[Secure-testing-commits] r6759 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Mon Oct 1 23:48:40 UTC 2007
Author: nion
Date: 2007-10-01 23:48:40 +0000 (Mon, 01 Oct 2007)
New Revision: 6759
Modified:
data/CVE/list
Log:
NFUs
new issue: CVE-2007-5162 (ruby1.8)
new issue: CVE-2007-5156 (knowledgeroot)
CVE-2007-5137 fixed in tcl8.4 8.4.16-1
removed notes for rejected entries because pre-commit hooks prevent them
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-01 21:14:07 UTC (rev 6758)
+++ data/CVE/list 2007-10-01 23:48:40 UTC (rev 6759)
@@ -1,98 +1,101 @@
CVE-2007-5169
RESERVED
CVE-2007-5168 (Multiple PHP remote file inclusion vulnerabilities in ClanLite ...)
- TODO: check
+ NOT-FOR-US: Clan lite
CVE-2007-5167 (PHP remote file inclusion vulnerability in .systeme/fonctions.php in ...)
- TODO: check
+ NOT-FOR-US: phpLister
CVE-2007-5166 (Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a ...)
- TODO: check
+ NOT-FOR-US: SiteSys
CVE-2007-5165 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: myIpacNG-stats
CVE-2007-5164 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: UniversiBO
CVE-2007-5163 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: nexty
CVE-2007-5162 (The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) ...)
- TODO: check
+ - ruby1.9 <not-affected> (Vulnerable code no longer present)
+ - ruby1.8 <unfixed> (low; bug #444929)
+ NOTE: fix for 1.8 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504
CVE-2007-5161 (Cross-site scripting (XSS) vulnerability in the internal browser in ...)
- TODO: check
+ NOT-FOR-US: Feedreader 3
+ NOTE: editor not included in native wordpress
CVE-2007-5160 (Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche ...)
- TODO: check
+ NOT-FOR-US: Thierry Leriche Restaurant Management System
CVE-2007-5159 (The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g ...)
- TODO: check
+ - ntfs-3g <not-affected> (/sbin/mount.ntfs-3g is installed for group and user root)
CVE-2007-5158 (The focus handling for the onkeydown event in Microsoft Internet ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5157 (PHP remote file inclusion vulnerability in phfito-post.php in Alex ...)
- TODO: check
+ NOT-FOR-US: PHP Fidonet Tosser
CVE-2007-5156 (Incomplete blacklist vulnerability in ...)
- TODO: check
+ - knowledgeroot <unfixed> (medium; bug #444928)
CVE-2007-5155 (IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect ...)
- TODO: check
+ NOT-FOR-US: ICEOWS
CVE-2007-5154 (Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and ...)
- TODO: check
+ NOT-FOR-US: Aipo
CVE-2007-5153 (Unspecified vulnerability in Sun Java System Access Manager 7.1, when ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Access Manager
CVE-2007-5152 (Sun Java System Access Manager 7.1, when installed in a Sun Java ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Access Manager
CVE-2007-5151 (SQL injection vulnerability in the abget_admin function in ...)
- TODO: check
+ NOT-FOR-US: NukeSentinel
CVE-2007-5150 (SQL injection vulnerability in the is_god function in ...)
- TODO: check
+ NOT-FOR-US: NukeSentinel
CVE-2007-5149 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: North Country Public Radio Public Media Manager
CVE-2007-5148 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: FrontAccounting
CVE-2007-5147 (Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS ...)
- TODO: check
+ NOT-FOR-US: Puzzle Apps CMS
CVE-2007-5146 (Multiple PHP remote file inclusion vulnerabilities in dedi-group Der ...)
- TODO: check
+ NOT-FOR-US: Der Dirigent
CVE-2007-5145 (Multiple buffer overflows in system DLL files in Microsoft Windows XP, ...)
- TODO: check
+ NOT-FOR-US: Windows XP
CVE-2007-5144 (Buffer overflow in the GDI engine in Windows Live Messenger, as used ...)
- TODO: check
+ NOT-FOR-US: Windows Live Messenger
CVE-2007-5143 (F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows ...)
- TODO: check
+ NOT-FOR-US: Anti-Virus for Windows Servers
CVE-2007-5142 (Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb ...)
- TODO: check
+ NOT-FOR-US: Solidweb Novus
CVE-2007-5141 (SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta ...)
- TODO: check
+ NOT-FOR-US: SiteX
CVE-2007-5140 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: IntegraMOD Nederland
CVE-2007-5139 (PHP remote file inclusion vulnerability in admin/include/header.php in ...)
- TODO: check
+ NOT-FOR-US: Chupix
CVE-2007-5138 (PHP remote file inclusion vulnerability in forum/forum.php in ...)
- TODO: check
+ NOT-FOR-US: lustig.cms
CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl ...)
- TODO: check
+ - tcl8.4 8.4.16-1
+ TODO: check tcl8.3
CVE-2007-5136 (Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier ...)
- TODO: check
+ NOT-FOR-US: DFD Cart
CVE-2007-5134 (Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP ...)
- TODO: check
+ NOT-FOR-US: Cisco firmware
CVE-2007-5133 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Explorer
CVE-2007-5132 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2007-5131 (SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x ...)
- TODO: check
+ NOT-FOR-US: ActiveKB
CVE-2007-5130 (SimpGB 1.46.02 allows remote attackers to obtain sensitive information ...)
- TODO: check
+ NOT-FOR-US: SimpGB
CVE-2007-5129 (SimpGB 1.46.02 stores sensitive information under the web root with ...)
- TODO: check
+ NOT-FOR-US: SimpGB
CVE-2007-5128 (SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows ...)
- TODO: check
+ NOT-FOR-US: SimpNews
CVE-2007-5127 (Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 ...)
- TODO: check
+ NOT-FOR-US: SimpGB
CVE-2007-5126 (Unspecified vulnerability in the client in Symantec Veritas Backup ...)
- TODO: check
+ NOT-FOR-US: Symantec Veritas Backup Exec
CVE-2007-5125
REJECTED
- TODO: check
CVE-2007-5124 (The embedded Internet Explorer server control in AOL Instant Messenger ...)
- TODO: check
+ NOT-FOR-US: AOL Messenger
CVE-2007-5123 (SQL injection vulnerability in notas.asp in Novus 1.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: Solidweb Novus
CVE-2007-5122 (SQL injection vulnerability in store_info.php in SoftBiz Classifieds ...)
- TODO: check
+ NOT-FOR-US: SoftBiz Classifieds PLUS
CVE-2007-5121 (Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta ...)
TODO: check
CVE-2007-5120 (Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 ...)
@@ -100,13 +103,13 @@
CVE-2007-5119 (JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain ...)
TODO: check
CVE-2007-5118 (Unspecified vulnerability in the HID (Human Interface Device) class ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in FrontAccounting ...)
- TODO: check
+ NOT-FOR-US: FrontAccounting
CVE-2007-5116
RESERVED
CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 ...)
- TODO: check
+ NOT-FOR-US: Php-Nuke
CVE-2007-5135 (Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL ...)
- openssl 0.9.8e-9 (high; bug #444435)
NOTE: see https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/146269
@@ -249,21 +252,6 @@
NOT-FOR-US: Neuron News
CVE-2007-5049
REJECTED
- {DTSA-62-1}
- - poppler 0.5.4-6.2 (medium; bug #443903)
- - gpdf <removed>
- - xpdf 3.02-1.2 (medium; bug #443906)
- - kdegraphics 4:3.5.7-4 (medium; bug #444015)
- - koffice 1:1.6.3-3 (medium; bug #444014)
- - pdftohtml <removed>
- - tetex-bin 3.0-12
- NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
- - cupsys <not-affected> (unimportant; bug #436099)
- NOTE: cups uses xpdf-utils
- - pdfkit.framework 0.8-4
- NOTE: links to poppler since 0.8-4, thus marking as fixed
- - libextractor 0.5.12-1
- NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote ...)
NOT-FOR-US: lhaplus
CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly validate ...)
@@ -2518,7 +2506,6 @@
NOT-FOR-US: ADempiere Bazaar
CVE-2007-4049
REJECTED
- NOTE: Rediscovery / dupe of CVE-2000-1205
CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...)
{DTSA-58-1}
- phpsysinfo 2.5.1-6.1 (low; bug #435935)
@@ -2532,8 +2519,6 @@
- cupsys <not-affected> (SuSE-specific regression)
CVE-2007-4044
REJECTED
- NOTE: samba <not-affected> (SuSE-specific regression)
- NOTE: I've contacted SuSE: It's a functional regression in SuSE, not a security problem
CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...)
NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape Navigator 9 ...)
@@ -2593,7 +2578,6 @@
REJECTED
CVE-2007-5645
REJECTED
- NOTE: duplicate of CVE-2006-5645
CVE-2007-4018 (Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows ...)
NOT-FOR-US: Citrix
CVE-2007-4017 (Cross-site request forgery (CSRF) vulnerability in the web-based ...)
More information about the Secure-testing-commits
mailing list