[Secure-testing-commits] r9618 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Thu Aug 21 21:14:10 UTC 2008
Author: joeyh
Date: 2008-08-21 21:14:08 +0000 (Thu, 21 Aug 2008)
New Revision: 9618
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-08-21 16:40:53 UTC (rev 9617)
+++ data/CVE/list 2008-08-21 21:14:08 UTC (rev 9618)
@@ -1,25 +1,187 @@
-CVE-2008-3699 [insecure tmp file usage in amarok]
+CVE-2008-3747
+ RESERVED
+CVE-2008-3746
+ RESERVED
+CVE-2008-3739
+ RESERVED
+CVE-2008-3738
+ RESERVED
+CVE-2008-3737
+ RESERVED
+CVE-2008-3736
+ RESERVED
+CVE-2008-3735 (Cross-site scripting (XSS) vulnerability in index.php in PHPizabi ...)
+ TODO: check
+CVE-2008-3734 (Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and ...)
+ TODO: check
+CVE-2008-3733 (Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote ...)
+ TODO: check
+CVE-2008-3732 (Integer overflow in the Open function in modules/demux/tta.c in VLC ...)
+ TODO: check
+CVE-2008-3731 (Unspecified vulnerability in Serv-U File Server 7.x before 7.2.0.1 ...)
+ TODO: check
+CVE-2008-3730 (Cross-site scripting (XSS) vulnerability in Nordicwind Document ...)
+ TODO: check
+CVE-2008-3729 (Web Based Administration in MicroWorld Technologies MailScan 5.6.a ...)
+ TODO: check
+CVE-2008-3728 (Web Based Administration in MicroWorld Technologies MailScan 5.6.a ...)
+ TODO: check
+CVE-2008-3727 (Directory traversal vulnerability in Web Based Administration in ...)
+ TODO: check
+CVE-2008-3726 (Cross-site scripting (XSS) vulnerability in Web Based Administration ...)
+ TODO: check
+CVE-2008-3725 (SQL injection vulnerability in trr.php in YourFreeWorld Ad Board ...)
+ TODO: check
+CVE-2008-3724 (SQL injection vulnerability in index.php in Papoo before 3.7.2 allows ...)
+ TODO: check
+CVE-2008-3723 (Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 ...)
+ TODO: check
+CVE-2008-3722 (SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows ...)
+ TODO: check
+CVE-2008-3721 (PHP remote file inclusion vulnerability in user_language.php in DeeEmm ...)
+ TODO: check
+CVE-2008-3720 (SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 ...)
+ TODO: check
+CVE-2008-3719 (SQL injection vulnerability in directory.php in SFS Affiliate ...)
+ TODO: check
+CVE-2008-3718 (Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote ...)
+ TODO: check
+CVE-2008-3717 (Harmoni before 1.6.0 does not require administrative privileges to ...)
+ TODO: check
+CVE-2008-3716 (Cross-site request forgery (CSRF) vulnerability in Harmoni before ...)
+ TODO: check
+CVE-2008-3715 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-3714 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 ...)
+ TODO: check
+CVE-2008-3713 (SQL injection vulnerability in product.php in PHPBasket allows remote ...)
+ TODO: check
+CVE-2008-3712 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and ...)
+ TODO: check
+CVE-2008-3711 (SQL injection vulnerability in index.php in PHPArcadeScript (PHP ...)
+ TODO: check
+CVE-2008-3710 (Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 ...)
+ TODO: check
+CVE-2008-3709 (Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP ...)
+ TODO: check
+CVE-2008-3708 (Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow ...)
+ TODO: check
+CVE-2008-3707 (Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP ...)
+ TODO: check
+CVE-2008-3706 (SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 ...)
+ TODO: check
+CVE-2008-3705 (Stack-based buffer overflow in the CLogger::WriteFormated function in ...)
+ TODO: check
+CVE-2008-3704 (Stack-based buffer overflow in the MaskedEdit ActiveX control in ...)
+ TODO: check
+CVE-2008-3703 (The management console in the Volume Manager Scheduler Service (aka ...)
+ TODO: check
+CVE-2008-3702 (Multiple stack-based buffer overflows in the Animation GIF ActiveX ...)
+ TODO: check
+CVE-2008-3701 (SQL injection vulnerability in staff/index.php in Kayako SupportSuite ...)
+ TODO: check
+CVE-2008-3700 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...)
+ TODO: check
+CVE-2008-3698
+ RESERVED
+CVE-2008-3697
+ RESERVED
+CVE-2008-3696
+ RESERVED
+CVE-2008-3695
+ RESERVED
+CVE-2008-3694
+ RESERVED
+CVE-2008-3693
+ RESERVED
+CVE-2008-3692
+ RESERVED
+CVE-2008-3691
+ RESERVED
+CVE-2008-3690
+ RESERVED
+CVE-2008-3689
+ RESERVED
+CVE-2008-3688 (sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote ...)
+ TODO: check
+CVE-2008-3687 (Heap-based buffer overflow in the flask_security_label function in Xen ...)
+ TODO: check
+CVE-2008-3686 (The rt6_fill_node function in Linux kernel 2.6.26-rc4, 2.6.26.2, and ...)
+ TODO: check
+CVE-2008-3685
+ RESERVED
+CVE-2008-3684
+ RESERVED
+CVE-2008-3683 (Unspecified vulnerability in the FTP subsystem in Sun Java System Web ...)
+ TODO: check
+CVE-2008-3682 (SQL injection vulnerability in dpage.php in YPN PHP Realty allows ...)
+ TODO: check
+CVE-2008-3681 (components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does ...)
+ TODO: check
+CVE-2008-3680 (The decryption function in Flagship Industries Ventrilo 3.0.2 and ...)
+ TODO: check
+CVE-2008-3679 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2008-3678 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in ...)
+ TODO: check
+CVE-2008-3677 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2008-3676 (Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 ...)
+ TODO: check
+CVE-2008-3675 (Directory traversal vulnerability in classes/imgsize.php in Gelato ...)
+ TODO: check
+CVE-2008-3674 (SQL injection vulnerability in ugroups.php in PozScripts TubeGuru ...)
+ TODO: check
+CVE-2008-3673 (SQL injection vulnerability in browsecats.php in PozScripts Classified ...)
+ TODO: check
+CVE-2008-3672 (SQL injection vulnerability in showcategory.php in PozScripts ...)
+ TODO: check
+CVE-2008-3671 (Acronis True Image Echo Server 9.x build 8072 on Linux does not ...)
+ TODO: check
+CVE-2008-3670 (SQL injection vulnerability in authordetail.php in Article Friendly ...)
+ TODO: check
+CVE-2008-3669 (SQL injection vulnerability in comments.php in ZeeScripts Reviews ...)
+ TODO: check
+CVE-2008-3668 (Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt ...)
+ TODO: check
+CVE-2008-3667 (Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows ...)
+ TODO: check
+CVE-2006-7233 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
+ TODO: check
+CVE-2005-4877 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
+ TODO: check
+CVE-2005-4876 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
+ TODO: check
+CVE-2003-1563 (Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real ...)
+ TODO: check
+CVE-2008-3699 (The MagnatuneBrowser::listDownloadComplete function in ...)
- amarok 1.4.10-1 (low; bug #494765)
CVE-2008-3740 [drupal XSS]
+ RESERVED
{DTSA-156-1}
- drupal5 5.10-1 (low; bug #495122)
TODO: check drupal4.7
CVE-2008-3741 [drupal XSS]
+ RESERVED
{DTSA-156-1}
- drupal5 5.10-1 (low; bug #495122)
TODO: check drupal4.7
CVE-2008-3742 [drupal file uploads via blogApi]
+ RESERVED
{DTSA-156-1}
- drupal5 5.10-1 (medium; bug #495122)
TODO: check drupal4.7
CVE-2008-3743 [drupal CSRF]
+ RESERVED
{DTSA-156-1}
- drupal5 <not-affected> (Vulnerable code not present)
CVE-2008-3744 [drupal CSRF]
+ RESERVED
{DTSA-156-1}
- drupal5 5.10-1 (low; bug #495122)
TODO: check drupal4.7
CVE-2008-3745 [drupal upload module privilege escalation]
+ RESERVED
{DTSA-156-1}
- drupal5 <not-affected> (Vulnerable code only present in 6.x)
CVE-2008-3666 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before ...)
@@ -34,13 +196,13 @@
RESERVED
CVE-2008-3661
RESERVED
-CVE-2008-3660
- RESERVED
-CVE-2008-3659
- RESERVED
-CVE-2008-3658
- RESERVED
-CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, ...)
+CVE-2008-3660 (PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a ...)
+ TODO: check
+CVE-2008-3659 (Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and ...)
+ TODO: check
+CVE-2008-3658 (Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP ...)
+ TODO: check
+CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, ...)
- ruby1.8 <unfixed> (bug #494401)
- ruby1.9 <unfixed> (bug #494402)
NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
@@ -48,7 +210,7 @@
- ruby1.8 <unfixed> (bug #494401)
- ruby1.9 <unfixed> (bug #494402)
NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
-CVE-2008-3655 (Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through ...)
+CVE-2008-3655 (Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through ...)
- ruby1.8 <unfixed> (bug #494401)
- ruby1.9 <unfixed> (bug #494402)
NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
@@ -300,8 +462,7 @@
- linux-2.6 2.6.26-2
CVE-2008-3534 (The shmem_delete_inode function in mm/shmem.c in the tmpfs ...)
- linux-2.6 2.6.26-2
-CVE-2008-3533 [yelp format string]
- RESERVED
+CVE-2008-3533 (Format string vulnerability in the window_error function in ...)
{DTSA-154-1}
- yelp 2.22.1-4 (low)
CVE-2008-3531
@@ -338,7 +499,7 @@
NOT-FOR-US: Adobe Presenter
CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...)
NOT-FOR-US: Adobe Presenter
-CVE-2008-3514 (Unspecified vulnerability in VMware VirtualCenter 2.5 before Update 2 ...)
+CVE-2008-3514 (VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 ...)
NOT-FOR-US: VMware VirtualCenter
CVE-2008-3513 (SQL injection vulnerability in the Book Catalog module 1.0 for ...)
NOT-FOR-US: PHP-Nuke
@@ -456,7 +617,7 @@
RESERVED
CVE-2008-3461
RESERVED
-CVE-2008-3460 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
+CVE-2008-3460 (WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; ...)
NOT-FOR-US: Microsoft Office 2000
CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...)
- openvpn 2.1~rc9-1 (low; bug #493488)
@@ -492,13 +653,13 @@
CVE-2008-3444 (The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows ...)
- iceweasel <unfixed> (unimportant)
NOTE: browser dos not treated as security issues
-CVE-2008-3443
- RESERVED
+CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, ...)
+ TODO: check
CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of ...)
NOT-FOR-US: WinZip
CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the authenticity ...)
NOT-FOR-US: Nullsoft Winamp
-CVE-2008-3440 (Sun Java before 1.6.0_03 does not properly verify the authenticity of ...)
+CVE-2008-3440 (Sun Java 1.6.0_03 and earlier versions, and possibly later versions, ...)
TODO: check
CVE-2008-3439 (SpeedBit Video Acceleration before 2.2.1.8 does not properly verify ...)
NOT-FOR-US: SpeedBit Video Acceleration
@@ -520,7 +681,8 @@
NOT-FOR-US: Eyeball MessengerSDK
CVE-2008-3428 (Session fixation vulnerability in phpFreeChat 1.1 allows remote ...)
NOT-FOR-US: phpFreeChat
-CVE-2008-3427 (Multiple SQL injection vulnerabilities in Möbius for Mimsy XG 1.4.4.1 ...)
+CVE-2008-3427
+ REJECTED
NOT-FOR-US: Moebius for Mimsy XG
CVE-2008-3426 (Unspecified vulnerability in the Solaris Platform Information and ...)
NOT-FOR-US: Solaris
@@ -550,7 +712,7 @@
- openttd 0.6.2-1 (medium; bug #493714)
CVE-2008-3421 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: Blackboard Academic Suite
-CVE-2008-3420 (Multiple SQL injection vulnerabilities in Mobius Web Publishing ...)
+CVE-2008-3420 (Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 ...)
NOT-FOR-US: Mobius Web Publishing Software
CVE-2008-3419 (SQL injection vulnerability in ugroups.php in Youtuber Clone allows ...)
NOT-FOR-US: Youtuber Clone
@@ -721,8 +883,8 @@
CVE-2008-3429 (Buffer overflow in URI processing in HTTrack and WinHTTrack before ...)
{DSA-1626-1}
- httrack 3.42.3-1 (low)
-CVE-2008-3338
- RESERVED
+CVE-2008-3338 (Multiple buffer overflows in TIBCO Hawk (1) AMI C library ...)
+ TODO: check
CVE-2008-3337 (PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, ...)
{DSA-1628-1}
- pdns 2.9.21.1-1 (low)
@@ -744,8 +906,8 @@
- links2 2.1pre37-1.1 (low; bug #492744)
CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in Trac ...)
- trac 0.11-1
-CVE-2008-3324
- RESERVED
+CVE-2008-3324 (The PartyGaming PartyPoker client program 121/120 does not properly ...)
+ TODO: check
CVE-2008-3323 (setup.exe before 2.573.2.3 in Cygwin does not properly verify the ...)
NOT-FOR-US: Cygwin
CVE-2008-3322 (admin/index.php in Maian Recipe 1.2 and earlier allows remote ...)
@@ -843,9 +1005,10 @@
RESERVED
CVE-2008-3277
RESERVED
-CVE-2008-3276
- RESERVED
+CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in ...)
+ TODO: check
CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in ...)
+ {DSA-1630-1}
- linux-2.6.24 <unfixed>
- linux-2.6 <unfixed>
NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77
@@ -854,13 +1017,14 @@
CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before ...)
TODO: check
CVE-2008-3272 (The snd_seq_oss_synth_make_info function in ...)
+ {DSA-1630-1}
- linux-2.6.24 <unfixed>
- linux-2.6 <unfixed>
NOTE: 82e68f7ffec3800425f2391c8c86277606860442
CVE-2008-3271
RESERVED
-CVE-2008-3270
- RESERVED
+CVE-2008-3270 (yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify ...)
+ TODO: check
CVE-2008-3269 (WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full ...)
NOT-FOR-US: WinRemotePC
CVE-2008-3268 (Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when ...)
@@ -1480,11 +1644,11 @@
RESERVED
CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 ...)
NOT-FOR-US: Microsoft Office Excel
-CVE-2008-3005 (Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 ...)
+CVE-2008-3005 (Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 ...)
NOT-FOR-US: Microsoft Office Excel
CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; ...)
NOT-FOR-US: Microsoft Office Excel
-CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1, does not properly delete the ...)
+CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1 does not properly delete the ...)
NOT-FOR-US: Microsoft Office Excel
CVE-2008-3002
RESERVED
@@ -1589,22 +1753,20 @@
- linux-2.6.24 <unfixed>
CVE-2008-2943 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 ...)
NOT-FOR-US: IBM Tivoli Directory Server
-CVE-2008-2941
- RESERVED
-CVE-2008-2940
- RESERVED
+CVE-2008-2941 (The hpssd message parser in hpssd.py in HP Linux Imaging and Printing ...)
+ TODO: check
+CVE-2008-2940 (The alert-mailing implementation in HP Linux Imaging and Printing ...)
+ TODO: check
CVE-2008-2939 (Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the ...)
- apache2 2.2.9-7 (low)
[etch] - apache2 <no-dsa> (minor issue)
- apache <not-affected> (vulnerable code not present)
-CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 6.0.0 through ...)
+CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 4.1.0 through ...)
TODO: check
-CVE-2008-2937 [postfix delivers to mailbox that is not owned by the recipient]
- RESERVED
+CVE-2008-2937 (Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a ...)
- postfix 2.5.4-1 (low)
[etch] - postfix <no-dsa> (minor issue)
-CVE-2008-2936 [postfix hardlink to symlink priv esc]
- RESERVED
+CVE-2008-2936 (Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 ...)
{DSA-1629-2 DSA-1629-1 DTSA-155-1}
- postfix 2.5.4-1
CVE-2008-2935 (Multiple heap-based buffer overflows in the rc4 (1) encryption (aka ...)
@@ -1619,6 +1781,7 @@
CVE-2008-2932
RESERVED
CVE-2008-2931 (The do_change_type function in fs/namespace.c in the Linux kernel ...)
+ {DSA-1630-1}
- linux-2.6 2.6.22
NOTE: ee6f958291e2a768fd727e7a67badfff0b67711a
CVE-2008-2930
@@ -1889,6 +2052,7 @@
NOTE: the fix sent to t-s and unstable does not seem possible in etch due to
NOTE: missing api features from the version of libc-client in etch.
CVE-2008-2826 (Integer overflow in the sctp_getsockopt_local_addrs_old function in ...)
+ {DSA-1630-1}
- linux-2.6 2.6.25-6 (low)
- linux-2.6.24 2.6.24-6~etchnhalf.4 (low)
NOTE: 735ce972fbc8a65fb17788debd7bbe7b4383cc62, present in 2.6.25.9
@@ -1919,6 +2083,7 @@
CVE-2008-2813 (Directory traversal vulnerability in index.php in WallCity-Server ...)
NOT-FOR-US: WallCity-Server
CVE-2008-2812 (The Linux kernel before 2.6.25.10 does not properly perform tty ...)
+ {DSA-1630-1}
- linux-2.6 2.6.25-7
- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before 2.0.0.15, ...)
@@ -2138,7 +2303,7 @@
CVE-2008-2738
RESERVED
CVE-2008-2737
- RESERVED
+ REJECTED
CVE-2008-2736
RESERVED
CVE-2008-2735
@@ -2154,6 +2319,7 @@
CVE-2008-2730 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...)
NOT-FOR-US: cisco
CVE-2008-2729 (arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some ...)
+ {DSA-1630-1}
- linux-2.6 2.6.19-1
NOTE: 3022d734a54cbd2b65eea9a024564821101b4a9a
CVE-2008-2728
@@ -2929,8 +3095,8 @@
- pcre3 7.6-2.1 (medium; bug #488919)
CVE-2008-2370 (Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 ...)
- tomcat5.5 <unfixed> (bug #494504)
-CVE-2008-2369
- RESERVED
+CVE-2008-2369 (manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a ...)
+ TODO: check
CVE-2008-2368
RESERVED
CVE-2008-2367
@@ -3175,7 +3341,7 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2255 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2008-2254 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
+CVE-2008-2254 (Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2253
RESERVED
@@ -3193,7 +3359,7 @@
NOT-FOR-US: Exchange Server
CVE-2008-2246 (Microsoft Windows Vista through SP1 and Server 2008 do not properly ...)
NOT-FOR-US: Microsoft Windows Vista
-CVE-2008-2245 (Heap-based buffer overflow in Microsoft Windows Image Color Management ...)
+CVE-2008-2245 (Heap-based buffer overflow in the InternalOpenColorProfile function in ...)
NOT-FOR-US: Microsoft Windows Image Color Management System (MSCMS)
CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Office Word
@@ -3217,10 +3383,10 @@
{DSA-1627-1}
- opensc 0.11.4-4
NOTE: http://www.opensc-project.org/security.html
-CVE-2008-2234
- RESERVED
-CVE-2008-2233
- RESERVED
+CVE-2008-2234 (Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow remote ...)
+ TODO: check
+CVE-2008-2233 (The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, ...)
+ TODO: check
CVE-2008-2232 (The expand_template function in afuse.c in afuse 0.2 allows local ...)
{DSA-1611-1 DTSA-149-1}
- afuse 0.2-3 (bug #490921; medium)
@@ -4550,8 +4716,8 @@
- linux-2.6 2.6.25-2 (low)
- linux-2.6.24 2.6.24-6~etchnhalf.2
NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2
-CVE-2008-1668
- RESERVED
+CVE-2008-1668 (Unspecified vulnerability in ftpd (aka wu-ftpd 2.4.x) in HP-UX B.11.11 ...)
+ TODO: check
CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European ...)
NOT-FOR-US: Probe Builder 2.2
CVE-2008-1666 (Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, ...)
@@ -6257,9 +6423,9 @@
NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-0966
RESERVED
-CVE-2008-0965 (Unspecified vulnerability in snoop on Sun Solaris 8 through 10 and ...)
+CVE-2008-0965 (Multiple format string vulnerabilities in snoop on Sun Solaris 8 ...)
NOT-FOR-US: Sun Solaris and OpenSolaris
-CVE-2008-0964 (Unspecified vulnerability in snoop on Sun Solaris 8 through 10 and ...)
+CVE-2008-0964 (Multiple stack-based buffer overflows in snoop on Sun Solaris 8 ...)
NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 ...)
NOT-FOR-US: EMC DiskXtender
@@ -7064,6 +7230,7 @@
[etch] - php5 <not-affected> (Vulnerable code not yet present)
[etch] - php4 <not-affected> (Vulnerable code not yet present)
CVE-2008-0598 (Unspecified vulnerability in the 32-bit and 64-bit emulation in the ...)
+ {DSA-1630-1}
- linux-2.6 <unfixed> (bug #490910)
- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly other ...)
@@ -8272,7 +8439,7 @@
NOTE: libbind9 is distinct code, not related to the old libbind.
CVE-2008-0121 (A "memory calculation error" in Microsoft PowerPoint Viewer 2003 ...)
NOT-FOR-US: Microsoft PowerPoint Viewer
-CVE-2008-0120 (A "memory allocation error" in Microsoft PowerPoint Viewer 2003 allows ...)
+CVE-2008-0120 (Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote ...)
NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0119 (Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP ...)
NOT-FOR-US: Microsoft Publisher
@@ -9438,6 +9605,7 @@
CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key ...)
- bind9 <not-affected> (On Debian this file is rw for user bind and just readable for group bind)
CVE-2007-6282 (The IPsec implementation in Linux kernel before 2.6.25 allows remote ...)
+ {DSA-1630-1}
- linux-2.6 2.6.25-1
- linux-2.6.24 2.6.24-6~etchnhalf.4
NOTE: Upstream commit 920fc941a9617f95ccb283037fe6f8a38d95bb69
@@ -18441,7 +18609,7 @@
NOT-FOR-US: DOMjudge
CVE-2007-2976 (Centrinity FirstClass 8.3 and earlier, and Server and Internet ...)
NOT-FOR-US: Centrinity
-CVE-2007-2975 (Unspecified vulnerability in the built-in admin console in Ignite ...)
+CVE-2007-2975 (The admin console in Ignite Realtime Openfire 3.3.0 and earlier ...)
NOT-FOR-US: Ignite Realtime
CVE-2007-2974 (Buffer overflow in the file parsing engine in Avira Antivir Antivirus ...)
NOT-FOR-US: Avira Antivirus
More information about the Secure-testing-commits
mailing list