[Secure-testing-commits] r8068 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Fri Feb 1 18:19:36 UTC 2008 

Author: nion
Date: 2008-02-01 18:19:35 +0000 (Fri, 01 Feb 2008)
New Revision: 8068

Modified:
   data/CVE/list
Log:
new issue: firebird2.0 (CVE-2008-0467)
new issues: elog (CVE-2008-0445, CVE-2008-0444)
CVE-2008-0460 fixed in mediawiki 1:1.11.1-1
NFUs
update on sdl-image, maybe dup, its currently discussed on vendor-sec


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-02-01 17:19:22 UTC (rev 8067)
+++ data/CVE/list	2008-02-01 18:19:35 UTC (rev 8068)
@@ -69,7 +69,8 @@
 CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and earlier ...)
 	NOT-FOR-US: Flinx
 CVE-2008-0467 (Buffer overflow in Firebird before 2.1.0 RC1 might allow remote ...)
-	TODO: check
+	- firebird2 <removed>
+	- firebird2.0 <unfixed> (medium; bug #463596)
 CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor ...)
 	NOT-FOR-US: Web Wiz Rich Text Editor
 CVE-2008-0465 (Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 ...)
@@ -77,17 +78,17 @@
 CVE-2008-0464 (Directory traversal vulnerability in archiv.cgi in absofort aconon ...)
 	NOT-FOR-US: aconon Mail Enterprise SQL
 CVE-2008-0463 (Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before ...)
-	TODO: check
+	NOT-FOR-US: Workflow module for Drupal
 CVE-2008-0462 (Cross-site scripting (XSS) vulnerability in the Archive 5.x before ...)
-	TODO: check
+	NOT-FOR-US: Archive module for Drupal
 CVE-2008-0461 (SQL injection vulnerability in index.php in the Search module in ...)
-	TODO: check
+	NOT-FOR-US: PHP-Nuke
 CVE-2008-0460 (Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki ...)
-	TODO: check
+	- mediawiki 1:1.11.1-1 (low)
 CVE-2008-0459 (Directory traversal vulnerability in update/index.php in Liquid-Silver ...)
-	TODO: check
+	NOT-FOR-US: Liquit-Silver CMS
 CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in SLAED CMS ...)
-	TODO: check
+	NOT-FOR-US: SLAED CMS
 CVE-2008-0457
 	RESERVED
 CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the ...)
@@ -95,73 +96,73 @@
 CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...)
 	TODO: check
 CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web ...)
-	TODO: check
+	NOT-FOR-US: Skype
 CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork Recipe ...)
-	TODO: check
+	NOT-FOR-US: Easysitenetwork Recipe
 CVE-2008-0452 (Directory traversal vulnerability in articles.php in Siteman 1.1.9 ...)
-	TODO: check
+	NOT-FOR-US: Siteman
 CVE-2008-0451 (Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote ...)
-	TODO: check
+	NOT-FOR-US: PacerCMS
 CVE-2008-0450 (Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c ...)
-	TODO: check
+	NOT-FOR-US: BLOG:CMS
 CVE-2008-0449 (SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping ...)
-	TODO: check
+	NOT-FOR-US: VP-ASP Shopping Cart
 CVE-2008-0448 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: phpSearch
 CVE-2008-0447 (SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 ...)
-	TODO: check
+	NOT-FOR-US: Foojan WMS PHP Weblog
 CVE-2008-0446 (SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows ...)
-	TODO: check
+	NOT-FOR-US: Foojan WMS PHP Weblog
 CVE-2008-0445 (The replace_inline_img function in elogd in Electronic Logbook (ELOG) ...)
-	TODO: check
+	- elog <unfixed> (low; bug #463600)
 CVE-2008-0444 (Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) ...)
-	TODO: check
+	- elog <unfixed> (low; bug #463600)
 CVE-2008-0443 (Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX ...)
-	TODO: check
+	NOT-FOR-US: Lycos FileUploader Module
 CVE-2008-0442 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small ...)
-	TODO: check
+	NOT-FOR-US: Small Axe Weblog
 CVE-2008-0441 (IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Business Service Manager
 CVE-2008-0440 (AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
 CVE-2008-0439 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: DeluxeBB
 CVE-2008-0438 (Cross-site scripting (XSS) vulnerability in the font rendering ...)
-	TODO: check
+	NOT-FOR-US: Novemberborn sIFR
 CVE-2008-0437 (Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ...)
-	TODO: check
+	NOT-FOR-US: HP Virtual Rooms
 CVE-2008-0436 (Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp ...)
-	TODO: check
+	NOT-FOR-US: PD9 Software MegaBBS
 CVE-2008-0435 (Directory traversal vulnerability in index.php in OZJournals 2.1.1 ...)
-	TODO: check
+	NOT-FOR-US: OZJournals
 CVE-2008-0434 (Format string vulnerability in the AXIMilter module in AXIGEN Mail ...)
-	TODO: check
+	NOT-FOR-US: AXIGEN Mail Server
 CVE-2008-0433 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Agares Media phpAutoVideo
 CVE-2008-0432 (Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo ...)
-	TODO: check
+	NOT-FOR-US: Agares Media phpAutoVideo
 CVE-2008-0431 (Directory traversal vulnerability in administrator/download.php in ...)
-	TODO: check
+	NOT-FOR-US: IDMOS
 CVE-2008-0430 (SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows ...)
-	TODO: check
+	NOT-FOR-US: 360 Web Manager
 CVE-2008-0429 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
 CVE-2008-0428 (Multiple SQL injection vulnerabilities in the login function in ...)
-	TODO: check
+	NOT-FOR-US: bloofoxCMS
 CVE-2008-0427 (Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows ...)
-	TODO: check
+	NOT-FOR-US: bloofoxCMS
 CVE-2008-0426 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in ...)
-	TODO: check
+	NOT-FOR-US: PacerCMS
 CVE-2008-0425 (Absolute path traversal vulnerability in explorerdir.php in Frimousse ...)
-	TODO: check
+	NOT-FOR-US: Frimousse
 CVE-2008-0424 (SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) ...)
-	TODO: check
+	NOT-FOR-US: Mooseguy Blog System
 CVE-2008-0423 (Multiple PHP remote file inclusion vulnerabilities in Lama Software ...)
-	TODO: check
+	NOT-FOR-US: Lama Software
 CVE-2008-0422 (SQL injection vulnerability in mail.php in boastMachine (aka bMachine) ...)
-	TODO: check
+	NOT-FOR-US: bMachine
 CVE-2008-0421 (SQL injection vulnerability in Invision Gallery 2.0.7 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Invision Gallery
 CVE-2008-0420
 	RESERVED
 CVE-2008-0419
@@ -190,7 +191,7 @@
 	- exempi 1.99.7-1 (bug #454297)
 CVE-2008-XXXX [buffer overflow in libsdl-image]
 	- sdl-image1.2 1.2.6-2 (medium)
-	NOTE: CVE id requested
+	NOTE: CVE id requested, maybe a dup of CVE-2006-4484
 	NOTE: see http://www.securityfocus.com/archive/1/486853/30/30/threaded
 CVE-2008-0410 (HTTP File Server (HFS) before 2.2c allows remote attackers to obtain ...)
 	TODO: check

More information about the Secure-testing-commits mailing list