[Secure-testing-commits] r7552 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Fri Dec 7 21:14:10 UTC 2007 

Author: joeyh
Date: 2007-12-07 21:14:09 +0000 (Fri, 07 Dec 2007)
New Revision: 7552

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-12-07 19:41:55 UTC (rev 7551)
+++ data/CVE/list	2007-12-07 21:14:09 UTC (rev 7552)
@@ -1,3 +1,35 @@
+CVE-2007-6280
+	RESERVED
+CVE-2007-6279 (Multiple double-free vulnerabilities in Free Lossless Audio Codec ...)
+	TODO: check
+CVE-2007-6278 (Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows ...)
+	TODO: check
+CVE-2007-6277 (Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...)
+	TODO: check
+CVE-2007-6276 (The accept_connections function in the virtual private network daemon ...)
+	TODO: check
+CVE-2007-6275 (SQL injection vulnerability in modules/adresses/ratefile.php in bcoos ...)
+	TODO: check
+CVE-2007-6274 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2007-6273 (Multiple format string vulnerabilities in the configuration file in ...)
+	TODO: check
+CVE-2007-6272 (Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 ...)
+	TODO: check
+CVE-2007-6271 (Absolute News Manager.NET 5.1 allows remote attackers to obtain ...)
+	TODO: check
+CVE-2007-6270 (Multiple cross-site scripting (XSS) vulnerabilities in Absolute News ...)
+	TODO: check
+CVE-2007-6269 (Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in ...)
+	TODO: check
+CVE-2007-6268 (Directory traversal vulnerability in pages/default.aspx in Absolute ...)
+	TODO: check
+CVE-2007-6267 (Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 ...)
+	TODO: check
+CVE-2007-6266 (Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier ...)
+	TODO: check
+CVE-2007-6265 (Unspecified vulnerability in avast! 4 Home and Professional Editions ...)
+	TODO: check
 CVE-2007-6264
 	RESERVED
 CVE-2007-6263 (The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, ...)
@@ -328,8 +360,8 @@
 CVE-2007-6110 (Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 ...)
 	- htdig 1:3.2.0b6-4 (low; bug #453278)
 	[sarge] - htdig <not-affected> (Vulnerable code not present)
-CVE-2007-6109
-	RESERVED
+CVE-2007-6109 (Buffer overflow in emacs allows attackers to have an unknown impact, ...)
+	TODO: check
 CVE-2007-6108
 	RESERVED
 CVE-2007-6107
@@ -1471,13 +1503,17 @@
 CVE-2007-5696 (PHP remote file inclusion vulnerability in includes.php in phpBasic ...)
 	NOT-FOR-US: phpBasic
 CVE-2007-5695 (command.php in SiteBar 3.3.8 allows remote attackers to redirect users ...)
+	{DSA-1423-1}
 	- sitebar 3.3.8-12.1 (low; bug #448690)
 	NOTE: there is no real exploit scenario
 CVE-2007-5694 (Absolute path traversal vulnerability in the translation module ...)
+	{DSA-1423-1}
 	- sitebar 3.3.8-12.1 (low; bug #447135)
 CVE-2007-5693 (Eval injection vulnerability in the translation module ...)
+	{DSA-1423-1}
 	- sitebar 3.3.8-12.1 (low; bug #447135)
 CVE-2007-5692 (Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 ...)
+	{DSA-1423-1}
 	- sitebar 3.3.8-12.1 (low; bug #448689)
 CVE-2007-5691 (ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers ...)
 	- iceweasel 2.0.0.8-1 (unimportant)
@@ -2426,7 +2462,8 @@
 	REJECTED
 CVE-2007-5498
 	RESERVED
-CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs ...)
+CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs allow ...)
+	{DSA-1422-1 DTSA-95-1}
 	- e2fsprogs <unfixed> (bug #454760)
 CVE-2007-5496
 	RESERVED
@@ -2437,8 +2474,10 @@
 CVE-2007-5493 (The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows ...)
 	NOT-FOR-US: Windows Mobile
 CVE-2007-5492 (Static code injection vulnerability in the translation module ...)
+	{DSA-1423-1}
 	- sitebar 3.3.8-12.1 (bug #447135)
 CVE-2007-5491 (Directory traversal vulnerability in the translation module ...)
+	{DSA-1423-1}
 	- sitebar 3.3.8-12.1 (bug #447135)
 CVE-2007-5490 (SQL injection vulnerability in default.asp in Okul Otomasyon Portal ...)
 	NOT-FOR-US: Okul Otomasyon Portal
@@ -3404,7 +3443,7 @@
 	RESERVED
 CVE-2007-5201 (The FTP backend for Duplicity sends the password as a command line ...)
 	- duplicity 0.4.3-2 (bug #442840)
-CVE-2007-5200 (hugin in SUSE openSUSE 10.2 and 10.3 allows local users to overwrite ...)
+CVE-2007-5200 (hugin, as used on various operating systems including SUSE openSUSE ...)
 	{DTSA-74-1}
 	- hugin 0.6.1-1.1 (low; bug #447344)
 	[etch] - hugin <no-dsa> (Minor issue)
@@ -4100,6 +4139,7 @@
 CVE-2007-4898 (Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 ...)
 	NOT-FOR-US: Xwiki
 CVE-2007-4897 (pwlib, as used by Ekiga 2.0.5 and possibly other products, allows ...)
+	{DTSA-94-1}
 	- pwlib <unfixed> (low; bug #454133)
 	- pwlib-titan <unfixed> (low; bug #454139)
 	[etch] - pwlib <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list