[Secure-testing-commits] r7249 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Thu Nov 8 21:14:09 UTC 2007
Author: joeyh
Date: 2007-11-08 21:14:09 +0000 (Thu, 08 Nov 2007)
New Revision: 7249
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-11-08 21:11:40 UTC (rev 7248)
+++ data/CVE/list 2007-11-08 21:14:09 UTC (rev 7249)
@@ -1,3 +1,17 @@
+CVE-2007-5893 (HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote ...)
+ TODO: check
+CVE-2007-5892 (Stack-based buffer overflow in the pdg2.dll ActiveX control in ...)
+ TODO: check
+CVE-2007-5891 (Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ...)
+ TODO: check
+CVE-2007-5890 (Directory traversal vulnerability in index.php in easyGB 2.1.1 allows ...)
+ TODO: check
+CVE-2007-5889 (Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha ...)
+ TODO: check
+CVE-2007-5888 (Cross-site scripting (XSS) vulnerability in displayecard.php in ...)
+ TODO: check
+CVE-2007-5887 (SQL injection vulnerability in boards/printer.asp in ASP Message Board ...)
+ TODO: check
CVE-2007-5886
RESERVED
CVE-2007-5885
@@ -290,8 +304,7 @@
RESERVED
CVE-2007-5742
RESERVED
-CVE-2007-5741 [Plone interprets network data as Python pickles]
- RESERVED
+CVE-2007-5741 (Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers ...)
- zope-cmfplone 2.5.2-2 (bug #449523)
NOTE: Fix available:
NOTE: http://plone.org/about/security/advisories/cve-2007-5741
@@ -1063,7 +1076,8 @@
- mnogosearch 3.3.4-4.1 (low; bug #447753)
CVE-2007-5587 (Buffer overflow in Macrovision SafeDisc secdrv.sys, as shipped in ...)
NOT-FOR-US: Microsoft Windows
-CVE-2007-5586 (Unspecified vulnerability in a driver in Microsoft Windows XP SP2 and ...)
+CVE-2007-5586
+ REJECTED
NOT-FOR-US: Microsoft Windows
CVE-2007-5585 (xscreensaver 5.03 and earlier, when running without ...)
- xscreensaver <unfixed> (medium; bug #448157)
@@ -1077,8 +1091,8 @@
RESERVED
CVE-2007-5582
RESERVED
-CVE-2007-5581
- RESERVED
+CVE-2007-5581 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ TODO: check
CVE-2007-5580
RESERVED
CVE-2003-1428 (Gallery 1.3.3 creates directories with insecure permissions, which ...)
@@ -1704,12 +1718,11 @@
RESERVED
CVE-2007-5396
RESERVED
-CVE-2007-5395
- RESERVED
+CVE-2007-5395 (Stack-based buffer overflow in the separate_word function in ...)
+ TODO: check
CVE-2007-5394
RESERVED
-CVE-2007-5393 [xpdf buffer overflow in CCITTFaxStream::lookChar()]
- RESERVED
+CVE-2007-5393 (Heap-based buffer overflow in the CCITTFaxStream::lookChar method in ...)
- poppler <unfixed> (medium; bug #450628)
- kdegraphics <unfixed> (medium; bug #450630)
- xpdf <unfixed> (medium; bug #450629)
@@ -1725,8 +1738,7 @@
NOTE: cups uses xpdf-utils and poppler-utils
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
-CVE-2007-5392 [xpdf buffer overflow in DCTStream::reset()]
- RESERVED
+CVE-2007-5392 (Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in ...)
- poppler <unfixed> (medium; bug #450628)
- kdegraphics <unfixed> (medium; bug #450630)
- xpdf <unfixed> (medium; bug #450629)
@@ -2457,7 +2469,7 @@
{DTSA-67-1}
- nagios-plugins 1.4.8-2.2 (low; bug #445475)
NOTE: Requires the webserver, which has to be checked, to be compromised
-CVE-2007-5197 (Buffer overflow in the Mono.Math.BigInteger class in Mono allows ...)
+CVE-2007-5197 (Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and ...)
{DSA-1397-1 DTSA-76-1}
- mono 1.2.5.1-2
CVE-2007-5196 (Unspecified vulnerability in the SSL implementation in Groupwise ...)
@@ -2635,8 +2647,7 @@
NOT-FOR-US: Solaris
CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in FrontAccounting ...)
NOT-FOR-US: FrontAccounting
-CVE-2007-5116 [overflow in Perl's regular expression compiler]
- RESERVED
+CVE-2007-5116 (Buffer overflow in the polymorphic opcode support in the Regular ...)
{DSA-1400-1}
- perl <unfixed> (medium)
NOTE: http://public.activestate.com/cgi-bin/perlbrowse/30647
@@ -3424,16 +3435,13 @@
RESERVED
CVE-2007-4769
RESERVED
-CVE-2007-4768
- RESERVED
+CVE-2007-4768 (Heap-based buffer overflow in Perl-Compatible Regular Expression ...)
{DSA-1399-1 DTSA-77-1}
- pcre3 7.3-1
-CVE-2007-4767
- RESERVED
+CVE-2007-4767 (Perl-Compatible Regular Expression (PCRE) library before 7.3 does not ...)
{DSA-1399-1 DTSA-77-1}
- pcre3 7.3-1
-CVE-2007-4766
- RESERVED
+CVE-2007-4766 (Multiple integer overflows in Perl-Compatible Regular Expression ...)
{DSA-1399-1 DTSA-77-1}
- pcre3 7.3-1
CVE-2007-4765
@@ -3639,18 +3647,18 @@
RESERVED
CVE-2007-4678
RESERVED
-CVE-2007-4677
- RESERVED
-CVE-2007-4676
- RESERVED
-CVE-2007-4675
- RESERVED
+CVE-2007-4677 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
+ TODO: check
+CVE-2007-4676 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
+ TODO: check
+CVE-2007-4675 (Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in ...)
+ TODO: check
CVE-2007-4674
RESERVED
CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP ...)
NOT-FOR-US: Apple QuickTime
-CVE-2007-4672
- RESERVED
+CVE-2007-4672 (Stack-based buffer overflow in Apple QuickTime before 7.3 allows ...)
+ TODO: check
CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1 allows ...)
NOT-FOR-US: Safari
CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact and ...)
@@ -4414,8 +4422,7 @@
NOT-FOR-US: AIX
CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in ...)
NOT-FOR-US: AIX
-CVE-2007-4352 [xpdf memory corruption in DCTStream::readProgressiveDataUnit()]
- RESERVED
+CVE-2007-4352 (Array index error in the DCTStream::readProgressiveDataUnit method in ...)
- poppler <unfixed> (medium; bug #450628)
- kdegraphics <unfixed> (medium; bug #450630)
- xpdf <unfixed> (medium; bug #450629)
@@ -4705,8 +4712,8 @@
- kdebase 4:3.5.7-3 (bug #433072; low)
[sarge] - kdebase <no-dsa> (Minor issue)
[etch] - kdebase <no-dsa> (Minor issue)
-CVE-2007-4223
- RESERVED
+CVE-2007-4223 (Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an ...)
+ TODO: check
CVE-2007-4222 (Buffer overflow in the TagAttributeListCopy function in nnotes.dll in ...)
NOT-FOR-US: IBM Lotus Notes
CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for ...)
@@ -4906,8 +4913,7 @@
- tar 1.18-2 (medium; bug #439335)
CVE-2007-4130
RESERVED
-CVE-2007-4129 [coolkey incorrect cache file handling]
- RESERVED
+CVE-2007-4129 (CoolKey 1.1.0 allows local users to overwrite arbitrary files via a ...)
- coolkey 1.1.0-3
CVE-2007-4128 (SQL injection vulnerability in index.php in the Firestorm Technologies ...)
NOT-FOR-US: com_gmaps for Joomla!
@@ -5374,8 +5380,9 @@
- sun-java5 1.5.0-12-2
[etch] - sun-java5 <no-dsa> (non-free not supported)
- sun-java6 6-02-1
-CVE-2007-3921
- RESERVED
+CVE-2007-3921 (gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files ...)
+ {DSA-1402-1}
+ TODO: check
CVE-2007-3920 (GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not ...)
{DTSA-75-1}
- gnome-screensaver 2.20.0-1.1
@@ -5795,10 +5802,10 @@
NOT-FOR-US: Aplle iPhone
CVE-2007-3752 (Heap-based buffer overflow in Apple iTunes before 7.4 allows remote ...)
NOT-FOR-US: iTunes
-CVE-2007-3751
- RESERVED
-CVE-2007-3750
- RESERVED
+CVE-2007-3751 (Unspecified vulnerability in QuickTime for Java in Apple QuickTime ...)
+ TODO: check
+CVE-2007-3750 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
+ TODO: check
CVE-2007-3749
RESERVED
CVE-2007-3748 (Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized ...)
@@ -9061,8 +9068,8 @@
NOT-FOR-US: Apple Quicktime
CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime before ...)
NOT-FOR-US: Apple Quicktime
-CVE-2007-2395
- RESERVED
+CVE-2007-2395 (Unspecified vulnerability in Apple QuickTime before 7.3 allows remote ...)
+ TODO: check
CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and ...)
NOT-FOR-US: Apple Quicktime
CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2 allows ...)
@@ -10782,20 +10789,16 @@
{DSA-1318-1}
- ekg 1:1.7~rc2-2 (low)
[sarge] - ekg <not-affected> (Vulnerable code not present)
-CVE-2007-1662
- RESERVED
+CVE-2007-1662 (Perl-Compatible Regular Expression (PCRE) library before 7.3 reads ...)
{DSA-1399-1 DTSA-77-1}
- pcre3 7.3-1
-CVE-2007-1661
- RESERVED
+CVE-2007-1661 (Perl-Compatible Regular Expression (PCRE) library before 7.3 ...)
{DSA-1399-1 DTSA-77-1}
- pcre3 7.3-1
-CVE-2007-1660
- RESERVED
+CVE-2007-1660 (Perl-Compatible Regular Expression (PCRE) library before 7.3 does not ...)
{DSA-1399-1 DTSA-77-1}
- pcre3 7.3-1
-CVE-2007-1659
- RESERVED
+CVE-2007-1659 (Perl-Compatible Regular Expression (PCRE) library before 7.3 allows ...)
{DSA-1399-1 DTSA-77-1}
- pcre3 7.3-1
CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted ...)
More information about the Secure-testing-commits
mailing list