[Secure-testing-commits] r6007 - data/CVE

fw at alioth.debian.org fw at alioth.debian.org
Sat Jun 16 10:38:52 UTC 2007


Author: fw
Date: 2007-06-16 10:38:52 +0000 (Sat, 16 Jun 2007)
New Revision: 6007

Modified:
   data/CVE/list
Log:
CVE-2007-3163: FCKEditor (several packages)
CVE-2007-3155: egroupware
CVE-2007-3154: wz_tooltip (several packages)
CVE-2007-3145: galeon
CVE-2007-3144: Mozilla packages
CVE-2007-3143: konqueror
CVE-2007-3140: wordpress assigned
CVE-2007-3126: gimp
CVE-2007-3125: w3m


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-06-16 09:51:35 UTC (rev 6006)
+++ data/CVE/list	2007-06-16 10:38:52 UTC (rev 6007)
@@ -173,7 +173,10 @@
 CVE-2007-3164 (Microsoft Internet Explorer 7, when prompting for HTTP Basic ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in Frederico ...)
-	TODO: check
+	- moin <unfixed> (bug #429205)
+	- knowledgeroot <unfixed> (bug #429204)
+	- karrigell <unfixed> (bug #429207)
+	- jspwiki <unfixed> (bug #429206)
 CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX ...)
 	TODO: check
 CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote ...)
@@ -187,11 +190,14 @@
 CVE-2007-3157 (IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build ...)
 	TODO: check
 CVE-2007-3156 (Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi ...)
-	TODO: check
+	- webmin <removed>
 CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown ...)
-	TODO: check
+	- egroupware <unfixed> (bug #429208)
 CVE-2007-3154 (Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka ...)
-	TODO: check
+	- ktorrent <unfixed> (bug #429209)
+	- dtc-common <unfixed> (bug #429214)
+	- egroupware-core <unfixed> (bug #429215)
+	- gallery <unfixed> (bug #429213)
 CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms other ...)
 	TODO: check
 CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random number ...)
@@ -209,17 +215,21 @@
 CVE-2007-3146 (Zen Help Desk 2.1 stores sensitive information under the web root with ...)
 	TODO: check
 CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote ...)
-	TODO: check
+	- galeon <unfixed> (low; bug #429216)
 CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote ...)
-	TODO: check
+	- iceweasel <unfixed> (low)
+	- iceape <unfixed> (low)
+	- firefox <removed> (low)
+	- mozilla <removed> (low)
+	- xulrunner <unfixed> (low)
 CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows remote ...)
-	TODO: check
+	- kdebase <unfixed> (low)
 CVE-2007-3142 (Visual truncation vulnerability in Opera 9.21 allows remote attackers ...)
 	TODO: check
 CVE-2007-3141 (PHP remote file inclusion vulnerability in core/editor.php in ...)
 	TODO: check
 CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows ...)
-	TODO: check
+	- wordpress <unfixed> (bug #428073)
 CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default ...)
 	TODO: check
 CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution ...)
@@ -259,9 +269,9 @@
 CVE-2007-3127
 	RESERVED
 CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a denial of ...)
-	TODO: check
+	- gimp <unfixed> (unimportant)
 CVE-2007-3125 (Format string vulnerability in the inputAnswer function in file.c in ...)
-	TODO: check
+	- w3m <unfixed> (medium)
 CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in ...)
 	TODO: check
 CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)
@@ -578,8 +588,6 @@
 	TODO: check
 CVE-2000-1243 (Privacy leak in Dansie Shopping Cart 3.04, and probably earlier ...)
 	TODO: check
-CVE-2007-XXXX [wordpress SQL injection]
-	- wordpress <unfixed> (bug #428073)
 CVE-2007-XXXX [webpy HTTP response splitting vulnerability]
 	- webpy 0.210-1 (bug #427715)
 CVE-2007-XXXX [dar choosing weak IV when encrypting]




More information about the Secure-testing-commits mailing list