[Secure-testing-commits] r8497 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Wed Apr 9 17:58:56 UTC 2008 

Author: jmm-guest
Date: 2008-04-09 17:58:54 +0000 (Wed, 09 Apr 2008)
New Revision: 8497

Modified:
   data/CVE/list
Log:
latest round of wireshark issues doesn't affect Etch
openssl fixed in spu upload
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-04-09 17:50:34 UTC (rev 8496)
+++ data/CVE/list	2008-04-09 17:58:54 UTC (rev 8497)
@@ -283,10 +283,12 @@
 	NOT-FOR-US: Dan Costin File Transfer
 CVE-2008-1563 (The "decode as" feature in packet-bssap.c in the SCCP dissector in ...)
 	- wireshark 1.0.0-1 (low)
+	[etch] - wireshark <not-affected> (Only 0.99.6 to 0.99.8 are affected)
 CVE-2008-1562 (The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through ...)
-	- wireshark 1.0.0-1 (low)
+	- wireshark <not-affected> (Only Windows builds are affected according to #1613)
 CVE-2008-1561 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) ...)
 	- wireshark 1.0.0-1 (low)
+	[etch] - wireshark <not-affected> (Only 0.99.5 to 0.99.8 are affected)
 CVE-2008-1560 (Multiple cross-site scripting (XSS) vulnerabilities in Digiappz ...)
 	NOT-FOR-US: Digiappz DigiDomain
 CVE-2008-1559 (SQL injection vulnerability in the Bernard Gilly AlphaContent ...)
@@ -813,9 +815,9 @@
 CVE-2008-1330 (Unspecified vulnerability in the Windows client API in Novell ...)
 	NOT-FOR-US: Novell Groupwise
 CVE-2008-1329 (Unspecified vulnerability in the NetBackup service in CA ARCserve ...)
-	TODO: check
+	NOT-FOR-US: CA ARCserve
 CVE-2008-1328 (Buffer overflow in the LGServer service in CA ARCserve Backup for ...)
-	TODO: check
+	NOT-FOR-US: CA ARCserve
 CVE-2008-1327 (Gallarific does not require authentication for (1) users.php and (2) ...)
 	NOT-FOR-US: Gallarific
 CVE-2008-1326 (Cross-site scripting (XSS) vulnerability in search.php in Gallarific ...)
@@ -1228,15 +1230,15 @@
 CVE-2008-1155
 	RESERVED
 CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2008-1152 (The data-link switching (DLSw) component in Cisco IOS 12.0 through ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2008-1151 (Memory leak in the virtual private dial-up network (VPDN) component in ...)
 	TODO: check
 CVE-2008-1150 (The virtual private dial-up network (VPDN) component in Cisco IOS ...)
-	TODO: check
+	NOT-FOR-US: Cisco IOS
 CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters ...)
 	- phpmyadmin 4:2.11.5-1 (low)
 	[etch] - phpmyadmin <no-dsa> (Minor issue)
@@ -1418,21 +1420,21 @@
 CVE-2008-1091
 	RESERVED
 CVE-2008-1090 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2008-1089 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2008-1088 (Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2008-1087 (Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2008-1086 (The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2008-1085 (Use after free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2008-1084 (Unspecified vulnerability in the kernel in Microsoft Windows 200 SP4, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2008-1083 (Heap-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2008-1082 (Opera before 9.26 allows remote attackers to &quot;bypass sanitization ...)
 	NOT-FOR-US: Opera
 CVE-2008-1081 (Opera before 9.26 allows user-assisted remote attackers to execute ...)
@@ -1778,7 +1780,7 @@
 CVE-2008-0927
 	RESERVED
 CVE-2008-0926 (Unspecified vulnerability in the eMBox utility in Novell eDirectory ...)
-	TODO: check
+	NOT-FOR-US: Novell eDirectory
 CVE-2008-0925
 	RESERVED
 CVE-2008-0924 (Stack-based buffer overflow in the DoLBURPRequest function in libnldap ...)
@@ -8911,6 +8913,8 @@
 	NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0
 CVE-2007-4995 (Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before ...)
 	- openssl 0.9.8f-1 (low)
+	[etch] - openssl <no-dsa> (Will be fixed in a point update)
+	TODO:	[etch] - openssl 0.9.8c-4etch2
 	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
 	- openssl096 <not-affected> (DTLS support was introduced in 0.9.8)
 	[sarge] - openssl <not-affected> (DTLS support was introduced in 0.9.8)
@@ -13473,6 +13477,7 @@
 	NOT-FOR-US: Microsoft FrontPage
 CVE-2007-3108 (The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL ...)
 	- openssl 0.9.8e-6 (bug #438142; low)
+	TODO:	[etch] - openssl 0.9.8c-4etch2
 	- openssl097 <removed> (bug #438180)
 	[sarge] - openssl <no-dsa> (Not exploitable in a real-world scenario)
 	[etch] - openssl <no-dsa> (Not exploitable in a real-world scenario)

More information about the Secure-testing-commits mailing list