[Secure-testing-commits] r8473 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Thu Apr 3 10:59:55 UTC 2008 

Author: nion
Date: 2008-04-03 10:59:54 +0000 (Thu, 03 Apr 2008)
New Revision: 8473

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-156{1,2} fixed in wireshark 1.0.0-1
CVE-2008-1552 fixed in silc 1.1.4-1
sdpplin_parse overflow originally from xine-lib has its own cve for mplayer now (CVE-2008-1558)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-04-02 23:04:53 UTC (rev 8472)
+++ data/CVE/list	2008-04-03 10:59:54 UTC (rev 8473)
@@ -63,59 +63,59 @@
 CVE-2008-1566 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...)
 	NOT-FOR-US: ManageEngine Applications Manager
 CVE-2008-1565 (Directory traversal vulnerability in forum/irc/irc.php in the PJIRC ...)
-	TODO: check
+	NOT-FOR-US: PJIRC module for phpBB
 CVE-2008-1564 (Directory traversal vulnerability in Dan Costin File Transfer before ...)
-	TODO: check
+	NOT-FOR-US: Dan Costin File Transfer
 CVE-2008-1563 (The "decode as" feature in packet-bssap.c in the SCCP dissector in ...)
-	TODO: check
+	- wireshark 1.0.0-1 (low)
 CVE-2008-1562 (The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through ...)
-	TODO: check
+	- wireshark 1.0.0-1 (low)
 CVE-2008-1561 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) ...)
-	TODO: check
+	- wireshark 1.0.0-1 (low)
 CVE-2008-1560 (Multiple cross-site scripting (XSS) vulnerabilities in Digiappz ...)
-	TODO: check
+	NOT-FOR-US: Digiappz DigiDomain
 CVE-2008-1559 (SQL injection vulnerability in the Bernard Gilly AlphaContent ...)
-	TODO: check
+	NOT-FOR-US: com_alphacontent component for Joomla!
 CVE-2008-1558 (Uncontrolled array index in the sdpplin_parse function in ...)
-	TODO: check
+	- mplayer 1.0~rc2-10 (medium; bug #473056)
 CVE-2008-1557 (BolinOS 4.6.1 allows remote attackers to obtain sensitive information ...)
-	TODO: check
+	NOT-FOR-US: BolinOS
 CVE-2008-1556 (Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 ...)
-	TODO: check
+	NOT-FOR-US: BolinOS
 CVE-2008-1555 (Directory traversal vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: BolinOS
 CVE-2008-1554 (SQL injection vulnerability in account/index.php in TopperMod 2.0, ...)
-	TODO: check
+	NOT-FOR-US: TopperMod
 CVE-2008-1553 (Directory traversal vulnerability in mod.php in TopperMod 1.0 allows ...)
-	TODO: check
+	NOT-FOR-US: TopperMod
 CVE-2008-1552 (The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) ...)
-	TODO: check
+	- silc 1.1.4-1 (medium)
 CVE-2008-1551 (SQL injection vulnerability in viewcat.php in the Photo 3.02 module ...)
-	TODO: check
+	NOT-FOR-US: RunCMS
 CVE-2008-1550 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
-	TODO: check
+	NOT-FOR-US: CubeCart
 CVE-2008-1549 (Multiple SQL injection vulnerabilities in Aeries Browser Interface ...)
-	TODO: check
+	NOT-FOR-US: Eagle Software Aries Student Information System
 CVE-2008-1548 (Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser ...)
-	TODO: check
+	NOT-FOR-US: Eagle Software Aries Student Information System
 CVE-2008-1547
 	RESERVED
 CVE-2008-1546 (servlet/MIMEReceiveServlet in the web controller for Mitsubishi ...)
-	TODO: check
+	NOT-FOR-US: Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems
 CVE-2008-1545 (The setRequestHeader method of the XMLHttpRequest object in Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft IE7
 CVE-2008-1544 (The setRequestHeader method of the XMLHttpRequest object in Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft IE7
 CVE-2008-1543 (The Advanced User Interface Pages in the ProST Web Management ...)
-	TODO: check
+	NOT-FOR-US: Airspan WiMAX ProST
 CVE-2008-1542 (Airspan Base Station Distribution Unit (BSDU) has "topsecret" as its ...)
-	TODO: check
+	NOT-FOR-US: BSDU
 CVE-2008-1541 (Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS ...)
-	TODO: check
+	NOT-FOR-US: HIS Webshop
 CVE-2008-1540 (SQL injection vulnerability in the Datsogallery (com_datsogallery) ...)
-	TODO: check
+	NOT-FOR-US: com_datsogallery module for Joomla!
 CVE-2008-1539 (SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke ...)
-	TODO: check
+	NOT-FOR-US: PHP-Nuke Platinum
 CVE-2008-1538 (Cross-site scripting (XSS) vulnerability in searchAction.do in ...)
 	TODO: check
 CVE-2008-1537 (Directory traversal vulnerability in pb_inc/admincenter/index.php in ...)
@@ -3560,7 +3560,6 @@
 CVE-2008-0073 (Array index error in the sdpplin_parse function in ...)
 	{DSA-1536-1 DTSA-119-1}
 	- xine-lib 1.1.11-1 (medium)
-	- mplayer 1.0~rc2-10 (medium; bug #473056)
 	- vlc 0.8.6.e-2 (medium; bug #473057)
 	NOTE: http://bugs.xine-project.org/show_bug.cgi?id=58
 CVE-2008-0072 (Format string vulnerability in the emf_multipart_encrypted function in ...)

More information about the Secure-testing-commits mailing list