012-2564
+	RESERVED
+CVE-2012-2563
+	RESERVED
+CVE-2012-2562
+	RESERVED
+CVE-2012-2561
+	RESERVED
+CVE-2012-2560
+	RESERVED
+CVE-2012-2559
+	RESERVED
+CVE-2012-2558
+	RESERVED
+CVE-2012-2557
+	RESERVED
+CVE-2012-2556
+	RESERVED
+CVE-2012-2555
+	RESERVED
+CVE-2012-2554
+	RESERVED
+CVE-2012-2553
+	RESERVED
+CVE-2012-2552
+	RESERVED
+CVE-2012-2551
+	RESERVED
+CVE-2012-2550
+	RESERVED
+CVE-2012-2549
+	RESERVED
+CVE-2012-2548
+	RESERVED
+CVE-2012-2547
+	RESERVED
+CVE-2012-2546
+	RESERVED
+CVE-2012-2545
+	RESERVED
+CVE-2012-2544
+	RESERVED
+CVE-2012-2543
+	RESERVED
+CVE-2012-2542
+	RESERVED
+CVE-2012-2541
+	RESERVED
+CVE-2012-2540
+	RESERVED
+CVE-2012-2539
+	RESERVED
+CVE-2012-2538
+	RESERVED
+CVE-2012-2537
+	RESERVED
+CVE-2012-2536
+	RESERVED
+CVE-2012-2535
+	RESERVED
+CVE-2012-2534
+	RESERVED
+CVE-2012-2533
+	RESERVED
+CVE-2012-2532
+	RESERVED
+CVE-2012-2531
+	RESERVED
+CVE-2012-2530
+	RESERVED
+CVE-2012-2529
+	RESERVED
+CVE-2012-2528
+	RESERVED
+CVE-2012-2527
+	RESERVED
+CVE-2012-2526
+	RESERVED
+CVE-2012-2525
+	RESERVED
+CVE-2012-2524
+	RESERVED
+CVE-2012-2523
+	RESERVED
+CVE-2012-2522
+	RESERVED
+CVE-2012-2521
+	RESERVED
+CVE-2012-2520
+	RESERVED
+CVE-2012-2519
+	RESERVED
+CVE-2012-2518
+	RESERVED
+CVE-2012-2517
+	RESERVED
 CVE-2012-2516
 	RESERVED
 CVE-2012-2515
@@ -221,16 +435,22 @@ CVE-2012-2406
 CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement ...)
 	- gallery2 <undetermined>
 CVE-2012-2404 (wp-comments-post.php in WordPress before 3.3.2 supports offsite ...)
+	{DSA-2670-1}
 	- wordpress 3.3.2+dfsg-1 (bug #670124)
 CVE-2012-2403 (wp-includes/formatting.php in WordPress before 3.3.2 attempts to ...)
+	{DSA-2670-1}
 	- wordpress 3.3.2+dfsg-1 (bug #670124)
 CVE-2012-2402 (wp-admin/plugins.php in WordPress before 3.3.2 allows remote ...)
+	{DSA-2670-1}
 	- wordpress 3.3.2+dfsg-1 (bug #670124)
 CVE-2012-2401 (Plupload before 1.5.4, as used in wp-includes/js/plupload/ in ...)
+	{DSA-2670-1}
 	- wordpress 3.3.2+dfsg-1 (bug #670124)
 CVE-2012-2400 (Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress ...)
+	{DSA-2670-1}
 	- wordpress 3.3.2+dfsg-1 (bug #670124)
 CVE-2012-2399 (Unspecified vulnerability in wp-includes/js/swfupload/swfupload.swf in ...)
+	{DSA-2670-1}
 	- wordpress 3.3.2+dfsg-1 (bug #670124)
 CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x ...)
 	- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
@@ -365,12 +585,10 @@ CVE-2012-2338
 	RESERVED
 CVE-2012-2337
 	RESERVED
-CVE-2012-2336
-	RESERVED
+CVE-2012-2336 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...)
 	- php5 5.4.3 (unimportant)
 	NOTE: Rather harmless bug
-CVE-2012-2335
-	RESERVED
+CVE-2012-2335 (php-wrapper.fcgi does not properly handle command-line arguments, ...)
 	NOT-FOR-US: Incomplete wrapper provided by PHP as workaround for CVE-2012-1823/CVE-2012-2311
 CVE-2012-2334
 	RESERVED
@@ -396,8 +614,7 @@ CVE-2012-2330 [node.js <0.6.17/0.7.8 HTTP server information disclosure]
 	- nodejs 0.6.17~dfsg1-1
 	NOTE: http://blog.nodejs.org/2012/05/07/http-server-security-vulnerability-please-upgrade-to-0-6-17/
 	NOTE: https://github.com/joyent/node/commit/c9a231d
-CVE-2012-2329 [buffer overflow vulnerability in the apache_request_headers()]
-	RESERVED
+CVE-2012-2329 (Buffer overflow in the apache_request_headers function in ...)
 	- php5 5.4.3-1
 	[squeeze] - php5 <not-affected> (Vulnerable code not present)
 	NOTE: 5.4.x only
@@ -446,8 +663,7 @@ CVE-2012-2313 [more tight ioctl permissions in dl2k driver]
 CVE-2012-2312
 	RESERVED
 	- jbossas4 <not-affected> (Only affects JBoss 7)
-CVE-2012-2311 [PHP-CGI query string parameter vulnerability]
-	RESERVED
+CVE-2012-2311 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...)
 	{DSA-2465-1}
 	- php5 5.4.3-1 (bug #671880)
 	NOTE: This CVE ID is for the initial incomplete fix for CVE-2012-1823
@@ -1589,8 +1805,7 @@ CVE-2012-1825
 	RESERVED
 CVE-2012-1824
 	RESERVED
-CVE-2012-1823 [PHP-CGI query string parameter vulnerability]
-	RESERVED
+CVE-2012-1823 (sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when ...)
 	{DSA-2465-1}
 	- php5 5.4.3-1
 	NOTE: http://ompldr.org/vZGxxaQ https://bugs.php.net/bug.php?id=61910
@@ -4316,10 +4531,10 @@ CVE-2012-0678
 	RESERVED
 CVE-2012-0677
 	RESERVED
-CVE-2012-0676
-	RESERVED
-CVE-2012-0675
-	RESERVED
+CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track state ...)
+	TODO: check
+CVE-2012-0675 (Time Machine in Apple Mac OS X before 10.7.4 does not require ...)
+	TODO: check
 CVE-2012-0674 (Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the ...)
 	TODO: check
 CVE-2012-0673
@@ -4344,34 +4559,34 @@ CVE-2012-0664
 	RESERVED
 CVE-2012-0663
 	RESERVED
-CVE-2012-0662
-	RESERVED
-CVE-2012-0661
-	RESERVED
-CVE-2012-0660
-	RESERVED
-CVE-2012-0659
-	RESERVED
-CVE-2012-0658
-	RESERVED
-CVE-2012-0657
-	RESERVED
-CVE-2012-0656
-	RESERVED
-CVE-2012-0655
-	RESERVED
-CVE-2012-0654
-	RESERVED
+CVE-2012-0662 (Integer overflow in the Security Framework in Apple Mac OS X before ...)
+	TODO: check
+CVE-2012-0661 (Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x ...)
+	TODO: check
+CVE-2012-0660 (Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows ...)
+	TODO: check
+CVE-2012-0659 (Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows ...)
+	TODO: check
+CVE-2012-0658 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows ...)
+	TODO: check
+CVE-2012-0657 (Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS ...)
+	TODO: check
+CVE-2012-0656 (Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before ...)
+	TODO: check
+CVE-2012-0655 (libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict ...)
+	TODO: check
+CVE-2012-0654 (libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized ...)
+	TODO: check
 CVE-2012-0653
 	RESERVED
-CVE-2012-0652
-	RESERVED
-CVE-2012-0651
-	RESERVED
+CVE-2012-0652 (Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or ...)
+	TODO: check
+CVE-2012-0651 (The directory server in Directory Service in Apple Mac OS X 10.6.8 ...)
+	TODO: check
 CVE-2012-0650
 	RESERVED
-CVE-2012-0649
-	RESERVED
+CVE-2012-0649 (Race condition in the initialization routine in blued in Bluetooth in ...)
+	TODO: check
 CVE-2012-0648 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
 	- webkit <undetermined>
 CVE-2012-0647 (WebKit in Apple Safari before 5.1.4 does not properly handle redirects ...)