[Secure-testing-commits] r5916 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Thu May 24 21:49:42 UTC 2007
Author: jmm-guest
Date: 2007-05-24 21:49:42 +0000 (Thu, 24 May 2007)
New Revision: 5916
Modified:
data/CVE/list
Log:
- no-dsa for backup-manager issue
- CVEfiy SOAP nonce issue (quick investigate suggests Etch isn't affected also, needs
double-checking, though), older php5 issue fixed
- kernel compat mount DoS fixed, kernel/CAPI issue quite a non-issue
- NFUs and remove some obsolete TODOs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-24 19:54:49 UTC (rev 5915)
+++ data/CVE/list 2007-05-24 21:49:42 UTC (rev 5916)
@@ -70,11 +70,13 @@
CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) ...)
TODO: check
CVE-2007-2766 (Backup Manager before 0.7.6 provides the MySQL password as a plaintext ...)
- TODO: check
+ - backup-manager <unfixed> (low)
+ [sarge] - backup-manager <no-dsa> (Minor issue)
+ [etch] - backup-manager <no-dsa> (Minor issue)
CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse ...)
TODO: check
CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm switches ...)
- TODO: check
+ NOT-FOR-US: Sun switches
CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the LockModules ...)
TODO: check
CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it Fast ...)
@@ -147,7 +149,8 @@
CVE-2007-2729 (Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, ...)
TODO: check
CVE-2007-2728 (The soap extension in PHP calls php_rand_r with an uninitialized seed ...)
- TODO: check
+ - php5 <unfixed> (low)
+ - php4 <not-affected> (no soap functions in php4)
CVE-2007-2727 (The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before ...)
TODO: check
CVE-2007-2726 (BitsCast 0.13.0 allows remote attackers to cause a denial of service ...)
@@ -438,12 +441,8 @@
- squirrelmail 2:1.4.10a-1 (low)
CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and ...)
- wu-ftpd 2.6.2-26 (bug #425162)
-CVE-2006-XXXX [PHP SOAP Extension HTTP Authentication Weak Nonce]
- NOTE: see http://secunia.com/advisories/25306/
- - php5 <unfixed> (low)
- - php4 <not-affected> (no soap functions in php4)
CVE-2006-7203 (The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 ...)
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.18.dfsg.1-9 (low)
CVE-2007-2588 (Multiple buffer overflows in the Office Viewer OCX ActiveX control ...)
NOT-FOR-US: Office Viewer OCX ActiveX
CVE-2007-2587 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote ...)
@@ -486,7 +485,7 @@
CVE-2007-2569 (Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 ...)
NOT-FOR-US: Friendly
CVE-2007-2568 (Multiple stack-based buffer overflows in VCDGear 3.55 allow ...)
- TODO: check
+ NOT-FOR-US: VCDGear
CVE-2007-2567 (Buffer overflow in the SaveBarCode function in the Taltech Tal Bar ...)
NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2566 (The SaveBarCode function in the Taltech Tal Bar Code ActiveX control ...)
@@ -757,11 +756,11 @@
CVE-2007-2442
RESERVED
CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
- TODO: check
+ NOT-FOR-US: Caucho Resin
CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 ...)
- TODO: check
+ NOT-FOR-US: Caucho Resin
CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
- TODO: check
+ NOT-FOR-US: Caucho Resin
CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, ...)
- vim <unfixed> (medium)
NOTE: Exploitable through modelines.
@@ -2470,7 +2469,7 @@
CVE-2007-1690 (Multiple stack-based buffer overflows in Second Sight Software ...)
NOT-FOR-US: Second Sight Software
CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL ...)
- TODO: check
+ NOT-FOR-US: Norton
CVE-2007-1688
RESERVED
CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation iPIX ...)
@@ -3710,8 +3709,8 @@
- isdnutils 1:3.9.20060704-3 (bug #408530; low)
[sarge] - isdnutils <no-dsa> (Not exploitable over ISDN network)
- asterisk-chan-capi 0.7.1-1.1 (bug #411293)
- - linux-2.6 <unfixed> (bug #411294; low)
- NOTE: Not exploitable over ISDN network, only through a CAPI server
+ - linux-2.6 <unfixed> (bug #411294; unimportant)
+ NOTE: Not exploitable over ISDN network, only theoretically through a dedicated CAPI server
CVE-2007-1216 (Double-free vulnerability in the GSS-API library ...)
{DSA-1276-1}
- krb5 1.4.4-8 (high)
@@ -3800,7 +3799,7 @@
CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...)
NOT-FOR-US: WebAPP
CVE-2007-1173 (Multiple buffer overflows in the CentennialIPTransferServer service ...)
- TODO: check
+ NOT-FOR-US: CentennialIPTransferServer
CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel ...)
NOT-FOR-US: WebAPP
CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel ...)
@@ -4618,11 +4617,8 @@
CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...)
NOT-FOR-US: JPortal
CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...)
- - php5 <not-affected> (A regression only affecting 5.2.1)
- TODO: - php5 <unfixed> (bug #410561; bug #410995; medium)
- NOTE: this is a regression in the 5.2.1 release which is not yet uploaded.
- NOTE: so we should just make sure we patch 5.2.1. Leaving open in the
- NOTE: meantime, so we don't forget about it.
+ - php5 5.2.2-1 (bug #410561; bug #410995; medium)
+ [etch] - php5 <not-affected> (A regression only affecting 5.2.1)
CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to ...)
{DSA-1264-1}
- php5 5.2.0-9 (bug #410561; bug #410995; medium)
@@ -15893,9 +15889,7 @@
CVE-2006-2942 (TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki ...)
- twiki <not-affected> (Debian's version is old and does not include affected file)
CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a denial of ...)
- - mailman <not-affected>
- NOTE: Mailman uses the system version of the affected Python lib
- TODO: Check affected Python versions
+ - mailman <not-affected> (Mailman uses the system version of the affected Python lib)
CVE-2006-2940 (OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions ...)
{DSA-1195-1 DSA-1185-2}
- openssl 0.9.8c-2 (bug #389940)
@@ -18896,7 +18890,6 @@
NOT-FOR-US: DNGuestbook
CVE-2005-4784 (Multiple buffer overflows in the POSIX readdir_r function, as used in ...)
NOTE: this does not affect linux
- TODO: check kfreebsd
CVE-2005-4783 (kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not ...)
NOT-FOR-US: NetBSD
CVE-2005-4782 (NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is ...)
More information about the Secure-testing-commits
mailing list