[Secure-testing-commits] r5773 - data/CVE

Stefan Fritsch stef-guest at alioth.debian.org
Wed May 2 21:57:23 UTC 2007


Author: stef-guest
Date: 2007-05-02 21:57:19 +0000 (Wed, 02 May 2007)
New Revision: 5773

Modified:
   data/CVE/list
Log:
- new libimager-perl issue
- new javascript hijacking issue in various ajax toolkits
- new mydns issue fixed
- new gimp issue fixed
- new axis issue unimportant
- some NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-05-02 21:14:17 UTC (rev 5772)
+++ data/CVE/list	2007-05-02 21:57:19 UTC (rev 5773)
@@ -5,17 +5,17 @@
 CVE-2007-2417
 	RESERVED
 CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote ...)
-	TODO: check
+	NOT-FOR-US: E-Annu
 CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...)
-	TODO: check
+	NOT-FOR-US: Pi3Web Web Server
 CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: MyServer
 CVE-2007-2413 (Heap-based buffer overflow in Imager before 0.57 allows remote ...)
-	TODO: check
+	- libimager-perl <unfixed> (bug #421582)
 CVE-2007-2412 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: Seir Anphin
 CVE-2007-2411 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: Sphider
 CVE-2007-2410
 	RESERVED
 CVE-2007-2409
@@ -67,71 +67,73 @@
 CVE-2007-2386
 	RESERVED
 CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object ...)
-	TODO: check
+	TODO: check yui
+	TODO: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
 CVE-2007-2384 (The Script.aculo.us framework exchanges data using JavaScript Object ...)
-	TODO: check
+	TODO: check glpi knowledgeroot mt-daapd op-panel python-webhelpers qwik rails wordpress
 CVE-2007-2383 (The Prototype (prototypejs) framework exchanges data using JavaScript ...)
-	TODO: check
+	TODO: check glpi hobix knowledgeroot libbio-ruby1.8 mt-daapd op-panel poker-web python-webhelpers qwik rails wordpress 
 CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ...)
 	TODO: check
 CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Notation ...)
-	TODO: check
+	TODO: check python-paste
 CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object ...)
 	TODO: check
 CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ...)
 	TODO: check
 CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...)
-	TODO: check
+	NOT-FOR-US: Google Web Toolkit (GWT)
 CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data ...)
 	TODO: check
 CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object Notation ...)
-	TODO: check
+	NOT-FOR-US: Dojo
 CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise Security ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2007-2374 (Unspecified vulnerability in Microsoft Windows 2000, XP, and Server ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-2373 (SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) ...)
-	TODO: check
+	NOT-FOR-US: WF-Links (wflinks) module for XOOPS
 CVE-2007-2372 (admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...)
-	TODO: check
+	NOT-FOR-US: phpMyNewsletter
 CVE-2007-2371 (admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...)
-	TODO: check
+	NOT-FOR-US: phpMyNewsletter
 CVE-2007-2370 (SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 ...)
-	TODO: check
+	NOT-FOR-US: Jobs module for XOOPS
 CVE-2007-2369 (Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 ...)
-	TODO: check
+	NOT-FOR-US: WebSPELL
 CVE-2007-2368 (picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: WebSPELL
 CVE-2007-2367 (Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) ...)
-	TODO: check
+	NOT-FOR-US: Wserve HTTP Server (whttp)
 CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted ...)
-	TODO: check
+	NOT-FOR-US: Corel
 CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, and Photoshop Elements ...)
-	TODO: check
+	NOT-FOR-US: Adobe
 CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and ...)
-	TODO: check
+	NOT-FOR-US: burnCMS
 CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted ...)
-	TODO: check
+	NOT-FOR-US: IrfanView
 CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) ...)
-	TODO: check
+	- mydns 1:1.1.0-8
 CVE-2007-2361 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState Recovery, and ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2007-2360 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState Recovery, and ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2007-2358 (** DISPUTED ** ...)
 	TODO: check
 CVE-2007-2357 (Cross-site scripting (XSS) vulnerability in mods/Core/result.php in ...)
-	TODO: check
+	NOT-FOR-US: SineCms
 CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in ...)
-	TODO: check
+	- gimp 2.2.14-2
 CVE-2007-2355 (The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP ...)
-	TODO: check
+	NOT-FOR-US: OPeNDAP
 CVE-2007-2354 (Progress Webspeed Messenger allows remote attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: Progress Webspeed Messenger
 CVE-2007-2353 (Apache Axis 1.0 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	- axis <unfixed> (unimportant)
+	NOTE: only path disclosure
 CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote ...)
 	TODO: check
 CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) ...)




More information about the Secure-testing-commits mailing list