[Secure-testing-commits] r7240 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Wed Nov 7 21:14:08 UTC 2007 

Author: joeyh
Date: 2007-11-07 21:14:08 +0000 (Wed, 07 Nov 2007)
New Revision: 7240

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-11-07 18:36:49 UTC (rev 7239)
+++ data/CVE/list	2007-11-07 21:14:08 UTC (rev 7240)
@@ -1,3 +1,99 @@
+CVE-2007-5886
+	RESERVED
+CVE-2007-5885
+	RESERVED
+CVE-2007-5884
+	RESERVED
+CVE-2007-5883
+	RESERVED
+CVE-2007-5882
+	RESERVED
+CVE-2007-5881
+	RESERVED
+CVE-2007-5880
+	RESERVED
+CVE-2007-5879
+	RESERVED
+CVE-2007-5878
+	RESERVED
+CVE-2007-5877
+	RESERVED
+CVE-2007-5876
+	RESERVED
+CVE-2007-5875
+	RESERVED
+CVE-2007-5874
+	RESERVED
+CVE-2007-5873
+	RESERVED
+CVE-2007-5872
+	RESERVED
+CVE-2007-5871
+	RESERVED
+CVE-2007-5870
+	RESERVED
+CVE-2007-5869
+	RESERVED
+CVE-2007-5868
+	RESERVED
+CVE-2007-5867
+	RESERVED
+CVE-2007-5866
+	RESERVED
+CVE-2007-5865
+	RESERVED
+CVE-2007-5864
+	RESERVED
+CVE-2007-5863
+	RESERVED
+CVE-2007-5862
+	RESERVED
+CVE-2007-5861
+	RESERVED
+CVE-2007-5860
+	RESERVED
+CVE-2007-5859
+	RESERVED
+CVE-2007-5858
+	RESERVED
+CVE-2007-5857
+	RESERVED
+CVE-2007-5856
+	RESERVED
+CVE-2007-5855
+	RESERVED
+CVE-2007-5854
+	RESERVED
+CVE-2007-5853
+	RESERVED
+CVE-2007-5852
+	RESERVED
+CVE-2007-5851
+	RESERVED
+CVE-2007-5850
+	RESERVED
+CVE-2007-5849
+	RESERVED
+CVE-2007-5848
+	RESERVED
+CVE-2007-5847
+	RESERVED
+CVE-2007-5846 (The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers ...)
+	TODO: check
+CVE-2007-5845 (Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, ...)
+	TODO: check
+CVE-2007-5844 (Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 ...)
+	TODO: check
+CVE-2007-5843 (PHP remote file inclusion vulnerability in includes/common.php in ...)
+	TODO: check
+CVE-2007-5842 (Multiple PHP remote file inclusion vulnerabilities in Vortex Portal ...)
+	TODO: check
+CVE-2007-5841 (PHP remote file inclusion vulnerability in admin/index.php in nuBoard ...)
+	TODO: check
+CVE-2007-5840 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-5838 (Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 ...)
+	TODO: check
 CVE-2007-5837 (GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, ...)
 	- yarssr 0.2.2-3 (bug #448721)
 CVE-2007-5836 (SQL injection vulnerability in Amazing Flash AFCommerce allows remote ...)
@@ -85,7 +181,7 @@
 	NOT-FOR-US: Blue Coat ProxySG
 CVE-2007-5794
 	RESERVED
-CVE-2007-5839 [insecure temporary file handling in ircii-pana]
+CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows local ...)
 	- ircii-pana <unfixed> (low; bug #449149)
 CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when ...)
 	- emacs22 22.1+1-2.1 (medium; bug #449008)
@@ -347,7 +443,7 @@
 	NOT-FOR-US: eLouai's Force Download
 CVE-2007-5731 (Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and ...)
 	- slide-webdavclient <unfixed> (low; bug #448841)
-CVE-2007-5730 (Heap-based buffer overflow in QEMU 0.8.2 allows local users to execute ...)
+CVE-2007-5730 (Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly ...)
 	- qemu 0.9.0-2 (bug #424070)
 CVE-2007-5729 (The NE2000 emulator in QEMU 0.8.2 allows local users to execute ...)
 	- qemu 0.9.0-2 (bug #424070)
@@ -1091,7 +1187,7 @@
 	NOT-FOR-US: NEC mobile handset
 CVE-2007-5556 (Unspecified vulnerability in the Avaya VoIP Handset allows remote ...)
 	NOT-FOR-US: Avaya VoIP Handset
-CVE-2007-5555 (Symantec Altiris Deployment Solution 6 allows local users to obtain ...)
+CVE-2007-5555 (Unspecified vulnerability in Symantec Altiris Deployment Solution ...)
 	NOT-FOR-US: Symantec Altiris Deployment Solution
 CVE-2007-5554 (Oracle allows remote attackers to obtain server memory contents via ...)
 	NOT-FOR-US: Oracle
@@ -1872,6 +1968,7 @@
 CVE-2007-5336
 	REJECTED
 CVE-2007-5335 (Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain ...)
+	{DSA-1396-1}
 	- iceweasel 2.0.0.8-1 (low)
 	NOTE: Firefox 2.0-specific issue, doesn't affect xulrunner, iceape or icedove
 	NOTE: not mentioned in debian changelog, but mozilla #390983 confirms it went into 2.0.0.8
@@ -2784,8 +2881,7 @@
 	- pidgin 2.2.2-1 (medium)
 CVE-2007-4998
 	RESERVED
-CVE-2007-4997 [kernel ieee80211 DoS]
-	RESERVED
+CVE-2007-4997 (Integer underflow in the ieee80211_rx function in ...)
 	- linux-2.6 <unfixed>
 CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge ...)
 	- pidgin 2.2.1-1 (medium)
@@ -2795,8 +2891,8 @@
 	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
 	- openssl096 <not-affected> (DTLS support was introduced in 0.9.8)
 	[sarge] - openssl <not-affected> (DTLS support was introduced in 0.9.8)
-CVE-2007-4994
-	RESERVED
+CVE-2007-4994 (Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not ...)
+	TODO: check
 CVE-2007-4993 (pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a ...)
 	{DSA-1384-1}
 	- xen-3 3.1.1-1 (medium; bug #444430)
@@ -5334,8 +5430,8 @@
 	RESERVED
 CVE-2007-3875 (arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) ...)
 	NOT-FOR-US: CA Anti-Virus
-CVE-2007-3874
-	RESERVED
+CVE-2007-3874 (Directory traversal vulnerability in the tftp/mftp daemon in the PXE ...)
+	TODO: check
 CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI ...)
 	NOT-FOR-US: SSAPI Engine
 CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service ...)
@@ -11497,7 +11593,7 @@
 CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing ...)
 	{DSA-1284-1 DTSA-38-1}
 	- qemu 0.9.0-2 (bug #424070)
-CVE-2007-1321 (Integer signedness error in the NE2000 emulator in QEMU 0.8.2 allows ...)
+CVE-2007-1321 (Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used ...)
 	{DSA-1284-1 DTSA-38-1}
 	- qemu 0.9.0-2 (bug #424070)
 CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region ...)
@@ -14629,7 +14725,7 @@
 	NOT-FOR-US: bitweaver
 CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System ...)
 	NOT-FOR-US: Deadlock
-CVE-2006-6921 (Unspecified versions of the Linux kernel allows local users to cause a ...)
+CVE-2006-6921 (Unspecified versions of the Linux kernel allow local users to cause a ...)
 	- linux-2.6 2.6.18-1 (low)
 CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP ...)
 	NOT-FOR-US: HP

More information about the Secure-testing-commits mailing list