[Secure-testing-commits] r5652 - data/CVE
Kees Cook
keescook-guest at alioth.debian.org
Thu Apr 12 21:03:26 UTC 2007
Author: keescook-guest
Date: 2007-04-12 21:03:21 +0000 (Thu, 12 Apr 2007)
New Revision: 5652
Modified:
data/CVE/list
Log:
NFUs: 97
unfixed: iceweasel php5 sql-ledger tinymux wordpress
fixed: moodle net-snmp wordpress
not-affected: sendmail
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-12 00:44:43 UTC (rev 5651)
+++ data/CVE/list 2007-04-12 21:03:21 UTC (rev 5652)
@@ -1,123 +1,123 @@
CVE-2007-XXXX [mydms SQL injection]
- mydms 1.4.4+1-5
CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...)
- TODO: check
+ NOT-FOR-US: fotokategori.asp
CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...)
- TODO: check
+ - iceweasel <unfixed> (low)
CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam ...)
- TODO: check
+ NOT-FOR-US: MyBlog
CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...)
- TODO: check
+ NOT-FOR-US: MyBlog
CVE-2007-1967 (PHP remote file inclusion vulnerability in index.php in stat12 allows ...)
- TODO: check
+ NOT-FOR-US: stat12
CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: eXV2 CMS
CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS ...)
- TODO: check
+ NOT-FOR-US: eXV2 CMS
CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is ...)
- TODO: check
+ NOT-FOR-US: MyBulletinBoard
CVE-2007-1963 (SQL injection vulnerability in the create_session function in ...)
- TODO: check
+ NOT-FOR-US: MyBulletinBoard
CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02 and ...)
- TODO: check
+ NOT-FOR-US: WF-Snippets module for Xoops
CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php in the ...)
- TODO: check
+ NOT-FOR-US: Mutant portal for phpBB
CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...)
- TODO: check
+ NOT-FOR-US: Rha7 Downloads
CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in ...)
- TODO: check
+ - tinymux <unfixed> (medium)
CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause a ...)
- TODO: check
+ - tinymux <unfixed> (medium)
CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain ...)
- TODO: check
+ NOT-FOR-US: Portail Web Php
CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads ...)
- TODO: check
+ NOT-FOR-US: Groupee UBB.threads
CVE-2007-1955 (Multiple stack-based buffer overflows in the SignKorea SKCrypAX ...)
- TODO: check
+ NOT-FOR-US: SKCrypAX ActiveX control
CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 ...)
- TODO: check
+ NOT-FOR-US: ArchiveXpert
CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote ...)
- TODO: check
+ NOT-FOR-US: onelook courts on-line
CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote ...)
- TODO: check
+ NOT-FOR-US: onelook onebyone CMS
CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote ...)
- TODO: check
+ NOT-FOR-US: onelook obo Shop
CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in ...)
- TODO: check
+ NOT-FOR-US: WebBlizzard CMS
CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote ...)
- TODO: check
+ NOT-FOR-US: WebBlizzard CMS
CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers ...)
- TODO: check
+ NOT-FOR-US: IrfanView
CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...)
- TODO: check
+ NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might ...)
TODO: check
CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent ...)
- TODO: check
+ NOT-FOR-US: ACDSee Photo Manager
CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows ...)
- TODO: check
+ NOT-FOR-US: FastStone Image Viewer
CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...)
- TODO: check
+ NOT-FOR-US: Domino Web Access
CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded webserver in ...)
- TODO: check
+ NOT-FOR-US: LanguageTool
CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products, allows ...)
- TODO: check
+ NOT-FOR-US: Ichitaro
CVE-2007-1937 (PHP remote file inclusion vulnerability in smilies.php in Scorp Book ...)
- TODO: check
+ NOT-FOR-US: Scorp Book
CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ...)
- TODO: check
+ NOT-FOR-US: ScarAdControl
CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in ScarAdControl ...)
- TODO: check
+ NOT-FOR-US: ScarAdControl
CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard 1.0.7 ...)
- TODO: check
+ NOT-FOR-US: eBoard module for PHP-Nuke
CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook ...)
- TODO: check
+ NOT-FOR-US: PcP-Guestbook
CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in ScarNews ...)
- TODO: check
+ NOT-FOR-US: ScarNews
CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in ...)
- TODO: check
+ NOT-FOR-US: SmodCMS
CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21 ...)
- TODO: check
+ NOT-FOR-US: cattaDoc
CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0 ...)
- TODO: check
+ NOT-FOR-US: Beryo
CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows ...)
- TODO: check
+ NOT-FOR-US: witshare
CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer ...)
- TODO: check
+ NOT-FOR-US: CmailServer WebMail
CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin ...)
- TODO: check
+ NOT-FOR-US: JBMC Software DirectAdmin
CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in Tru-Zone ...)
- TODO: check
+ NOT-FOR-US: Tru-Zone Nuke ET
CVE-2007-1924 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: phpContact
CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...)
- TODO: check
+ - sql-ledger <unfixed> (unimportant; bug #409703)
CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in ...)
- TODO: check
+ NOT-FOR-US: Winamp
CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other ...)
- TODO: check
+ NOT-FOR-US: Winamp
CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci module in ...)
- TODO: check
+ NOT-FOR-US: aktualnosci module in SmodBIP
CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream ...)
- TODO: check
+ NOT-FOR-US: Arizona Dream Livre d'or
CVE-2007-1918 (The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 ...)
- TODO: check
+ NOT-FOR-US: SAP RFC Library
CVE-2007-1917 (Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC ...)
- TODO: check
+ NOT-FOR-US: SAP RFC Library
CVE-2007-1916 (Buffer overflow in the RFC_START_GUI function in the SAP RFC Library ...)
- TODO: check
+ NOT-FOR-US: SAP RFC Library
CVE-2007-1915 (Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC ...)
- TODO: check
+ NOT-FOR-US: SAP RFC Library
CVE-2007-1914 (The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 ...)
- TODO: check
+ NOT-FOR-US: SAP RFC Library
CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and ...)
- TODO: check
+ NOT-FOR-US: SAP RFC Library
CVE-2007-1912 (Heap-based buffer overflow in Microsoft Windows allows user-assisted ...)
TODO: check
CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007 allow ...)
@@ -125,17 +125,17 @@
CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote ...)
TODO: check
CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt ...)
- TODO: check
+ NOT-FOR-US: Battle.net Clan Script
CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant ...)
- TODO: check
+ NOT-FOR-US: PHP121 Instant Messenger
CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos Content ...)
- TODO: check
+ NOT-FOR-US: Pathos CMS
CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in eCardMAX ...)
- TODO: check
+ NOT-FOR-US: eCardMAX HotEditor
CVE-2007-1905 (Cross-site scripting (XSS) vulnerability in auth.php in Pineapple ...)
- TODO: check
+ NOT-FOR-US: QuizShock
CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 ...)
- TODO: check
+ NOT-FOR-US: AOL Instant Messenger
CVE-2007-1903
RESERVED
CVE-2007-1902
@@ -143,21 +143,21 @@
CVE-2007-1901
RESERVED
CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ...)
- TODO: check
+ - php5 <unfixed> (low)
CVE-2007-1899
RESERVED
CVE-2007-1898
RESERVED
CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...)
- TODO: check
+ - wordpress 2.1.3-1 (medium)
CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach ...)
- TODO: check
+ NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING ...)
- TODO: check
+ NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ - wordpress 2.1.3-1 (medium)
CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows ...)
- TODO: check
+ - wordpress 2.1.3-1 (medium)
CVE-2007-1892
RESERVED
CVE-2007-1891
@@ -165,7 +165,7 @@
CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...)
TODO: check
CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...)
- TODO: check
+ - php5 <unfixed> (medium)
CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c ...)
- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
TODO: check PHP 5
@@ -173,27 +173,27 @@
- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
TODO: check PHP 5
CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP ...)
- TODO: check
+ NOT-FOR-US: Duplicate of CVE-2007-1885
CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...)
- php5 5.2.0-9
- php4 6:4.4.4-9
NOTE: Dupe of CVE-2007-0906
CVE-2007-1884 (Multiple integer signedness errors in the printf function family in ...)
- TODO: check
+ - php5 <unfixed> (low)
CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...)
- php4 <unfixed> (unimportant)
- php5 <unfixed> (unimportant)
NOTE: Only triggerable by malicious script
CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury ...)
- TODO: check
+ NOT-FOR-US: HP Mercury Quality Center
CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, ...)
- TODO: check
+ NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1880 (Integer overflow in the _NtSetValueKey function in klif.sys in ...)
- TODO: check
+ NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1879 (The StartUploading function in KL.SysInfo ActiveX control ...)
- TODO: check
+ NOT-FOR-US: KL.SysInfo ActiveX control
CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...)
- TODO: check
+ NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1877
RESERVED
CVE-2007-1876
@@ -213,11 +213,11 @@
CVE-2007-1869
RESERVED
CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute ...)
- TODO: check
+ NOT-FOR-US: IrfanView
CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name function in ...)
- TODO: check
+ NOT-FOR-US: dproxy-nexgen
CVE-2007-1865
RESERVED
CVE-2007-1864
@@ -239,39 +239,39 @@
CVE-2007-1856
RESERVED
CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: Shop-Script
CVE-2007-1854 (Unspecified vulnerability in Hitachi Cosminexus Component Container ...)
- TODO: check
+ NOT-FOR-US: Hitachi Cosminexus Component Container
CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, ...)
- TODO: check
+ NOT-FOR-US: Hitachi DeviceManager
CVE-2007-1852 (Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 ...)
- TODO: check
+ NOT-FOR-US: 2BGal
CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and ...)
- TODO: check
+ NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1850 (Directory traversal vulnerability in classes/captcha/captcha.jpg.php ...)
- TODO: check
+ NOT-FOR-US: Drake CMS
CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows ...)
- TODO: check
+ NOT-FOR-US: Drake CMS
CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php ...)
- TODO: check
+ NOT-FOR-US: Drake CMS
CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository module ...)
- TODO: check
+ NOT-FOR-US: Repository module for Xoops
CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and ...)
- TODO: check
+ NOT-FOR-US: MyAds
CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded Calendar ...)
- TODO: check
+ NOT-FOR-US: Expanded Calendar module for PHP-Fusion
CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark ...)
- TODO: check
+ NOT-FOR-US: Aardvark Topsites
CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in ...)
- TODO: check
+ NOT-FOR-US: MapLab
CVE-2007-1842 (Directory traversal vulnerability in login.php in JSBoard before ...)
- TODO: check
+ NOT-FOR-US: JSBoard
CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in ...)
TODO: check
CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle ...)
TODO: check
CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, and 5.1.x before ...)
- TODO: check
+ - net-snmp 5.2.2-1 (medium)
CVE-2005-4836
RESERVED
CVE-2007-XXXX [Dos in quagga's bgpd through MP_REACH_NLRI and MP_UNREACH_NLRI]
@@ -381,7 +381,7 @@
CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary ...)
NOT-FOR-US: URLshrink
CVE-2007-1794 (The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, ...)
- TODO: check
+ NOT-FOR-US: Duplicate of CVE-2006-3805
CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and ...)
NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1792
@@ -569,7 +569,7 @@
- php5 <unfixed> (unimportant)
NOTE: Hardly a security problem
CVE-2007-1716 (pam_console does not properly restore ownership for certain console ...)
- TODO: check
+ NOT-FOR-US: pam_console
CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...)
NOT-FOR-US: Free Image Hosting
CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 ...)
@@ -635,13 +635,13 @@
CVE-2007-1688
RESERVED
CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation iPIX ...)
- TODO: check
+ NOT-FOR-US: iPIX Image Well ActiveX control
CVE-2007-1686
RESERVED
CVE-2007-1685
RESERVED
CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: sldimdownload ActiveX control
CVE-2007-1683
RESERVED
CVE-2007-1682
@@ -649,7 +649,7 @@
CVE-2007-1681
RESERVED
CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...)
- TODO: check
+ NOT-FOR-US: AudioConf ActiveX control
CVE-2007-1679 (** DISPUTED ** ...)
TODO: check
CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension ...)
@@ -706,9 +706,9 @@
CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial ...)
NOT-FOR-US: GlowWorm FW
CVE-2007-1652 (OpenID allows remote attackers to forcibly log a user into an OpenID ...)
- TODO: check
+ NOT-FOR-US: MyOpenID.com
CVE-2007-1651 (Cross-site request forgery (CSRF) vulnerability in OpenID allows ...)
- TODO: check
+ NOT-FOR-US: MyOpenID.com
CVE-2007-1650 (pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to ...)
NOT-FOR-US: pcapsipdump
CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap ...)
@@ -717,7 +717,7 @@
CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of ...)
NOT-FOR-US: 0irc
CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ...)
- TODO: check
+ - moodle 1.5.3-1 (low)
CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 ...)
NOT-FOR-US: SubHub
CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows ...)
@@ -816,7 +816,7 @@
CVE-2007-1600 (PHP remote file inclusion vulnerability in module.php in Digital Eye ...)
NOT-FOR-US: Digital Eye Gallery
CVE-2007-1599 (wp-login.php in WordPress allows remote attackers to redirect ...)
- TODO: check
+ - wordpress <unfixed> (low)
CVE-2007-1598 (Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 ...)
NOT-FOR-US: FileCOPA FTP
CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the ...)
@@ -850,9 +850,9 @@
- madwifi 1:0.9.2+r1842.20061207-2 (low)
[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...)
- TODO: check
+ - sendmail <not-affected> (Not a program flaw, a DNS error)
CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...)
- TODO: check
+ - sendmail <not-affected> (Debian compiles with FFR_TLS correctly)
CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c sample ...)
- madwifi 1:0.9.2+r1842.20061207-2 (low)
[etch] - madwifi <no-dsa> (Non-free not supported)
@@ -1708,9 +1708,9 @@
CVE-2007-1272
RESERVED
CVE-2007-1271 (Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow ...)
- TODO: check
+ NOT-FOR-US: VMware ESX Server
CVE-2007-1270 (Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows ...)
- TODO: check
+ NOT-FOR-US: VMware ESX Server
CVE-2007-1269 (GNUMail 1.1.2 and earlier does not properly use the --status-fd ...)
- gnumail <unfixed> (unimportant)
NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
@@ -2096,7 +2096,7 @@
CVE-2007-1113
RESERVED
CVE-2007-1112 (Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe ...)
- TODO: check
+ NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar ...)
NOT-FOR-US: ActiveCalendar
CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ...)
@@ -2507,7 +2507,7 @@
- evolution <unfixed>
[sarge] - evolution <not-affected> (Vulnerable code not present)
CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2) readwbmp ...)
- TODO: check
+ - php5 <unfixed> (medium)
CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...)
- linux-2.6 2.6.18.dfsg.1-12 (medium)
CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other ...)
@@ -3303,7 +3303,7 @@
CVE-2007-0735
RESERVED
CVE-2007-0734 (The AirPort Disk feature of the AirPort Extreme Base Station with ...)
- TODO: check
+ NOT-FOR-US: AirPort Extreme Base Station
CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...)
NOT-FOR-US: Apple Mac ImageIO
CVE-2007-0732
@@ -3980,7 +3980,7 @@
CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard ...)
NOT-FOR-US: HP Mercury
CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand ...)
- TODO: check
+ NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...)
NOT-FOR-US: Citrix
CVE-2007-0443
More information about the Secure-testing-commits
mailing list