[Secure-testing-commits] r7366 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Wed Nov 21 12:00:11 UTC 2007
Author: nion
Date: 2007-11-21 12:00:09 +0000 (Wed, 21 Nov 2007)
New Revision: 7366
Modified:
data/CVE/list
Log:
NFUs
CVE-2007-6025 fixed in wpasupplicant 0.6.0-4
new issue: CVE-2007-6013(wordpress)
new issue: CVE-2007-5500(linux-2.6)
add note for CVE-2007-6029(clamav)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-11-20 23:37:49 UTC (rev 7365)
+++ data/CVE/list 2007-11-21 12:00:09 UTC (rev 7366)
@@ -1,9 +1,9 @@
CVE-2007-6038 (PHP remote file inclusion vulnerability in xajax_functions.php in the ...)
- TODO: check
+ NOT-FOR-US: Joomla! extension
CVE-2007-6037 (Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in ...)
NOT-FOR-US: Citrix NetScaler
CVE-2007-6036 (The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 ...)
- TODO: check
+ NOT-FOR-US: LIVE555 Media Server
CVE-2007-6034 (ngIRCd before 0.10.3 allows remote attackers to cause a denial of ...)
- ngircd 0.10.3-1
[etch] - ngircd <no-dsa> (Minor issue)
@@ -17,14 +17,15 @@
NOT-FOR-US: Weird Solutions BOOTPTurbo
CVE-2007-6029 (Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote ...)
TODO: check
+ NOTE: this is an undisclosed vulnerability which is up for sale :/
CVE-2007-6028 (Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ...)
NOT-FOR-US: ComponentOne FlexGrid
CVE-2007-6027 (PHP remote file inclusion vulnerability in admin.jjgallery.php in the ...)
- TODO: check
+ NOT-FOR-US: Joomla! extension
CVE-2007-6026 (Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka ...)
NOT-FOR-US: Microsoft Jet Engine
CVE-2007-6025 (Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 ...)
- TODO: check
+ - wpasupplicant 0.6.0-4
CVE-2007-6024
RESERVED
CVE-2007-6023
@@ -48,13 +49,15 @@
CVE-2007-6014
RESERVED
CVE-2007-6013 (Wordpress 1.5 to 2.3.1 uses cookie values based on the MD5 hash of a ...)
- TODO: check
+ - wordpress <unfixed> (low; bug #452251)
+ NOTE: if untrusted people are allowed to read the database they could still
+ NOTE: crack the hash with more work, so maybe this is unimportant?
CVE-2007-6012 (SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 allows ...)
NOT-FOR-US: DocuSafe
CVE-2004-2757 (Cross-site scripting (XSS) vulnerability in the failed login page in ...)
- TODO: check
+ NOT-FOR-US: Novell iChain
CVE-2004-2756 (Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops ...)
- TODO: check
+ NOT-FOR-US: Xoops
CVE-2002-2426 (Cross-site request forgery (CSRF) vulnerability in Citrix Presentation ...)
TODO: check
CVE-2007-6035 (SQL injection vulnerability in Cacti before 0.8.7a allows remote ...)
@@ -1857,7 +1860,8 @@
[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.21)
NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96a2d41a3e495734b63bff4e5dd0112741b93b38
CVE-2007-5500 (The wait_task_stopped function in the Linux kernel before 2.6.23.8 ...)
- TODO: check
+ - linux-2.6 <unfixed>
+ NOTE: kernel-sec is already tracking this
CVE-2007-5499
RESERVED
CVE-2007-5498
More information about the Secure-testing-commits
mailing list