[Secure-testing-commits] r5606 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Mar 30 22:14:17 CET 2007


Author: joeyh
Date: 2007-03-30 21:14:14 +0000 (Fri, 30 Mar 2007)
New Revision: 5606

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-03-30 14:04:48 UTC (rev 5605)
+++ data/CVE/list	2007-03-30 21:14:14 UTC (rev 5606)
@@ -1,3 +1,410 @@
+CVE-2007-1782 (CruiseWorks 1.09e and earlier does not properly restrict user access ...)
+	TODO: check
+CVE-2007-1781 (Minna De Office 1.x and 2.x does not properly restrict user access to ...)
+	TODO: check
+CVE-2007-1780 (Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) ...)
+	TODO: check
+CVE-2007-1779 (Multiple SQL injection vulnerabilities in the MySQL back-end in ...)
+	TODO: check
+CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the ...)
+	TODO: check
+CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...)
+	TODO: check
+CVE-2007-1776 (SQL injection vulnerability in index.php in the D4JeZine (com_ezine) ...)
+	TODO: check
+CVE-2007-1775 (Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 ...)
+	TODO: check
+CVE-2007-1774 (Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy ...)
+	TODO: check
+CVE-2007-1773 (Multiple directory traversal vulnerabilities in aBitWhizzy allow ...)
+	TODO: check
+CVE-2007-1772 (The FTP service in HP JetDirect print servers allows remote attackers ...)
+	TODO: check
+CVE-2007-1771 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-1770 (ESRI ArcSDE 8.3, 9.0, and 9.1 before 20070327, when using three tiered ...)
+	TODO: check
+CVE-2007-1769 (Cross-site scripting (XSS) vulnerability in /search in Mephisto 0.7.3 ...)
+	TODO: check
+CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2007-1767 (Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in ...)
+	TODO: check
+CVE-2007-1766 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista ...)
+	TODO: check
+CVE-2007-1764 (Stack-based buffer overflow in FastStone Image Viewer 2.8 allows ...)
+	TODO: check
+CVE-2007-1763 (The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows ...)
+	TODO: check
+CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs ...)
+	TODO: check
+CVE-2007-1761
+	RESERVED
+CVE-2007-1760
+	RESERVED
+CVE-2007-1759
+	RESERVED
+CVE-2007-1758
+	RESERVED
+CVE-2007-1757
+	RESERVED
+CVE-2007-1756
+	RESERVED
+CVE-2007-1755
+	RESERVED
+CVE-2007-1754
+	RESERVED
+CVE-2007-1753
+	RESERVED
+CVE-2007-1752
+	RESERVED
+CVE-2007-1751
+	RESERVED
+CVE-2007-1750
+	RESERVED
+CVE-2007-1749
+	RESERVED
+CVE-2007-1748
+	RESERVED
+CVE-2007-1747
+	RESERVED
+CVE-2007-1746
+	RESERVED
+CVE-2007-1745
+	RESERVED
+CVE-2007-1744
+	RESERVED
+CVE-2007-1743
+	RESERVED
+CVE-2007-1742
+	RESERVED
+CVE-2007-1741
+	RESERVED
+CVE-2007-1740
+	REJECTED
+	TODO: check
+CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino ...)
+	TODO: check
+CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause ...)
+	TODO: check
+CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe ...)
+	TODO: check
+CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...)
+	TODO: check
+CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 ...)
+	TODO: check
+CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in ...)
+	TODO: check
+CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows ...)
+	TODO: check
+CVE-2007-1732 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance Anonymous ...)
+	TODO: check
+CVE-2007-1730 (Integer signedness error in the DCCP support in the do_dccp_getsockopt ...)
+	TODO: check
+CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 ...)
+	TODO: check
+CVE-2007-1728 (The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and ...)
+	TODO: check
+CVE-2007-1727 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
+	TODO: check
+CVE-2007-1726 (Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 ...)
+	TODO: check
+CVE-2007-1725 (SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows ...)
+	TODO: check
+CVE-2007-1724 (Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and ...)
+	TODO: check
+CVE-2007-1723 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	TODO: check
+CVE-2007-1722 (Buffer overflow in the DownloadCertificateExt function in SignKorea ...)
+	TODO: check
+CVE-2007-1721 (Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 ...)
+	TODO: check
+CVE-2007-1720 (Directory traversal vulnerability in addressbook.php in the ...)
+	TODO: check
+CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, ...)
+	TODO: check
+CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...)
+	TODO: check
+CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
+	TODO: check
+CVE-2007-1716 (pam_console does not properly restore ownership for certain console ...)
+	TODO: check
+CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...)
+	TODO: check
+CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 ...)
+	TODO: check
+CVE-2007-1713 (CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, ...)
+	TODO: check
+CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
+	TODO: check
+CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 ...)
+	TODO: check
+CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...)
+	TODO: check
+CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC ...)
+	TODO: check
+CVE-2007-1708 (PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS ...)
+	TODO: check
+CVE-2007-1707 (PHP remote file inclusion vulnerability in index.php in Net Side ...)
+	TODO: check
+CVE-2007-1706 (SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows ...)
+	TODO: check
+CVE-2007-1705 (SQL injection vulnerability in default.asp in Active Trade 2 allows ...)
+	TODO: check
+CVE-2007-1704 (SQL injection vulnerability in index.php in the Car Manager ...)
+	TODO: check
+CVE-2007-1703 (SQL injection vulnerability in index.php in the RWCards (com_rwcards) ...)
+	TODO: check
+CVE-2007-1702 (PHP remote file inclusion vulnerability in mod_flatmenu.php in the ...)
+	TODO: check
+CVE-2007-1701 (PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is ...)
+	TODO: check
+CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, ...)
+	TODO: check
+CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu ...)
+	TODO: check
+CVE-2007-1698 (download.php in Philex 0.2.3 and earlier allows remote attackers to ...)
+	TODO: check
+CVE-2007-1697 (PHP remote file inclusion vulnerability in header.inc.php in Philex ...)
+	TODO: check
+CVE-2007-1696 (SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter ...)
+	TODO: check
+CVE-2007-1695 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1694
+	RESERVED
+CVE-2007-1693
+	RESERVED
+CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy ...)
+	TODO: check
+CVE-2007-1691
+	RESERVED
+CVE-2007-1690
+	RESERVED
+CVE-2007-1689
+	RESERVED
+CVE-2007-1688
+	RESERVED
+CVE-2007-1687
+	RESERVED
+CVE-2007-1686
+	RESERVED
+CVE-2007-1685
+	RESERVED
+CVE-2007-1684
+	RESERVED
+CVE-2007-1683
+	RESERVED
+CVE-2007-1682
+	RESERVED
+CVE-2007-1681
+	RESERVED
+CVE-2007-1680
+	RESERVED
+CVE-2007-1679 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension ...)
+	TODO: check
+CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in the ...)
+	TODO: check
+CVE-2007-1676
+	RESERVED
+CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP ...)
+	TODO: check
+CVE-2007-1674
+	RESERVED
+CVE-2007-1673
+	RESERVED
+CVE-2007-1672
+	RESERVED
+CVE-2007-1671
+	RESERVED
+CVE-2007-1670
+	RESERVED
+CVE-2007-1669
+	RESERVED
+CVE-2007-1668
+	RESERVED
+CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in ImUtil.c ...)
+	TODO: check
+CVE-2007-1666 (The processor_request function in the debugger server for DataRescue ...)
+	TODO: check
+CVE-2007-1665
+	RESERVED
+CVE-2007-1664
+	RESERVED
+CVE-2007-1663
+	RESERVED
+CVE-2007-1662
+	RESERVED
+CVE-2007-1661
+	RESERVED
+CVE-2007-1660
+	RESERVED
+CVE-2007-1659
+	RESERVED
+CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted ...)
+	TODO: check
+CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in minigzip ...)
+	TODO: check
+CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog Plyt ...)
+	TODO: check
+CVE-2007-1655 (Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX ...)
+	TODO: check
+CVE-2007-1654 (Buffer overflow in the Ne7sshSftp::addOpenHandle function in ...)
+	TODO: check
+CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial ...)
+	TODO: check
+CVE-2007-1652 (OpenID allows remote attackers to forcibly log a user into an OpenID ...)
+	TODO: check
+CVE-2007-1651 (Cross-site request forgery (CSRF) vulnerability in OpenID allows ...)
+	TODO: check
+CVE-2007-1650 (pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to ...)
+	TODO: check
+CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap ...)
+	TODO: check
+CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of ...)
+	TODO: check
+CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ...)
+	TODO: check
+CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 ...)
+	TODO: check
+CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows ...)
+	TODO: check
+CVE-2007-1644 (The dynamic DNS update mechanism in the DNS Server service on ...)
+	TODO: check
+CVE-2007-1643 (Multiple PHP remote file inclusion vulnerabilities in LAN Management ...)
+	TODO: check
+CVE-2007-1642 (Unspecified vulnerability in ManageEngine Firewall Analyzer allows ...)
+	TODO: check
+CVE-2007-1641 (SQL injection vulnerability in index.php in PortailPHP 2.0 allows ...)
+	TODO: check
+CVE-2007-1640 (Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 ...)
+	TODO: check
+CVE-2007-1639 (Unrestricted file upload vulnerability in PHProjekt 5.2.0, when ...)
+	TODO: check
+CVE-2007-1638 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
+CVE-2007-1637 (Multiple buffer overflows in the IMAILAPILib ActiveX control ...)
+	TODO: check
+CVE-2007-1636 (Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 ...)
+	TODO: check
+CVE-2007-1635 (Static code injection vulnerability in admin/settings.php in Net ...)
+	TODO: check
+CVE-2007-1634 (Variable extraction vulnerability in grab_globals.php in Net Portal ...)
+	TODO: check
+CVE-2007-1633 (Directory traversal vulnerability in bbcode_ref.php in the Giorgio ...)
+	TODO: check
+CVE-2007-1632 (Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has ...)
+	TODO: check
+CVE-2007-1631 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1630 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
+	TODO: check
+CVE-2007-1629 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
+	TODO: check
+CVE-2007-1628 (Multiple PHP remote file inclusion vulnerabilities in Study planner ...)
+	TODO: check
+CVE-2007-1627 (Multiple SQL injection vulnerabilities in php-revista 1.1.2 and ...)
+	TODO: check
+CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the iFrame ...)
+	TODO: check
+CVE-2007-1625 (Cross-site scripting (XSS) vulnerability in save_entry.php in ...)
+	TODO: check
+CVE-2007-1624 (Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow ...)
+	TODO: check
+CVE-2007-1623 (Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook ...)
+	TODO: check
+CVE-2007-1622 (Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in ...)
+	TODO: check
+CVE-2007-1621 (PHP remote file inclusion vulnerability in templates/head.php in ...)
+	TODO: check
+CVE-2007-1620 (Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer ...)
+	TODO: check
+CVE-2007-1619 (SQL injection vulnerability in viewcomments.php in ScriptMagix Photo ...)
+	TODO: check
+CVE-2007-1618 (SQL injection vulnerability in index.php in ScriptMagix FAQ Builder ...)
+	TODO: check
+CVE-2007-1617 (SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 ...)
+	TODO: check
+CVE-2007-1616 (SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and ...)
+	TODO: check
+CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and ...)
+	TODO: check
+CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...)
+	TODO: check
+CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5 allows ...)
+	TODO: check
+CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and ...)
+	TODO: check
+CVE-2007-1611 (Cross-site scripting (XSS) vulnerability in the RSS reader in a ...)
+	TODO: check
+CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue ...)
+	TODO: check
+CVE-2007-1609 (Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic ...)
+	TODO: check
+CVE-2007-1608 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
+	TODO: check
+CVE-2007-1607 (search.php in w-Agora (Web-Agora) allows remote attackers to obtain ...)
+	TODO: check
+CVE-2007-1606 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora ...)
+	TODO: check
+CVE-2007-1605 (w-Agora (Web-Agora) allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2007-1604 (Multiple unrestricted file upload vulnerabilities in w-Agora ...)
+	TODO: check
+CVE-2007-1603 (admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote ...)
+	TODO: check
+CVE-2007-1602 (SQL injection vulnerability in check_vote.php in Weekly Drawing ...)
+	TODO: check
+CVE-2007-1601 (** DISPUTED ** ...)
+	TODO: check
+CVE-2007-1600 (PHP remote file inclusion vulnerability in module.php in Digital Eye ...)
+	TODO: check
+CVE-2007-1599 (wp-login.php in WordPress allows remote attackers to redirect ...)
+	TODO: check
+CVE-2007-1598 (Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 ...)
+	TODO: check
+CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the ...)
+	TODO: check
+CVE-2007-1596 (Multiple PHP remote file inclusion vulnerabilities in the NFN Address ...)
+	TODO: check
+CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk ...)
+	TODO: check
+CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 ...)
+	TODO: check
+CVE-2007-1593
+	RESERVED
+CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
+	TODO: check
+CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus ...)
+	TODO: check
+CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 ...)
+	TODO: check
+CVE-2006-7181 (Multiple PHP remote file inclusion vulnerabilities in Morcego CMS ...)
+	TODO: check
+CVE-2006-7180 (ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets ...)
+	TODO: check
+CVE-2006-7179 (ieee80211_input.c in MadWifi before 0.9.3 does not properly process ...)
+	TODO: check
+CVE-2006-7178 (MadWifi before 0.9.3 does not properly handle reception of an AUTH ...)
+	TODO: check
+CVE-2006-7177 (MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a ...)
+	TODO: check
+CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...)
+	TODO: check
+CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...)
+	TODO: check
+CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c sample ...)
+	TODO: check
+CVE-2003-1324 (Race condition in the can_open function in Elm ME+ 2.4, when installed ...)
+	TODO: check
+CVE-2003-1323 (Elm ME+ 2.4 before PL109S, when installed setgid mail and the ...)
+	TODO: check
 CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and ...)
 	NOT-FOR-US: Grandstream
 CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows ...)
@@ -60,7 +467,7 @@
 	NOT-FOR-US: Opera
 CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and ...)
 	- iceweasel 2.0.0.3-1 (low)
-CVE-2007-1560 (The clientProcessRequest() function in squid/src/client_side.c in ...)
+CVE-2007-1560 (The clientProcessRequest() function in src/client_side.c in Squid 2.6 ...)
 	- squid 2.6.5-6
 CVE-2007-1559
 	RESERVED
@@ -163,7 +570,7 @@
 	NOT-FOR-US: PHP-Stats
 CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR ...)
 	NOT-FOR-US: MERCUR IMAPD
-CVE-2007-1561 (Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers ...)
+CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 ...)
 	- asterisk <unfixed> (bug #415466; medium)
 	NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
 CVE-2007-XXXX [Asterisk segfault on SIP response code 0]
@@ -227,7 +634,7 @@
 	NOT-FOR-US: Avaya S87XX
 CVE-2007-1490 (Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 ...)
 	NOT-FOR-US: Avaya S87XX
-CVE-2007-1489 (Unspecified vulnerability in WebAPP 0.9.9.6 before 20070312 allows ...)
+CVE-2007-1489 (Unspecified vulnerability in web-app.org Web Automated Perl Portal ...)
 	NOT-FOR-US: WebAPP
 CVE-2007-1488 (Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 ...)
 	NOT-FOR-US: Sun Java System Web Server
@@ -278,8 +685,8 @@
 	NOT-FOR-US: Cisco Secure Access Control Server
 CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents ...)
 	- libwpd 0.8.9-1 (medium)
-CVE-2007-1465
-	RESERVED
+CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 ...)
+	TODO: check
 CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in ...)
 	- inkscape <unfixed> (medium)
 CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows ...)
@@ -506,7 +913,7 @@
 	NOT-FOR-US: Avaya Communications Manager
 CVE-2007-1366
 	RESERVED
-CVE-2007-1365 (Unspecified vulnerability in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 ...)
+CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows ...)
 	NOT-FOR-US: OpenBSD Kernel
 CVE-2007-1364
 	RESERVED
@@ -538,8 +945,8 @@
 	RESERVED
 CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 ...)
 	NOT-FOR-US: Novell NetMail
-CVE-2007-1349
-	RESERVED
+CVE-2007-1349 (PerlRun.pm in Apache mod_perl 1.30 and earlier, and RegistryCooker.pm ...)
+	TODO: check
 CVE-2007-1348
 	RESERVED
 CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and ...)
@@ -599,7 +1006,7 @@
 	RESERVED
 CVE-2007-1320
 	RESERVED
-CVE-2007-1319 (Unspecified vulnerability in the OPCDA interface in Takebishi Electric ...)
+CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in ...)
 	NOT-FOR-US: DeviceXPlorer OLE
 CVE-2007-1318
 	RESERVED
@@ -1269,7 +1676,7 @@
 	TODO: check epiphany, galeon and kazehakase
 CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX ...)
 	NOT-FOR-US: ConfigChk ActiveX control
-CVE-2007-1082 (FTP Explorer 1.0.1 Build 047 allows remote servers to cause a denial ...)
+CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, ...)
 	NOT-FOR-US: FTP Explorer
 CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, ...)
 	- typo3-src 4.0.5+debian-1 
@@ -1618,7 +2025,7 @@
 	- linux-2.6 2.6.18.dfsg.1-12 (medium)
 CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other ...)
 	- ekiga 2.0.3-5 (bug #414069; high)
-CVE-2007-0998 (The VNC server implementation in QEMU allows local users of a guest ...)
+CVE-2007-0998 (The VNC server implementation in QEMU, as used by Xen and possibly ...)
 	- xen-3.0 <unfixed> (medium)
 CVE-2007-0997
 	RESERVED
@@ -3550,8 +3957,7 @@
 CVE-2007-0241
 	RESERVED
 	- linux-2.6 2.6.18.dfsg.1-12
-CVE-2007-0240
-	RESERVED
+CVE-2007-0240 (Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier ...)
 	- zope2.9 2.9.7-1
 CVE-2007-0239 (OpenOffice.org (OOo) Office Suite allows user-assisted remote ...)
 	{DSA-1270-1}
@@ -4121,7 +4527,7 @@
 	NOT-FOR-US: PHP-Update
 CVE-2006-6877 (Directory traversal vulnerability in index.php in Matteo Lucarelli ...)
 	NOT-FOR-US: Matteo Lucarelli 3editor
-CVE-2006-6876 (The fetchsms function in the SMS handling module (libsms_getsms.c) in ...)
+CVE-2006-6876 (Buffer overflow in the fetchsms function in the SMS handling module ...)
 	- openser 1.1.1-1 (medium)
 	[etch] - openser 1.1.0-9etch1
 	NOTE: http://www.openser.org/pub/openser/1.1.1/ChangeLog
@@ -4206,8 +4612,8 @@
 	RESERVED
 CVE-2007-0039
 	RESERVED
-CVE-2007-0038
-	RESERVED
+CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft ...)
+	TODO: check
 CVE-2007-0037
 	RESERVED
 CVE-2007-0036
@@ -6039,11 +6445,11 @@
 	{DSA-1249-1}
 	- xorg-server 2:1.1.1-15
 CVE-2006-6100
-	RESERVED
+	REJECTED
 CVE-2006-6099
-	RESERVED
+	REJECTED
 CVE-2006-6098
-	RESERVED
+	REJECTED
 CVE-2006-6097 (GNU tar 1.16 and 1.15.1, and possibly other versions, allows ...)
 	{DSA-1223-1}
 	- tar 1.16-2 (high; bug #399845)
@@ -6200,7 +6606,7 @@
 	NOT-FOR-US: DoSePa
 CVE-2006-6027 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...)
 	NOT-FOR-US: Adobe Reader
-CVE-2006-6026 (Heap-based buffer overflow in Helix DNA Server 11.0 and 11.1 has ...)
+CVE-2006-6026 (Heap-based buffer overflow in Real Networks Helix Server and Helix ...)
 	NOT-FOR-US: Helix DNA Server
 CVE-2006-6025 (QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a ...)
 	NOT-FOR-US: QUALCOMM Eudora WorldMail
@@ -6782,7 +7188,7 @@
 CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO9660 ...)
 	- linux-2.6 2.6.18.dfsg.1-10 (low)
 CVE-2006-5756
-	RESERVED
+	REJECTED
 CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not ...)
 	- linux-2.6 2.6.18.dfsg.1-10
 CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly ...)
@@ -8779,8 +9185,8 @@
 	NOT-FOR-US: TeamCal
 CVE-2006-4844 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Claroline
-CVE-2006-4843
-	RESERVED
+CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...)
+	TODO: check
 CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in ...)
 	- xulrunner 1.8.0.9-1 (low; bug #405062)
 	[sarge] - mozilla <unfixed> (low)
@@ -10351,8 +10757,8 @@
 	NOT-FOR-US: Novell eDirectory
 CVE-2006-4176
 	RESERVED
-CVE-2006-4175
-	RESERVED
+CVE-2006-4175 (The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 ...)
+	TODO: check
 CVE-2006-4174
 	RESERVED
 CVE-2006-4173
@@ -19588,7 +19994,7 @@
 	NOT-FOR-US: aoblogger
 CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote ...)
 	NOT-FOR-US: Linksys hardware issue
-CVE-2006-0308 (PHP remote file include vulnerability in HTMLtonuke.php in HTMLtoNuke ...)
+CVE-2006-0308 (PHP remote file inclusion vulnerability in htmltonuke.php in the ...)
 	NOT-FOR-US: HTMLtoNuke
 CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer ...)
 	NOT-FOR-US: CA BrightStor products




More information about the Secure-testing-commits mailing list