[Secure-testing-commits] r5555 - data/CVE
Kees Cook
keescook-guest at alioth.debian.org
Fri Mar 16 19:00:05 CET 2007
Author: keescook-guest
Date: 2007-03-16 18:00:00 +0000 (Fri, 16 Mar 2007)
New Revision: 5555
Modified:
data/CVE/list
Log:
NFUs: 12
unfixed: kdelibs ktorrent trac
fixed: mplayer xine-lib
not-affected: php5 snort
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-03-16 17:57:00 UTC (rev 5554)
+++ data/CVE/list 2007-03-16 18:00:00 UTC (rev 5555)
@@ -52,6 +52,8 @@
TODO: check
CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 ...)
TODO: check
+ NOTE: Haven't been able to reproduce the issue in either php4 or php5
+ NOTE: code inspection should be the next step.
CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal ...)
NOT-FOR-US: GaziYapBoz Game Portal
CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive information via ...)
@@ -61,13 +63,13 @@
CVE-2007-1407 (Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has ...)
NOT-FOR-US: Quick.Cart
CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header ...)
- TODO: check
+ - trac <unfixed> (low)
CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the "download wiki page as ...)
- TODO: check
+ - trac <unfixed> (low)
CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote ...)
NOT-FOR-US: ProSysInfo TFTP Server
CVE-2007-1403 (Multiple stack-based buffer overflows in an ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: ActiveX control
CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows ...)
NOT-FOR-US: Rediff Toolbar ActiveX control
CVE-2007-1401 (Buffer overflow in the crack extension (CrackLib), as bundled with PHP ...)
@@ -75,9 +77,9 @@
CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local ...)
NOT-FOR-US: Plash
CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP ...)
- TODO: check
+ - php5 <not-affected> (Vulnerable code not present)
CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when ...)
- TODO: check
+ - snort <not-affected> (Vulnerable code not present)
CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) ...)
NOT-FOR-US: FiSH IRC Encryption
CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 5.2.1, when ...)
@@ -99,17 +101,18 @@
CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux ...)
- linux-2.6 <unfixed>
CVE-2007-1387 (The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer ...)
- TODO: check
+ - mplayer 1.0~rc1-13 (bug #414075; medium)
+ - xine-lib 1.1.2+dfsg-3 (bug #414072; medium)
CVE-2007-1386
RESERVED
CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to ...)
- TODO: check
+ - ktorrent <unfixed> (medium)
CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
- TODO: check
+ - ktorrent <unfixed> (medium)
CVE-2007-1383 (Integer overflow in the 16 bit variable reference counter in PHP 4 ...)
TODO: check
CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow ...)
- TODO: check
+ NOT-FOR-US: Windows PHP COM extensions
CVE-2007-1381 (The wddx_deserialize function in wddx.c in PHP CVS as of 20070304 ...)
TODO: check
CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...)
@@ -179,7 +182,7 @@
CVE-2007-1348
RESERVED
CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Explorer
CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...)
NOT-FOR-US: Sun Fire Server
CVE-2007-1345 (Unspecified vulnerability in cube.exe in the GINA component for CA ...)
@@ -257,7 +260,8 @@
CVE-2007-1309 (Novell Access Management 3 SSLVPN Server allows remote authenticated ...)
NOT-FOR-US: Novell Access Management
CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE ...)
- TODO: check
+ - kdelibs <unfixed> (low)
+ NOTE: this is a straight crash, I'm not sure it should even be considered "low"
CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before ...)
NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN
CVE-2007-1306 (Unspecified vulnerability in Asterisk 1.4 before 1.4.1 and 1.2 before ...)
@@ -285,7 +289,7 @@
CVE-2007-1295 (SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows ...)
NOT-FOR-US: AJ Forum
CVE-2007-1294 (A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in ...)
- TODO: check
+ NOT-FOR-US: DivXBrowserPlugin ActiveX control
CVE-2007-1293 (SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when ...)
NOT-FOR-US: Rigter Portal System
CVE-2007-1292 (SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin ...)
@@ -2022,17 +2026,17 @@
CVE-2007-0734
RESERVED
CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac ImageIO
CVE-2007-0732
RESERVED
CVE-2007-0731 (Stack-based buffer overflow in the Apple-specific Samba module (SMB ...)
- TODO: check
+ NOT-FOR-US: Apple Mac
CVE-2007-0730 (Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through ...)
- TODO: check
+ NOT-FOR-US: Apple Mac Server Manager
CVE-2007-0729
RESERVED
CVE-2007-0728 (Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through ...)
- TODO: check
+ NOT-FOR-US: Apple Mac
CVE-2007-0727
RESERVED
CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and ...)
@@ -2040,17 +2044,17 @@
CVE-2007-0725
RESERVED
CVE-2007-0724 (The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through ...)
- TODO: check
+ NOT-FOR-US: Apple Mac
CVE-2007-0723 (Unspecified vulnerability in the authentication feature for ...)
TODO: check
CVE-2007-0722 (Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac
CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple Mac
CVE-2007-0720 (The CUPS service in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 ...)
TODO: check
CVE-2007-0719 (Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through ...)
- TODO: check
+ NOT-FOR-US: Apple Mac
CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
NOT-FOR-US: Apple QuickTime
CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote ...)
More information about the Secure-testing-commits
mailing list