[Secure-testing-commits] r5543 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Mar 14 10:14:24 CET 2007


Author: joeyh
Date: 2007-03-14 09:14:19 +0000 (Wed, 14 Mar 2007)
New Revision: 5543

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-03-13 14:55:10 UTC (rev 5542)
+++ data/CVE/list	2007-03-14 09:14:19 UTC (rev 5543)
@@ -1,3 +1,361 @@
+CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger ...)
+	TODO: check
+CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...)
+	TODO: check
+CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to ...)
+	TODO: check
+CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly ...)
+	TODO: check
+CVE-2007-1433 (Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and ...)
+	TODO: check
+CVE-2007-1432 (Grayscale Blog 0.8.0, and possibly earlier versions, allows remote ...)
+	TODO: check
+CVE-2007-1431 (Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 ...)
+	TODO: check
+CVE-2007-1430 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-1429 (Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 ...)
+	TODO: check
+CVE-2007-1428 (SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 ...)
+	TODO: check
+CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a ...)
+	TODO: check
+CVE-2007-1426 (AstroCam before 2.6.6 allows remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2007-1425 (SQL injection vulnerability in index.php in Triexa SonicMailer Pro ...)
+	TODO: check
+CVE-2007-1424 (Multiple PHP remote file inclusion vulnerabilities in Softnews Media ...)
+	TODO: check
+CVE-2007-1423 (Multiple PHP remote file inclusion vulnerabilities in WORK system ...)
+	TODO: check
+CVE-2007-1422 (SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti ...)
+	TODO: check
+CVE-2007-1421 (Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 ...)
+	TODO: check
+CVE-2007-1420 (MySQL 5.x before 5.0.37 allows local users to cause a denial of ...)
+	TODO: check
+CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation ...)
+	TODO: check
+CVE-2007-1418 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2007-1417 (SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows ...)
+	TODO: check
+CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp ...)
+	TODO: check
+CVE-2007-1415 (Multiple PHP remote file inclusion vulnerabilities in PMB Services ...)
+	TODO: check
+CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo ...)
+	TODO: check
+CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP ...)
+	TODO: check
+CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...)
+	TODO: check
+CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 ...)
+	TODO: check
+CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal ...)
+	TODO: check
+CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive information via ...)
+	TODO: check
+CVE-2007-1408 (Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) ...)
+	TODO: check
+CVE-2007-1407 (Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has ...)
+	TODO: check
+CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header ...)
+	TODO: check
+CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the "download wiki page as ...)
+	TODO: check
+CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote ...)
+	TODO: check
+CVE-2007-1403 (Multiple stack-based buffer overflows in an ActiveX control in ...)
+	TODO: check
+CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows ...)
+	TODO: check
+CVE-2007-1401 (Buffer overflow in the crack extension (CrackLib), as bundled with PHP ...)
+	TODO: check
+CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local ...)
+	TODO: check
+CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP ...)
+	TODO: check
+CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when ...)
+	TODO: check
+CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) ...)
+	TODO: check
+CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 5.2.1, when ...)
+	TODO: check
+CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 ...)
+	TODO: check
+CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...)
+	TODO: check
+CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS ...)
+	TODO: check
+CVE-2007-1392 (Directory traversal vulnerability in down.php in netForo! 0.1g allows ...)
+	TODO: check
+CVE-2007-1391 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 ...)
+	TODO: check
+CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication ...)
+	TODO: check
+CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux ...)
+	TODO: check
+CVE-2007-1387 (The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer ...)
+	TODO: check
+CVE-2007-1386
+	RESERVED
+CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to ...)
+	TODO: check
+CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
+	TODO: check
+CVE-2007-1383 (Integer overflow in the 16 bit variable reference counter in PHP 4 ...)
+	TODO: check
+CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow ...)
+	TODO: check
+CVE-2007-1381 (The wddx_deserialize function in wddx.c in PHP CVS as of 20070304 ...)
+	TODO: check
+CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...)
+	TODO: check
+CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before ...)
+	TODO: check
+CVE-2007-1378 (The ovrimos_longreadlen function in the Ovrimos extension for PHP ...)
+	TODO: check
+CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, ...)
+	TODO: check
+CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ...)
+	TODO: check
+CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and ...)
+	TODO: check
+CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz ...)
+	TODO: check
+CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport ...)
+	TODO: check
+CVE-2007-1372 (PHP remote file inclusion vulnerability in styles/internal/header.php ...)
+	TODO: check
+CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local ...)
+	TODO: check
+CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and ...)
+	TODO: check
+CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows ...)
+	TODO: check
+CVE-2007-1368 (The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before ...)
+	TODO: check
+CVE-2007-1367 (Cross-site scripting (XSS) vulnerability in the login page in Avaya ...)
+	TODO: check
+CVE-2007-1366
+	RESERVED
+CVE-2007-1365 (Unspecified vulnerability in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 ...)
+	TODO: check
+CVE-2007-1364
+	RESERVED
+CVE-2007-1363
+	RESERVED
+CVE-2007-1362
+	RESERVED
+CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in ...)
+	TODO: check
+CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal 5.x ...)
+	TODO: check
+CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and ...)
+	TODO: check
+CVE-2007-1358
+	RESERVED
+CVE-2007-1357
+	RESERVED
+CVE-2007-1356
+	RESERVED
+CVE-2007-1355
+	RESERVED
+CVE-2007-1354
+	RESERVED
+CVE-2007-1353
+	RESERVED
+CVE-2007-1352
+	RESERVED
+CVE-2007-1351
+	RESERVED
+CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 ...)
+	TODO: check
+CVE-2007-1349
+	RESERVED
+CVE-2007-1348
+	RESERVED
+CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and ...)
+	TODO: check
+CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...)
+	TODO: check
+CVE-2007-1345 (Unspecified vulnerability in cube.exe in the GINA component for CA ...)
+	TODO: check
+CVE-2007-1344 (Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 ...)
+	TODO: check
+CVE-2007-1343 (includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does ...)
+	TODO: check
+CVE-2007-1342 (Cross-site scripting (XSS) vulnerability in admincp/index.php in ...)
+	TODO: check
+CVE-2007-1341 (include/auth/auth.php in Simple Invoices before 2007 03 05 does not ...)
+	TODO: check
+CVE-2007-1340 (PHP remote file inclusion vulnerability in eintrag.php in Weltennetz ...)
+	TODO: check
+CVE-2007-1339 (SQL injection vulnerability in index.php in Links Management ...)
+	TODO: check
+CVE-2007-1338 (The default configuration of the AirPort utility in Apple AirPort ...)
+	TODO: check
+CVE-2007-1337
+	RESERVED
+CVE-2007-1336
+	RESERVED
+CVE-2007-1335
+	RESERVED
+CVE-2007-1334
+	RESERVED
+CVE-2007-1333
+	RESERVED
+CVE-2007-1332 (Multiple cross-site request forgery (CSRF) vulnerabilities in TKS ...)
+	TODO: check
+CVE-2007-1331 (Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking ...)
+	TODO: check
+CVE-2007-1330 (Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) ...)
+	TODO: check
+CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...)
+	TODO: check
+CVE-2007-1328 (Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard ...)
+	TODO: check
+CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in ...)
+	TODO: check
+CVE-2007-1326 (SQL injection vulnerability in index.php in Serendipity 1.1.1 allows ...)
+	TODO: check
+CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in ...)
+	TODO: check
+CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the ...)
+	TODO: check
+CVE-2007-1323
+	RESERVED
+CVE-2007-1322
+	RESERVED
+CVE-2007-1321
+	RESERVED
+CVE-2007-1320
+	RESERVED
+CVE-2007-1319
+	RESERVED
+CVE-2007-1318
+	RESERVED
+CVE-2007-1317
+	RESERVED
+CVE-2007-1316
+	RESERVED
+CVE-2007-1315
+	RESERVED
+CVE-2007-1314
+	RESERVED
+CVE-2007-1313
+	RESERVED
+CVE-2007-1312
+	RESERVED
+CVE-2007-1311
+	RESERVED
+CVE-2007-1310
+	RESERVED
+CVE-2007-1309 (Novell Access Management 3 SSLVPN Server allows remote authenticated ...)
+	TODO: check
+CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE ...)
+	TODO: check
+CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before ...)
+	TODO: check
+CVE-2007-1306 (Unspecified vulnerability in Asterisk 1.4 before 1.4.1 and 1.2 before ...)
+	TODO: check
+CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php in ...)
+	TODO: check
+CVE-2007-1304 (Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook ...)
+	TODO: check
+CVE-2007-1303 (Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and ...)
+	TODO: check
+CVE-2007-1302 (SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when ...)
+	TODO: check
+CVE-2007-1301 (Stack-based buffer overflow in the IMAP service in MailEnable ...)
+	TODO: check
+CVE-2007-1300 (DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier ...)
+	TODO: check
+CVE-2007-1299 (PHP remote file inclusion vulnerability in index.php in Mani Stats ...)
+	TODO: check
+CVE-2007-1298 (SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows ...)
+	TODO: check
+CVE-2007-1297 (SQL injection vulnerability in view_profile.php in AJDating 1.0 allows ...)
+	TODO: check
+CVE-2007-1296 (SQL injection vulnerability in postingdetails.php in AJ Classifieds ...)
+	TODO: check
+CVE-2007-1295 (SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows ...)
+	TODO: check
+CVE-2007-1294 (A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in ...)
+	TODO: check
+CVE-2007-1293 (SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when ...)
+	TODO: check
+CVE-2007-1292 (SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin ...)
+	TODO: check
+CVE-2007-1291 (Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug ...)
+	TODO: check
+CVE-2007-1290 (SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking ...)
+	TODO: check
+CVE-2007-1289 (SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking ...)
+	TODO: check
+CVE-2007-1288 (Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News ...)
+	TODO: check
+CVE-2006-7163 (DreameeSoft Password Master 1.0 stores the database in an unencrypted ...)
+	TODO: check
+CVE-2006-7162 (PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files ...)
+	TODO: check
+CVE-2006-7161 (SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows ...)
+	TODO: check
+CVE-2006-7160 (The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly ...)
+	TODO: check
+CVE-2006-7159 (Directory traversal vulnerability in include/prune_torrents.php in ...)
+	TODO: check
+CVE-2006-7158 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...)
+	TODO: check
+CVE-2006-7157 (Buffer overflow in Google Earth v4.0.2091 (beta) allows remote ...)
+	TODO: check
+CVE-2006-7156 (PHP remote file inclusion vulnerability in addon_keywords.php in ...)
+	TODO: check
+CVE-2006-7155 (Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the ...)
+	TODO: check
+CVE-2006-7154 (Iono allows remote attackers to obtain the full server path via ...)
+	TODO: check
+CVE-2006-7153 (PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 ...)
+	TODO: check
+CVE-2006-7152 (default.asp in ASP-Nuke Community 1.5 and earlier allows remote ...)
+	TODO: check
+CVE-2006-7151 (Untrusted search path vulnerability in the libtool-ltdl library ...)
+	TODO: check
+CVE-2006-7150 (Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote ...)
+	TODO: check
+CVE-2006-7149 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x ...)
+	TODO: check
+CVE-2006-7148 (PHP remote file inclusion vulnerability in includes/bb_usage_stats.php ...)
+	TODO: check
+CVE-2006-7147 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2006-7146 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-7145 (edit_user.php in Call Center Software 0.93 and earlier allows remote ...)
+	TODO: check
+CVE-2006-7144 (SQL injection vulnerability in Call Center Software 0.93 and earlier ...)
+	TODO: check
+CVE-2006-7143 (Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 ...)
+	TODO: check
+CVE-2006-7142 (The centralized management feature for Utimaco Safeguard stores ...)
+	TODO: check
+CVE-2006-7141 (** DISPUTED ** ...)
+	TODO: check
+CVE-2006-7140 (The libike library, as used by in.iked, elfsign, and kcfd in Sun ...)
+	TODO: check
+CVE-2006-7139 (Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, ...)
+	TODO: check
+CVE-2006-7138 (SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in ...)
+	TODO: check
+CVE-2006-7137 (Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 ...)
+	TODO: check
+CVE-2006-7136 (Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator ...)
+	TODO: check
+CVE-2006-7135 (PHP remote file inclusion vulnerability in lib/functions.inc.php in ...)
+	TODO: check
 CVE-2007-XXXX [unsafe temporary file in lintian's objdump-info]
 	- lintian 1.23.28 (low)
 CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...)
@@ -84,8 +442,8 @@
 CVE-2007-XXXX [buffer overruns in GIT's http-push.c, fixed in 1.5.0.3]
 	- git-core 1.5.0.3-1 (bug #413629; low)
 	[etch] - git-core 1:1.4.4.4-2 (bug #413629; low)
-CVE-2007-1273
-	RESERVED
+CVE-2007-1273 (Integer overflow in the ktruser function in NetBSD-current before ...)
+	TODO: check
 CVE-2007-1272
 	RESERVED
 CVE-2007-1271
@@ -417,7 +775,7 @@
 	NOT-FOR-US: Watchtower
 CVE-2007-1133 (PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 ...)
 	NOT-FOR-US: FCRing
-CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in MTCMS 2.2 allow ...)
+CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in the "Contact ...)
 	NOT-FOR-US: MTCMS
 CVE-2007-1131 (PHP remote file inclusion vulnerability in sinapis.php in Sinapis ...)
 	NOT-FOR-US: Sinapis Forum
@@ -867,10 +1225,9 @@
 	RESERVED
 CVE-2007-1001
 	RESERVED
-CVE-2007-1000
-	RESERVED
-CVE-2007-0999
-	RESERVED
+CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...)
+	TODO: check
+CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other ...)
 	- ekiga 2.0.3-5 (bug #414069; high)
 CVE-2007-0998
 	RESERVED
@@ -1662,36 +2019,36 @@
 	RESERVED
 CVE-2007-0734
 	RESERVED
-CVE-2007-0733
-	RESERVED
+CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...)
+	TODO: check
 CVE-2007-0732
 	RESERVED
-CVE-2007-0731
-	RESERVED
-CVE-2007-0730
-	RESERVED
+CVE-2007-0731 (Stack-based buffer overflow in the Apple-specific Samba module (SMB ...)
+	TODO: check
+CVE-2007-0730 (Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through ...)
+	TODO: check
 CVE-2007-0729
 	RESERVED
-CVE-2007-0728
-	RESERVED
+CVE-2007-0728 (Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through ...)
+	TODO: check
 CVE-2007-0727
 	RESERVED
-CVE-2007-0726
-	RESERVED
+CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and ...)
+	TODO: check
 CVE-2007-0725
 	RESERVED
-CVE-2007-0724
-	RESERVED
-CVE-2007-0723
-	RESERVED
-CVE-2007-0722
-	RESERVED
-CVE-2007-0721
-	RESERVED
-CVE-2007-0720
-	RESERVED
-CVE-2007-0719
-	RESERVED
+CVE-2007-0724 (The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through ...)
+	TODO: check
+CVE-2007-0723 (Unspecified vulnerability in the authentication feature for ...)
+	TODO: check
+CVE-2007-0722 (Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 ...)
+	TODO: check
+CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X ...)
+	TODO: check
+CVE-2007-0720 (The CUPS service in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 ...)
+	TODO: check
+CVE-2007-0719 (Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through ...)
+	TODO: check
 CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote ...)
@@ -3297,7 +3654,7 @@
 	NOT-FOR-US: ASP SiteWare autoDealer
 CVE-2007-0052 (SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows ...)
 	NOT-FOR-US: Vizayn Haber
-CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and possibly ...)
+CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and other ...)
 	NOT-FOR-US: Apple iPhoto
 CVE-2006-6910 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...)
 	NOT-FOR-US: Fersch Formbankserver
@@ -3983,8 +4340,8 @@
 	- gnucash 2.0.5-1 (bug #411942; medium)
 CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...)
 	- linux-2.6 <unfixed>
-CVE-2007-0005
-	RESERVED
+CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in ...)
+	TODO: check
 CVE-2007-0004
 	RESERVED
 CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers ...)
@@ -26404,7 +26761,7 @@
 CVE-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...)
 	- sms-pl <unfixed> (bug #320540; unimportant)
 	NOTE: vulnerable contrib file only in source package
-CVE-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091 allows remote ...)
+CVE-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions ...)
 	NOT-FOR-US: Winamp
 CVE-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU ...)
 	NOT-FOR-US: Opera
@@ -52440,7 +52797,7 @@
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0594 (A Windows NT system does not restrict access to removable media drives ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-1999-0593 (A user is allowed to shut down a Windows NT system without logging in. ...)
+CVE-1999-0593 (The default setting for the Winlogon key entry ShutdownWithoutLogon in ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-1999-0592 (The Logon box of a Windows NT system displays the name of the last ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker




More information about the Secure-testing-commits mailing list