[Secure-testing-commits] r8147 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Feb 13 09:14:28 UTC 2008
Author: joeyh
Date: 2008-02-13 09:14:27 +0000 (Wed, 13 Feb 2008)
New Revision: 8147
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-02-12 23:05:04 UTC (rev 8146)
+++ data/CVE/list 2008-02-13 09:14:27 UTC (rev 8147)
@@ -1,3 +1,135 @@
+CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows symlinks ...)
+ TODO: check
+CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not ...)
+ TODO: check
+CVE-2008-0730 (The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and ...)
+ TODO: check
+CVE-2008-0729 (Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers ...)
+ TODO: check
+CVE-2008-0728 (libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown ...)
+ TODO: check
+CVE-2008-0727
+ RESERVED
+CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows ...)
+ TODO: check
+CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and (2) ...)
+ TODO: check
+CVE-2008-0724 (The Everything Development Engine in The Everything Development System ...)
+ TODO: check
+CVE-2008-0723 (Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews ...)
+ TODO: check
+CVE-2008-0722 (Cross-site scripting (XSS) vulnerability in index.php in Pagetool ...)
+ TODO: check
+CVE-2008-0721 (SQL injection vulnerability in index.php in the Sermon (com_sermon) ...)
+ TODO: check
+CVE-2008-0720 (Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and ...)
+ TODO: check
+CVE-2008-0719 (SQL injection vulnerability in customer_testimonials.php in the ...)
+ TODO: check
+CVE-2008-0718 (Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in ...)
+ TODO: check
+CVE-2008-0717 (Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 ...)
+ TODO: check
+CVE-2008-0716 (The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 ...)
+ TODO: check
+CVE-2008-0715 (Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows ...)
+ TODO: check
+CVE-2008-0714 (SQL injection vulnerability in users.php in Mihalism Multi Host allows ...)
+ TODO: check
+CVE-2008-0713
+ RESERVED
+CVE-2008-0712
+ RESERVED
+CVE-2008-0711
+ RESERVED
+CVE-2008-0710
+ RESERVED
+CVE-2008-0709
+ RESERVED
+CVE-2008-0708
+ RESERVED
+CVE-2008-0707
+ RESERVED
+CVE-2008-0706
+ RESERVED
+CVE-2008-0705
+ RESERVED
+CVE-2008-0704
+ RESERVED
+CVE-2008-0703 (Multiple directory traversal vulnerabilities in sflog! 0.96 allow ...)
+ TODO: check
+CVE-2008-0702 (Multiple heap-based buffer overflows in Titan FTP Server 6.03 and ...)
+ TODO: check
+CVE-2008-0701 (ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check ...)
+ TODO: check
+CVE-2008-0700 (Cross-site scripting (XSS) vulnerability in search.php in Crux ...)
+ TODO: check
+CVE-2008-0699 (Unspecified vulnerability in SYSPROC.ADMIN_SP_C in IBM DB2 UDB before ...)
+ TODO: check
+CVE-2008-0698 (Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 ...)
+ TODO: check
+CVE-2008-0697 (Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 ...)
+ TODO: check
+CVE-2008-0696 (IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization ...)
+ TODO: check
+CVE-2008-0695 (SQL injection vulnerability in index.php in BookmarkX script 2007 ...)
+ TODO: check
+CVE-2008-0694 (Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM ...)
+ TODO: check
+CVE-2008-0693 (Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 ...)
+ TODO: check
+CVE-2008-0692 (SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and ...)
+ TODO: check
+CVE-2008-0691 (Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php ...)
+ TODO: check
+CVE-2008-0690 (SQL injection vulnerability in index.php in the mosDirectory ...)
+ TODO: check
+CVE-2008-0689 (SQL injection vulnerability in index.php in the Marketplace ...)
+ TODO: check
+CVE-2008-0688 (Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript ...)
+ TODO: check
+CVE-2008-0687 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-0686 (SQL injection vulnerability in index.php in the NeoReferences ...)
+ TODO: check
+CVE-2008-0685 (SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 ...)
+ TODO: check
+CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in ...)
+ TODO: check
+CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ...)
+ TODO: check
+CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin ...)
+ TODO: check
+CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 allows ...)
+ TODO: check
+CVE-2008-0680 (SNMPd in MicroTik RouterOS 3.2 and earlier allows remote attackers to ...)
+ TODO: check
+CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 ...)
+ TODO: check
+CVE-2008-0678 (SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote ...)
+ TODO: check
+CVE-2008-0677 (SQL injection vulnerability in blog.php in A-Blog 2 allows remote ...)
+ TODO: check
+CVE-2008-0676 (Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 ...)
+ TODO: check
+CVE-2008-0675 (SQL injection vulnerability in cms/index.pl in The Everything ...)
+ TODO: check
+CVE-2008-0674
+ RESERVED
+CVE-2008-0673 (TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an ...)
+ TODO: check
+CVE-2008-0672 (The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 ...)
+ TODO: check
+CVE-2008-0671 (Stack-based buffer overflow in the add_line_buffer function in ...)
+ TODO: check
+CVE-2008-0670 (SQL injection vulnerability in index.php in the Noticias ...)
+ TODO: check
+CVE-2008-0669 (Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity ...)
+ TODO: check
+CVE-2008-0668 (The excel_read_HLINK function in plugins/excel/ms-excel-read.c in ...)
+ TODO: check
+CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by Adobe ...)
+ TODO: check
CVE-2008-0663 (Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with ...)
NOT-FOR-US: Novell Challenge Response Client
CVE-2008-0662 (The Auto Local Logon feature in Check Point VPN-1 ...)
@@ -16,7 +148,7 @@
[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-0656 (Unrestricted file upload vulnerability in dmclTrace.jsp in EMC ...)
NOT-FOR-US: Documentum Administrator and Webtop
-CVE-2008-0655 (Multiple unspecified vulnerabilities in Adobe Reader before 8.1.2 have ...)
+CVE-2008-0655 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat ...)
NOT-FOR-US: Adobe Reader
CVE-2008-0654 (Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow ...)
NOT-FOR-US: Azucar CMS
@@ -57,8 +189,8 @@
RESERVED
CVE-2008-0637
RESERVED
-CVE-2008-0636
- RESERVED
+CVE-2008-0636 (Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x ...)
+ TODO: check
CVE-2008-0635 (Unspecified vulnerability in the delivery engine in Openads 2.4.0 ...)
NOT-FOR-US: Openads
CVE-2008-0634 (Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in ...)
@@ -131,8 +263,7 @@
NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-0601 (SQL injection vulnerability in index.php in All Club CMS (ACCMS) ...)
NOT-FOR-US: All Club CMS (ACCMS)
-CVE-2008-0600 [linux vmsplice privilege escalation vulnerability]
- RESERVED
+CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 ...)
{DSA-1494-1 DTSA-113-1}
- linux-2.6 2.6.24-4 (high)
CVE-2008-0599
@@ -286,7 +417,7 @@
RESERVED
CVE-2008-0526
RESERVED
-CVE-2008-0525 (PatchLink Update client for Unix allows local users to (1) truncate ...)
+CVE-2008-0525 (PatchLink Update client for Unix, as used by Novell ZENworks Patch ...)
NOT-FOR-US: PatchLink Update client for Unix
CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the management ...)
NOT-FOR-US: Yamaha router firmware
@@ -367,13 +498,11 @@
NOTE: control over the mailinglist, so not a very important issue.
NOTE: This enhances the fix for CVE-2006-3636.
NOTE: http://mail.python.org/pipermail/mailman-announce/2008-February/000095.html
-CVE-2008-0665 [insecure tmp file usage in ipp backend in webwml]
- RESERVED
+CVE-2008-0665 (wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 ...)
{DSA-1492-1}
- wml 2.0.11-3.1 (low; bug #463907)
[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
-CVE-2008-0666 [insecure tmp file usage wmg.cgi and eperl backend in webwml]
- RESERVED
+CVE-2008-0666 (Website META Language (WML) 2.0.11 allows local users to overwrite ...)
{DSA-1492-1}
- wml 2.0.11-3.1 (low; bug #463907)
[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
@@ -558,8 +687,8 @@
NOT-FOR-US: bMachine
CVE-2008-0421 (SQL injection vulnerability in Invision Gallery 2.0.7 and earlier ...)
NOT-FOR-US: Invision Gallery
-CVE-2008-0420
- RESERVED
+CVE-2008-0420 (Unspecified vulnerability in Mozilla Firefox, as used in Ubuntu 6.06 ...)
+ TODO: check
CVE-2008-0419 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
@@ -576,9 +705,9 @@
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
- xulrunner 1.8.1.12-1
-CVE-2008-0416
- RESERVED
+CVE-2008-0416 (Multiple unspecified vulnerabilities in Mozilla Firefox, as used in ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
+ TODO: check
CVE-2008-0415 (Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and ...)
{DSA-1489-1 DSA-1485-1 DSA-1484-1}
- iceweasel 2.0.0.12-1
@@ -810,8 +939,8 @@
RESERVED
CVE-2008-0319
RESERVED
-CVE-2008-0318
- RESERVED
+CVE-2008-0318 (Integer overflow in libclamav in ClamAV before 0.92.1, as used in ...)
+ TODO: check
CVE-2008-0317
RESERVED
CVE-2008-0316
@@ -1064,11 +1193,11 @@
- kfreebsd-5 <not-affected>
- kfreebsd-6 <unfixed>
- kfreebsd-7 <unfixed>
-CVE-2008-0215
- RESERVED
+CVE-2008-0215 (Multiple unspecified vulnerabilities in HP Storage Essentials Storage ...)
+ TODO: check
CVE-2008-0214 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...)
TODO: check
-CVE-2008-0213 (Unspecified vulnerability in an ActiveX control for HP Virtual Rooms ...)
+CVE-2008-0213 (Unspecified vulnerability in a certain ActiveX control for HP Virtual ...)
TODO: check
CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) ...)
NOT-FOR-US: HP OpenView Network Node Manager
@@ -1176,8 +1305,7 @@
RESERVED
CVE-2008-0164
RESERVED
-CVE-2008-0163 [linux vserver kernel allows to access other vservers via symlinks]
- RESERVED
+CVE-2008-0163 (Linux kernel 2.6, when using vservers, allows local users to access ...)
{DSA-1494-1}
- linux-2.6 <unfixed> (high)
CVE-2008-0162
@@ -1325,22 +1453,22 @@
RESERVED
CVE-2008-0110
RESERVED
-CVE-2008-0109
- RESERVED
-CVE-2008-0108
- RESERVED
+CVE-2008-0109 (Unspecified vulnerability in Word in Microsoft Office 2000 SP3, XP ...)
+ TODO: check
+CVE-2008-0108 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, ...)
+ TODO: check
CVE-2008-0107
RESERVED
CVE-2008-0106
RESERVED
-CVE-2008-0105
- RESERVED
-CVE-2008-0104
- RESERVED
-CVE-2008-0103
- RESERVED
-CVE-2008-0102
- RESERVED
+CVE-2008-0105 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, ...)
+ TODO: check
+CVE-2008-0104 (Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, ...)
+ TODO: check
+CVE-2008-0103 (Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, ...)
+ TODO: check
+CVE-2008-0102 (Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, ...)
+ TODO: check
CVE-2008-0101 (Format string vulnerability in the swDebugf function in DuneApp.cpp in ...)
- whitedune 0.28.13-1 (medium)
CVE-2008-0100 (Stack-based buffer overflow in the Scene::errorf function in Scene.cpp ...)
@@ -1389,36 +1517,36 @@
NOT-FOR-US: DivX Player
CVE-2008-0089 (SQL injection vulnerability in uprofile.php in ClipShare allows remote ...)
NOT-FOR-US: ClipShare
-CVE-2008-0088
- RESERVED
+CVE-2008-0088 (Unspecified vulnerability in Active Directory on Microsoft Windows ...)
+ TODO: check
CVE-2008-0087
RESERVED
CVE-2008-0086
RESERVED
CVE-2008-0085
RESERVED
-CVE-2008-0084
- RESERVED
+CVE-2008-0084 (Unspecified vulnerability in the TCP/IP support in Microsoft Windows ...)
+ TODO: check
CVE-2008-0083
RESERVED
CVE-2008-0082
RESERVED
CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2004 and earlier, and ...)
NOT-FOR-US: Microsoft
-CVE-2008-0080
- RESERVED
+CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft ...)
+ TODO: check
CVE-2008-0079
RESERVED
-CVE-2008-0078
- RESERVED
-CVE-2008-0077
- RESERVED
-CVE-2008-0076
- RESERVED
-CVE-2008-0075
- RESERVED
-CVE-2008-0074
- RESERVED
+CVE-2008-0078 (Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in ...)
+ TODO: check
+CVE-2008-0077 (Unspecified vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, ...)
+ TODO: check
+CVE-2008-0076 (Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 ...)
+ TODO: check
+CVE-2008-0075 (Unspecified vulnerability in Microsoft Internet Information Services ...)
+ TODO: check
+CVE-2008-0074 (Unspecified vulnerability in Microsoft Internet Information Services ...)
+ TODO: check
CVE-2008-0073
RESERVED
CVE-2008-0072
@@ -1479,18 +1607,18 @@
RESERVED
CVE-2008-0043 (Format string vulnerability in Apple iPhoto before 7.1.2 allows remote ...)
TODO: check
-CVE-2008-0042
- RESERVED
-CVE-2008-0041
- RESERVED
-CVE-2008-0040
- RESERVED
-CVE-2008-0039
- RESERVED
-CVE-2008-0038
- RESERVED
-CVE-2008-0037
- RESERVED
+CVE-2008-0042 (Argument injection vulnerability in Terminal.app in Terminal in Apple ...)
+ TODO: check
+CVE-2008-0041 (Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts ...)
+ TODO: check
+CVE-2008-0040 (Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 ...)
+ TODO: check
+CVE-2008-0039 (Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows ...)
+ TODO: check
+CVE-2008-0038 (Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an ...)
+ TODO: check
+CVE-2008-0037 (X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle ...)
+ TODO: check
CVE-2008-0036 (Buffer overflow in Apple QuickTime before 7.4 allows remote attackers ...)
NOT-FOR-US: Apple QuickTime
CVE-2008-0035 (Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 ...)
@@ -2426,8 +2554,8 @@
NOT-FOR-US: TCExam
CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in Lxlabs ...)
NOT-FOR-US: HyperVM
-CVE-2007-6286
- RESERVED
+CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the ...)
+ TODO: check
CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux ...)
NOTE: maintainer will patch autofs5 in upload to unstable
TODO: check when autofs5 hits unstable
@@ -2613,12 +2741,10 @@
NOT-FOR-US: WebED
CVE-2007-6212 (Directory traversal vulnerability in region.php in KML share 1.1 ...)
NOT-FOR-US: KML share
-CVE-2008-0010 [linux vmsplice local priv escalation]
- RESERVED
+CVE-2008-0010 (The copy_from_user_mmap_sem function in fs/splice.c in the Linux ...)
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (vulnerable code not present)
-CVE-2008-0009 [kernel: insecure dereference of memory refs from user space, local priv escalation]
- RESERVED
+CVE-2008-0009 (The vmsplice_to_user function in fs/splice.c in the Linux kernel ...)
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-0008 (The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 ...)
@@ -2642,8 +2768,8 @@
RESERVED
CVE-2008-0003 (Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback ...)
NOT-FOR-US: OpenPegasus CIM management server
-CVE-2008-0002
- RESERVED
+CVE-2008-0002 (Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context ...)
+ TODO: check
CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before ...)
{DSA-1479-1}
- linux-2.6 <unfixed>
@@ -4331,22 +4457,22 @@
RESERVED
CVE-2007-5667 (NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, ...)
NOT-FOR-US: Novell Client
-CVE-2007-5666
- RESERVED
+CVE-2007-5666 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 ...)
+ TODO: check
CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management ...)
NOT-FOR-US: Novell ZENworks Endpoint Security Management
CVE-2007-5664
RESERVED
-CVE-2007-5663
- RESERVED
+CVE-2007-5663 (Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to ...)
+ TODO: check
CVE-2007-5662
RESERVED
CVE-2007-5661
RESERVED
CVE-2007-5660 (Unspecified vulnerability in the Update Service ActiveX control in ...)
NOT-FOR-US: MacroVision FLEXnet Connect and InstallShield 2008
-CVE-2007-5659
- RESERVED
+CVE-2007-5659 (Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and ...)
+ TODO: check
CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and ...)
NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5657 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...)
@@ -5590,8 +5716,8 @@
- xulrunner 1.8.1.9-1
- iceape 1.1.5
NOTE: MFSA2007-33
-CVE-2007-5333
- RESERVED
+CVE-2007-5333 (Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 ...)
+ TODO: check
CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd ...)
NOT-FOR-US: ARCServe BackUp
CVE-2007-5331 (Queue.dll for the message queuing service (LQserver.exe) in CA ...)
@@ -6999,7 +7125,7 @@
NOT-FOR-US: ibstat IBM AIX
CVE-2007-4791 (Buffer overflow in the swcons command in bos.rte.console in IBM AIX ...)
NOT-FOR-US: swcons IBM AIX
-CVE-2007-4790 (Stack-based buffer overflow in a certain ActiveX control in FPOLE.OCX ...)
+CVE-2007-4790 (Stack-based buffer overflow in certain ActiveX controls in (1) ...)
NOT-FOR-US: Microsoft Visual FoxPro
CVE-2007-4789 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco ...)
NOT-FOR-US: Cisco CSM
@@ -9486,7 +9612,7 @@
CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...)
- gimp 2.2.17-1 (unimportant)
NOTE: Only DoS by memleaks or double-frees, not treated as security problems
-CVE-2007-3740 (The CIFS filesystem, when Unix extension support is enabled, does not ...)
+CVE-2007-3740 (The CIFS filesystem in the Linux kernel before 2.6.22, when Unix ...)
{DSA-1378-2 DSA-1378-1}
- linux-2.6 <unfixed>
CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not ...)
@@ -18408,8 +18534,8 @@
NOT-FOR-US: Microsoft
CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 ...)
NOT-FOR-US: Microsoft
-CVE-2007-0216
- RESERVED
+CVE-2007-0216 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, ...)
+ TODO: check
CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...)
NOT-FOR-US: Microsoft Excel
CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 ...)
@@ -18819,8 +18945,8 @@
NOT-FOR-US: Lotus Domino Server
CVE-2007-0066 (The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, ...)
NOT-FOR-US: Microsoft Windows
-CVE-2007-0065
- RESERVED
+CVE-2007-0065 (Heap-based buffer overflow in Object Linking and Embedding (OLE) ...)
+ TODO: check
CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, ...)
NOT-FOR-US: Windows
CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation before ...)
More information about the Secure-testing-commits
mailing list