[Secure-testing-commits] r8584 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Sun Apr 20 16:03:46 UTC 2008
Author: nion
Date: 2008-04-20 16:03:45 +0000 (Sun, 20 Apr 2008)
New Revision: 8584
Modified:
data/CVE/list
Log:
NFUs
CVE-2008-1834 fixed in swfdec0.6, unfixed in swfdec0.5
CVE-2008-1878 bug filed
CVE-2008-1796 fixed in comix 3.6.4-1.1 (unimportant)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-04-20 14:13:44 UTC (rev 8583)
+++ data/CVE/list 2008-04-20 16:03:45 UTC (rev 8584)
@@ -79,7 +79,8 @@
CVE-2008-1836 (The rfc2231 function in message.c in libclamav in ClamAV before 0.93 ...)
- clamav <not-affected> (Vulnerable code introduced later, checked back with upstream)
CVE-2008-1834 (swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict ...)
- TODO: check
+ - swfdec0.6 0.6.4-1 (low)
+ - swfdec0.5 <unfixed> (low; bug #477037)
CVE-2008-1833 (Heap-based buffer overflow in libclamav in ClamAV 0.92.1 allows remote ...)
- clamav 0.92.1~dfsg2-1.1 (medium; bug #476694)
CVE-2007-6713 (Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown ...)
@@ -87,7 +88,7 @@
CVE-2007-6714 [dbmail auth bypass]
- dbmail 2.2.9
CVE-2008-1878 [nsf buffer overflow in xine]
- - xine-lib <unfixed>
+ - xine-lib <unfixed> (medium; bug #476990)
CVE-2008-XXXX [insecure tmp file handling in aptlinex]
- aptlinex 0.91-1 (medium; bug #476588)
NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this
@@ -159,43 +160,44 @@
CVE-2008-1801
RESERVED
CVE-2008-1800 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: DivXDB
CVE-2008-1799 (Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 ...)
- TODO: check
+ NOT-FOR-US: sabros.us
CVE-2008-1798 (Directory traversal vulnerability in forum/kietu/libs/calendrier.php ...)
- TODO: check
+ NOT-FOR-US: Dragoon
CVE-2008-1797 (Unspecified vulnerability in Secure Computing Webwasher 5.30 before ...)
- TODO: check
+ NOT-FOR-US: Secure Computing Webwasher
CVE-2008-1796 (Comix 3.6.4 creates temporary directories with predictable names, ...)
- TODO: check
+ - comix 3.6.4-1.1 (unimportant)
+ NOTE: only exploitable with insecure umask settings
CVE-2008-1795 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...)
- TODO: check
+ NOT-FOR-US: Blackboard Academic Suite
CVE-2008-1794 (Multiple cross-site scripting (XSS) vulnerabilities in the Webform ...)
- TODO: check
+ NOT-FOR-US: Webform Drupal module
CVE-2008-1793 (Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in ...)
- TODO: check
+ NOT-FOR-US: Smart
CVE-2008-1792 (Cross-site scripting (XSS) vulnerability in the insertion filter in ...)
- TODO: check
+ NOT-FOR-US: Flickr Drupal module
CVE-2008-1791 (SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and ...)
- TODO: check
+ NOT-FOR-US: My Gaming Ladder
CVE-2008-1790 (Unrestricted file upload vulnerability in iScripts SocialWare allows ...)
- TODO: check
+ NOT-FOR-US: iScripts
CVE-2008-1789 (SQL injection vulnerability in forum.php in Prozilla Forum allows ...)
- TODO: check
+ NOT-FOR-US: Prozilla Forum
CVE-2008-1788 (SQL injection vulnerability in directory.php in Prozilla Entertainers ...)
- TODO: check
+ NOT-FOR-US: Prozilla Entertainers
CVE-2008-1787 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
- TODO: check
+ NOT-FOR-US: Poplar Gedcom Viewer
CVE-2008-1786 (Unspecified vulnerability in the DSM gui_cm_ctrls ActiveX control ...)
- TODO: check
+ NOT-FOR-US: CA products
CVE-2008-1785 (delete.php in Prozilla Top 100 1.2 allows remote authenticated users ...)
- TODO: check
+ NOT-FOR-US: Prozilla Top 100
CVE-2008-1784 (Prozilla Topsites 1.0 allows remote attackers to perform ...)
- TODO: check
+ NOT-FOR-US: Prozilla Topsites
CVE-2008-1783 (Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users ...)
- TODO: check
+ NOT-FOR-US: Prozilla Reviews
CVE-2008-1782 (phpdemo/viewsource.php in Advanced Software Engineering ChartDirector ...)
- TODO: check
+ NOT-FOR-US: Advanced Software Engineering ChartDirector
CVE-2008-1837 (libclamunrar in ClamAV before 0.93 allows remote attackers to cause a ...)
- clamav <not-affected> (Debian doesn't include libunrar since it's non-free)
CVE-2008-1835 (ClamAV before 0.93 allows remote attackers to bypass the scanning ...)
@@ -1616,7 +1618,7 @@
CVE-2008-1156 (Unspecified vulnerability in the Multicast Virtual Private Network ...)
NOT-FOR-US: Cisco IOS
CVE-2008-1155 (Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified ...)
NOT-FOR-US: Cisco IOS
CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the ...)
@@ -1961,7 +1963,7 @@
CVE-2008-1025 (Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in ...)
TODO: check
CVE-2008-1024 (Apple Safari before 3.1.1, when running on Windows XP or Vista, allows ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2008-1023 (Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime ...)
NOT-FOR-US: Apple QuickTime
CVE-2008-1022 (Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows ...)
@@ -2233,9 +2235,9 @@
CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially ...)
NOT-FOR-US: Apple Safari
CVE-2008-0893 (Red Hat Administration Server, as used by Red Hat Directory Server 8.0 ...)
- TODO: check
+ NOT-FOR-US: Red Hat Administration Server
CVE-2008-0892 (The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat ...)
- TODO: check
+ NOT-FOR-US: Red Hat Administration Server
CVE-2008-0891
RESERVED
CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure permissions for ...)
More information about the Secure-testing-commits
mailing list