[Secure-testing-commits] r6486 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Mon Sep 3 23:10:39 UTC 2007
Author: jmm-guest
Date: 2007-09-03 23:10:38 +0000 (Mon, 03 Sep 2007)
New Revision: 6486
Modified:
data/CVE/list
Log:
php, mozilla non-issues
po4a no-dsa
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-09-03 21:56:41 UTC (rev 6485)
+++ data/CVE/list 2007-09-03 23:10:38 UTC (rev 6486)
@@ -75,11 +75,12 @@
CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...)
NOT-FOR-US: SunShop Shopping Cart
CVE-2007-4596 (The perl extension in PHP does not follow safe_mode restrictions, ...)
- TODO: check
+ - php5 <unfixed> (unimportant)
+ NOTE: Safe mode violations not treated as vulnerabilities
CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows ...)
TODO: check
CVE-2007-4594 (Entrust Entelligence Security Provider (ESP) 8 does not properly ...)
- TODO: check
+ NOT-FOR-US: Entrust Entelligence Security Provider
CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 ...)
NOT-FOR-US: VMWare Workstation
CVE-2007-4592
@@ -276,7 +277,7 @@
CVE-2007-4508 (Stack-based buffer overflow in Rebellion Asura engine, as used for the ...)
NOT-FOR-US: Rebellion Asura engine
CVE-2007-4507 (Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 ...)
- TODO: check
+ NOT-FOR-US: External PHP component only relevant for Windows
CVE-2007-4506 (SQL injection vulnerability in index.php in the NeoRecruit component ...)
NOT-FOR-US: NeoRecruit component for Joomla!
CVE-2007-4505 (SQL injection vulnerability in index.php in the RemoSitory component ...)
@@ -292,25 +293,25 @@
CVE-2007-4500 (Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 ...)
NOT-FOR-US: SSHKeychain
CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American ...)
- TODO: check
+ NOT-FOR-US: American Financing eMail Image Upload
CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...)
NOT-FOR-US: Grandstream SIP Phone
-CVE-2007-4497
+3BCVE-2007-4497
RESERVED
CVE-2007-4496
RESERVED
CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before ...)
TODO: check
CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check ...)
TODO: check
CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in Sun ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows ...)
TODO: check
CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ...)
- TODO: check
+ NOT-FOR-US: Trend Micro
CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...)
TODO: check
CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the Siemens ...)
@@ -356,7 +357,7 @@
CVE-2007-4468
RESERVED
CVE-2007-4467 (Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2007-4466
RESERVED
CVE-2006-7222 (Buffer overflow in the CFLICStream::_deltachunk function in ...)
@@ -373,6 +374,7 @@
NOT-FOR-US: Total Commander
CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to ...)
- po4a 0.31-1 (bug #439226)
+ [etch] - po4a <no-dsa> (Minor issue)
CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote ...)
- nufw 2.2.4-1 (bug #439227)
[etch] - nufw <not-affected>
@@ -469,7 +471,7 @@
CVE-2007-4417 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not ...)
NOT-FOR-US: IBM DB2
CVE-2007-4416 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: BellaBook
CVE-2007-4415 (Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 ...)
NOT-FOR-US: Cisco VPN client/windows
CVE-2007-4414 (Cisco VPN Client on Windows before 4.8.02.0010 allows local users to ...)
@@ -541,7 +543,7 @@
CVE-2007-4384 (Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in ...)
NOT-FOR-US: Stephane Pineau VOTE
CVE-2007-4383 (** DISPUTED ** ...)
- TODO: check
+ NOT-FOR-US: Trackeur
CVE-2007-4382 (CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote ...)
TODO: check
CVE-2007-4381 (Unspecified vulnerability in the font parsing implementation in Sun ...)
@@ -610,10 +612,10 @@
CVE-2007-4358 (Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of ...)
NOT-FOR-US: Zoidcom
CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof ...)
- - mozilla-firefox <removed>
- - mozilla <removed>
- - iceweasel <unfixed>
- - iceape <unfixed>
+ - mozilla-firefox <removed> (unimportant)
+ - mozilla <removed> (unimportant)
+ - iceweasel <unfixed> (unimportant)
+ - iceape <unfixed> (unimportant)
CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4355 (Buffer overflow in the at program on IBM AIX 5.3 allows local users to ...)
@@ -904,9 +906,9 @@
CVE-2007-4222
RESERVED
CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for ...)
- TODO: check
+ NOT-FOR-US: Motorola Timbuktu
CVE-2007-4220 (Directory traversal vulnerability in Motorola Timbuktu Pro before ...)
- TODO: check
+ NOT-FOR-US: Motorola Timbuktu
CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as ...)
TODO: check
CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) ...)
@@ -1088,7 +1090,7 @@
CVE-2007-4133
RESERVED
CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 ...)
- TODO: check
+ NOT-FOR-US: Red Hat Satellite Server
CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...)
- tar <unfixed> (high; bug #439335)
CVE-2007-4130
More information about the Secure-testing-commits
mailing list