[Secure-testing-commits] r5693 - data/CVE
Florian Weimer
fw at alioth.debian.org
Sat Apr 21 08:41:14 UTC 2007
Author: fw
Date: 2007-04-21 08:41:10 +0000 (Sat, 21 Apr 2007)
New Revision: 5693
Modified:
data/CVE/list
Log:
clamav issues fixed: CVE-2007-1997, CVE-2007-1745, unnamed
Python strxfrm issue classified
Cisco NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-21 07:47:51 UTC (rev 5692)
+++ data/CVE/list 2007-04-21 08:41:10 UTC (rev 5693)
@@ -1,3 +1,7 @@
+CVE-2007-XXXX [unspecified vulnerability in Clamav's PDF parser]
+ - clamav 0.90.2-1 (unknown; bug #418849)
+ NOTE: closed report: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=459
+ NOTE: Commit r3021 looks as if it's just a null pointer dereference.
CVE-2007-XXXX [heap-based buffer overflow in git-blame with long file names]
- git-core <unfixed> (low)
NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb
@@ -113,7 +117,9 @@
CVE-2007-2053
RESERVED
CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in ...)
- TODO: check
+ - python2.4 2.4.4-3 (bug #416931; low)
+ - python2.5 <unfixed> (bug #416934; low)
+ - python2.3 <unfixed> (low)
CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has ...)
NOT-FOR-US: bftpd
CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in ...)
@@ -135,25 +141,25 @@
CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
NOT-FOR-US: MOSMedia Lite
CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller (WLC) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, ...)
NOT-FOR-US: 3proxy
CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might ...)
@@ -226,7 +232,7 @@
CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) ...)
NOT-FOR-US: HIOX Guest Book
CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract ...)
- TODO: check
+ - clamav 0.90.2-1 (high)
CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, ...)
NOT-FOR-US: CodeBreak
CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier ...)
@@ -799,7 +805,7 @@
CVE-2007-1746
RESERVED
CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam ...)
- TODO: check
+ - clamav 0.90.2-1 (high)
CVE-2007-1744
RESERVED
CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...)
More information about the Secure-testing-commits
mailing list