[Secure-testing-commits] r5525 - in data: . CVE

Kees Cook keescook-guest at alioth.debian.org
Thu Mar 8 21:11:25 CET 2007 

Author: keescook-guest
Date: 2007-03-08 20:11:21 +0000 (Thu, 08 Mar 2007)
New Revision: 5525

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
NFUs: 6
unfixed: mplayer viewcvs xine-lib
fixed: iceweasel libapache2-mod-python xulrunner


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-03-08 09:14:17 UTC (rev 5524)
+++ data/CVE/list	2007-03-08 20:11:21 UTC (rev 5525)
@@ -137,7 +137,8 @@
 CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs ...)
 	NOT-FOR-US: aWebNews
 CVE-2007-1246 (The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in ...)
-	TODO: check
+	- mplayer <unfixed> (medium)
+	- xine-lib <unfixed> (medium)
 CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service ...)
 	NOT-FOR-US: IrfanView
 CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in ...)
@@ -151,9 +152,9 @@
 CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS ...)
 	NOT-FOR-US: Docebo CMS
 CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive ...)
 	NOT-FOR-US: sitex
 CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information via a ...)
@@ -187,9 +188,9 @@
 CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and Drop by ...)
 	NOT-FOR-US: Parallels Desktop
 CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Xbox 360
 CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Xbox 360
 CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin ...)
 	NOT-FOR-US: Phorum
 CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in libcapi, as ...)
@@ -304,7 +305,7 @@
 CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and ...)
 	NOT-FOR-US: webSPELL
 CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement Project ...)
-	TODO: check
+	NOT-FOR-US: Common Controls ActiveX control
 CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call ...)
 	NOT-FOR-US: Call Center Software
 CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when ...)
@@ -340,11 +341,11 @@
 CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g allows ...)
 	NOT-FOR-US: Oracle Database Server
 CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the ...)
-	TODO: check
+	- viewcvs <unfixed> (low)
 CVE-2005-4830 (CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote ...)
 	- viewcvs <unfixed> (low)
 CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...)
-	TODO: check
+	- libapache2-mod-python 3.2.8-1 (low)
 CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the ...)
 	- tcpdump 3.9.5-2 (bug #413430; medium)
 CVE-2007-XXXX [puttygen can create world-readable private keys]
@@ -759,7 +760,7 @@
 CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 ...)
 	NOT-FOR-US: PGPFreeware
 CVE-2002-2223 (Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: NetScreen-Remote
 CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and ...)
 	NOT-FOR-US: FreeBSD
 CVE-2007-XXXX [vserver patch allows renice of processes in different context]
@@ -867,7 +868,9 @@
 CVE-2007-0997
 	RESERVED
 CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before ...)
-	TODO: check
+	NOTE: MFSA-2007-02
+	- iceweasel 2.0.0.2+dfsg-1 (low)
+	- xulrunner 1.8.0.10-1 (low)
 CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey ...)
 	NOTE: MFSA-2007-02
 	- iceweasel 2.0.0.2+dfsg-1 (low)
@@ -1322,7 +1325,7 @@
 	NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-",
 	NOTE: which probably turns this into remote code execution
 	NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration
-	TODO: unrar-free and clamav (which embeds unrar-free code) need to be checked
+	NOTE: unrar-free and clamav (which embeds unrar-free code) not affected
 CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in cPanel ...)
 	NOT-FOR-US: cPanel WebHost Manager
 CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2007-03-08 09:14:17 UTC (rev 5524)
+++ data/embedded-code-copies	2007-03-08 20:11:21 UTC (rev 5525)
@@ -252,3 +252,5 @@
 unrar-free: (maybe this code is derived from the original rar, too?)
 clamav (seems to be disabled in default config)
 
+mplayer:
+xine-lib (libw32dll)

More information about the Secure-testing-commits mailing list