[Secure-testing-commits] r6607 - data/CVE

Thu Sep 13 22:01:40 UTC 2007

Author: nion
Date: 2007-09-13 22:01:40 +0000 (Thu, 13 Sep 2007)
New Revision: 6607

Modified:
   data/CVE/list
Log:
NFUs
CVE-2007-4841 note added
CVE-2007-4840 affects php5 and php4
CVE-2007-4828 unstable,testing affected, etch unaffected
CVE-2007-4849 linux-2.6 affected


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2007-09-13 21:14:07 UTC (rev 6606)
+++ data/CVE/list	2007-09-13 22:01:40 UTC (rev 6607)
@@ -1,53 +1,60 @@
 CVE-2007-4850
 	RESERVED
 CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2007-4848 (Microsoft Internet Explorer 4.0 through 7 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-4847 (Google Picasa allows remote attackers to read image files stored by ...)
-	TODO: check
+	NOT-FOR-US: Google Picasa
 CVE-2007-4846 (SQL injection vulnerability in start.php in Webace-Linkscript (wls) ...)
-	TODO: check
+	NOT-FOR-US: Webace-Linkscript
 CVE-2007-4845 (Multiple SQL injection vulnerabilities in UPLOAD/index.php in ...)
-	TODO: check
+	NOT-FOR-US: RW::Download
 CVE-2007-4844 (X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly ...)
-	TODO: check
+	NOT-FOR-US: Unreal Commander
 CVE-2007-4843 (Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 ...)
-	TODO: check
+	NOT-FOR-US: Unreal Commander
 CVE-2007-4842 (Directory traversal vulnerability in Enriva Development Magellan ...)
-	TODO: check
+	NOT-FOR-US: Magellan Explorer
 CVE-2007-4841 (Mozilla Firefox 2.0.0.6 allows remote attackers to execute arbitrary ...)
 	TODO: check
+	NOTE: this vulnerability is unspecified
 CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...)
-	TODO: check
+	- php5 <unfixed> (low)
+	- php4 <unfixed> (low)
+	NOTE: can be reproduced on etch, lenny and sid
+	NOTE: this might not be a vulnerability in most web server environments
+	NOTE: that support multiple threads, unless these issues can be demonstrated for
+	NOTE: code execution.
 CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier ...)
-	TODO: check
+	NOT-FOR-US: CellFactor Revolution
 CVE-2007-4837 (SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows ...)
-	TODO: check
+	NOT-FOR-US: Proxy Anket
 CVE-2007-4836 (Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote ...)
-	TODO: check
+	NOT-FOR-US: phpMyQuote
 CVE-2007-4835 (SQL injection vulnerability in index.php in phpMyQuote 0.20 allows ...)
-	TODO: check
+	NOT-FOR-US: phpMyQuote
 CVE-2007-4834 (Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 ...)
-	TODO: check
+	NOT-FOR-US: phpRealty
 CVE-2007-4833 (Unspecified vulnerability in the Edge Component in IBM WebSphere ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2007-4832 (Format string vulnerability in CellFactor Revolution 1.03 and earlier ...)
-	TODO: check
+	NOT-FOR-US: CellFactor Revolution
 CVE-2007-4831 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: TorrentTrader
 CVE-2007-4830 (Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in ...)
-	TODO: check
+	NOT-FOR-US: DirectAdmin
 CVE-2007-4829
 	RESERVED
 CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing ...)
-	TODO: check
+	- mediawiki <unfixed> (low)
+	[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
 CVE-2007-4827
 	RESERVED
 CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows remote BGP peers to cause a denial ...)
-	- quagga <unfixed> (low)
+	- quagga 0.99.9-1 (low; bug #442133)
 	NOTE: Upstream says that this can only be exploited by configured peers.
 CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier allows ...)
 	- php5 <unfixed> (medium)


