[Secure-testing-commits] r6573 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Tue Sep 11 13:41:11 UTC 2007
Author: nion
Date: 2007-09-11 13:41:10 +0000 (Tue, 11 Sep 2007)
New Revision: 6573
Modified:
data/CVE/list
Log:
NFUs
CVE-2007-4396 irssi-scripts affected (low)
CVE-2007-3741 gimp fixed in 2.4.0~rc1-1
CVE-2005-4856 ezpublish not-affected
CVE-2007-2958 sylpheed-claws affected (low), sylpheed fixed in 2.4.5-1
CVE-2007-1863 apache1 affected (low)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-09-11 09:14:08 UTC (rev 6572)
+++ data/CVE/list 2007-09-11 13:41:10 UTC (rev 6573)
@@ -643,7 +643,7 @@
CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in Search ...)
NOT-FOR-US: Search Engine Builder
CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
- TODO: check
+ NOT-FOR-US: Internet Explorer
CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...)
NOT-FOR-US: Planet VC-200M VDSL2 router
CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has ...)
@@ -825,7 +825,8 @@
CVE-2007-4397 (Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) ...)
NOT-FOR-US: various IRC now_playing scripts
CVE-2007-4396 (Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) ...)
- TODO: check
+ - irssi-scripts <unfixed> (low)
+ NOTE: weechat-scripts does not include the mentioned scripts
CVE-2007-4395 (Multiple unspecified vulnerabilities in the Role Based Access Control ...)
NOT-FOR-US: Sun Solaris 8
CVE-2007-4394 (Unspecified vulnerability in a "core clean" cron job created by the ...)
@@ -2270,7 +2271,9 @@
CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before ...)
NOT-FOR-US: Apple Safari
CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...)
- TODO: check
+ - gimp 2.4.0~rc1-1 (low)
+ NOTE: lenny is affected but there is a bugfix release for 2.2.16
+ NOTE: http://developer.gimp.org/NEWS-2.2
CVE-2007-3740
RESERVED
CVE-2007-3739
@@ -2792,7 +2795,7 @@
CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and ...)
- ezpublish <not-affected> (Debian's version is too old)
CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, ...)
- TODO: check
+ - ezpublish <not-affected> (Debian's version is too old)
CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...)
TODO: check
CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder's ...)
@@ -4158,7 +4161,10 @@
CVE-2007-2959 (SQL injection vulnerability in manufacturer.php in cpCommerce before ...)
NOT-FOR-US: cpCommerce
CVE-2007-2958 (Format string vulnerability in the inc_put_error function in src/inc.c ...)
- TODO: check
+ - sylpheed-claws <unfixed> (low; bug #441854)
+ - sylpheed 2.4.5-1 (low)
+ NOTE: the cvs referenced in redhat bugzilla is not available anymore however
+ NOTE: http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
CVE-2007-2957
RESERVED
CVE-2007-2956 (Stack-based buffer overflow in the readRadianceHeader function in (1) ...)
@@ -4217,13 +4223,13 @@
CVE-2007-2932 (Cross-site scripting (XSS) vulnerability in index.php in BoastMachine ...)
NOT-FOR-US: BoastMachine
CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live ...)
- TODO: check
+ NOT-FOR-US: MSN Messenger
CVE-2007-2930
RESERVED
CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...)
- TODO: check
+ NOT-FOR-US: IBM Lenovo Access Support
CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support acpRunner ...)
- TODO: check
+ NOT-FOR-US: IBM Lenovo Access Support
CVE-2007-2927 (Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter ...)
NOT-FOR-US: Windows Atheros drivers
CVE-2007-2926 (ISC BIND 9 through 9.5.0a5 uses a weak random number generator during ...)
@@ -5451,21 +5457,21 @@
CVE-2007-2411 (** DISPUTED ** ...)
NOT-FOR-US: Sphider
CVE-2007-2410 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2007-2409 (Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2007-2408 (WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly ...)
NOT-FOR-US: Apple Safari
CVE-2007-2407 (The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows ...)
- samba <not-affected> (MacOS/Apple-specific vulnerability)
CVE-2007-2406 (Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2007-2405 (Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2007-2404 (CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2007-2403 (CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly ...)
- TODO: check
+ NOT-FOR-US: Mac OS X
CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not perform ...)
NOT-FOR-US: Apple Quicktime
CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, ...)
@@ -6693,10 +6699,12 @@
- php5 5.2.2-1
CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server (httpd), ...)
- apache2 2.2.4-1 (low)
+ - apache <unfixed> (low)
[sarge] - apache2 2.0.54-5sarge2
[etch] - apache2 2.2.3-4+etch2
- TODO: check apache 1
NOTE: see http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?view=markup&pathrev=551944
+ NOTE: see http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?r1=463503&r2=551944&pathrev=551944
+ NOTE: vulnerable code in src/modules/proxy/proxy_cache.c starting in line 1132
CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...)
- apache2 <not-affected> (Only Apache 2.2.4 was affected, and all versions of 2.2.4 in Debian are fixed)
CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...)
@@ -6983,7 +6991,7 @@
CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows ...)
NOT-FOR-US: Microsoft
CVE-2007-1749 (Integer underflow in the CDownloadSink class code in the Vector Markup ...)
- TODO: check
+ NOT-FOR-US: Vector Markup Language
CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name ...)
NOT-FOR-US: Microsoft Windows
CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, ...)
@@ -10856,13 +10864,13 @@
CVE-2007-0323 (Buffer overflow in the SetLanguage function in Research In Motion ...)
NOT-FOR-US: Research In Motion (RIM) TeamOn Import Object ActiveX control
CVE-2007-0322 (Multiple stack-based buffer overflows in the Intuit QuickBooks Online ...)
- TODO: check
+ NOT-FOR-US: Intuit QuickBooks
CVE-2007-0321 (Buffer overflow in the Update Service Agent ActiveX Control in ...)
NOT-FOR-US: FLEXnet Connect
CVE-2007-0320 (Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) ...)
NOT-FOR-US: InstallFromTheWeb
CVE-2007-0319 (Multiple stack-based buffer overflows in the Motive ...)
- TODO: check
+ NOT-FOR-US: Motive ActiveEmailTest
CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows ...)
NOT-FOR-US: Apple Mac OS
CVE-2007-0317 (Format string vulnerability in the LogMessage function in FileZilla ...)
More information about the Secure-testing-commits
mailing list