[Secure-testing-commits] r10735 - data/CVE

atomo64-guest at alioth.debian.org atomo64-guest at alioth.debian.org
Sat Dec 20 01:17:51 UTC 2008 

Author: atomo64-guest
Date: 2008-12-20 01:17:50 +0000 (Sat, 20 Dec 2008)
New Revision: 10735

Modified:
   data/CVE/list
Log:
NFUs, php issues CVEified


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-12-19 21:14:10 UTC (rev 10734)
+++ data/CVE/list	2008-12-20 01:17:50 UTC (rev 10735)
@@ -13,7 +13,7 @@
 CVE-2008-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	TODO: check
 CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...)
-	TODO: check
+	NOT-FOR-US: Joomla
 CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password ...)
 	TODO: check
 CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka Txp CMS) ...)
@@ -21,9 +21,9 @@
 CVE-2008-5668 (Multiple cross-site scripting (XSS) vulnerabilities in Textpattern ...)
 	TODO: check
 CVE-2008-5667 (The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x ...)
-	TODO: check
+	NOT-FOR-US: VBA32 Personal Antivirus
 CVE-2008-5666 (WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows ...)
-	TODO: check
+	NOT-FOR-US: WinFTP
 CVE-2008-5665 (SQL injection vulnerability in index.php in the xhresim module in ...)
 	TODO: check
 CVE-2008-5664 (Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound ...)
@@ -34,12 +34,8 @@
 	TODO: check
 CVE-2008-5661 (The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 ...)
 	TODO: check
-CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error function ...)
-	TODO: check
 CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and ...)
 	TODO: check
-CVE-2008-5658 (Directory traversal vulnerability in the ZipArchive::extractTo ...)
-	TODO: check
 CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows ...)
 	TODO: check
 CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin for ...)
@@ -97,17 +93,13 @@
 CVE-2008-5630 (SQL injection vulnerability in merchants/index.php in Post Affiliate ...)
 	TODO: check
 CVE-2008-5629 (SQL injection vulnerability in index.php in Turnkey Arcade Script ...)
-	TODO: check
+	NOT-FOR-US: Turnkey Arcade Script
 CVE-2008-5628 (SQL injection vulnerability in index.php in CMS little 0.0.1 allows ...)
 	TODO: check
 CVE-2008-5627 (SQL injection vulnerability in account.asp in Active Trade 2 allows ...)
 	TODO: check
 CVE-2008-5626 (XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to ...)
 	TODO: check
-CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...)
-	TODO: check
-CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and ...)
-	TODO: check
 CVE-2008-5623
 	RESERVED
 CVE-2008-5620 (RoundCube Webmail (roundcubemail) before 0.2-beta allows remote ...)
@@ -472,7 +464,7 @@
 	- iceape <unfixed>
 	- xulrunner <unfixed>
 CVE-2008-5499 (Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Player for Linux
 CVE-2008-5498 [segfault and potential security issue in php5's bundled libgd's imagerotate]
 	RESERVED
 	- php5 <not-affected> (php5 links to the shared lib)
@@ -772,12 +764,12 @@
 	- phppgadmin <unfixed> (bug #508026)
 	NOTE: register_globals=on is required
 	NOTE: http://www.milw0rm.com/exploits/7363
-CVE-2008-XXXX [php apache/2 SAPI php_getuid() overload]
+CVE-2008-5624 [php apache/2 SAPI php_getuid() overload]
 	- php5 <unfixed> (bug #508021)
 	NOTE: Fixed in php 5.2.7, not yet in the archive
 	NOTE: http://securityreason.com/achievement_securityalert/59
 	TODO: check php4
-CVE-2008-XXXX [Format string vulnerability in vinagre]
+CVE-2008-5660 [Format string vulnerability in vinagre]
 	- vinagre 0.5.1-2
 CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
 	TODO: check
@@ -855,7 +847,7 @@
 	NOT-FOR-US: IBM
 CVE-2007-6719 (SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to ...)
 	NOT-FOR-US: Wiz-Ad
-CVE-2008-XXXX [php5/ext/zip: ZipArchive::extractTo() Directory Traversal Vulnerability]
+CVE-2008-5658 [php5/ext/zip: ZipArchive::extractTo() Directory Traversal Vulnerability]
 	- php5 <unfixed> (bug #507857)
 	- php4 <unfixed>
 CVE-2008-5323 (Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg ...)
@@ -1192,7 +1184,7 @@
 CVE-2008-5187 (The load function in the XPM loader for imlib2 1.4.2, and possibly ...)
 	{DSA-1672-1}
 	- imlib2 1.4.0-1.2 (bug #505714)
-CVE-2008-XXXX [php5 safe mode bypass via php_value error_log in .htaccess]
+CVE-2008-5625 [php5 safe mode bypass via php_value error_log in .htaccess]
 	- php5 <unfixed> (unimportant)
 	NOTE: http://securityreason.com/achievement_securityalert/57
 CVE-2008-5312 (mailscanner 4.55.10 might allow local users to overwrite arbitrary ...)
@@ -3366,13 +3358,13 @@
 CVE-2008-4238
 	RESERVED
 CVE-2008-4237 (Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies ...)
-	TODO: check
+	NOT-FOR-US: Managed Client Mac OS X
 CVE-2008-4236 (Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows ...)
-	TODO: check
+	NOT-FOR-US: Apple Type Services
 CVE-2008-4235
 	RESERVED
 CVE-2008-4234 (Incomplete blacklist vulnerability in the Quarantine feature in ...)
-	TODO: check
+	NOT-FOR-US:  CoreTypes Apple Mac OS X
 CVE-2008-4233 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...)
 	NOT-FOR-US: Apple
 CVE-2008-4232 (Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch ...)
@@ -3394,21 +3386,21 @@
 	{DSA-1666-1}
 	- libxml2 2.6.32.dfsg-5
 CVE-2008-4224 (UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to ...)
-	TODO: check
+	NOT-FOR-US: UDF Mac OS X
 CVE-2008-4223 (Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Podcast Producer Mac OS X
 CVE-2008-4222 (natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet ...)
-	TODO: check
+	NOT-FOR-US: natd Mac OS X
 CVE-2008-4221 (The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows ...)
-	TODO: check
+	NOT-FOR-US: Libsystem Mac OS X
 CVE-2008-4220 (Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS ...)
-	TODO: check
+	NOT-FOR-US: Libsystem Mac OS X
 CVE-2008-4219 (The kernel in Apple Mac OS X before 10.5.6 allows local users to cause ...)
-	TODO: check
+	NOT-FOR-US: kernel Mac OS X
 CVE-2008-4218 (Multiple integer overflows in the kernel in Apple Mac OS X before ...)
-	TODO: check
+	NOT-FOR-US: kernel Mac OS X
 CVE-2008-4217 (Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows ...)
-	TODO: check
+	NOT-FOR-US: BOM Apple Mac OS X
 CVE-2008-4216 (The plug-in interface in WebKit in Apple Safari before 3.2 does not ...)
 	TODO: check
 CVE-2008-4215 (Weblog in Mac OS X Server 10.4.11 does not properly check an error ...)

More information about the Secure-testing-commits mailing list