automatic update

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6808 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Joey Hess <joeyh@debian.org> 2007-10-05 21:14:08 +0000
committer: Joey Hess <joeyh@debian.org> 2007-10-05 21:14:08 +0000
commit: df639181415174d6b931b59da9518e9335616556 (patch)
tree: e0df25bb0da89426e467d371772f378f68f63e63
parent: 6918b93c8beaa74403e6c773fb1c0e3e24b9a696 (diff)
1 files changed, 82 insertions, 10 deletions
diff --git a/data/CVE/list b/data/CVE/list
index a8665020f0..76f20edb59 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,71 @@
+CVE-2007-5225 (Unspecified vulnerability in Named Pipes on Sun Solaris 8 through 10 ...)
+	TODO: check
+CVE-2007-5224 (inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows ...)
+	TODO: check
+CVE-2007-5223 (Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network ...)
+	TODO: check
+CVE-2007-5222 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) ...)
+	TODO: check
+CVE-2007-5221 (PHP remote file inclusion vulnerability in mail/childwindow.inc.php in ...)
+	TODO: check
+CVE-2007-5220 (SQL injection vulnerability in catalog.asp in ASP Product Catalog ...)
+	TODO: check
+CVE-2007-5219 (Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ...)
+	TODO: check
+CVE-2007-5218 (Cross-site scripting (XSS) vulnerability in index.php in Don Barnes ...)
+	TODO: check
+CVE-2007-5217 (Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in ...)
+	TODO: check
+CVE-2007-5216 (Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 ...)
+	TODO: check
+CVE-2007-5215 (Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle ...)
+	TODO: check
+CVE-2007-5214 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 ...)
+	TODO: check
+CVE-2007-5213 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...)
+	TODO: check
+CVE-2007-5212 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 ...)
+	TODO: check
+CVE-2007-5211 (Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks ...)
+	TODO: check
+CVE-2007-5210 (Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before ...)
+	TODO: check
+CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock ...)
+	TODO: check
+CVE-2007-5208
+	RESERVED
+CVE-2007-5206
+	RESERVED
+CVE-2007-5205
+	RESERVED
+CVE-2007-5204
+	RESERVED
+CVE-2007-5203
+	RESERVED
+CVE-2007-5202
+	RESERVED
+CVE-2007-5201 (The FTP backend for Duplicity sends the password as a command line ...)
+	TODO: check
+CVE-2007-5200
+	RESERVED
+CVE-2007-5199
+	RESERVED
+CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios ...)
+	TODO: check
+CVE-2007-5197
+	RESERVED
+CVE-2007-5196
+	RESERVED
+CVE-2007-5195
+	RESERVED
+CVE-2007-5194 (The Chroot server in rMake 1.0.11 creates a /dev/zero device file with ...)
+	TODO: check
+CVE-2007-5192
+	RESERVED
+CVE-2007-5191 (mount and umount in util-linux call the setuid and setgid functions in ...)
+	TODO: check
+CVE-2007-5190
+	RESERVED
 CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in x-script ...)
 	NOT-FOR-US: X-Script
 CVE-2007-5188 (Unspecified vulnerability in the XOOPS uploader class in Xoops ...)
@@ -32,9 +100,9 @@ CVE-2007-5174 (Directory traversal vulnerability in phpinc/news.php in actSite 1
 	NOT-FOR-US: actSite
 CVE-2007-5173 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: phpBB Openid
-CVE-2007-5207 [insecure handling of temporary files in guilt]
+CVE-2007-5207 (guilt 0.27 allows local users to overwrite arbitrary files via a ...)
 	- guilt <unfixed> (medium; bug #445308)
-CVE-2007-5193 [possible information disclosure because of unsecure temp file handling in twiki]
+CVE-2007-5193 (The default configuration for twiki 4.1.2 on Debian GNU/Linux, and ...)
 	- twiki <unfixed> (bug #444982; low)
 CVE-2007-5172 (Quicksilver Forums before 1.4.1 allows remote attackers to obtain ...)
 	NOT-FOR-US: Quicksilver Forums
@@ -235,8 +303,8 @@ CVE-2007-5080
 	RESERVED
 CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link gdm with ...)
 	- gdm <not-affected> (Red Hat-specific packaging flaw)
-CVE-2007-5078
-	RESERVED
+CVE-2007-5078 (Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager ...)
+	TODO: check
 CVE-2007-5077
 	RESERVED
 CVE-2007-5076
@@ -447,14 +515,18 @@ CVE-2007-4990
 CVE-2007-4989
 	RESERVED
 CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick ...)
+	{DTSA-63-1}
 	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
 	- graphicsmagick <unfixed> (medium; bug #444266)
 CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in ...)
+	{DTSA-63-1}
 	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
 CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow ...)
+	{DTSA-63-1}
 	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
 	- graphicsmagick <unfixed> (medium; bug #444266)
 CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to cause ...)
+	{DTSA-63-1}
 	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
 	- graphicsmagick <unfixed> (medium; bug #444266)
 CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com StylesDemo ...)
@@ -1146,8 +1218,8 @@ CVE-2007-4675
 	RESERVED
 CVE-2007-4674
 	RESERVED
-CVE-2007-4673
-	RESERVED
+CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP ...)
+	TODO: check
 CVE-2007-4672
 	RESERVED
 CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1 allows ...)
@@ -2374,9 +2446,9 @@ CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly hand
 	NOTE: https://issues.rpath.com/browse/RPL-1731
 CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before 1.5a84 ...)
 	- star 1.5a67-1.1 (bug #440100; low)
-CVE-2007-4133
-	RESERVED
+CVE-2007-4133 (The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions ...)
 	{DSA-1381-2}
+	TODO: check
 CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 ...)
 	NOT-FOR-US: Red Hat Satellite Server
 CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...)
@@ -4108,7 +4180,7 @@ CVE-2007-3388 (Multiple format string vulnerabilities in (1) qtextedit.cpp, (2)
 	- qt4-x11 4.3.0-5
 	NOTE: there is some dissagreement whether qt4 is affected
 CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function in ...)
-	{DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1 DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1}
+	{DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1 DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1 DTSA-62-1}
 	- poppler 0.5.4-6.1 (bug #435460)
 	- gpdf <removed>
 	- xpdf 3.02-1.1 (bug #435462)
@@ -14601,7 +14673,7 @@ CVE-2006-6088 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar
 	NOT-FOR-US: i-Gallery
 CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...)
 	NOT-FOR-US: my little weblog
-CVE-2006-6086 (PHP remote file inclusion vulnerability in ark_inc.php in e-Ark 1.0 ...)
+CVE-2006-6086 (PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark ...)
 	NOT-FOR-US: e-Ark
 CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same permissions ...)
 	- kile 1:1.9.3-1 (low)
author	Joey Hess <joeyh@debian.org>	2007-10-05 21:14:08 +0000
committer	Joey Hess <joeyh@debian.org>	2007-10-05 21:14:08 +0000
commit	df639181415174d6b931b59da9518e9335616556 (patch)
tree	e0df25bb0da89426e467d371772f378f68f63e63
parent	6918b93c8beaa74403e6c773fb1c0e3e24b9a696 (diff)