[Secure-testing-commits] r6707 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Tue Sep 25 21:14:08 UTC 2007 

Author: joeyh
Date: 2007-09-25 21:14:08 +0000 (Tue, 25 Sep 2007)
New Revision: 6707

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-09-25 21:07:13 UTC (rev 6706)
+++ data/CVE/list	2007-09-25 21:14:08 UTC (rev 6707)
@@ -1,3 +1,61 @@
+CVE-2007-5081
+	RESERVED
+CVE-2007-5080
+	RESERVED
+CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link gdm with ...)
+	TODO: check
+CVE-2007-5078
+	RESERVED
+CVE-2007-5077
+	RESERVED
+CVE-2007-5076
+	RESERVED
+CVE-2007-5075
+	RESERVED
+CVE-2007-5074
+	RESERVED
+CVE-2007-5073
+	RESERVED
+CVE-2007-5072 (Unspecified vulnerability in Simple PHP Blog before 0.5.1 has unknown ...)
+	TODO: check
+CVE-2007-5071 (Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP ...)
+	TODO: check
+CVE-2007-5070 (Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX ...)
+	TODO: check
+CVE-2007-5069 (Directory traversal vulnerability in data/compatible.php in the Nuke ...)
+	TODO: check
+CVE-2007-5068 (SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 ...)
+	TODO: check
+CVE-2007-5067 (Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow ...)
+	TODO: check
+CVE-2007-5066 (Unspecified vulnerability in Webmin before 1.370 on Windows allows ...)
+	TODO: check
+CVE-2007-5065 (PHP remote file inclusion vulnerability in admin.slideshow1.php in the ...)
+	TODO: check
+CVE-2007-5064 (Buffer overflow in a certain ActiveX control in Xunlei Web Thunder ...)
+	TODO: check
+CVE-2007-5063 (Adam Scheinberg Flip 3.0 and earlier stores sensitive information ...)
+	TODO: check
+CVE-2007-5062 (account.php in Adam Scheinberg Flip 3.0 and earlier allows remote ...)
+	TODO: check
+CVE-2007-5061 (SQL injection vulnerability in mods/banners/navlist.php in Clansphere ...)
+	TODO: check
+CVE-2007-5060 (Cross-site request forgery (CSRF) vulnerability in the cpass ...)
+	TODO: check
+CVE-2007-5059 (Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow ...)
+	TODO: check
+CVE-2007-5058 (Cross-site scripting (XSS) vulnerability in the Monitor Web Syslog ...)
+	TODO: check
+CVE-2007-5057 (NetSupport Manager Client before 10.20.0004 allows remote attackers to ...)
+	TODO: check
+CVE-2007-5056 (Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb ...)
+	TODO: check
+CVE-2007-5055 (Multiple directory traversal vulnerabilities in iziContents 1 RC6 and ...)
+	TODO: check
+CVE-2007-5054 (Multiple PHP remote file inclusion vulnerabilities in iziContents 1 ...)
+	TODO: check
+CVE-2007-5053 (Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and ...)
+	TODO: check
 CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
 	NOT-FOR-US: Vigile CMS
 CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView ...)
@@ -165,14 +223,14 @@
 	RESERVED
 CVE-2007-4989
 	RESERVED
-CVE-2007-4988
-	RESERVED
-CVE-2007-4987
-	RESERVED
-CVE-2007-4986
-	RESERVED
-CVE-2007-4985
-	RESERVED
+CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick ...)
+	TODO: check
+CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in ...)
+	TODO: check
+CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow ...)
+	TODO: check
+CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to cause ...)
+	TODO: check
 CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com StylesDemo ...)
 	NOT-FOR-US: StylesDemo
 CVE-2007-4983 (Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX ...)
@@ -526,7 +584,7 @@
 	[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
 CVE-2007-4827 (Unspecified vulnerability in the Modbus/TCP Diagnostic function in ...)
 	TODO: check
-CVE-2007-4826 (bgpd in Quagga before 0.99.9, when debugging is enabled, allows remote ...)
+CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to ...)
 	- quagga 0.99.9-1 (low; bug #442133)
 	NOTE: Upstream says that this can only be exploited by configured peers.
 CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier allows ...)
@@ -1099,8 +1157,7 @@
 	RESERVED
 CVE-2007-4574
 	RESERVED
-CVE-2007-4573 [linux local privilege escalation on x86_64]
-	RESERVED
+CVE-2007-4573 (The IA32 system call emulation functionality in Linux kernel 2.4.x and ...)
 	- linux-2.6 <unfixed> (medium)
 CVE-2007-4572
 	RESERVED
@@ -1109,6 +1166,7 @@
 CVE-2007-4570
 	RESERVED
 CVE-2007-4569 (backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is ...)
+	{DSA-1376-1 DTSA-60-1}
 	- kdebase 4:3.5.7-4
 	NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt
 CVE-2007-4568
@@ -1118,6 +1176,7 @@
 CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in Alpha ...)
 	NOT-FOR-US: SIDVault
 CVE-2007-4565 (fetchmail before 6.3.9 allows context-dependent attackers to cause a ...)
+	{DSA-1377-2 DSA-1377-1}
 	- fetchmail 6.3.8-8 (bug #440006; low)
 	[etch] - fetchmail <no-dsa> (Hardly a security problem)
 	[sarge] - fetchmail <no-dsa> (Hardly a security problem)
@@ -2065,7 +2124,7 @@
 	- qt4-x11 <not-affected> (Not exploitable according to upstream)
 CVE-2007-4136
 	RESERVED
-CVE-2007-4135 (Unspecified vulnerability in the NFSv4 ID mapper (nfsidmap) on SUSE ...)
+CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle ...)
 	- libnfsidmap 0.18-0 (low; bug #442935)
 	NOTE: https://issues.rpath.com/browse/RPL-1731
 CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before 1.5a84 ...)
@@ -4868,7 +4927,7 @@
 CVE-2007-2954 (Multiple stack-based buffer overflows in the Spooler service ...)
 	NOT-FOR-US: Novell Client
 CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...)
-	{DSA-1364-1}
+	{DSA-1364-2 DSA-1364-1}
 	- vim 1:7.1-056+1 (low)
 CVE-2007-2952
 	RESERVED
@@ -5169,6 +5228,7 @@
 	{DSA-1328-1}
 	- unicon 3.0.4-12 (bug #431336)
 CVE-2007-2834 (Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3 ...)
+	{DSA-1375-1}
 	- openoffice.org 2.2.1-9 (medium)
 CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of service ...)
 	{DSA-1316-1}
@@ -5244,7 +5304,7 @@
 CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote attackers to ...)
 	NOT-FOR-US: eTicket
 CVE-2007-2799 (Integer overflow in the &quot;file&quot; program 4.20, when running on 32-bit ...)
-	{DSA-1343-1}
+	{DSA-1343-2 DSA-1343-1}
 	- file 4.21-1 (medium; bug #428293)
 CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc function in ...)
 	{DSA-1323-1}
@@ -6082,7 +6142,7 @@
 CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
 	NOT-FOR-US: Caucho Resin Professional
 CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, ...)
-	{DSA-1364-1}
+	{DSA-1364-2 DSA-1364-1}
 	- vim 1:7.1-022+1 (bug #435401; low)
 	[sarge] - vim <not-affected> (Vulnerable code not present)
 	NOTE: Exploitable through modelines, needs to be used with care in any case
@@ -7556,6 +7616,7 @@
 CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco Trust ...)
 	NOT-FOR-US: Cisco
 CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
+	{DSA-1799-1}
 	- ktorrent 2.1.4.dfsg.1-1 (medium; bug #432007)
 CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows ...)
 	NOT-FOR-US: IBM AIX

More information about the Secure-testing-commits mailing list