[Secure-testing-commits] r5921 - data/CVE

[djoume-guest at alioth.debian.org]

Author: djoume-guest
Date: 2007-05-25 20:36:41 +0000 (Fri, 25 May 2007)
New Revision: 5921

Modified:
   data/CVE/list
Log:
- sun-java Image parser vulnerabilities
- NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-05-25 09:41:46 UTC (rev 5920)
+++ data/CVE/list	2007-05-25 20:36:41 UTC (rev 5921)
@@ -16,55 +16,58 @@
 CVE-2007-2794
 	RESERVED
 CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in ...)
-	TODO: check
+	- geeklog <itp> (bug #203818)
 CVE-2007-2792 (SQL injection vulnerability in index.php in the com_yanc 1.4 beta ...)
-	TODO: check
+	NOT-FOR-US: com_yanc
+	NOTE: com_yanc component not in Mambo Debian package
 CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX ...)
-	TODO: check
+	NOT-FOR-US: HP Tru64
 CVE-2007-2790 (Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP ...)
-	TODO: check
+	NOT-FOR-US: VP-ASP Shopping Cart
 CVE-2007-2789 (The BMP image parser in Sun Java Development Kit (JDK) before ...)
-	TODO: check
+	- sun-java5 1.5.0-11-1 (medium)
+	- sun-java6 <unfixed> (bug #422403)
 CVE-2007-2788 (Integer overflow in the embedded ICC profile image parser in Sun Java ...)
-	TODO: check
+	- sun-java5 1.5.0-11-1 (medium)
+	- sun-java6 <unfixed> (bug #422403)
 CVE-2007-2787 (Stack-based buffer overflow in the BrowseDir function in the (1) ...)
-	TODO: check
+	NOT-FOR-US: LeadTools Raster Thumbnail Object Library
 CVE-2007-2786 (Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: ircd-ratbox
 CVE-2007-2785 (manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: eSyndiCat Pro
 CVE-2007-2784 (Unspecified vulnerability in globus-job-manager in Globus Toolkit ...)
-	TODO: check
+	- globus <itp> (bug #142932)
 CVE-2007-2783 (Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 ...)
-	TODO: check
+	NOT-FOR-US: Rational Soft Hidden Administrator
 CVE-2007-2782 (Packeteer PacketShaper uses fixed increments in TCP initial sequence ...)
-	TODO: check
+	NOT-FOR-US: Packeteer PacketShaper
 CVE-2007-2781 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: WikyBlog
 CVE-2007-2780 (PsychoStats 3.0.6b and earlier allows remote attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: PsychoStats
 CVE-2007-2779 (PHP remote file inclusion vulnerability in template_csv.php in ...)
-	TODO: check
+	NOT-FOR-US: Libstats
 CVE-2007-2778 (Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 ...)
-	TODO: check
+	NOT-FOR-US: MolyX BOARD
 CVE-2007-2777 (Unrestricted file upload vulnerability in admin/addsptemplate.php in ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft Template Seller Pro
 CVE-2007-2776 (AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft Template Seller Pro
 CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web browser but ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft Live Support
 CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 ...)
-	TODO: check
+	NOT-FOR-US:  SunLight CMS
 CVE-2007-2773 (SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in ...)
-	TODO: check
+	NOT-FOR-US: Zomplog
 CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and ...)
-	TODO: check
+	NOT-FOR-US: CA BrightStor Backup
 CVE-2007-2771 (Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG ...)
-	TODO: check
+	NOT-FOR-US: LeadTools JPEG 2000
 CVE-2007-2770 (Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote ...)
-	TODO: check
+	NOT-FOR-US: Eudora
 CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly ...)
-	TODO: check
+	NOT-FOR-US: OPeNDAP
 CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...)
 	TODO: check
 CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) ...)