[Secure-testing-commits] r10734 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Fri Dec 19 21:14:11 UTC 2008
Author: joeyh
Date: 2008-12-19 21:14:10 +0000 (Fri, 19 Dec 2008)
New Revision: 10734
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-12-19 13:48:17 UTC (rev 10733)
+++ data/CVE/list 2008-12-19 21:14:10 UTC (rev 10734)
@@ -1,3 +1,183 @@
+CVE-2008-5678 (Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote ...)
+ TODO: check
+CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and ...)
+ TODO: check
+CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka ...)
+ TODO: check
+CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 ...)
+ TODO: check
+CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet Network ...)
+ TODO: check
+CVE-2008-5673 (PHParanoid before 0.4 does not properly restrict access to the members ...)
+ TODO: check
+CVE-2008-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+ TODO: check
+CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...)
+ TODO: check
+CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password ...)
+ TODO: check
+CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka Txp CMS) ...)
+ TODO: check
+CVE-2008-5668 (Multiple cross-site scripting (XSS) vulnerabilities in Textpattern ...)
+ TODO: check
+CVE-2008-5667 (The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x ...)
+ TODO: check
+CVE-2008-5666 (WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows ...)
+ TODO: check
+CVE-2008-5665 (SQL injection vulnerability in index.php in the xhresim module in ...)
+ TODO: check
+CVE-2008-5664 (Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound ...)
+ TODO: check
+CVE-2008-5663 (Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and ...)
+ TODO: check
+CVE-2008-5662 (Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC ...)
+ TODO: check
+CVE-2008-5661 (The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 ...)
+ TODO: check
+CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error function ...)
+ TODO: check
+CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and ...)
+ TODO: check
+CVE-2008-5658 (Directory traversal vulnerability in the ZipArchive::extractTo ...)
+ TODO: check
+CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows ...)
+ TODO: check
+CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin for ...)
+ TODO: check
+CVE-2008-5655 (Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 ...)
+ TODO: check
+CVE-2008-5654 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
+ TODO: check
+CVE-2008-5653 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
+ TODO: check
+CVE-2008-5652 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
+ TODO: check
+CVE-2008-5651 (SQL injection vulnerability in ...)
+ TODO: check
+CVE-2008-5650 (SQL injection vulnerability in the login directory in AlstraSoft Web ...)
+ TODO: check
+CVE-2008-5649 (SQL injection vulnerability in admin/admin.php in AlstraSoft Article ...)
+ TODO: check
+CVE-2008-5648 (SQL injection vulnerability in admin/login.php in DeltaScripts PHP ...)
+ TODO: check
+CVE-2008-5647 (Unspecified vulnerability in the HTML sanitizer filter in Trac before ...)
+ TODO: check
+CVE-2008-5646 (Unspecified vulnerability in Trac before 0.11.2 allows attackers to ...)
+ TODO: check
+CVE-2008-5645 (Directory traversal vulnerability in the media server in Orb Networks ...)
+ TODO: check
+CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend module in ...)
+ TODO: check
+CVE-2008-5643 (SQL injection vulnerability in the Books (com_books) component for ...)
+ TODO: check
+CVE-2008-5642 (Directory traversal vulnerability in admin/login.php in CMS Made ...)
+ TODO: check
+CVE-2008-5641 (SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 ...)
+ TODO: check
+CVE-2008-5640 (SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 ...)
+ TODO: check
+CVE-2008-5639 (Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha ...)
+ TODO: check
+CVE-2008-5638 (Multiple SQL injection vulnerabilities in Active Price Comparison 4 ...)
+ TODO: check
+CVE-2008-5637 (SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows ...)
+ TODO: check
+CVE-2008-5636 (SQL injection vulnerability in cate.php in Lito Lite CMS, when ...)
+ TODO: check
+CVE-2008-5635 (SQL injection vulnerability in account.asp in Active Membership 2.0 ...)
+ TODO: check
+CVE-2008-5634 (SQL injection vulnerability in account.asp in Active Force Matrix 2.0 ...)
+ TODO: check
+CVE-2008-5633 (SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows ...)
+ TODO: check
+CVE-2008-5632 (SQL injection vulnerability in Account.asp in Active Time Billing 3.2 ...)
+ TODO: check
+CVE-2008-5631 (SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows ...)
+ TODO: check
+CVE-2008-5630 (SQL injection vulnerability in merchants/index.php in Post Affiliate ...)
+ TODO: check
+CVE-2008-5629 (SQL injection vulnerability in index.php in Turnkey Arcade Script ...)
+ TODO: check
+CVE-2008-5628 (SQL injection vulnerability in index.php in CMS little 0.0.1 allows ...)
+ TODO: check
+CVE-2008-5627 (SQL injection vulnerability in account.asp in Active Trade 2 allows ...)
+ TODO: check
+CVE-2008-5626 (XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to ...)
+ TODO: check
+CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...)
+ TODO: check
+CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and ...)
+ TODO: check
+CVE-2008-5623
+ RESERVED
+CVE-2008-5620 (RoundCube Webmail (roundcubemail) before 0.2-beta allows remote ...)
+ TODO: check
+CVE-2008-5618 (imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 ...)
+ TODO: check
+CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does ...)
+ TODO: check
+CVE-2008-5615
+ RESERVED
+CVE-2008-5614
+ RESERVED
+CVE-2008-5613
+ RESERVED
+CVE-2008-5612
+ RESERVED
+CVE-2008-5611
+ RESERVED
+CVE-2008-5610
+ RESERVED
+CVE-2008-5609 (SQL injection vulnerability in the Commerce extension 0.9.6 and ...)
+ TODO: check
+CVE-2008-5608 (ASP AutoDealer stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2008-5607 (SQL injection vulnerability in the JMovies (aka JM or com_jmovies) ...)
+ TODO: check
+CVE-2008-5606 (Gazatem QMail Mailing List Manager 1.2 stores sensitive information ...)
+ TODO: check
+CVE-2008-5605 (Multiple SQL injection vulnerabilities in ASP Portal allow remote ...)
+ TODO: check
+CVE-2008-5604 (Directory traversal vulnerability in index.php in My Simple Forum 3.0 ...)
+ TODO: check
+CVE-2008-5603 (ASPTicker 1.0 stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2008-5602 (Natterchat 1.12 stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2008-5601 (User Engine Lite ASP stores sensitive information under the web root ...)
+ TODO: check
+CVE-2008-5600 (Merlix Teamworx Server stores sensitive information under the web root ...)
+ TODO: check
+CVE-2008-5599 (SQL injection vulnerability in default.asp in Merlix Teamworx Server ...)
+ TODO: check
+CVE-2008-5598 (Directory traversal vulnerability in index.php in PHPmyGallery 1.51 ...)
+ TODO: check
+CVE-2008-5597 (Cold BBS stores sensitive information under the web root with ...)
+ TODO: check
+CVE-2008-5596 (Ikon AdManager 2.1 and earlier stores sensitive information under the ...)
+ TODO: check
+CVE-2008-5595 (SQL injection vulnerability in detail.asp in ASP AutoDealer allows ...)
+ TODO: check
+CVE-2008-5594 (Multiple directory traversal vulnerabilities in index.php in Mini Blog ...)
+ TODO: check
+CVE-2008-5593 (Multiple directory traversal vulnerabilities in index.php in Mini CMS ...)
+ TODO: check
+CVE-2008-5592 (Nightfall Personal Diary 1.0 stores sensitive information under the ...)
+ TODO: check
+CVE-2008-5591 (Cross-site scripting (XSS) vulnerability in login.asp in Nightfall ...)
+ TODO: check
+CVE-2008-5590 (SQL injection vulnerability in customer.forumtopic.php in Kalptaru ...)
+ TODO: check
+CVE-2008-5589 (SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm ...)
+ TODO: check
+CVE-2008-5588 (SQL injection vulnerability in rankup.asp in Katy Whitton RankEm ...)
+ TODO: check
+CVE-2008-5587 (Directory traversal vulnerability in libraries/lib.inc.php in ...)
+ TODO: check
+CVE-2008-5586 (SQL injection vulnerability in findoffice.php in Check Up New ...)
+ TODO: check
+CVE-2008-5585 (Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 ...)
+ TODO: check
CVE-2008-XXXX [wireshark WLCCP infinite loop]
- wireshark 1.0.5-1 (low; bug #506741)
CVE-2007-XXXX [tdiary XSS]
@@ -85,9 +265,9 @@
RESERVED
CVE-2009-0001
RESERVED
-CVE-2008-5622 [phpMyAdmin PMASA-2008-10 csrf milw0rm]
+CVE-2008-5622 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
- phpmyadmin 4:2.11.8.1-5
-CVE-2008-5621 [phpMyAdmin PMASA-2008-10 csrf]
+CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x ...)
- phpmyadmin 4:2.11.8.1-5
CVE-2008-5584 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 ...)
TODO: check
@@ -141,8 +321,8 @@
TODO: check
CVE-2008-5559 (SQL injection vulnerability in sendcard.cfm in PostEcards allows ...)
TODO: check
-CVE-2008-5558
- RESERVED
+CVE-2008-5558 (Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition ...)
+ TODO: check
CVE-2008-5557
RESERVED
CVE-2008-XXXX [phpBB3 Account Re-activation Security Bypass]
@@ -234,76 +414,65 @@
RESERVED
CVE-2008-5514
RESERVED
-CVE-2008-5513 [XSS vulnerabilities in SessionStore]
- RESERVED
+CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in Mozilla ...)
- iceweasel <unfixed>
-CVE-2008-5512 [XBL bindings issue]
- RESERVED
+CVE-2008-5512 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
- xulrunner <unfixed>
-CVE-2008-5511 [XPCNativeWrappers issue]
- RESERVED
+CVE-2008-5511 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
- xulrunner <unfixed>
-CVE-2008-5510 [Escaped null characters ignored by CSS parser]
- RESERVED
+CVE-2008-5510 (The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
- xulrunner <unfixed>
CVE-2008-5509
RESERVED
-CVE-2008-5508 [Errors parsing URLs with leading whitespace and control characters]
- RESERVED
+CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
- xulrunner <unfixed>
-CVE-2008-5507 [Cross-domain data theft via script redirect error message]
- RESERVED
+CVE-2008-5507 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
- xulrunner <unfixed>
-CVE-2008-5506 [XMLHttpRequest 302 response disclosure]
- RESERVED
+CVE-2008-5506 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
- xulrunner <unfixed>
-CVE-2008-5505 [User tracking via XUL persist attribute]
- RESERVED
+CVE-2008-5505 (Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass ...)
- iceweasel <unfixed>
-CVE-2008-5504
- RESERVED
-CVE-2008-5503
- RESERVED
-CVE-2008-5502
- RESERVED
+CVE-2008-5504 (Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run ...)
+ TODO: check
+CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before ...)
+ TODO: check
+CVE-2008-5502 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...)
- iceweasel 3.0
NOTE: Firefox 3 not affected
- iceape 1.1.10-1
- xulrunner 1.9.0.1-1
- icedove 2.0.0.16-1
-CVE-2008-5501
- RESERVED
+CVE-2008-5501 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...)
- iceweasel 3.0
NOTE: Firefox 3 not affected
- iceape 1.1.10-1
- xulrunner 1.9.0.1-1
- icedove 2.0.0.16-1
-CVE-2008-5500
- RESERVED
+CVE-2008-5500 (The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before ...)
- iceweasel <unfixed>
- icedove <unfixed>
- iceape <unfixed>
- xulrunner <unfixed>
-CVE-2008-5499
- RESERVED
+CVE-2008-5499 (Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, ...)
+ TODO: check
CVE-2008-5498 [segfault and potential security issue in php5's bundled libgd's imagerotate]
RESERVED
- php5 <not-affected> (php5 links to the shared lib)
@@ -333,13 +502,13 @@
NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-5486 (SQL injection vulnerability in admin.php in TurnkeyForms Text Link ...)
NOT-FOR-US: TurnkeyForms Text Link Sales
-CVE-2008-5616 [mplayer buffer overflow in twinvq parsing]
+CVE-2008-5616 (Stack-based buffer overflow in the demux_open_vqf function in ...)
- mplayer 1.0~rc2-19 (low; bug #508803)
CVE-2008-XXXX [axel URL parser buffer overflow]
- axel <unfixed> (low)
[etch] - axel <no-dsa> (Minor issue)
NOTE: http://alioth.debian.org/forum/forum.php?forum_id=2846
-CVE-2008-5619 [roundcube remote code execution via preg_replace in html2text.php]
+CVE-2008-5619 (html2text.php in RoundCube Webmail (roundcubemail) 0.2-1.alpha and ...)
- roundcube 0.1.1-9 (high; bug #508628)
NOTE: According to the bug report, this is being exploited.
- moodle 1.8.2.dfsg-2 (bug #508909)
@@ -1256,8 +1425,7 @@
RESERVED
CVE-2008-5082
RESERVED
-CVE-2008-5081 [avahi daemon DoS through zero source port]
- RESERVED
+CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function ...)
- avahi 0.6.23-3 (bug #508700; low)
CVE-2008-5080 (awstats.pl in AWStats 6.8 and earlier does not properly remove quote ...)
{DSA-1679-1}
@@ -1785,7 +1953,7 @@
RESERVED
CVE-2008-4838
RESERVED
-CVE-2008-4837 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
+CVE-2008-4837 (Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 ...)
NOT-FOR-US: Microsoft Office Word
CVE-2008-4836
RESERVED
@@ -3048,7 +3216,7 @@
RESERVED
CVE-2008-4311 (The default configuration of system.conf in D-Bus (aka DBus) before ...)
- dbus 1.2.8-1 (bug #508032)
-CVE-2008-4310 (httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5 allows remote ...)
+CVE-2008-4310 (httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat ...)
- ruby <not-affected> (bug #508030)
NOTE: Red Hat-specific
CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function in ...)
@@ -3141,7 +3309,7 @@
NOT-FOR-US: Microsoft Office Excel
CVE-2008-4267
RESERVED
-CVE-2008-4266 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel Viewer ...)
+CVE-2008-4266 (Arracy index vulnerability in Microsoft Office Excel 2000 SP3, 2002 ...)
NOT-FOR-US: Microsoft Office Excel
CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft Office Excel
@@ -3151,7 +3319,7 @@
RESERVED
CVE-2008-4262
RESERVED
-CVE-2008-4261 (Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on ...)
+CVE-2008-4261 (Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a deleted ...)
NOT-FOR-US: Microsoft Internet Explorer
@@ -3163,9 +3331,9 @@
RESERVED
CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual ...)
NOT-FOR-US: Microsoft Visual Basic
-CVE-2008-4255 (The Windows Common ActiveX control in Microsoft Visual Basic 6.0, ...)
+CVE-2008-4255 (The Windows Common ActiveX control (mscomct2.ocx) in Microsoft Visual ...)
NOT-FOR-US: Microsoft Visual Basic
-CVE-2008-4254 (The Hierarchical FlexGrid ActiveX control in Microsoft Visual Basic ...)
+CVE-2008-4254 (Multiple integer overflows in the Hierarchical FlexGrid ActiveX ...)
NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4253 (The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual ...)
NOT-FOR-US: Microsoft Visual Basic
@@ -3197,14 +3365,14 @@
RESERVED
CVE-2008-4238
RESERVED
-CVE-2008-4237
- RESERVED
-CVE-2008-4236
- RESERVED
+CVE-2008-4237 (Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies ...)
+ TODO: check
+CVE-2008-4236 (Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows ...)
+ TODO: check
CVE-2008-4235
RESERVED
-CVE-2008-4234
- RESERVED
+CVE-2008-4234 (Incomplete blacklist vulnerability in the Quarantine feature in ...)
+ TODO: check
CVE-2008-4233 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...)
NOT-FOR-US: Apple
CVE-2008-4232 (Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch ...)
@@ -3225,22 +3393,22 @@
CVE-2008-4225 (Integer overflow in the xmlBufferResize function in libxml2 2.7.2 ...)
{DSA-1666-1}
- libxml2 2.6.32.dfsg-5
-CVE-2008-4224
- RESERVED
-CVE-2008-4223
- RESERVED
-CVE-2008-4222
- RESERVED
-CVE-2008-4221
- RESERVED
-CVE-2008-4220
- RESERVED
-CVE-2008-4219
- RESERVED
-CVE-2008-4218
- RESERVED
-CVE-2008-4217
- RESERVED
+CVE-2008-4224 (UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to ...)
+ TODO: check
+CVE-2008-4223 (Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote ...)
+ TODO: check
+CVE-2008-4222 (natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet ...)
+ TODO: check
+CVE-2008-4221 (The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows ...)
+ TODO: check
+CVE-2008-4220 (Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS ...)
+ TODO: check
+CVE-2008-4219 (The kernel in Apple Mac OS X before 10.5.6 allows local users to cause ...)
+ TODO: check
+CVE-2008-4218 (Multiple integer overflows in the kernel in Apple Mac OS X before ...)
+ TODO: check
+CVE-2008-4217 (Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows ...)
+ TODO: check
CVE-2008-4216 (The plug-in interface in WebKit in Apple Safari before 3.2 does not ...)
TODO: check
CVE-2008-4215 (Weblog in Mac OS X Server 10.4.11 does not properly check an error ...)
@@ -3721,11 +3889,11 @@
NOT-FOR-US: Microsoft XML Core
CVE-2008-4028 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
NOT-FOR-US: Microsoft Office Word
-CVE-2008-4027 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
+CVE-2008-4027 (Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, ...)
NOT-FOR-US: Microsoft Office Word
CVE-2008-4026 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
NOT-FOR-US: Microsoft Office Word
-CVE-2008-4025 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
+CVE-2008-4025 (Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 ...)
NOT-FOR-US: Microsoft Office Word
CVE-2008-4024 (Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac ...)
NOT-FOR-US: Microsoft Office Word
@@ -4816,7 +4984,7 @@
NOT-FOR-US: Mac OSX
CVE-2008-3637 (The Hash-based Message Authentication Code (HMAC) provider in Java on ...)
NOT-FOR-US: Mac OSX
-CVE-2008-3636 (Integer overflow in the Microsoft Windows Kernel IopfCompleteRequest ...)
+CVE-2008-3636 (Integer overflow in the IopfCompleteRequest API in the kernel in ...)
NOT-FOR-US: Apple iTunes
CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an ...)
NOT-FOR-US: Apple Quick Times
More information about the Secure-testing-commits
mailing list