[Secure-testing-commits] r6984 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Tue Oct 16 20:42:32 UTC 2007
Author: nion
Date: 2007-10-16 20:42:31 +0000 (Tue, 16 Oct 2007)
New Revision: 6984
Modified:
data/CVE/list
Log:
CVE-2007-5423 tikiwiki removed
CVE-2003-1352 gabber fixed in 0.8.8-1, gabber2 not-affected
NFUs
CVE-2007-5414 fixed in iceweasel 2.0+dfsg-1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-16 16:21:17 UTC (rev 6983)
+++ data/CVE/list 2007-10-16 20:42:31 UTC (rev 6984)
@@ -72,12 +72,12 @@
CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to ...)
TODO: check
CVE-2007-5423 (Eval injection vulnerability in tiki-graph_formula.php in TikiWiki ...)
- TODO: check
+ - tikiwiki <removed>
CVE-2007-5422 (Unspecified vulnerability in "Solaris Auditing" in the Basic Security ...)
NOT-FOR-US: Solaris Auditing
CVE-2007-5421
REJECTED
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-5420 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote ...)
NOT-FOR-US: 3Com 3CRWER100-75
CVE-2007-5419 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an ...)
@@ -91,22 +91,23 @@
- drupal <unfixed> (medium)
CVE-2007-5415 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when ...)
TODO: check
+ NOTE: can not reproduce any of the PoC urls in unstable version, anyone knows more?
CVE-2007-5414 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
- TODO: check
+ - iceweasel 2.0+dfsg-1
CVE-2007-5413
RESERVED
CVE-2007-5412 (Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 ...)
- TODO: check
+ NOT-FOR-US: Joomla! extension
CVE-2007-5411 (Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP ...)
NOT-FOR-US: Linksys
CVE-2007-5410 (PHP remote file inclusion vulnerability in admin.wmtrssreader.php in ...)
- TODO: check
+ NOT-FOR-US: Joomla! extension
CVE-2007-5409 (PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in ...)
NOT-FOR-US: NuSEO
CVE-2007-5408 (SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows ...)
NOT-FOR-US: cpDynaLinks
CVE-2007-5407 (Multiple PHP remote file inclusion vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Joomla! extension
CVE-2007-5406
RESERVED
CVE-2007-5405
@@ -148,7 +149,8 @@
CVE-2003-1353 (Multiple cross-site scripting (XSS) vulnerabilities in Outreach ...)
NOT-FOR-US: Outreach
CVE-2003-1352 (Gabber 0.8.7 sends an email to a specific address during user login ...)
- TODO: check
+ - gabber 0.8.8-1
+ - gabber2 <not-affected> (No code to send data to update at jabber.org)
CVE-2003-1351 (Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows ...)
NOT-FOR-US: EditTag
CVE-2003-1350 (List Site Pro 2.0 allows remote attackers to hijack user accounts by ...)
@@ -174,9 +176,10 @@
CVE-2002-2258 (Moby NetSuite allows remote attackers to cause a denial of service ...)
NOT-FOR-US: Moby NetSuite
CVE-2002-2257 (Stack-based buffer overflow in the parse_field function in cgi_lib.c ...)
- TODO: check
+ NOT-FOR-US: libcgi
+ NOTE: this is another libcgi than the one we ship
CVE-2002-2256 (Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier ...)
- TODO: check
+ NOT-FOR-US: pWins
CVE-2002-2255 (Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 ...)
TODO: check
CVE-2002-2254 (The experimental IP packet queuing feature in Netfilter / IPTables in ...)
More information about the Secure-testing-commits
mailing list