[Secure-testing-commits] r6882 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Tue Oct 9 22:09:23 UTC 2007
Author: nion
Date: 2007-10-09 22:09:23 +0000 (Tue, 09 Oct 2007)
New Revision: 6882
Modified:
data/CVE/list
Log:
NFUs
CVE-2007-5270 drupal not-affected
CVE-2007-526[6-9] libpng not-affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-09 21:53:27 UTC (rev 6881)
+++ data/CVE/list 2007-10-09 22:09:23 UTC (rev 6882)
@@ -38,49 +38,55 @@
CVE-2007-5272 (SQL injection vulnerability in kategori.asp in Furkan Tastan Blog ...)
NOT-FOR-US: Furkan Tastan Blog
CVE-2007-5271 (Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS ...)
- TODO: check
+ NOT-FOR-US: Trionic Cite CMS
CVE-2007-5270 (Unspecified vulnerability in the Boost module before 4.7.x-1.0, and ...)
- TODO: check
+ - drupal <not-affected> (does not ship this module)
CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 ...)
- TODO: check
+ - libpng <not-affected> (vulnerable code not present in Debian version)
CVE-2007-5268 (pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) ...)
- TODO: check
+ - libpng <not-affected> (vulnerable code not present in Debian version)
CVE-2007-5267 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP ...)
- TODO: check
+ - libpng <not-affected> (vulnerable code not present)
+ NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
+ NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
+ NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
CVE-2007-5266 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP ...)
- TODO: check
+ - libpng <not-affected> (vulnerable code not present)
+ NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
+ NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
+ NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
CVE-2007-5265 (Multiple format string vulnerabilities in websrv.cpp in Dawn of Time ...)
- TODO: check
+ NOT-FOR-US: Dawn of Time
CVE-2007-5264 (Battlefront Dropteam 1.3.3 and earlier sends the client's online ...)
- TODO: check
+ NOT-FOR-US: Battlefront
CVE-2007-5263 (Multiple buffer overflows in Battlefront Dropteam 1.3.3 and earlier ...)
- TODO: check
+ NOT-FOR-US: Battlefront
CVE-2007-5262 (Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 ...)
- TODO: check
+ NOT-FOR-US: Battlefront
CVE-2004-2744 (Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has ...)
- TODO: check
+ NOT-FOR-US: Tincan Limited PHPlist
CVE-2004-2743 (upload.cgi in Mega Upload Progress Bar before 1.45 allows remote ...)
- TODO: check
+ NOT-FOR-US: Mega Upload Progress Bar
CVE-2004-2742 (Cross-site scripting (XSS) vulnerability in the report viewer in ...)
- TODO: check
+ NOT-FOR-US: Crystal Enterprise
CVE-2004-2741 (Cross-site scripting (XSS) vulnerability in the "help window" ...)
- TODO: check
+ - horde2 <removed>
CVE-2004-2740 (PHP remote file inclusion vulnerability in authform.inc.php in ...)
- TODO: check
+ NOT-FOR-US: PHProjekt
CVE-2004-2739 (The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: PHProjekt
CVE-2004-2738 (Cross-site scripting (XSS) vulnerability in check_user_id.php in ...)
- TODO: check
+ NOT-FOR-US: Zero board
CVE-2004-2737 (SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk ...)
- TODO: check
+ NOT-FOR-US: NetSupport DNA HelpDesk
CVE-2004-2736 (Polar HelpDesk 3.0 allows remote attackers to bypass authentication by ...)
- TODO: check
+ NOT-FOR-US: Polar HelpDesk
CVE-2004-2735 (Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier ...)
- TODO: check
+ NOT-FOR-US: P4DB
CVE-2004-2734 (webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses ...)
- TODO: check
+ NOT-FOR-US: Novell NetWare
CVE-2004-2733 (Web Wiz Forums 7.7a uses invalid logic to determine user privileges, ...)
- TODO: check
+ NOT-FOR-US: Web Wiz Forums
CVE-2004-2732 (nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain ...)
TODO: check
CVE-2004-2731 (Multiple integer overflows in Sbus PROM driver ...)
@@ -95,11 +101,6 @@
TODO: check
CVE-2004-2726 (HTTPMail service in MailEnable Professional 1.18 does not properly ...)
TODO: check
-CVE-2007-XXXX
- - libpng <not-affected> (vulnerable code not present)
- NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
- NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
- NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
CVE-2007-5261 (Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote ...)
NOT-FOR-US: MultiCart
CVE-2007-5260 (ASP-CMS 1.0 stores sensitive information under the web root with ...)
More information about the Secure-testing-commits
mailing list