[Secure-testing-commits] r6808 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Fri Oct 5 21:14:08 UTC 2007 

Author: joeyh
Date: 2007-10-05 21:14:08 +0000 (Fri, 05 Oct 2007)
New Revision: 6808

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-05 20:13:03 UTC (rev 6807)
+++ data/CVE/list	2007-10-05 21:14:08 UTC (rev 6808)
@@ -1,3 +1,71 @@
+CVE-2007-5225 (Unspecified vulnerability in Named Pipes on Sun Solaris 8 through 10 ...)
+	TODO: check
+CVE-2007-5224 (inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows ...)
+	TODO: check
+CVE-2007-5223 (Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network ...)
+	TODO: check
+CVE-2007-5222 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) ...)
+	TODO: check
+CVE-2007-5221 (PHP remote file inclusion vulnerability in mail/childwindow.inc.php in ...)
+	TODO: check
+CVE-2007-5220 (SQL injection vulnerability in catalog.asp in ASP Product Catalog ...)
+	TODO: check
+CVE-2007-5219 (Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ...)
+	TODO: check
+CVE-2007-5218 (Cross-site scripting (XSS) vulnerability in index.php in Don Barnes ...)
+	TODO: check
+CVE-2007-5217 (Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in ...)
+	TODO: check
+CVE-2007-5216 (Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 ...)
+	TODO: check
+CVE-2007-5215 (Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle ...)
+	TODO: check
+CVE-2007-5214 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 ...)
+	TODO: check
+CVE-2007-5213 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...)
+	TODO: check
+CVE-2007-5212 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 ...)
+	TODO: check
+CVE-2007-5211 (Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks ...)
+	TODO: check
+CVE-2007-5210 (Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before ...)
+	TODO: check
+CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock ...)
+	TODO: check
+CVE-2007-5208
+	RESERVED
+CVE-2007-5206
+	RESERVED
+CVE-2007-5205
+	RESERVED
+CVE-2007-5204
+	RESERVED
+CVE-2007-5203
+	RESERVED
+CVE-2007-5202
+	RESERVED
+CVE-2007-5201 (The FTP backend for Duplicity sends the password as a command line ...)
+	TODO: check
+CVE-2007-5200
+	RESERVED
+CVE-2007-5199
+	RESERVED
+CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios ...)
+	TODO: check
+CVE-2007-5197
+	RESERVED
+CVE-2007-5196
+	RESERVED
+CVE-2007-5195
+	RESERVED
+CVE-2007-5194 (The Chroot server in rMake 1.0.11 creates a /dev/zero device file with ...)
+	TODO: check
+CVE-2007-5192
+	RESERVED
+CVE-2007-5191 (mount and umount in util-linux call the setuid and setgid functions in ...)
+	TODO: check
+CVE-2007-5190
+	RESERVED
 CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in x-script ...)
 	NOT-FOR-US: X-Script
 CVE-2007-5188 (Unspecified vulnerability in the XOOPS uploader class in Xoops ...)
@@ -32,9 +100,9 @@
 	NOT-FOR-US: actSite
 CVE-2007-5173 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: phpBB Openid
-CVE-2007-5207 [insecure handling of temporary files in guilt]
+CVE-2007-5207 (guilt 0.27 allows local users to overwrite arbitrary files via a ...)
 	- guilt <unfixed> (medium; bug #445308)
-CVE-2007-5193 [possible information disclosure because of unsecure temp file handling in twiki]
+CVE-2007-5193 (The default configuration for twiki 4.1.2 on Debian GNU/Linux, and ...)
 	- twiki <unfixed> (bug #444982; low)
 CVE-2007-5172 (Quicksilver Forums before 1.4.1 allows remote attackers to obtain ...)
 	NOT-FOR-US: Quicksilver Forums
@@ -235,8 +303,8 @@
 	RESERVED
 CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link gdm with ...)
 	- gdm <not-affected> (Red Hat-specific packaging flaw)
-CVE-2007-5078
-	RESERVED
+CVE-2007-5078 (Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager ...)
+	TODO: check
 CVE-2007-5077
 	RESERVED
 CVE-2007-5076
@@ -447,14 +515,18 @@
 CVE-2007-4989
 	RESERVED
 CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick ...)
+	{DTSA-63-1}
 	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
 	- graphicsmagick <unfixed> (medium; bug #444266)
 CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in ...)
+	{DTSA-63-1}
 	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
 CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow ...)
+	{DTSA-63-1}
 	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
 	- graphicsmagick <unfixed> (medium; bug #444266)
 CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to cause ...)
+	{DTSA-63-1}
 	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
 	- graphicsmagick <unfixed> (medium; bug #444266)
 CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com StylesDemo ...)
@@ -1146,8 +1218,8 @@
 	RESERVED
 CVE-2007-4674
 	RESERVED
-CVE-2007-4673
-	RESERVED
+CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP ...)
+	TODO: check
 CVE-2007-4672
 	RESERVED
 CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1 allows ...)
@@ -2374,9 +2446,9 @@
 	NOTE: https://issues.rpath.com/browse/RPL-1731
 CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before 1.5a84 ...)
 	- star 1.5a67-1.1 (bug #440100; low)
-CVE-2007-4133
-	RESERVED
+CVE-2007-4133 (The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions ...)
 	{DSA-1381-2}
+	TODO: check
 CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 ...)
 	NOT-FOR-US: Red Hat Satellite Server
 CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...)
@@ -4108,7 +4180,7 @@
 	- qt4-x11 4.3.0-5
 	NOTE: there is some dissagreement whether qt4 is affected
 CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function in ...)
-	{DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1 DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1}
+	{DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1 DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1 DTSA-62-1}
 	- poppler 0.5.4-6.1 (bug #435460)
 	- gpdf <removed>
 	- xpdf 3.02-1.1 (bug #435462)
@@ -14601,7 +14673,7 @@
 	NOT-FOR-US: i-Gallery
 CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...)
 	NOT-FOR-US: my little weblog
-CVE-2006-6086 (PHP remote file inclusion vulnerability in ark_inc.php in e-Ark 1.0 ...)
+CVE-2006-6086 (PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark ...)
 	NOT-FOR-US: e-Ark
 CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same permissions ...)
 	- kile 1:1.9.3-1 (low)

More information about the Secure-testing-commits mailing list