[Secure-testing-commits] r7504 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Tue Dec 4 21:14:10 UTC 2007 

Author: joeyh
Date: 2007-12-04 21:14:09 +0000 (Tue, 04 Dec 2007)
New Revision: 7504

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-12-04 20:23:44 UTC (rev 7503)
+++ data/CVE/list	2007-12-04 21:14:09 UTC (rev 7504)
@@ -1,14 +1,44 @@
-CVE-2007-6208 [insecure tmp file handling in sylprint.pl shipped by claws mail tools]
+CVE-2008-0010
+	RESERVED
+CVE-2008-0009
+	RESERVED
+CVE-2008-0008
+	RESERVED
+CVE-2008-0007
+	RESERVED
+CVE-2008-0006
+	RESERVED
+CVE-2008-0005
+	RESERVED
+CVE-2008-0004
+	RESERVED
+CVE-2008-0003
+	RESERVED
+CVE-2008-0002
+	RESERVED
+CVE-2008-0001
+	RESERVED
+CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...)
+	TODO: check
+CVE-2007-6206 (Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other ...)
+	TODO: check
+CVE-2007-6205
+	RESERVED
+CVE-2007-6204
+	RESERVED
+CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method ...)
+	TODO: check
+CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local users ...)
 	- claws-mail-tools 3.1.0-2 (low; bug #454089)
-CVE-2007-6210 [zabbix-agent runs as gid 0]
+CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX runs "UserParameter" scripts with gid 0, ...)
 	- zabbix <unfixed> (bug #452682)
 CVE-2007-6202 (SQL injection vulnerability in plugins/search/search.php in Neocrome ...)
 	NOT-FOR-US: Neocrome Seditio CMS
-CVE-2007-6211 [privilege escalation in sing]
+CVE-2007-6211 (Send Nasty ICMP Garbage (sing) on Debian GNU/Linux allows local users ...)
 	- sing <unfixed> (high; bug #454167)
-CVE-2007-6209 [insecure tmp file handling in difflog.pl shipped by zsh]
+CVE-2007-6209 (difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary ...)
 	- zsh 4.3.4-dev-3-2 (low; bug #454073)
-CVE-2007-6201 (Unspecified vulnerability in Wesnoth before 1.2.8 allows attackers to ...)
+CVE-2007-6201 (Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x ...)
 	- wesnoth 1:1.2.8-1 (low)
 CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a ...)
 	- rsync <unfixed> (low; bug #453652)
@@ -633,10 +663,10 @@
 	{DTSA-89-1}
 	- pioneers 0.11.3-2 (low; bug #449541)
 	[etch] - pioneers <no-dsa> (Minor issue)	
-CVE-2006-7226
-	RESERVED
-CVE-2006-7225
-	RESERVED
+CVE-2006-7226 (Perl-Compatible Regular Expression (PCRE) library before 6.7 does not ...)
+	TODO: check
+CVE-2006-7225 (Perl-Compatible Regular Expression (PCRE) library before 6.7 allows ...)
+	TODO: check
 CVE-2004-2753 (Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and ...)
 	NOT-FOR-US: HP-UX
 CVE-2004-2752 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...)
@@ -1991,7 +2021,8 @@
 	NOT-FOR-US: Symantec Altiris Deployment Solution
 CVE-2007-5554 (Oracle allows remote attackers to obtain server memory contents via ...)
 	NOT-FOR-US: Oracle
-CVE-2007-5553 (Unspecified vulnerability in rvd in TIBCO Rendezvous allows remote ...)
+CVE-2007-5553
+	REJECTED
 	NOT-FOR-US: TIBCO Rendezvous
 CVE-2007-5552 (Integer overflow in Cisco IOS allows remote attackers to execute ...)
 	NOT-FOR-US: Cisco
@@ -5657,7 +5688,7 @@
 	NOT-FOR-US: TIBCO Rendezvous (RV)
 CVE-2007-4159 (index.html in the HTTP administration interface in certain daemons in ...)
 	NOT-FOR-US: TIBCO Rendezvous (RV)
-CVE-2007-4158 (Unspecified vulnerability in rvd 7.5.2 in TIBCO Rendezvous (RV) allows ...)
+CVE-2007-4158 (Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and ...)
 	NOT-FOR-US: TIBCO Rendezvous (RV)
 CVE-2007-4157 (PHPBlogger stores sensitive information under the web root with ...)
 	NOT-FOR-US: PHPBlogger
@@ -6203,7 +6234,7 @@
 CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php in ...)
 	{DSA-1383-1}
 	- gforge 4.6.99+svn6094-1
-CVE-2007-3917 (The multiplayer engine in Wesnoth before 1.2.7 allows remote servers ...)
+CVE-2007-3917 (The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before ...)
 	{DSA-1386-1}
 	- wesnoth 1.2.7-1
 CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local users ...)
@@ -6978,7 +7009,8 @@
 	NOT-FOR-US: Zen Cart
 CVE-2007-3596 (inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric ...)
 	NOT-FOR-US: phpVideoPro
-CVE-2007-3595 (SQL injection vulnerability in include/get_userdata.php in ...)
+CVE-2007-3595
+	REJECTED
 	NOT-FOR-US: PowerPhlogger
 CVE-2007-3594 (Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ...)
 	NOT-FOR-US: ManageEngine OpManager

More information about the Secure-testing-commits mailing list