[Secure-testing-commits] r6153 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Thu Jul 19 09:14:08 UTC 2007


Author: joeyh
Date: 2007-07-19 09:14:07 +0000 (Thu, 19 Jul 2007)
New Revision: 6153

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-07-19 07:53:04 UTC (rev 6152)
+++ data/CVE/list	2007-07-19 09:14:07 UTC (rev 6153)
@@ -1,3 +1,221 @@
+CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital Management ...)
+	TODO: check
+CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer Relationship ...)
+	TODO: check
+CVE-2007-3868 (Multiple unspecified vulnerabilities in PeopleTools in Oracle ...)
+	TODO: check
+CVE-2007-3867 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
+	TODO: check
+CVE-2007-3866 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
+	TODO: check
+CVE-2007-3865 (Unspecified vulnerability in the Oracle Customer Intelligence ...)
+	TODO: check
+CVE-2007-3864 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
+	TODO: check
+CVE-2007-3863 (Unspecified vulnerability in Oracle JDeveloper for Application Server ...)
+	TODO: check
+CVE-2007-3862 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and ...)
+	TODO: check
+CVE-2007-3861 (Unspecified vulnerability in Oracle Jdeveloper in Oracle Application ...)
+	TODO: check
+CVE-2007-3860 (Unspecified vulnerability in Oracle Application Express (formerly ...)
+	TODO: check
+CVE-2007-3859 (Unspecified vulnerability in the Oracle Internet Directory component ...)
+	TODO: check
+CVE-2007-3858 (Multiple unspecified vulnerabilities in in Oracle Database 10.2.0.3 ...)
+	TODO: check
+CVE-2007-3857 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow ...)
+	TODO: check
+CVE-2007-3856 (Unspecified vulnerability in the Oracle Data Mining component for ...)
+	TODO: check
+CVE-2007-3855 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...)
+	TODO: check
+CVE-2007-3854 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...)
+	TODO: check
+CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
+	TODO: check
+CVE-2007-3852
+	RESERVED
+CVE-2007-3851
+	RESERVED
+CVE-2007-3850
+	RESERVED
+CVE-2007-3849
+	RESERVED
+CVE-2007-3848
+	RESERVED
+CVE-2007-3847
+	RESERVED
+CVE-2007-3846
+	RESERVED
+CVE-2007-3845
+	RESERVED
+CVE-2007-3844
+	RESERVED
+CVE-2007-3843
+	RESERVED
+CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise ...)
+	TODO: check
+CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux ...)
+	TODO: check
+CVE-2007-3840 (SQL injection vulnerability in referralUrl.php in Traffic Stats allows ...)
+	TODO: check
+CVE-2007-3839 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in ...)
+	TODO: check
+CVE-2007-3838 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in ...)
+	TODO: check
+CVE-2007-3837 (Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC ...)
+	TODO: check
+CVE-2007-3836 (Format string vulnerability in HydraIRC 0.3.151 allows remote ...)
+	TODO: check
+CVE-2007-3835 (Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and ...)
+	TODO: check
+CVE-2007-3834 (Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH ...)
+	TODO: check
+CVE-2007-3833 (The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios ...)
+	TODO: check
+CVE-2007-3832 (Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in ...)
+	TODO: check
+CVE-2007-3831 (PHP remote file inclusion in main.php in ISS Proventia Network IPS ...)
+	TODO: check
+CVE-2007-3830 (Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia ...)
+	TODO: check
+CVE-2007-3829 (Multiple stack-based buffer overflows in (a) InterActual Player ...)
+	TODO: check
+CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows ...)
+	TODO: check
+CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain (aka ...)
+	TODO: check
+CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote ...)
+	TODO: check
+CVE-2007-3825
+	RESERVED
+CVE-2007-3824 (SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows ...)
+	TODO: check
+CVE-2007-3823 (The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows ...)
+	TODO: check
+CVE-2007-3822 (Multiple cross-site scripting (XSS) vulnerabilities in Webcit before ...)
+	TODO: check
+CVE-2007-3821 (Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 ...)
+	TODO: check
+CVE-2007-3820 (konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to ...)
+	TODO: check
+CVE-2007-3819 (Opera 9.21 allows remote attackers to spoof the data: URI scheme in ...)
+	TODO: check
+CVE-2007-3818 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module ...)
+	TODO: check
+CVE-2007-3817 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module ...)
+	TODO: check
+CVE-2007-3816 (JWIG might allow context-dependent attackers to cause a denial of ...)
+	TODO: check
+CVE-2007-3815 (Buffer overflow in pirs32.exe in Poslovni informator Republike ...)
+	TODO: check
+CVE-2007-3814 (Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote ...)
+	TODO: check
+CVE-2007-3813 (PHP remote file inclusion vulnerability in include/user.php in the ...)
+	TODO: check
+CVE-2007-3812 (SQL injection vulnerability in forums.php in CMScout 1.23 and earlier ...)
+	TODO: check
+CVE-2007-3811 (Multiple SQL injection vulnerabilities in eSyndiCat allow remote ...)
+	TODO: check
+CVE-2007-3810 (SQL injection vulnerability in index.php in Realtor 747 allows remote ...)
+	TODO: check
+CVE-2007-3809 (Multiple SQL injection vulnerabilities in Prozilla Directory Script ...)
+	TODO: check
+CVE-2007-3808 (SQL injection vulnerability in includes/search.php in paFileDB 3.6 ...)
+	TODO: check
+CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum ...)
+	TODO: check
+CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent attackers to ...)
+	TODO: check
+CVE-2007-3805 (The IKE implementation in Clavister CorePlus before 8.80.03, and ...)
+	TODO: check
+CVE-2007-3804 (The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before ...)
+	TODO: check
+CVE-2007-3803 (The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does ...)
+	TODO: check
+CVE-2007-3802 (The Decomposer component in multiple Symantec products may allow ...)
+	TODO: check
+CVE-2007-3801 (The Decomposer component in multiple Symantec products allows remote ...)
+	TODO: check
+CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan) component ...)
+	TODO: check
+CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7 and ...)
+	TODO: check
+CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 ...)
+	TODO: check
+CVE-2007-3797
+	RESERVED
+CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for ...)
+	TODO: check
+CVE-2007-3795 (Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, ...)
+	TODO: check
+CVE-2007-3794 (Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit ...)
+	TODO: check
+CVE-2007-3793 (SQL injection vulnerability in Job Management Partner 1/NETM/DM ...)
+	TODO: check
+CVE-2007-3792 (Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold ...)
+	TODO: check
+CVE-2007-3791 (Buffer overflow in the w_read function in sockets.c in Cami Sardinha ...)
+	TODO: check
+CVE-2007-3790 (The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 ...)
+	TODO: check
+CVE-2007-3789 (SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows ...)
+	TODO: check
+CVE-2007-3788 (The eSoft InstaGate EX2 UTM device stores the admin password within ...)
+	TODO: check
+CVE-2007-3787 (The eSoft InstaGate EX2 UTM device does not require entry of the old ...)
+	TODO: check
+CVE-2007-3786 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-3785 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
+	TODO: check
+CVE-2007-3784 (Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router ...)
+	TODO: check
+CVE-2007-3783 (SQL injection vulnerability in default.asp in enVivo!CMS allows remote ...)
+	TODO: check
+CVE-2007-3782 (MySQL Community Server before 5.0.45 allows remote authenticated users ...)
+	TODO: check
+CVE-2007-3781 (MySQL Community Server before 5.0.45 does not require privileges such ...)
+	TODO: check
+CVE-2007-3780 (MySQL Community Server before 5.0.45 allows remote attackers to cause ...)
+	TODO: check
+CVE-2007-3779 (PHP local file inclusion vulnerability in gpg_pop_init.php in the ...)
+	TODO: check
+CVE-2007-3778 (The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for ...)
+	TODO: check
+CVE-2007-3777 (avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free ...)
+	TODO: check
+CVE-2007-3776 (Cisco Unified Communications Manager (CUCM, formerly CallManager) and ...)
+	TODO: check
+CVE-2007-3775 (Unspecified vulnerability in Cisco Unified Communications Manager ...)
+	TODO: check
+CVE-2007-3774 (Dvbbs 7.1.0 SP1 stores sensitive information under the web root with ...)
+	TODO: check
+CVE-2007-3773 (Cross-site request forgery (CSRF) vulnerability in the Email-Template ...)
+	TODO: check
+CVE-2007-3772 (Directory traversal vulnerability in news/show.php in PsNews 1.1 ...)
+	TODO: check
+CVE-2007-3771 (Stack-based buffer overflow in the Internet E-mail Auto-Protect ...)
+	TODO: check
+CVE-2007-3770 (The terminal_helper_execute function in terminal/terminal.c in Xfce ...)
+	TODO: check
+CVE-2007-3769 (Cross-site scripting (XSS) vulnerability in the mirrored server ...)
+	TODO: check
+CVE-2007-3768 (The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote ...)
+	TODO: check
+CVE-2007-3767
+	RESERVED
+CVE-2007-3766
+	RESERVED
+CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW ...)
+	TODO: check
+CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and ...)
+	TODO: check
+CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and ...)
+	TODO: check
+CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in ...)
+	TODO: check
 CVE-2007-XXXX [konqueror data: URL address bar spoofing]
 	- kdebase <unfixed> (bug #433072; low)
 	NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2
@@ -47,21 +265,16 @@
 	RESERVED
 CVE-2007-3739
 	RESERVED
-CVE-2007-3738 [Firefox XPCNativeWrapper code injection]
-	RESERVED
+CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 ...)
 	- iceweasel <unfixed> (medium)
-CVE-2007-3737 [Firefox insecure event handler code injection]
-	RESERVED
+CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute ...)
 	- iceweasel <unfixed>
-CVE-2007-3736 [Firefox addEventListener() and setTimeout () same-origin bypass]
-	RESERVED
+CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
 	- iceweasel <unfixed> (high)
-CVE-2007-3735 [memory corruption in layout engine]
-	RESERVED
+CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
 	- iceweasel <unfixed> (high)
 	- icedove <unfixed> (high)
-CVE-2007-3734 [memory corruption in js engine]
-	RESERVED
+CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel <unfixed> (high)
 	- icedove <unfixed> (high)
 CVE-2007-3733
@@ -186,8 +399,8 @@
 	RESERVED
 CVE-2007-3674
 	RESERVED
-CVE-2007-3673
-	RESERVED
+CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...)
+	TODO: check
 CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in ...)
 	TODO: check
 CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...)
@@ -243,18 +456,15 @@
 	TODO: check
 CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ...)
 	TODO: check
-CVE-2007-3645
-	RESERVED
+CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...)
 	- libarchive 2.2.4-1 (bug #432924; low)
-CVE-2007-3644
-	RESERVED
+CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...)
 	- libarchive 2.2.4-1 (bug #432924; low)
 CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...)
 	TODO: check
 CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c ...)
 	TODO: check
-CVE-2007-3641
-	RESERVED
+CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not ...)
 	- libarchive 2.2.4-1 (bug #432924; low)
 CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...)
 	TODO: check
@@ -266,7 +476,7 @@
 	TODO: check
 CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...)
 	TODO: check
-CVE-2007-3635 (Unspecified vulnerability in the G/PGP (GPG) Plugin before 2.1 for ...)
+CVE-2007-3635 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before ...)
 	TODO: check
 CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for ...)
 	TODO: check
@@ -408,8 +618,8 @@
 	RESERVED
 CVE-2007-3565
 	RESERVED
-CVE-2007-3564 [curl doesn't check certificate parameters in GNUTLS mode]
-	RESERVED
+CVE-2007-3564 (libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does ...)
+	{DSA-1333-1}
 	- curl <unfixed> (low)
 CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV Arcade ...)
 	TODO: check
@@ -690,7 +900,7 @@
 	NOT-FOR-US: Sun Solaris libsldap
 CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP ...)
 	TODO: check
-CVE-2007-3456 (Unspecified vulnerability in Adobe Flash Player 9.0.45.0 and earlier ...)
+CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might ...)
 	TODO: check
 CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow remote ...)
 	- firebird1.5 <unfixed> (bug #432753)
@@ -714,7 +924,7 @@
 	NOT-FOR-US: BlackBerry Enterprise Server
 CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan ...)
 	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
-CVE-2007-3454 (Buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro ...)
+CVE-2007-3454 (Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in ...)
 	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
 CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows ...)
 	NOT-FOR-US: Papoo
@@ -1092,7 +1302,7 @@
 	RESERVED
 CVE-2007-3286
 	RESERVED
-CVE-2007-3285 (Mozilla Firefox allows remote attackers to bypass file type checks via ...)
+CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote ...)
 	- iceweasel <unfixed> (low)
 	- iceape <unfixed> (low)
 	- firefox <removed> (low)
@@ -1525,8 +1735,8 @@
 	RESERVED
 CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat Enterprise ...)
 	- linux-2.6 <unfixed>
-CVE-2007-3103
-	RESERVED
+CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat ...)
+	TODO: check
 CVE-2007-3102
 	RESERVED
 CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF ...)
@@ -1559,7 +1769,7 @@
 	- firefox <removed> (medium)
 	- mozilla <removed> (medium)
 	- xulrunner <unfixed> (medium)
-CVE-2007-3089 (Mozilla Firefox does not prevent use of document.write to replace an ...)
+CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write ...)
 	- iceweasel <unfixed> (low)
 	- iceape <unfixed> (low)
 	- firefox <removed> (low)
@@ -1711,18 +1921,18 @@
 	RESERVED
 CVE-2007-3019
 	RESERVED
-CVE-2007-3018
-	RESERVED
-CVE-2007-3017
-	RESERVED
+CVE-2007-3018 (activeWeb contentserver CMS before 5.6.2964 does not limit the ...)
+	TODO: check
+CVE-2007-3017 (The WYSIWYG editor applet in activeWeb contentserver CMS before ...)
+	TODO: check
 CVE-2007-3016
 	RESERVED
 CVE-2007-3015
 	RESERVED
-CVE-2007-3014
-	RESERVED
-CVE-2007-3013
-	RESERVED
+CVE-2007-3014 (Multiple cross-site scripting (XSS) vulnerabilities in activeWeb ...)
+	TODO: check
+CVE-2007-3013 (SQL injection vulnerability in activeWeb contentserver before 5.6.2964 ...)
+	TODO: check
 CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch ...)
 	TODO: check
 CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens ...)
@@ -1867,6 +2077,7 @@
 CVE-2007-2950
 	RESERVED
 CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in the ...)
+	{DSA-1335-1}
 	- gimp 2.2.16-1 (medium)
 	- ingimp 2.2.16.20070710-1
 	NOTE: http://secunia.com/secunia_research/2007-63/advisory
@@ -2342,7 +2553,7 @@
 CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...)
 	NOT-FOR-US: PrecisionID
 CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and ...)
-	{DSA-1302-1}
+	{DSA-1334-1 DSA-1302-1}
 	- freetype 2.2.1-6 (bug #425625)
 CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under the ...)
 	NOT-FOR-US: RunawaySoft
@@ -3092,8 +3303,8 @@
 	NOT-FOR-US: Macrovision
 CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging ...)
 	NOT-FOR-US: Cerulean Trillian
-CVE-2007-2417
-	RESERVED
+CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software ...)
+	TODO: check
 CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote ...)
 	NOT-FOR-US: E-Annu
 CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...)
@@ -3122,8 +3333,8 @@
 	RESERVED
 CVE-2007-2403
 	RESERVED
-CVE-2007-2402
-	RESERVED
+CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not perform ...)
+	TODO: check
 CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, and ...)
 	NOT-FOR-US: Apple
 CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, ...)
@@ -3132,18 +3343,18 @@
 	NOT-FOR-US: Apple
 CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers ...)
 	NOT-FOR-US: Apple Safari
-CVE-2007-2397
-	RESERVED
-CVE-2007-2396
-	RESERVED
+CVE-2007-2397 (QuickTime for Java in Apple Quicktime before 7.2 does not properly ...)
+	TODO: check
+CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime before ...)
+	TODO: check
 CVE-2007-2395
 	RESERVED
-CVE-2007-2394
-	RESERVED
-CVE-2007-2393
-	RESERVED
-CVE-2007-2392
-	RESERVED
+CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and ...)
+	TODO: check
+CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2 allows ...)
+	TODO: check
+CVE-2007-2392 (Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows ...)
+	TODO: check
 CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 ...)
 	NOT-FOR-US: Apple
 CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows ...)
@@ -4334,7 +4545,7 @@
 	- php5 5.2.2-1
 CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server (httpd), ...)
 	- apache2 2.2.4-1 (low)
-        [sarge] - apache2 2.0.54-5sarge2
+	[sarge] - apache2 2.0.54-5sarge2
 	TODO: check apache 1
 	NOTE: see http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?view=markup&pathrev=551944
 CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...)
@@ -11900,9 +12111,9 @@
 	- linux-2.6 <unfixed>
 CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...)
 	- apache2 <unfixed> (low)
-        [sarge] - apache2 2.0.54-5sarge2
+	[sarge] - apache2 2.0.54-5sarge2
 	- apache <removed> (low)
-        TODO: sf, when was this fixed in apache2 for unstable?
+	TODO: sf, when was this fixed in apache2 for unstable?
 CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
 	{DSA-1233}
 	- linux-2.6 2.6.18-8 (medium)
@@ -12950,10 +13161,10 @@
 	NOT-FOR-US: communityPortals
 CVE-2006-5279
 	RESERVED
-CVE-2006-5278
-	RESERVED
-CVE-2006-5277
-	RESERVED
+CVE-2006-5278 (Integer overflow in the Real-Time Information Server (RIS) Data ...)
+	TODO: check
+CVE-2006-5277 (Off-by-one error in the Certificate Trust List (CTL) Provider service ...)
+	TODO: check
 CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort ...)
 	- snort <not-affected> (snort versions 2.3.x do not contain the DCE RPC preprocessor)
 CVE-2006-5275
@@ -14640,6 +14851,7 @@
 CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 ...)
 	NOT-FOR-US: Novell eDirectory
 CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...)
+	{DSA-1335-1}
 	TODO: check
 CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...)
 	NOT-FOR-US: Qbik WinGate
@@ -15470,8 +15682,8 @@
 	RESERVED
 CVE-2006-4170
 	REJECTED
-CVE-2006-4169
-	RESERVED
+CVE-2006-4169 (Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin ...)
+	TODO: check
 CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in ...)
 	{DSA-1310-1}
 	- libexif 0.6.16-1 (bug #430012)
@@ -16024,7 +16236,7 @@
 CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 ...)
 	{DSA-1167-1}
 	- apache2 2.0.55-4.1 (bug #381376; low)
-        [sarge] - apache2 2.0.54-5sarge2
+	[sarge] - apache2 2.0.54-5sarge2
 	- apache 1.3.34-3 (bug #381381; low)
 CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. ...)
 	NOT-FOR-US: PHP Forge
@@ -28905,7 +29117,7 @@
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...)
 	- apache2 2.0.55-4 (bug #351246; low)
-        [sarge] - apache2 2.0.54-5sarge2
+	[sarge] - apache2 2.0.54-5sarge2
 CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...)
 	{DSA-1017-1}
 	- linux-2.6 2.6.15-4
@@ -28926,7 +29138,7 @@
 	{DSA-1167-1}
 	- apache 1.3.34-2 (bug #343466; low)
 	- apache2 2.0.55-4 (bug #343467; bug #349793; low)
-        [sarge] - apache2 2.0.54-5sarge2
+	[sarge] - apache2 2.0.54-5sarge2
 	NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected
 	NOTE: Means oldstable and stable are affected
 CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...)
@@ -30132,7 +30344,7 @@
 	- koffice 1:1.3.5-5 (bug #333497; medium)
 CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain ...)
 	- apache2 2.0.55-1 (bug #340337; low)
-        [sarge] - apache2 2.0.54-5sarge2
+	[sarge] - apache2 2.0.54-5sarge2
 	NOTE: this occurs in the binary package apache2-mpm-worker
 CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...)
 	{DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1}
@@ -34595,8 +34807,7 @@
 	RESERVED
 CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...)
 	NOT-FOR-US: Tikiwiki
-CVE-2005-1924 [squirrelmail gpg plugin]
-	RESERVED
+CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote ...)
 	NOT-FOR-US: External Squirrelmail plugin not packaged in Debian
 CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...)
 	{DSA-737-1 DTSA-3-1}
@@ -58399,7 +58610,7 @@
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0524 (ICMP information such as netmask and timestamp is allowed from ...)
+CVE-1999-0524 (ICMP information such as (1) netmask and (2) timestamp is allowed from ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker




More information about the Secure-testing-commits mailing list