[Secure-testing-commits] r6759 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Mon Oct 1 23:48:40 UTC 2007 

Author: nion
Date: 2007-10-01 23:48:40 +0000 (Mon, 01 Oct 2007)
New Revision: 6759

Modified:
   data/CVE/list
Log:
NFUs
new issue: CVE-2007-5162 (ruby1.8)
new issue: CVE-2007-5156 (knowledgeroot)
CVE-2007-5137 fixed in tcl8.4 8.4.16-1
removed notes for rejected entries because pre-commit hooks prevent them


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-01 21:14:07 UTC (rev 6758)
+++ data/CVE/list	2007-10-01 23:48:40 UTC (rev 6759)
@@ -1,98 +1,101 @@
 CVE-2007-5169
 	RESERVED
 CVE-2007-5168 (Multiple PHP remote file inclusion vulnerabilities in ClanLite ...)
-	TODO: check
+	NOT-FOR-US: Clan lite
 CVE-2007-5167 (PHP remote file inclusion vulnerability in .systeme/fonctions.php in ...)
-	TODO: check
+	NOT-FOR-US: phpLister
 CVE-2007-5166 (Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a ...)
-	TODO: check
+	NOT-FOR-US: SiteSys
 CVE-2007-5165 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: myIpacNG-stats
 CVE-2007-5164 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: UniversiBO
 CVE-2007-5163 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: nexty
 CVE-2007-5162 (The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) ...)
-	TODO: check
+	- ruby1.9 <not-affected> (Vulnerable code no longer present)
+	- ruby1.8 <unfixed> (low; bug #444929)
+	NOTE: fix for 1.8 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504
 CVE-2007-5161 (Cross-site scripting (XSS) vulnerability in the internal browser in ...)
-	TODO: check
+	NOT-FOR-US: Feedreader 3
+	NOTE: editor not included in native wordpress
 CVE-2007-5160 (Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche ...)
-	TODO: check
+	NOT-FOR-US: Thierry Leriche Restaurant Management System
 CVE-2007-5159 (The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g ...)
-	TODO: check
+	- ntfs-3g <not-affected> (/sbin/mount.ntfs-3g  is installed for group and user root)
 CVE-2007-5158 (The focus handling for the onkeydown event in Microsoft Internet ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-5157 (PHP remote file inclusion vulnerability in phfito-post.php in Alex ...)
-	TODO: check
+	NOT-FOR-US: PHP Fidonet Tosser
 CVE-2007-5156 (Incomplete blacklist vulnerability in ...)
-	TODO: check
+	- knowledgeroot <unfixed> (medium; bug #444928)
 CVE-2007-5155 (IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect ...)
-	TODO: check
+	NOT-FOR-US: ICEOWS
 CVE-2007-5154 (Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and ...)
-	TODO: check
+	NOT-FOR-US: Aipo
 CVE-2007-5153 (Unspecified vulnerability in Sun Java System Access Manager 7.1, when ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Access Manager
 CVE-2007-5152 (Sun Java System Access Manager 7.1, when installed in a Sun Java ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Access Manager
 CVE-2007-5151 (SQL injection vulnerability in the abget_admin function in ...)
-	TODO: check
+	NOT-FOR-US: NukeSentinel
 CVE-2007-5150 (SQL injection vulnerability in the is_god function in ...)
-	TODO: check
+	NOT-FOR-US: NukeSentinel
 CVE-2007-5149 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: North Country Public Radio Public Media Manager
 CVE-2007-5148 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: FrontAccounting
 CVE-2007-5147 (Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS ...)
-	TODO: check
+	NOT-FOR-US: Puzzle Apps CMS
 CVE-2007-5146 (Multiple PHP remote file inclusion vulnerabilities in dedi-group Der ...)
-	TODO: check
+	NOT-FOR-US: Der Dirigent
 CVE-2007-5145 (Multiple buffer overflows in system DLL files in Microsoft Windows XP, ...)
-	TODO: check
+	NOT-FOR-US: Windows XP
 CVE-2007-5144 (Buffer overflow in the GDI engine in Windows Live Messenger, as used ...)
-	TODO: check
+	NOT-FOR-US: Windows Live Messenger
 CVE-2007-5143 (F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows ...)
-	TODO: check
+	NOT-FOR-US: Anti-Virus for Windows Servers
 CVE-2007-5142 (Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb ...)
-	TODO: check
+	NOT-FOR-US: Solidweb Novus
 CVE-2007-5141 (SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta ...)
-	TODO: check
+	NOT-FOR-US: SiteX
 CVE-2007-5140 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: IntegraMOD Nederland
 CVE-2007-5139 (PHP remote file inclusion vulnerability in admin/include/header.php in ...)
-	TODO: check
+	NOT-FOR-US: Chupix
 CVE-2007-5138 (PHP remote file inclusion vulnerability in forum/forum.php in ...)
-	TODO: check
+	NOT-FOR-US: lustig.cms
 CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl ...)
-	TODO: check
+	- tcl8.4 8.4.16-1
+	TODO: check tcl8.3
 CVE-2007-5136 (Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier ...)
-	TODO: check
+	NOT-FOR-US: DFD Cart
 CVE-2007-5134 (Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP ...)
-	TODO: check
+	NOT-FOR-US: Cisco firmware
 CVE-2007-5133 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Explorer
 CVE-2007-5132 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2007-5131 (SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x ...)
-	TODO: check
+	NOT-FOR-US: ActiveKB
 CVE-2007-5130 (SimpGB 1.46.02 allows remote attackers to obtain sensitive information ...)
-	TODO: check
+	NOT-FOR-US: SimpGB
 CVE-2007-5129 (SimpGB 1.46.02 stores sensitive information under the web root with ...)
-	TODO: check
+	NOT-FOR-US: SimpGB
 CVE-2007-5128 (SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows ...)
-	TODO: check
+	NOT-FOR-US: SimpNews
 CVE-2007-5127 (Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 ...)
-	TODO: check
+	NOT-FOR-US: SimpGB
 CVE-2007-5126 (Unspecified vulnerability in the client in Symantec Veritas Backup ...)
-	TODO: check
+	NOT-FOR-US: Symantec Veritas Backup Exec
 CVE-2007-5125
 	REJECTED
-	TODO: check
 CVE-2007-5124 (The embedded Internet Explorer server control in AOL Instant Messenger ...)
-	TODO: check
+	NOT-FOR-US: AOL Messenger
 CVE-2007-5123 (SQL injection vulnerability in notas.asp in Novus 1.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Solidweb Novus
 CVE-2007-5122 (SQL injection vulnerability in store_info.php in SoftBiz Classifieds ...)
-	TODO: check
+	NOT-FOR-US: SoftBiz Classifieds PLUS
 CVE-2007-5121 (Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta ...)
 	TODO: check
 CVE-2007-5120 (Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 ...)
@@ -100,13 +103,13 @@
 CVE-2007-5119 (JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain ...)
 	TODO: check
 CVE-2007-5118 (Unspecified vulnerability in the HID (Human Interface Device) class ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in FrontAccounting ...)
-	TODO: check
+	NOT-FOR-US: FrontAccounting
 CVE-2007-5116
 	RESERVED
 CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 ...)
-	TODO: check
+	NOT-FOR-US: Php-Nuke
 CVE-2007-5135 (Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL ...)
 	- openssl 0.9.8e-9 (high; bug #444435)
 	NOTE: see https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/146269
@@ -249,21 +252,6 @@
 	NOT-FOR-US: Neuron News
 CVE-2007-5049
 	REJECTED
-	{DTSA-62-1}
-	- poppler 0.5.4-6.2 (medium; bug #443903)
-	- gpdf <removed>
-	- xpdf 3.02-1.2 (medium; bug #443906)
-	- kdegraphics 4:3.5.7-4 (medium; bug #444015)
-	- koffice 1:1.6.3-3 (medium; bug #444014)
-	- pdftohtml <removed>
-	- tetex-bin 3.0-12
-	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
-	- cupsys <not-affected> (unimportant; bug #436099)
-	NOTE: cups uses xpdf-utils
-	- pdfkit.framework 0.8-4
-	NOTE: links to poppler since 0.8-4, thus marking as fixed
-	- libextractor 0.5.12-1
-	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
 CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote ...)
 	NOT-FOR-US: lhaplus
 CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly validate ...)
@@ -2518,7 +2506,6 @@
 	NOT-FOR-US: ADempiere Bazaar
 CVE-2007-4049
 	REJECTED
-	NOTE: Rediscovery / dupe of CVE-2000-1205
 CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...)
 	{DTSA-58-1}
 	- phpsysinfo 2.5.1-6.1 (low; bug #435935)
@@ -2532,8 +2519,6 @@
 	- cupsys <not-affected> (SuSE-specific regression)
 CVE-2007-4044
 	REJECTED
-	NOTE: samba <not-affected> (SuSE-specific regression)
-	NOTE: I've contacted SuSE: It's a functional regression in SuSE, not a security problem
 CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...)
 	NOT-FOR-US: Secure Computing SecurityReporter
 CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape Navigator 9 ...)
@@ -2593,7 +2578,6 @@
 	REJECTED
 CVE-2007-5645
 	REJECTED
-	NOTE: duplicate of CVE-2006-5645
 CVE-2007-4018 (Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows ...)
 	NOT-FOR-US: Citrix
 CVE-2007-4017 (Cross-site request forgery (CSRF) vulnerability in the web-based ...)

More information about the Secure-testing-commits mailing list