[Secure-testing-commits] r8071 - data/CVE

stef-guest at alioth.debian.org stef-guest at alioth.debian.org
Sat Feb 2 12:19:52 UTC 2008 

Author: stef-guest
Date: 2008-02-02 12:19:51 +0000 (Sat, 02 Feb 2008)
New Revision: 8071

Modified:
   data/CVE/list
Log:
- new linux-2.6 issue
- new icu issues
- NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-02-02 10:37:32 UTC (rev 8070)
+++ data/CVE/list	2008-02-02 12:19:51 UTC (rev 8071)
@@ -198,7 +198,7 @@
 CVE-2008-0411
 	RESERVED
 CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2008-XXXX [openssh local users may hijack forwarded X connections]
 	- openssh <unfixed> (bug #463011)
 CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
@@ -209,17 +209,17 @@
 CVE-2007-6697 [buffer overflow in libsdl-image in GIF handling]
 	- sdl-image1.2 1.2.6-2 (medium)
 CVE-2008-0410 (HTTP File Server (HFS) before 2.2c allows remote attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: HTTP File Server
 CVE-2008-0409 (Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) ...)
-	TODO: check
+	NOT-FOR-US: HTTP File Server
 CVE-2008-0408 (HTTP File Server (HFS) before 2.2c allows remote attackers to append ...)
-	TODO: check
+	NOT-FOR-US: HTTP File Server
 CVE-2008-0407 (HTTP File Server (HFS) before 2.2c tags HTTP request log entries with ...)
-	TODO: check
+	NOT-FOR-US: HTTP File Server
 CVE-2008-0406 (HTTP File Server (HFS) before 2.2c, when account names are used as log ...)
-	TODO: check
+	NOT-FOR-US: HTTP File Server
 CVE-2008-0405 (Multiple directory traversal vulnerabilities in HTTP File Server (HFS) ...)
-	TODO: check
+	NOT-FOR-US: HTTP File Server
 CVE-2008-0404 (Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows ...)
 	- mantis <not-affected> (Vulnerable code not present)
 	NOTE: code was introduced in the 1.1.x series, which are not shipped by us yet
@@ -744,11 +744,11 @@
 CVE-2008-0177
 	RESERVED
 CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI ...)
-	TODO: check
+	NOT-FOR-US: GE Fanuc CIMPLICITY
 CVE-2008-0175 (Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time ...)
-	TODO: check
+	NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal
 CVE-2008-0174 (GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses ...)
-	TODO: check
+	NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal
 CVE-2008-0172 (The get_repeat_type function in basic_regex_creator.hpp in the Boost ...)
 	- boost <unfixed> (low; bug #461236)
 CVE-2008-0171 (regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library ...)
@@ -1638,9 +1638,9 @@
 CVE-2008-0030
 	RESERVED
 CVE-2008-0029 (Cisco Application Velocity System (AVS) before 5.1.0 is installed with ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2008-0028 (Unspecified vulnerability in Cisco PIX 500 Series Security Appliance ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2008-0027 (Heap-based buffer overflow in the Certificate Trust List (CTL) ...)
 	NOT-FOR-US: Cisco
 CVE-2008-0026
@@ -1674,7 +1674,7 @@
 CVE-2007-6426
 	RESERVED
 CVE-2007-6425 (Unspecified vulnerability in HP-UX B.11.31, when running ARPA ...)
-	TODO: check
+	NOT-FOR-US: HP-UX
 CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in ...)
 	NOT-FOR-US: Fonality Trixbox
 CVE-2007-6423 (** DISPUTED ** ...)
@@ -3371,7 +3371,7 @@
 CVE-2007-5765
 	RESERVED
 CVE-2007-5764 (Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX
 CVE-2007-5763
 	RESERVED
 CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, ...)
@@ -6624,9 +6624,9 @@
 	- postgresql-8.1 8.1.11-1
 	[sarge] - postgresql <unfixed>
 CVE-2007-4771 (Heap-based buffer overflow in the doInterval function in regexcmp.cpp ...)
-	TODO: check
+	- icu <unfixed> (bug filed)
 CVE-2007-4770 (libicu in International Components for Unicode (ICU) 3.8.1 and earlier ...)
-	TODO: check
+	- icu <unfixed> (bug filed)
 CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in ...)
 	{DSA-1463-1 DSA-1460-1}
 	- postgresql-8.2 8.2.6-1

More information about the Secure-testing-commits mailing list