[Secure-testing-commits] r5820 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Fri May 11 15:24:22 UTC 2007
Author: jmm-guest
Date: 2007-05-11 15:24:18 +0000 (Fri, 11 May 2007)
New Revision: 5820
Modified:
data/CVE/list
Log:
rewrite register_globals issues in squirrelmail as non-issues
kernel issue doesn't affect Debian
add some qemu entries for unstable
NFUs
lower severity of bugzilla issue
NOTEs like foo not in sarge are no longer necessary, as we have distribution-
specific views
pdns/xmedcon issues not security-relevant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-10 20:32:28 UTC (rev 5819)
+++ data/CVE/list 2007-05-11 15:24:18 UTC (rev 5820)
@@ -10,7 +10,6 @@
TODO: check
CVE-2007-2583 (MySQL 5.x before 5.0.40 allows context-dependent attackers to cause a ...)
- mysql-dfsg-5.0 <unfixed> (low)
- NOTE: mysql-dfsg-5.0 not in sarge
NOTE: http://bugs.mysql.com/bug.php?id=27513
CVE-2007-2582 (Unspecified vulnerability in the DB2 JDBC Applet Server (DB2JDS) ...)
TODO: check
@@ -750,7 +749,7 @@
CVE-2007-2240
RESERVED
CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Camera ...)
- TODO: check
+ NOT-FOR-US: AXIS Camera Control
CVE-2007-2238
RESERVED
CVE-2007-2237
@@ -787,7 +786,7 @@
CVE-2007-2222
RESERVED
CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2220
RESERVED
CVE-2007-2219
@@ -1838,7 +1837,7 @@
CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name ...)
NOT-FOR-US: Microsoft Windows
CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2007-1746
RESERVED
CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam ...)
@@ -2013,13 +2012,13 @@
CVE-2007-1673 (unzoo.c allows remote attackers to cause a denial of service (infinite ...)
TODO: check
CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: avast
CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Avira
CVE-2007-1670 (Panda Software Antivirus before 20070402 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Panda
CVE-2007-1669 (Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, ...)
- TODO: check
+ NOT-FOR-US: Barracuda
CVE-2007-1668
RESERVED
CVE-2007-1666 (The processor_request function in the debugger server for DataRescue ...)
@@ -2756,7 +2755,7 @@
NOT-FOR-US: Avaya Communications Manager
CVE-2007-1366 (QEMU 0.8.2 allows local users to crash a virtual machine via the ...)
{DSA-1284-1}
- TODO: check
+ - qemu <unfixed>
CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows ...)
NOT-FOR-US: OpenBSD Kernel
CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain ...)
@@ -2854,13 +2853,14 @@
{DSA-1284-1}
CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing ...)
{DSA-1284-1}
- TODO: check
+ - qemu <unfixed>
CVE-2007-1321
RESERVED
{DSA-1284-1}
+ - qemu <unfixed>
CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region ...)
{DSA-1284-1}
- TODO: check
+ - qemu <unfixed>
CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in ...)
NOT-FOR-US: DeviceXPlorer OLE
CVE-2007-1318
@@ -3009,7 +3009,7 @@
CVE-2007-1281 (Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux ...)
NOT-FOR-US: Kaspersky AntiVirus Engine
CVE-2007-1280 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 ...)
NOT-FOR-US: Adobe
CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 ...)
@@ -3214,7 +3214,7 @@
CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
NOT-FOR-US: Microsoft GDI
CVE-2007-1214 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Excel
CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows ...)
NOT-FOR-US: Microsoft Windows
CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
@@ -3236,9 +3236,9 @@
CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) ...)
NOT-FOR-US: Microsoft Windows
CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Excel
CVE-2007-1202 (Microsoft Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for ...)
- TODO: check
+ NOT-FOR-US: Microsoft Word
CVE-2007-1201
RESERVED
CVE-2007-1200
@@ -4011,21 +4011,21 @@
CVE-2007-0948
RESERVED
CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7 on ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0945 (Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange method in ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0943
RESERVED
CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0941
RESERVED
CVE-2007-0940 (Unspecified vulnerability in the Cryptographic API Component Object ...)
- TODO: check
+ NOT-FOR-US: Microsoft CAPICOM
CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content ...)
NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does ...)
@@ -4474,7 +4474,7 @@
CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the ...)
- bugzilla <not-affected> (Only development version 2.23.3 is affected)
CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla ...)
- - bugzilla <unfixed> (bug #409824; medium)
+ - bugzilla <unfixed> (bug #409824; low)
[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP ...)
NOT-FOR-US: SmartFTP
@@ -4553,7 +4553,7 @@
CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows ...)
- linux-2.6 2.6.18.dfsg.1-11
CVE-2007-0771 (Unspecified vulnerability in the utrace support for Linux kernel ...)
- - linux-2.6 <unfixed> (medium)
+ - linux-2.6 <not-affected> (RHEL-specific backport, only present in -mm tree)
CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted ...)
{DSA-1260}
- graphicsmagick 1.1.7-12
@@ -5756,7 +5756,7 @@
CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, ...)
NOT-FOR-US: Oracle
CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels ...)
- TODO: Check if Debian UFS filesystem was affected
+ NOT-FOR-US: UFS filesystem on MacOS/FreeBSD
CVE-2007-0266 (SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal ...)
NOT-FOR-US: Ezboxx Portal
CVE-2007-0265 (Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal ...)
@@ -5850,7 +5850,7 @@
CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php ...)
NOT-FOR-US: CS-Cart
CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and ...)
- TODO: check kfreebsd
+ NOT-FOR-US: MacOS X
CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer ...)
NOT-FOR-US: EIQ Networks Network Security Analyzer
CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify ...)
@@ -5881,7 +5881,7 @@
CVE-2007-0216
RESERVED
CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Excel
CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 ...)
NOT-FOR-US: Microsoft
CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does ...)
@@ -5947,8 +5947,6 @@
[sarge] - udev <not-affected> (Doesn't affect Sarge)
CVE-2007-XXXX [yacas insecure rpath]
- yacas 1.0.57-3 (bug #399226; bug #399227; low)
-CVE-2007-XXXX [TXT record parsing overflow with special characters]
- - pdns <unfixed> (bug #406465)
CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows ...)
- squid 2.6.5-4 (low; bug #407202)
[sarge] - squid <not-affected> (Vulnerable code not present)
@@ -6480,7 +6478,7 @@
CVE-2007-0036
RESERVED
CVE-2007-0035 (Microsoft Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for ...)
- TODO: check
+ NOT-FOR-US: Microsoft Word
CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of ...)
NOT-FOR-US: Microsoft Outlook
CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to ...)
@@ -7208,9 +7206,6 @@
CVE-2006-XXXX [gaim crash when receiving an invalid UPnP response]
- gaim 1:2.0.0+beta5-9 (low)
[sarge] - gaim <no-dsa> (minor issue)
-CVE-2006-XXXX [xmedcon segfault on some files]
- - xmedcon 0.9.9.4-1 (unknown; bug #401529)
- TODO: check security impact
CVE-2006-XXXX [dsniff urlsnarf missing output sanitization]
- dsniff 2.4b1+debian-16 (unimportant; bug #400624)
NOTE: While older terminals were vulnerable to some attacks involving terminal
@@ -13819,8 +13814,8 @@
CVE-2006-3666 (SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc ...)
NOT-FOR-US: AjaxPortal
CVE-2006-3665 (SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows ...)
- - squirrelmail 2:1.4.7-1 (low)
- [sarge] - squirrelmail <no-dsa> (Operation with registers_globals not supported)
+ - squirrelmail 2:1.4.7-1 (unimportant)
+ NOTE: Operation with registers_globals not supported
CVE-2006-3664 (Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 ...)
NOT-FOR-US: Sun Solaris
CVE-2006-3663 (Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in ...)
@@ -14870,8 +14865,8 @@
CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 ...)
NOT-FOR-US: mcGuestbook
CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...)
- - squirrelmail 2:1.4.7-1 (bug #375782; low)
- [sarge] - squirrelmail <no-dsa> (Operation with registers_globals not supported)
+ - squirrelmail 2:1.4.7-1 (bug #375782; unimportant)
+ NOTE: Operation with registers_globals not supported
CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...)
NOT-FOR-US: Content*Builder
CVE-2006-3172 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...)
More information about the Secure-testing-commits
mailing list