[Secure-testing-commits] r8164 - data/CVE

[nion at alioth.debian.org]

Author: nion
Date: 2008-02-15 13:48:28 +0000 (Fri, 15 Feb 2008)
New Revision: 8164

Modified:
   data/CVE/list
Log:
NFUs
new openldap2.3 issue (CVE-2008-0658)
CVE-2008-0002 does not affect tomcat5.5


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-02-15 12:12:02 UTC (rev 8163)
+++ data/CVE/list	2008-02-15 13:48:28 UTC (rev 8164)
@@ -65,35 +65,35 @@
 CVE-2008-0747 (Stack-based buffer overflow in COWON America jetAudio 7.0.5 and ...)
 	NOT-FOR-US: COWON America jetAudio
 CVE-2008-0746 (SQL injection vulnerability in index.php in the Gallery (com_gallery) ...)
-	TODO: check
+	NOT-FOR-US: Gallery component for Mambo and Joomla!
 CVE-2008-0745 (Directory traversal vulnerability in aides/index.php in DomPHP 0.82 ...)
-	TODO: check
+	NOT-FOR-US: DomPHP
 CVE-2008-0744 (SQL injection vulnerability in user_login.asp in PreProjects.com Pre ...)
-	TODO: check
+	NOT-FOR-US: Pre Hotels & Resorts Management System
 CVE-2008-0743 (PHP remote file inclusion vulnerability in members_help.php in Joovili ...)
-	TODO: check
+	NOT-FOR-US: Joovili
 CVE-2008-0742 (Multiple directory traversal vulnerabilities in PowerScripts PowerNews ...)
-	TODO: check
+	NOT-FOR-US: PowerNews
 CVE-2008-0741 (Unspecified vulnerability in the PropFilePasswordEncoder utility in ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2008-0740 (IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2008-0739 (SQL injection vulnerability in admin/SA_shipFedExMeter.asp in ...)
-	TODO: check
+	NOT-FOR-US: CandyPress
 CVE-2008-0738 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, ...)
-	TODO: check
+	NOT-FOR-US: CandyPress
 CVE-2008-0737 (SQL injection vulnerability in admin/utilities_ConfigHelp.asp in ...)
-	TODO: check
+	NOT-FOR-US: CandyPress
 CVE-2008-0736 (admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly ...)
-	TODO: check
+	NOT-FOR-US: CandyPress
 CVE-2008-0735 (SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in ...)
-	TODO: check
+	NOT-FOR-US: AuraCMS
 CVE-2008-0734 (SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, ...)
-	TODO: check
+	NOT-FOR-US: Limbo CMS
 CVE-2008-0733 (SQL injection vulnerability in index.php in CS Team Counter Strike ...)
-	TODO: check
+	NOT-FOR-US: CS Team Counter Strike Portals
 CVE-2007-6701 (Multiple stack-based buffer overflows in the Spooler service ...)
-	TODO: check
+	NOT-FOR-US: Novell Client
 CVE-2006-7231 (SQL injection vulnerability in display.asp in Civica Software Civica ...)
 	TODO: check
 CVE-2003-1544 (Unrestricted critical resource lock in Terminal Services for Windows ...)
@@ -249,7 +249,10 @@
 CVE-2008-0659 (Stack-based buffer overflow in Aurigma Image Uploader ActiveX control ...)
 	NOT-FOR-US: Aurigma Image Uploader
 CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP ...)
-	TODO: check
+	- openldap2.3 <unfixed> (low; bug #465875)
+	- openldap2.2 <removed>
+	- openldap2 <not-affected> (slapd not built from this version)
+	NOTE: only authenticated users can exploit this
 CVE-2008-0657 (Multiple unspecified vulnerabilities in the Java Runtime Environment ...)
 	- sun-java6 6-02-1
 	- sun-java5 1.5.0-14-1
@@ -292,7 +295,7 @@
 CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 ...)
 	NOT-FOR-US: Symantec Ghost Solution Suite
 CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the ...)
-	TODO: check
+	NOT-FOR-US: Novell Client
 CVE-2008-0638
 	RESERVED
 CVE-2008-0637
@@ -2883,7 +2886,7 @@
 CVE-2008-0003 (Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback ...)
 	NOT-FOR-US: OpenPegasus CIM management server
 CVE-2008-0002 (Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context ...)
-	TODO: check
+	- tomcat5.5 <not-affected> (referring to upstream)
 CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before ...)
 	{DSA-1479-1}
 	- linux-2.6 <unfixed>