[Secure-testing-commits] r7534 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Thu Dec 6 21:14:08 UTC 2007


Author: joeyh
Date: 2007-12-06 21:14:08 +0000 (Thu, 06 Dec 2007)
New Revision: 7534

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-12-06 19:43:49 UTC (rev 7533)
+++ data/CVE/list	2007-12-06 21:14:08 UTC (rev 7534)
@@ -1,3 +1,15 @@
+CVE-2007-6264
+	RESERVED
+CVE-2007-6263 (The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, ...)
+	TODO: check
+CVE-2007-6262 (A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before ...)
+	TODO: check
+CVE-2007-6261 (Integer overflow in the load_threadstack function in the Mach-O loader ...)
+	TODO: check
+CVE-2007-6260 (The installation process for Oracle 10g and llg uses accounts with ...)
+	TODO: check
+CVE-2004-2758 (Multiple unspecified vulnerabilities in the H.323 protocol ...)
+	TODO: check
 CVE-2007-6259
 	RESERVED
 CVE-2007-6258
@@ -116,7 +128,7 @@
 	RESERVED
 CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...)
 	- xen-3 3.1.2-1
-CVE-2007-6206 (Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other ...)
+CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x ...)
 	- linux-2.6 <unfixed>
 	NOTE: kernel-sec already tracks this
 CVE-2007-6205
@@ -132,7 +144,7 @@
 CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local users ...)
 	- claws-mail 3.1.0-2 (low; bug #454089)
 CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs &quot;UserParameter&quot; ...)
-	{DSA-1420-1}
+	{DSA-1420-1 DTSA-93-1}
 	- zabbix 1.4.2-4 (bug #452682)
 CVE-2007-6202 (SQL injection vulnerability in plugins/search/search.php in Neocrome ...)
 	NOT-FOR-US: Neocrome Seditio CMS
@@ -158,8 +170,8 @@
 	NOT-FOR-US: Calacode
 CVE-2007-6195
 	RESERVED
-CVE-2007-6194
-	RESERVED
+CVE-2007-6194 (Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 ...)
+	TODO: check
 CVE-2007-6193 (The web management interface in Citrix NetScaler 8.0 build 47.8 stores ...)
 	NOT-FOR-US: Citrix
 CVE-2007-6192 (The web management interface in Citrix NetScaler 8.0 build 47.8 uses ...)
@@ -674,10 +686,10 @@
 	NOT-FOR-US: JPortal
 CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and ...)
 	NOT-FOR-US: JPortal
-CVE-2007-5972
-	RESERVED
-CVE-2007-5971
-	RESERVED
+CVE-2007-5972 (Double-free vulnerability in the krb5_def_store_mkey function in ...)
+	TODO: check
+CVE-2007-5971 (Double-free vulnerability in the gss_krb5int_make_seal_token_v3 ...)
+	TODO: check
 CVE-2007-5970
 	RESERVED
 CVE-2007-5969
@@ -757,10 +769,10 @@
 CVE-2007-5940 (feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users ...)
 	- texlive-bin 2005.dfsg.2-1
 	- feynmf 1.08-1
-CVE-2007-5939
-	RESERVED
-CVE-2007-5938
-	RESERVED
+CVE-2007-5939 (The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 ...)
+	TODO: check
+CVE-2007-5938 (The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi ...)
+	TODO: check
 CVE-2007-5937 (Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive ...)
 	- texlive-bin 2007-13
 CVE-2007-5936 (dvips in teTeX and TeXlive 2007 and earlier allows local users to ...)
@@ -862,10 +874,10 @@
 	- linux-2.6 <unfixed>
 CVE-2007-5903
 	RESERVED
-CVE-2007-5902
-	RESERVED
-CVE-2007-5901
-	RESERVED
+CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in ...)
+	TODO: check
+CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function in ...)
+	TODO: check
 CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms ...)
 	- php5 <unfixed> (bug #453295)
 	NOTE: http://bugs.php.net/bug.php?id=41561
@@ -885,8 +897,8 @@
 	NOTE: Browser crashes not treated as security problems
 CVE-2007-5895
 	RESERVED
-CVE-2007-5894
-	RESERVED
+CVE-2007-5894 (The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 ...)
+	TODO: check
 CVE-2006-7224
 	REJECTED
 CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition ...)
@@ -1170,8 +1182,8 @@
 	{DSA-1412-1 DSA-1411-1 DSA-1410-1}
 	- ruby1.9 1.9.0+20071016-1
 	- ruby1.8 1.8.6.111-1 (low; bug #451374)
-CVE-2007-5769
-	RESERVED
+CVE-2007-5769 (Double-free vulnerability in the getreply function in ftp.c in netkit ...)
+	TODO: check
 CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password ...)
 	NOT-FOR-US: Globe7 soft phone client
 CVE-2007-5767 (Heap-based buffer overflow in the Client Trust application ...)
@@ -4245,8 +4257,8 @@
 	NOT-FOR-US: DirectAdmin
 CVE-2007-4829 (Directory traversal vulnerability in the Archive::Tar Perl module 1.36 ...)
 	- libarchive-tar-perl (low; bug #449544)
-        [sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
-        [etch] - libarchive-tar-perl <no-dsa> (Minor issue)
+	[sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
+	[etch] - libarchive-tar-perl <no-dsa> (Minor issue)
 CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing ...)
 	- mediawiki 1.10.2-1 (low; bug #442255)
 	[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
@@ -4848,8 +4860,7 @@
 	NOT-FOR-US: Sophos
 CVE-2007-4576
 	RESERVED
-CVE-2007-4575
-	RESERVED
+CVE-2007-4575 (Unspecified vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org ...)
 	{DSA-1419-1}
 	- openoffice.org 2.3.1~rc1-1 (medium; bug #454463)
 	- hsqldb 1.8.0.9-1




More information about the Secure-testing-commits mailing list