[Secure-testing-commits] r6917 - data/CVE

Fri Oct 12 15:25:12 UTC 2007

Author: nion
Date: 2007-10-12 15:25:12 +0000 (Fri, 12 Oct 2007)
New Revision: 6917

Modified:
   data/CVE/list
Log:
new issue: CVE-2007-5372 sql-ledger
NFU
new issue: CVE-2007-4992 firebird1.5
CVE-2007-4992 firebird2.0 fixed in 2.0.3.12981.ds1-1


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2007-10-12 12:54:19 UTC (rev 6916)
+++ data/CVE/list	2007-10-12 15:25:12 UTC (rev 6917)
@@ -5,7 +5,7 @@
 CVE-2007-5373 (ldapscripts 1.4 and 1.7 sends a password as a command line argument ...)
 	- ldapscripts <unfixed> (bug #445582; medium)
 CVE-2007-5372 (Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...)
-	TODO: check
+	- sql-ledger <unfixed> (low; bug #446366)
 CVE-2007-5371 (Multiple SQL injection vulnerabilities in mutate_content.dynamic.php ...)
 	NOT-FOR-US: MODx
 CVE-2007-5370 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -583,7 +583,7 @@
 CVE-2007-5170 (Unspecified vulnerability in the embedded service processor (SP) ...)
 	NOT-FOR-US: Sun Fire
 CVE-2007-5169 (Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and ...)
-	TODO: check
+	NOT-FOR-US: Adobe PageMaker
 CVE-2007-5168 (Multiple PHP remote file inclusion vulnerabilities in ClanLite ...)
 	NOT-FOR-US: Clan lite
 CVE-2007-5167 (PHP remote file inclusion vulnerability in .systeme/fonctions.php in ...)
@@ -983,7 +983,8 @@
 	- xen-3 <unfixed> (medium; bug #444430)
 	- xen-3.0 <removed>
 CVE-2007-4992 (Stack-based buffer overflow in the process_packet function in ...)
-	TODO: check
+	- firebird1.5 <unfixed> (medium; bug #446373)
+	- firebird2.0 2.0.3.12981.ds1-1 (medium)
 CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) ...)
 	NOT-FOR-US: Microsoft Internet Security and Acceleration
 CVE-2007-4990 (The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 ...)


