[Secure-testing-commits] r8493 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Wed Apr 9 12:48:58 UTC 2008
Author: nion
Date: 2008-04-09 12:48:57 +0000 (Wed, 09 Apr 2008)
New Revision: 8493
Modified:
data/CVE/list
Log:
NFUs
new issue: libfishsound (CVE-2008-1686), fixed in speex 1.2~beta2-1
new issue: eterm (CVE-2008-1692)
CVE-2008-1685 a dup of CVE-2006-1902?
new issue: gnome-screensaver (CVE-2008-1683)
CVE-2008-1657 fixed in openssh 1:4.7p1-8
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-04-09 12:05:59 UTC (rev 8492)
+++ data/CVE/list 2008-04-09 12:48:57 UTC (rev 8493)
@@ -3,19 +3,19 @@
CVE-2008-1703
RESERVED
CVE-2008-1702 (Absolute path traversal vulnerability in dload.php in the my_gallery ...)
- TODO: check
+ NOT-FOR-US: my_gallery plugin for e107
CVE-2008-1701 (Novell NetWare 6.5 allows attackers to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: Novell NetWare
CVE-2008-1700 (The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite ...)
- TODO: check
+ NOT-FOR-US: WorkSite Web
CVE-2008-1699 (SQL injection vulnerability in permalink.php in Desi Quintans Writer's ...)
- TODO: check
+ NOT-FOR-US: Desi Quintans Writer's Block CMS
CVE-2008-1698 (Cross-site scripting (XSS) vulnerability in gallery.php in Simple ...)
- TODO: check
+ NOT-FOR-US: Simple Gallery
CVE-2008-1697 (Stack-based buffer overflow in ovwparser.dll in HP OpenView Network ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-1696 (Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, ...)
- TODO: check
+ NOT-FOR-US: DaZPHPNews
CVE-2008-1695
RESERVED
CVE-2008-1694
@@ -23,31 +23,35 @@
CVE-2008-1693
RESERVED
CVE-2008-1692 (Eterm 0.9.4 opens an xterm on :0 if -display is not specified and the ...)
- TODO: check
+ - eterm <unfixed> (bug #473127)
CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and ...)
- TODO: check
+ NOT-FOR-US: SLMail Pro
CVE-2008-1690 (WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and ...)
- TODO: check
+ NOT-FOR-US: SLMail Pro
CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and ...)
- TODO: check
+ NOT-FOR-US: SLMail Pro
CVE-2008-1688
RESERVED
CVE-2008-1687
RESERVED
CVE-2008-1686 (Uncontrolled array index in Speex 1.1.12 and earlier, as used in ...)
- TODO: check
+ - speex 1.2~beta2-1 (medium)
+ - libfishsound <unfixed> (medium; bug #475152)
CVE-2008-1685 (gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not ...)
TODO: check
+ NOTE: dup of CVE-2006-1902 which is fixed in Debian?
CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows local ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2008-1683 (xscreensaver on Fedora 8, when an NIS authentication server is ...)
- TODO: check
+ - gnome-screensaver <unfixed> (low; bug #475154)
+ NOTE: the description seems wrong, this does not affect xscreensaver
+ NOTE: contacted mitre to update description
CVE-2008-1682 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: com_onlineflashquiz component for Joomla!
CVE-2008-1681 (Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 ...)
- TODO: check
+ NOT-FOR-US: IBM DB2IBM DB2
CVE-2008-1680 (PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain ...)
- TODO: check
+ NOT-FOR-US: PHP-Nuke Platinum
CVE-2008-1679
RESERVED
CVE-2008-1678
@@ -93,7 +97,7 @@
CVE-2008-1658
RESERVED
CVE-2008-1657 (OpenSSH before 4.9 allows remote authenticated users to bypass the ...)
- TODO: check
+ - openssh 1:4.7p1-8 (low; bug #475156)
CVE-2008-1656
RESERVED
CVE-2008-1655
More information about the Secure-testing-commits
mailing list