[Secure-testing-commits] r8507 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Thu Apr 10 19:57:24 UTC 2008
Author: nion
Date: 2008-04-10 19:57:23 +0000 (Thu, 10 Apr 2008)
New Revision: 8507
Modified:
data/CVE/list
Log:
NFUs
CVE-2008-1683 seems to be a dup of CVE-2008-0887
new suphp issue (CVE-2008-1614)
CVE-2008-1612 fixed in squid 2.6.18-1
CVE-2008-1532 -> perlbal itp
new low impact lighttpd issue (CVE-2008-1531)
CVE-2008-1374 does not affect cupsys in Debian, CVE-2008-1373 fixed in cupsys 1.3.7-1
otrs2 issue got CVE-2008-1515
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-04-10 18:50:52 UTC (rev 8506)
+++ data/CVE/list 2008-04-10 19:57:23 UTC (rev 8507)
@@ -48,6 +48,7 @@
NOT-FOR-US: Sun Solaris
CVE-2008-1683 (xscreensaver on Fedora 8, when an NIS authentication server is ...)
- gnome-screensaver <unfixed> (low; bug #475154)
+ NOTE: dup of CVE-2008-0887
NOTE: the description seems wrong, this does not affect xscreensaver
NOTE: contacted mitre to update description
CVE-2008-1682 (PHP remote file inclusion vulnerability in ...)
@@ -181,39 +182,39 @@
CVE-2008-1619 (The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers ...)
TODO: check
CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when performing ...)
- TODO: check
+ NOT-FOR-US: Watchguard Firebox
CVE-2008-1617 (Double free vulnerability in Web TransferCtrl Class 8,2,1,4 ...)
- TODO: check
+ NOT-FOR-US: WorkSite Web
CVE-2008-1616
RESERVED
CVE-2008-1615
RESERVED
CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1) a ...)
- TODO: check
+ - suphp <unfixed> (low; bug #475431)
CVE-2008-1613
RESERVED
CVE-2008-1612 (The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows ...)
- TODO: check
+ - squid 2.6.18-1 (medium)
CVE-2008-1611 (Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows ...)
- TODO: check
+ NOT-FOR-US: TFTP Server for Windows
CVE-2008-1610 (Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 ...)
- TODO: check
+ NOT-FOR-US: TFTP Server Pro
CVE-2008-1609 (Multiple PHP remote file inclusion vulnerabilities in just another ...)
- TODO: check
+ NOT-FOR-US: JAF CMS
CVE-2008-1608 (SQL injection vulnerability in postview.php in Clever Copy 3.0 allows ...)
- TODO: check
+ NOT-FOR-US: Clever Copy
CVE-2008-1607 (SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba ...)
- TODO: check
+ NOT-FOR-US: Serbay Arslanhan Bomba Haber
CVE-2008-1606 (Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 ...)
- TODO: check
+ NOT-FOR-US: Elastic Path
CVE-2008-1605 (The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ...)
- TODO: check
+ NOT-FOR-US: LEADTOOLS
CVE-2008-1604 (Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 ...)
- TODO: check
+ NOT-FOR-US: PerlMailer
CVE-2008-1603 (Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 ...)
- TODO: check
+ NOT-FOR-US: GNB DesignForm
CVE-2008-1602 (Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows ...)
- TODO: check
+ NOT-FOR-US: Orbit downloader
CVE-2003-1557 (Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, ...)
TODO: check
CVE-2003-1556 (Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI ...)
@@ -351,10 +352,10 @@
CVE-2008-1533 (Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! ...)
- joomla <itp> (bug #326398)
CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows remote ...)
- TODO: check
+ - perlbal <itp> (bug #456534)
CVE-2008-1531 (lighttpd 1.4.19 and earlier allows remote attackers to cause a denial ...)
{DSA-1540-1}
- TODO: check
+ - lighttpd <unfixed> (low; bug #475438)
CVE-2005-4874 (The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE ...)
TODO: check
CVE-2003-1555 (ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive ...)
@@ -418,7 +419,11 @@
CVE-2008-1516
RESERVED
CVE-2008-1515 (The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 ...)
- TODO: check
+ - otrs2 2.2.5-2
+ [etch] - otrs2 <not-affected> (Vulnerable code not present)
+ [etch] - otrs <not-affected> (Vulnerable code not present)
+ [sarge] - otrs <not-affected> (Vulnerable code not present)
+ NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
CVE-2008-1514 (ptrace in Linux kernel 2.6.9 on Fedora 7 and 8 allows local users to ...)
TODO: check
NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24 here
@@ -677,14 +682,9 @@
CVE-2008-1502 (The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...)
- egroupware 1.4.002.dfsg-2.1 (bug #471839)
- wordpress 2.5.0-1
-CVE-2008-XXXX [OTRS osa-2008-01]
- - otrs2 2.2.5-2
- [etch] - otrs2 <not-affected> (Vulnerable code not present)
- [etch] - otrs <not-affected> (Vulnerable code not present)
- [sarge] - otrs <not-affected> (Vulnerable code not present)
- NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
CVE-2008-1391 (Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, ...)
- TODO: check
+ - kfreebsd-6 <unfixed>
+ - kfreebsd-7 <unfixed>
CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before ...)
- asterisk <unfixed> (low)
[etch] - asterisk <not-affected> (Only 1.4.x affected)
@@ -722,9 +722,9 @@
CVE-2008-1375
RESERVED
CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...)
- TODO: check
+ - cupsys <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
CVE-2008-1373 (Buffer overflow in the gif_read_lzw in CUPS 1.3.6 allows remote ...)
- TODO: check
+ - cupsys 1.3.7-1 (medium)
CVE-2008-1372 (bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to ...)
- bzip2 1.0.5-0.1 (bug #471670)
CVE-2008-1371 (Absolute path traversal vulnerability in install/index.php in Drake ...)
@@ -816,7 +816,7 @@
{DSA-1525-1}
- asterisk 1:1.4.18.1~dfsg-1 (medium)
CVE-2008-1331 (Unspecified vulnerability in OmniPCX Office with Internet Access ...)
- TODO: check
+ NOT-FOR-US: OmniPCX Office
CVE-2008-1330 (Unspecified vulnerability in the Windows client API in Novell ...)
NOT-FOR-US: Novell Groupwise
CVE-2008-1329 (Unspecified vulnerability in the NetBackup service in CA ARCserve ...)
@@ -1231,7 +1231,7 @@
CVE-2008-1157 (Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a ...)
NOT-FOR-US: Cisco IPM
CVE-2008-1156 (Unspecified vulnerability in the Multicast Virtual Private Network ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2008-1155
RESERVED
CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified ...)
@@ -1241,7 +1241,7 @@
CVE-2008-1152 (The data-link switching (DLSw) component in Cisco IOS 12.0 through ...)
NOT-FOR-US: Cisco IOS
CVE-2008-1151 (Memory leak in the virtual private dial-up network (VPDN) component in ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2008-1150 (The virtual private dial-up network (VPDN) component in Cisco IOS ...)
NOT-FOR-US: Cisco IOS
CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters ...)
@@ -1581,27 +1581,27 @@
CVE-2008-1024
RESERVED
CVE-2008-1023 (Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1022 (Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1021 (Heap-based buffer overflow in Animation codec content handling in ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1020 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1019 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1018 (Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1017 (Heap-based buffer overflow in clipping region (aka crgn) atom handling ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1016 (Apple QuickTime before 7.4.5 does not properly handle movie media ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1015 (Buffer overflow in the data reference atom handling in Apple QuickTime ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1014 (Apple QuickTime before 7.4.5 does not properly handle external URLs in ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1013 (Apple QuickTime before 7.4.5 enables deserialization of QTJava objects ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1012 (Unspecified vulnerability in Apple AirPort Extreme Base Station ...)
NOT-FOR-US: Apple AirPort
CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
@@ -1789,7 +1789,7 @@
CVE-2008-0925
RESERVED
CVE-2008-0924 (Stack-based buffer overflow in the DoLBURPRequest function in libnldap ...)
- TODO: check
+ NOT-FOR-US: Novell eDirectory
CVE-2008-0923 (Directory traversal vulnerability in the Shared Folders feature for ...)
- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-0922 (SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke ...)
@@ -1864,7 +1864,10 @@
{DSA-1522-1}
- unzip 5.52-11
CVE-2008-0887 (gnome-screensaver before 2.22.1, when a remote authentication server ...)
- TODO: check
+ - gnome-screensaver <unfixed> (low; bug #475154)
+ NOTE: dup of CVE-2008-1683
+ NOTE: the description seems wrong, this does not affect xscreensaver
+ NOTE: contacted mitre to update description
CVE-2008-0886
REJECTED
CVE-2008-0885
More information about the Secure-testing-commits
mailing list