[Secure-testing-commits] r7656 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Dec 19 09:14:13 UTC 2007
Author: joeyh
Date: 2007-12-19 09:14:12 +0000 (Wed, 19 Dec 2007)
New Revision: 7656
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-12-19 01:55:55 UTC (rev 7655)
+++ data/CVE/list 2007-12-19 09:14:12 UTC (rev 7656)
@@ -1,21 +1,127 @@
-CVE-2007-6358 (files/pdftops.pl before 1.20 in pdftops allows local users to ...)
+CVE-2008-0030
+ RESERVED
+CVE-2008-0029
+ RESERVED
+CVE-2008-0028
+ RESERVED
+CVE-2008-0027
+ RESERVED
+CVE-2008-0026
+ RESERVED
+CVE-2007-6436 (Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, ...)
+ TODO: check
+CVE-2007-6435 (Stack-based buffer overflow in Novell GroupWise before 6.5.7, when ...)
+ TODO: check
+CVE-2007-6434 (Linux kernel 2.6.23 allows local users to create low pages in virtual ...)
+ TODO: check
+CVE-2007-6433 (The getRenderedEjbql method in the org.jboss.seam.framework.Query ...)
+ TODO: check
+CVE-2007-6432
+ RESERVED
+CVE-2007-6431
+ RESERVED
+CVE-2007-6430
+ RESERVED
+CVE-2007-6429
+ RESERVED
+CVE-2007-6428
+ RESERVED
+CVE-2007-6427
+ RESERVED
+CVE-2007-6426
+ RESERVED
+CVE-2007-6425
+ RESERVED
+CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in ...)
+ TODO: check
+CVE-2007-6423
+ RESERVED
+CVE-2007-6422
+ RESERVED
+CVE-2007-6421
+ RESERVED
+CVE-2007-6420
+ RESERVED
+CVE-2007-6419
+ RESERVED
+CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through ...)
+ TODO: check
+CVE-2007-6416 (The copy_to_user function in the PAL emulation functionality for Xen ...)
+ TODO: check
+CVE-2007-6415
+ RESERVED
+CVE-2007-6414 (admin/administrator.php in Adult Script 1.6 and earlier sends a ...)
+ TODO: check
+CVE-2007-6413 (Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later ...)
+ TODO: check
+CVE-2007-6412 (Direct static code injection vulnerability in wiki/index.php in ...)
+ TODO: check
+CVE-2007-6411 (Multiple buffer overflows in the HandleEmotsConfig function in the GG ...)
+ TODO: check
+CVE-2007-6410 (Gadu-Gadu does not properly perform protocol handling, which allows ...)
+ TODO: check
+CVE-2007-6409 (The gg protocol handler in Gadu-Gadu, when this product is installed ...)
+ TODO: check
+CVE-2007-6408 (IBM Tivoli Provisioning Manager Express provides unspecified ...)
+ TODO: check
+CVE-2007-6407 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
+ TODO: check
+CVE-2007-6406 (Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly ...)
+ TODO: check
+CVE-2007-6405 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows ...)
+ TODO: check
+CVE-2007-6404 (Directory traversal vulnerability in Sergey Lyubka Simple HTTPD ...)
+ TODO: check
+CVE-2007-6403 (Stack-based buffer overflow in Nullsoft Winamp 5.32 allows ...)
+ TODO: check
+CVE-2007-6402 (Stack-based buffer overflow in mplayerc.exe in Media Player Classic ...)
+ TODO: check
+CVE-2007-6401 (Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media ...)
+ TODO: check
+CVE-2007-6400 (Directory traversal vulnerability in download_file.php in PolDoc CMS ...)
+ TODO: check
+CVE-2007-6399 (index.php in Flat PHP Board 1.2 and earlier allows remote ...)
+ TODO: check
+CVE-2007-6398 (Flat PHP Board 1.2 and earlier allows remote attackers to bypass ...)
+ TODO: check
+CVE-2007-6397 (Multiple directory traversal vulnerabilities in index.php in Flat PHP ...)
+ TODO: check
+CVE-2007-6396 (Direct static code injection vulnerability in index.php in Flat PHP ...)
+ TODO: check
+CVE-2007-6395 (Flat PHP Board 1.2 and earlier stores sensitive information under the ...)
+ TODO: check
+CVE-2007-6394 (SQL injection vulnerability in index.php in Content Injector 1.53 ...)
+ TODO: check
+CVE-2007-6393 (SQL injection vulnerability in albums.php in Ace Image Hosting Script ...)
+ TODO: check
+CVE-2007-6392 (SQL injection vulnerability in DWdirectory 2.1 and earlier allows ...)
+ TODO: check
+CVE-2007-6391 (SQL injection vulnerability in patch/comments.php in SH-News 3.0 ...)
+ TODO: check
+CVE-2007-6390 (Cross-site request forgery (CSRF) vulnerability in the mycalendar ...)
+ TODO: check
+CVE-2007-6389 (The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 ...)
+ TODO: check
+CVE-2007-6388
+ RESERVED
+CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local users ...)
- cupsys <unfixed> (low; bug #456960)
NOTE: the debian package is a bit confusing here as it also ships a pdftops
NOTE: wrapper script as an example but the original script is installed
NOTE: under /usr/lib/cups/filters
-CVE-2007-6356
- RESERVED
-CVE-2007-6355
- RESERVED
-CVE-2007-6354
- RESERVED
+CVE-2007-6356 (exiftags before 1.01 allows attackers to cause a denial of service ...)
+ TODO: check
+CVE-2007-6355 (Unspecified vulnerability in exiftags before 1.01 has unknown impact ...)
+ TODO: check
+CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown impact ...)
+ TODO: check
CVE-2007-6352
RESERVED
CVE-2007-6351
RESERVED
CVE-2007-6349
RESERVED
-CVE-2007-6418 [insecure mysql call in cron job passing user and password as command line arguments]
+CVE-2007-6418 (The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the ...)
- dspam <unfixed> (low; bug #448519)
CVE-2008-0025
RESERVED
@@ -81,7 +187,8 @@
NOT-FOR-US: JUNOS
CVE-2007-6371 (Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote ...)
NOT-FOR-US: Nokia N95
-CVE-2007-6370 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...)
+CVE-2007-6370
+ REJECTED
NOT-FOR-US: Cisco IP Phone 7940
CVE-2007-6369 (Multiple directory traversal vulnerabilities in resize.php in the ...)
NOT-FOR-US: PictPress
@@ -112,7 +219,7 @@
- exiv2 0.15-2 (medium; bug #456760)
CVE-2007-6350 (scponly 4.6 and earlier allows remote authenticated users to bypass ...)
- scponly 4.6-1.1 (high; bug #437148)
-CVE-2007-6348 (SquirrelMail 1.4.11 and 1.4.12, as distributed on www.squirrelmail.org ...)
+CVE-2007-6348 (SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net ...)
- squirrelmail <not-affected> (Compromised packages were never in Debian)
CVE-2007-6347 (PHP remote file inclusion vulnerability in blocks/block_site_map.php ...)
NOT-FOR-US: ViArt, CMS, HelpDesk, Shop Evaluation, Shop Free
@@ -240,8 +347,8 @@
RESERVED
CVE-2007-6284
RESERVED
-CVE-2007-6283
- RESERVED
+CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key ...)
+ TODO: check
CVE-2007-6282
RESERVED
CVE-2007-6281
@@ -1309,7 +1416,7 @@
RESERVED
CVE-2007-5863
RESERVED
-CVE-2007-5862
+CVE-2007-5862 (Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to ...)
NOT-FOR-US: Cisco IP Phone 7940
CVE-2007-5861
RESERVED
@@ -2359,8 +2466,8 @@
NOTE: proper fix available and uploaded
CVE-2007-5584
RESERVED
-CVE-2007-5583
- RESERVED
+CVE-2007-5583 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...)
+ TODO: check
CVE-2007-5582 (Cross-site scripting (XSS) vulnerability in the login page in Cisco ...)
NOT-FOR-US: Cisco
CVE-2007-5581 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -5442,7 +5549,7 @@
RESERVED
CVE-2007-4474
RESERVED
-CVE-2007-4473
+CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly validate ...)
NOT-FOR-US: Gesytec Easylon OPC Server
CVE-2007-4472 (Multiple buffer overflows in the Broderbund Expressit 3DGreetings ...)
NOT-FOR-US: Broderbund Expressit
@@ -8953,11 +9060,13 @@
- php5 5.2.3-1 (unimportant)
CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted ...)
NOT-FOR-US: Acoustica MP3 CD Burner
-CVE-2007-3005 (Unspecified vulnerability in the Sun Java Runtime Environment in JDK ...)
+CVE-2007-3005
+ REJECTED
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java5 1.5.0-11-1 (low)
- sun-java6 6-01-0ubuntu1 (low)
-CVE-2007-3004 (Buffer overflow in the image parsing implementation in the Sun Java ...)
+CVE-2007-3004
+ REJECTED
[etch] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java5 1.5.0-11-1 (medium)
- sun-java6 6-01-0ubuntu1 (medium)
More information about the Secure-testing-commits
mailing list