[Secure-testing-commits] r6551 - data/CVE

thijs at alioth.debian.org thijs at alioth.debian.org
Sun Sep 9 14:32:21 UTC 2007 

Author: thijs
Date: 2007-09-09 14:32:21 +0000 (Sun, 09 Sep 2007)
New Revision: 6551

Modified:
   data/CVE/list
Log:
many firebird vulnerabilities
reprepro does not affect sarge
filed bug for gallery2 sarge/etch
backup-manager
some NFU's


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-09-09 13:08:27 UTC (rev 6550)
+++ data/CVE/list	2007-09-09 14:32:21 UTC (rev 6551)
@@ -25,6 +25,7 @@
 CVE-2007-4739 (reprepro 1.3.0 through 2.2.3 does not properly verify signatures when ...)
 	- reprepro 2.2.4-1 (high; bug #440535)
 	NOTE: patch for etch in the BTS
+	[sarge] - reprepro <not-affected> (Vulnerable code introduced in 1.3.0)
 CVE-2007-4738 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP ...)
 	NOT-FOR-US: SpeedTech PHP Library
 CVE-2007-4737 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP ...)
@@ -174,17 +175,29 @@
 CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact and ...)
 	TODO: check
 CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated ...)
-	TODO: check
+	- firebird2.0 <unfixed> (bug #441405)
+	[etch] - firebird2 <unfixed>
+	[sarge] - firebird2 <unfixed> 
 CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...)
-	TODO: check
+	- firebird2.0 <unfixed> (bug #441405)
+	[etch] - firebird2 <unfixed>
+	[sarge] - firebird2 <unfixed> 
 CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before 2.0.2 ...)
-	TODO: check
+	- firebird2.0 <unfixed> (bug #441405)
+	[etch] - firebird2 <unfixed>
+	[sarge] - firebird2 <unfixed> 
 CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before 2.0.2, when ...)
-	TODO: check
+	- firebird2.0 <unfixed> (bug #441405)
+	[etch] - firebird2 <unfixed>
+	[sarge] - firebird2 <unfixed> 
 CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...)
-	TODO: check
+	- firebird2.0 <unfixed> (bug #441405)
+	[etch] - firebird2 <unfixed>
+	[sarge] - firebird2 <unfixed> 
 CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2) create ...)
-	TODO: check
+	- firebird2.0 <unfixed> (bug #441405)
+	[etch] - firebird2 <unfixed>
+	[sarge] - firebird2 <unfixed> 
 CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...)
 	TODO: check
 CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before ...)
@@ -200,21 +213,23 @@
 CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...)
 	TODO: check
 CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP ...)
-	TODO: check
+	- backup-manager 0.7.6-3 (bug #439392)
 CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE Shopping ...)
-	TODO: check
+	NOT-FOR-US: CGI RESCUE Shopping Basket
 CVE-2007-4654 (Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on ...)
-	TODO: check
+	NOT-FOR-US: SSHield
 CVE-2007-4653 (SQL injection vulnerability in links.php in the Links MOD 1.2.2 and ...)
-	TODO: check
+	NOT-FOR-US: Cisco Content Services Switch
 CVE-2007-4652 (PHP before 5.2.4 might allow local users to bypass open_basedir ...)
 	TODO: check
 CVE-2007-4651
 	RESERVED
 CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow ...)
-	TODO: check
+	- gallery2 2.2.3-1
+	[etch] - gallery2 <unfixed> (bug #441407)
+	NOTE: does not affect gallery 1.x (package 'gallery')
 CVE-2005-4861 (functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows ...)
-	TODO: check
+	NOT-FOR-US: Ragnarok
 CVE-2007-XXXX [libgd several issues]
 	- libgd2 2.0.35.dfsg-2
 CVE-2007-4649 (MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and ...)
@@ -2694,7 +2709,9 @@
 CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC ...)
 	TODO: check
 CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users ...)
-	TODO: check
+	- firebird2.0 <unfixed> (bug #441405)
+	[etch] - firebird2 <unfixed>
+	[sarge] - firebird2 <unfixed> 
 CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier ...)
 	NOT-FOR-US: Buddy Zone
 CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers to ...)
@@ -3564,7 +3581,9 @@
 CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in Calendarix ...)
 	NOT-FOR-US: Calendarix
 CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows ...)
-	- firebird2 <unfixed> (medium)
+	- firebird2.0 <unfixed> (medium)
+	[etch] - firebird2 <unfixed> (medium)
+	[sarge] - firebird2 <unfixed> (medium)
 CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP Windows ...)
 	NOT-FOR-US: HP
 CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in Particle ...)
@@ -4929,7 +4948,9 @@
 CVE-2007-2607 (PHP remote file inclusion vulnerability in views/print/printbar.php in ...)
 	NOT-FOR-US: LaVague
 CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger ...)
-	- firebird2 <unfixed> (low)
+	- firebird2.0 <unfixed> (low)
+	[etch] - firebird2 <unfixed> (low)
+	[sarge] - firebird2 <unfixed> (low)
 CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ...)
 	NOT-FOR-US: Brujula Toolbar
 CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control allows ...)

More information about the Secure-testing-commits mailing list