[Secure-testing-commits] r6652 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Thu Sep 20 17:40:01 UTC 2007 

Author: nion
Date: 2007-09-20 17:40:00 +0000 (Thu, 20 Sep 2007)
New Revision: 6652

Modified:
   data/CVE/list
Log:
NFUs
CVE-2007-4961 secondlife-client, itp
CVE-2007-4965 python2.4, python2.5 unfixed, 443333
CVE-2007-4938 mplayer unfixed
CVE-2007-4941 kmplayer unfixed
CVE-2007-4966 gforge unsure, notes added


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-09-20 17:13:30 UTC (rev 6651)
+++ data/CVE/list	2007-09-20 17:40:00 UTC (rev 6652)
@@ -1,99 +1,106 @@
 CVE-2007-4972 (RegMon 7.04 does not properly validate certain parameters to System ...)
-	TODO: check
+	NOT-FOR-US: NtRegmon
 CVE-2007-4971 (ProSecurity 1.40 Beta 2 does not properly validate certain parameters ...)
-	TODO: check
+	NOT-FOR-US: ProSecurity
 CVE-2007-4970 (ProcessGuard 3.410 does not properly validate certain parameters to ...)
-	TODO: check
+	NOT-FOR-US: ProcessGuard
 CVE-2007-4969 (Process Monitor 1.22 does not properly validate certain parameters to ...)
-	TODO: check
+	NOT-FOR-US: Process Monitor
 CVE-2007-4968 (Privatefirewall 5.0.14.2 does not properly validate certain parameters ...)
-	TODO: check
+	NOT-FOR-US: Privatefirewal
 CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly validate ...)
-	TODO: check
+	NOT-FOR-US: Online Armor Personal Firewall
 CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in GForge ...)
 	TODO: check
+	NOTE: I am not sure if this is a duplicate of CVE-2007-3913
+	NOTE: Look at the fix for it: http://gforge.org/scm/viewvc.php/trunk/gforge/www/people/editprofile.php?root=gforge&r1=5995&r2=6083
+	NOTE: This is already a fix for an SQL injection via skill_delete
 CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1 and ...)
-	TODO: check
+	- python2.5 <unfixed> (low; bug #443333)
+	- python2.4 <unfixed> (low; bug #443335)
 CVE-2007-4964 (WinImage 8.10 and earlier allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: WinImage
 CVE-2007-4963 (Visual truncation vulnerability in WinImage 8.10 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: WinImage
 CVE-2007-4962 (Directory traversal vulnerability in WinImage 8.10 and earlier allows ...)
-	TODO: check
+	NOT-FOR-US: WinImage
 CVE-2007-4961 (The login_to_simulator method in Linden Lab Second Life, as used by ...)
-	TODO: check
+	- secondlife-client <itp> (low; bug #406335)
 CVE-2007-4960 (Argument injection vulnerability in the Linden Lab Second Life ...)
-	TODO: check
+	- secondlife-client <itp> (low; bug #406335)
 CVE-2007-4959 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: osCMax
 CVE-2007-4958 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...)
-	TODO: check
+	NOT-FOR-US: TinyWebGallery
 CVE-2007-4957 (Multiple directory traversal vulnerabilities in download.php in Chupix ...)
-	TODO: check
+	NOT-FOR-US: ChupixCMS
 CVE-2007-4956 (Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote ...)
-	TODO: check
+	NOT-FOR-US: KwsPhp
 CVE-2007-4955 (PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in ...)
-	TODO: check
+	NOT-FOR-US: Joomla! extension
 CVE-2007-4954 (PHP remote file inclusion vulnerability in admin.joom12pic.php in the ...)
-	TODO: check
+	NOT-FOR-US: Joomla! extension
 CVE-2007-4953 (SQL injection vulnerability in index.php in SimpCMS allows remote ...)
-	TODO: check
+	NOT-FOR-US: SimpCMS
 CVE-2007-4952 (SQL injection vulnerability in article.php in OmniStar Article Manager ...)
-	TODO: check
+	NOT-FOR-US: OmniStar Article Manager
 CVE-2007-4951 (** DISPUTED ** ...)
 	TODO: check
 CVE-2007-4950 (** DISPUTED ** PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Phportal
 CVE-2007-4949 (** DISPUTED ** ...)
 	TODO: check
 CVE-2007-4948 (Multiple PHP remote file inclusion vulnerabilities in Webmedia ...)
-	TODO: check
+	NOT-FOR-US: Webmedia Explorer
 CVE-2007-4947 (Multiple PHP remote file inclusion vulnerabilities in myphpPagetool ...)
-	TODO: check
+	NOT-FOR-US: myphpPagetool
 CVE-2007-4946 (LetterGrade allows remote attackers to obtain sensitive information ...)
-	TODO: check
+	NOT-FOR-US: LetterGrade
 CVE-2007-4945 (Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade ...)
-	TODO: check
+	NOT-FOR-US: LetterGrade
 CVE-2007-4944 (The canvas.createPattern function in Opera 9.x before 9.22 for Linux, ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2007-4943 (Multiple buffer overflows in a certain ActiveX control in sparser.dll ...)
-	TODO: check
+	NOT-FOR-US: Baofeng Storm
 CVE-2007-4942 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Focus/SIS
 CVE-2007-4941 (KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a ...)
-	TODO: check
+	- kmplayer <unfixed>
+	TODO: report bug
+	NOTE: the mplayer issue in the references has it's own CVE id CVE-2007-4938
 CVE-2007-4940 (Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and ...)
-	TODO: check
+	NOT-FOR-US: Media Player Classic
 CVE-2007-4939 (Heap-based buffer overflow in mplayerc.exe in Media Player Classic ...)
-	TODO: check
+	NOT-FOR-US: Media Player Classic
 CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 ...)
-	TODO: check
+	- mplayer <unfixed>
+	TODO: report bug
 CVE-2007-4937 (CS Guestbook stores sensitive information under the web root with ...)
-	TODO: check
+	NOT-FOR-US: CS Guestbook
 CVE-2007-4936 (Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has ...)
-	TODO: check
+	NOT-FOR-US: SafeSquid
 CVE-2007-4935 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 ...)
-	TODO: check
+	NOT-FOR-US: phpFFL
 CVE-2007-4934 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 ...)
-	TODO: check
+	NOT-FOR-US: phpFFL
 CVE-2007-4933 (Direct static code injection vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Shop-Script FREE
 CVE-2007-4932 (admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the ...)
-	TODO: check
+	NOT-FOR-US: Shop-Script FREE
 CVE-2007-4931 (HP System Management Homepage (SMH) for Windows, when used in ...)
-	TODO: check
+	NOT-FOR-US: HP System Management Homepage
 CVE-2007-4930 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...)
-	TODO: check
+	NOT-FOR-US: Axis firmware
 CVE-2007-4929 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W ...)
-	TODO: check
+	NOT-FOR-US: Axis firmware
 CVE-2007-4928 (The AXIS 207W camera stores a WEP or WPA key in cleartext in the ...)
-	TODO: check
+	NOT-FOR-US: Axis firmware
 CVE-2007-4927 (axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote ...)
-	TODO: check
+	NOT-FOR-US: Axis firmware
 CVE-2007-4926 (The AXIS 207W camera uses a base64-encoded cleartext username and ...)
-	TODO: check
+	NOT-FOR-US: Axis firmware
 CVE-2007-4925 (The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment ...)
-	TODO: check
+	NOT-FOR-US: eWire Payment Client
 CVE-2007-4924
 	RESERVED
 CVE-2007-4923 (PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in ...)

More information about the Secure-testing-commits mailing list