[Secure-testing-commits] r7221 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Mon Nov 5 21:14:10 UTC 2007 

Author: joeyh
Date: 2007-11-05 21:14:10 +0000 (Mon, 05 Nov 2007)
New Revision: 7221

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-11-05 14:47:54 UTC (rev 7220)
+++ data/CVE/list	2007-11-05 21:14:10 UTC (rev 7221)
@@ -1,6 +1,22 @@
+CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf ...)
+	TODO: check
+CVE-2007-5801 (Unspecified vulnerability in WORK system e-commerce before 4.0.2 has ...)
+	TODO: check
+CVE-2007-5800 (Multiple PHP remote file inclusion vulnerabilities in the ...)
+	TODO: check
+CVE-2007-5799 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2007-5798 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2007-5797 (SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an ...)
+	TODO: check
+CVE-2007-5796 (Cross-site scripting (XSS) vulnerability in the management console in ...)
+	TODO: check
+CVE-2007-5794
+	RESERVED
 CVE-2007-XXXX [insecure temporary file handling in ircii-pana]
 	- ircii-pana <unfixed> (low; bug #449149)
-CVE-2007-5795 [emacs22 safe mode bypass]
+CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when ...)
 	- emacs22 22.1+1-2.1 (medium; bug #449008)
 	NOTE: Emacs 21 is not affected
 CVE-2007-XXXX [conffile ietd.conf public readable and contains passwords]
@@ -58,8 +74,7 @@
 	RESERVED
 CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password ...)
 	NOT-FOR-US: Globe7 soft phone client
-CVE-2007-5767
-	RESERVED
+CVE-2007-5767 (Heap-based buffer overflow in the Client Trust application ...)
 	NOT-FOR-US: Geronimo Apache
 CVE-2007-5766
 	RESERVED
@@ -236,6 +251,7 @@
 CVE-2002-2365 (Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2007-5740 (The format string protection mechanism in IMAPD for Perdition Mail ...)
+	{DSA-1398-1}
 	- perdition 1.17.1-1 (medium; bug #448853)
 CVE-2007-5751 (Liferea before 1.4.6 uses weak permissions (0644) for the ...)
 	- liferea 1.4.6-1 (low; bug #448850)
@@ -594,8 +610,8 @@
 	RESERVED
 CVE-2007-5661
 	RESERVED
-CVE-2007-5660
-	RESERVED
+CVE-2007-5660 (Unspecified vulnerability in the Update Service ActiveX control in ...)
+	TODO: check
 CVE-2007-5659
 	RESERVED
 CVE-2007-5658
@@ -2239,8 +2255,7 @@
 	{DTSA-67-1}
 	- nagios-plugins 1.4.8-2.2 (low; bug #445475)
 	NOTE: Requires the webserver, which has to be checked, to be compromised
-CVE-2007-5197
-	RESERVED
+CVE-2007-5197 (Buffer overflow in the Mono.Math.BigInteger class in Mono allows ...)
 	{DSA-1397-1 DTSA-76-1}
 	- mono 1.2.5.1-2
 CVE-2007-5196 (Unspecified vulnerability in the SSL implementation in Groupwise ...)
@@ -3076,8 +3091,8 @@
 	NOT-FOR-US: TorrentTrader
 CVE-2007-4830 (Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in ...)
 	NOT-FOR-US: DirectAdmin
-CVE-2007-4829
-	RESERVED
+CVE-2007-4829 (Directory traversal vulnerability in the Archive::Tar Perl module 1.36 ...)
+	TODO: check
 CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing ...)
 	- mediawiki 1.10.2-1 (low; bug #442255)
 	[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
@@ -9245,7 +9260,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security Package for ...)
 	NOT-FOR-US: Microsoft
-CVE-2007-2217 (Unspecified vulnerability in Kodak Image Viewer in Microsoft Windows ...)
+CVE-2007-2217 (Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP ...)
 	NOT-FOR-US: Kodak Image Viewer
 CVE-2007-2216 (The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet ...)
 	NOT-FOR-US: Microsoft Internet Explorer
@@ -50085,7 +50100,7 @@
 	- vsftpd 2.0.1-1
 	NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't
 	NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html
-CVE-2004-0041 (mod-auth-shadow 1.4 and earlier does not properly enforce the ...)
+CVE-2004-0041 (The mod_auth_shadow module 1.4 and earlier does not properly enforce ...)
 	{DSA-421}
 	- mod-auth-shadow 1.4-1
 CVE-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...)

More information about the Secure-testing-commits mailing list