[Secure-testing-commits] r8584 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Sun Apr 20 16:03:46 UTC 2008


Author: nion
Date: 2008-04-20 16:03:45 +0000 (Sun, 20 Apr 2008)
New Revision: 8584

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-1834 fixed in swfdec0.6, unfixed in swfdec0.5
CVE-2008-1878 bug filed
CVE-2008-1796 fixed in comix 3.6.4-1.1 (unimportant)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-04-20 14:13:44 UTC (rev 8583)
+++ data/CVE/list	2008-04-20 16:03:45 UTC (rev 8584)
@@ -79,7 +79,8 @@
 CVE-2008-1836 (The rfc2231 function in message.c in libclamav in ClamAV before 0.93 ...)
 	- clamav <not-affected> (Vulnerable code introduced later, checked back with upstream)
 CVE-2008-1834 (swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict ...)
-	TODO: check
+	- swfdec0.6 0.6.4-1 (low)
+	- swfdec0.5 <unfixed> (low; bug #477037)
 CVE-2008-1833 (Heap-based buffer overflow in libclamav in ClamAV 0.92.1 allows remote ...)
 	- clamav 0.92.1~dfsg2-1.1 (medium; bug #476694)
 CVE-2007-6713 (Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown ...)
@@ -87,7 +88,7 @@
 CVE-2007-6714 [dbmail auth bypass]
 	- dbmail 2.2.9
 CVE-2008-1878 [nsf buffer overflow in xine]
-	- xine-lib <unfixed>
+	- xine-lib <unfixed> (medium; bug #476990)
 CVE-2008-XXXX [insecure tmp file handling in aptlinex]
 	- aptlinex 0.91-1 (medium; bug #476588)
 	NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this
@@ -159,43 +160,44 @@
 CVE-2008-1801
 	RESERVED
 CVE-2008-1800 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
-	TODO: check
+	NOT-FOR-US: DivXDB
 CVE-2008-1799 (Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 ...)
-	TODO: check
+	NOT-FOR-US: sabros.us
 CVE-2008-1798 (Directory traversal vulnerability in forum/kietu/libs/calendrier.php ...)
-	TODO: check
+	NOT-FOR-US: Dragoon
 CVE-2008-1797 (Unspecified vulnerability in Secure Computing Webwasher 5.30 before ...)
-	TODO: check
+	NOT-FOR-US: Secure Computing Webwasher
 CVE-2008-1796 (Comix 3.6.4 creates temporary directories with predictable names, ...)
-	TODO: check
+	- comix 3.6.4-1.1 (unimportant)
+	NOTE: only exploitable with insecure umask settings
 CVE-2008-1795 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...)
-	TODO: check
+	NOT-FOR-US: Blackboard Academic Suite
 CVE-2008-1794 (Multiple cross-site scripting (XSS) vulnerabilities in the Webform ...)
-	TODO: check
+	NOT-FOR-US: Webform Drupal module
 CVE-2008-1793 (Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in ...)
-	TODO: check
+	NOT-FOR-US: Smart
 CVE-2008-1792 (Cross-site scripting (XSS) vulnerability in the insertion filter in ...)
-	TODO: check
+	NOT-FOR-US: Flickr Drupal module
 CVE-2008-1791 (SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and ...)
-	TODO: check
+	NOT-FOR-US: My Gaming Ladder
 CVE-2008-1790 (Unrestricted file upload vulnerability in iScripts SocialWare allows ...)
-	TODO: check
+	NOT-FOR-US: iScripts
 CVE-2008-1789 (SQL injection vulnerability in forum.php in Prozilla Forum allows ...)
-	TODO: check
+	NOT-FOR-US: Prozilla Forum
 CVE-2008-1788 (SQL injection vulnerability in directory.php in Prozilla Entertainers ...)
-	TODO: check
+	NOT-FOR-US: Prozilla Entertainers
 CVE-2008-1787 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
-	TODO: check
+	NOT-FOR-US: Poplar Gedcom Viewer
 CVE-2008-1786 (Unspecified vulnerability in the DSM gui_cm_ctrls ActiveX control ...)
-	TODO: check
+	NOT-FOR-US: CA products
 CVE-2008-1785 (delete.php in Prozilla Top 100 1.2 allows remote authenticated users ...)
-	TODO: check
+	NOT-FOR-US: Prozilla Top 100
 CVE-2008-1784 (Prozilla Topsites 1.0 allows remote attackers to perform ...)
-	TODO: check
+	NOT-FOR-US: Prozilla Topsites
 CVE-2008-1783 (Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users ...)
-	TODO: check
+	NOT-FOR-US: Prozilla Reviews
 CVE-2008-1782 (phpdemo/viewsource.php in Advanced Software Engineering ChartDirector ...)
-	TODO: check
+	NOT-FOR-US: Advanced Software Engineering ChartDirector
 CVE-2008-1837 (libclamunrar in ClamAV before 0.93 allows remote attackers to cause a ...)
 	- clamav <not-affected> (Debian doesn't include libunrar since it's non-free)
 CVE-2008-1835 (ClamAV before 0.93 allows remote attackers to bypass the scanning ...)
@@ -1616,7 +1618,7 @@
 CVE-2008-1156 (Unspecified vulnerability in the Multicast Virtual Private Network ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2008-1155 (Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified ...)
 	NOT-FOR-US: Cisco IOS
 CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the ...)
@@ -1961,7 +1963,7 @@
 CVE-2008-1025 (Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in ...)
 	TODO: check
 CVE-2008-1024 (Apple Safari before 3.1.1, when running on Windows XP or Vista, allows ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2008-1023 (Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2008-1022 (Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows ...)
@@ -2233,9 +2235,9 @@
 CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially ...)
 	NOT-FOR-US: Apple Safari
 CVE-2008-0893 (Red Hat Administration Server, as used by Red Hat Directory Server 8.0 ...)
-	TODO: check
+	NOT-FOR-US: Red Hat Administration Server
 CVE-2008-0892 (The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat ...)
-	TODO: check
+	NOT-FOR-US: Red Hat Administration Server
 CVE-2008-0891
 	RESERVED
 CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure permissions for ...)




More information about the Secure-testing-commits mailing list