[Secure-testing-commits] r6686 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Mon Sep 24 23:11:46 UTC 2007 

Author: nion
Date: 2007-09-24 23:11:46 +0000 (Mon, 24 Sep 2007)
New Revision: 6686

Modified:
   data/CVE/list
Log:
NFUs
new issue: CVE-2007-5051 phpgedview
new issue: CVE-2007-5049 poppler, xpdf
CVE-2007-5045 iceweasel, icedove not-affected
CVE-2007-5038 bugzilla, not-affected
new issue: CVE-2007-5037 inotify-tools
new issue: CVE-2007-5034 elinks


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-09-24 21:14:07 UTC (rev 6685)
+++ data/CVE/list	2007-09-24 23:11:46 UTC (rev 6686)
@@ -1,45 +1,63 @@
 CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
-	TODO: check
+	NOT-FOR-US: Vigile CMS
 CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView ...)
-	TODO: check
+	- phpgedview <unfixed> (low; bug #443901)
 CVE-2007-5050 (Directory traversal vulnerability in index.php in Neuron News 1.0 ...)
-	TODO: check
+	NOT-FOR-US: Neuron News
 CVE-2007-5049 (Stack-based buffer overflow in the StreamPredictor::getNextLine ...)
+	- poppler <unfixed> (medium; bug #443903)
+	- gpdf <removed>
+	- xpdf <unfixed> (medium; bug #443906)
+	- kdegraphics <unfixed>
 	TODO: check
+	- koffice <unfixed>
+	TODO: check
+	- pdftohtml <removed>
+	- tetex-bin 3.0-12
+	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
+	- cupsys <not-affected> (unimportant; bug #436099)
+	NOTE: cups uses xpdf-utils
+	- pdfkit.framework 0.8-4
+	NOTE: links to poppler since 0.8-4, thus marking as fixed
+	- libextractor 0.5.12-1
+	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
+	TODO: check
 CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote ...)
-	TODO: check
+	NOT-FOR-US: lhaplus
 CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly validate ...)
-	TODO: check
+	NOT-FOR-US: Norton Internet Security
 CVE-2007-5046 (Cross-site scripting (XSS) vulnerability in the Webmail interface for ...)
-	TODO: check
+	NOT-FOR-US: IceWarp Merak Mail Server
 CVE-2007-5045 (Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, ...)
-	TODO: check
+	- iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
+	- icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
 CVE-2007-5044 (ZoneAlarm Pro 7.0.362.000 does not properly validate certain ...)
-	TODO: check
+	NOT-FOR-US: ZoneAlam Pro
 CVE-2007-5043 (Kaspersky Internet Security 7.0.0.125 does not properly validate ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky Internet Security
 CVE-2007-5042 (Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain ...)
-	TODO: check
+	NOT-FOR-US: Outpost Firewall PRO
 CVE-2007-5041 (G DATA InternetSecurity 2007 does not properly validate certain ...)
-	TODO: check
+	NOT-FOR-US: G DATA InternetSecurity
 CVE-2007-5040 (Ghost Security Suite alpha 1.200 does not properly validate certain ...)
-	TODO: check
+	NOT-FOR-US: Ghost Security Suite
 CVE-2007-5039 (Ghost Security Suite beta 1.110 does not properly validate certain ...)
-	TODO: check
+	NOT-FOR-US: Ghost Security Suite
 CVE-2007-5038 (The offer_account_by_email function in User.pm in the WebService for ...)
-	TODO: check
+	- bugzilla <not-affected> (Vulnerable code not present in the version we ship)
+	TODO: check when newer upstream version enters the pool
 CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in ...)
-	TODO: check
+	- inotify-tools <unfixed> (medium; bug #443913)
 CVE-2007-5036 (Multiple buffer overflows in the AirDefense Airsensor M520 with ...)
-	TODO: check
+	NOT-FOR-US: AirDefense firmware
 CVE-2007-5035 (** DISPUTED ** ...)
 	TODO: check
 CVE-2007-5034 (ELinks before 0.11.3, when sending a POST request for an https URL, ...)
-	TODO: check
+	- elinks <unfixed> (low; bug #443914)
 CVE-2007-5033 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 ...)
 	TODO: check
 CVE-2007-5032 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
-	TODO: check
+	NOT-FOR-US: Php-Nuke
 CVE-2007-5031 (The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in ...)
 	TODO: check
 CVE-2007-5030 (Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to ...)

More information about the Secure-testing-commits mailing list