[Secure-testing-commits] r8165 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Fri Feb 15 14:20:49 UTC 2008 

Author: nion
Date: 2008-02-15 14:20:48 +0000 (Fri, 15 Feb 2008)
New Revision: 8165

Modified:
   data/CVE/list
Log:
NFUs
none of the other packages embedding mplayer code use the referenced code in CVE-2008-048{5,6}
CVE-2008-0194 does not affect wordpress in the archive


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-02-15 13:48:28 UTC (rev 8164)
+++ data/CVE/list	2008-02-15 14:20:48 UTC (rev 8165)
@@ -95,17 +95,17 @@
 CVE-2007-6701 (Multiple stack-based buffer overflows in the Spooler service ...)
 	NOT-FOR-US: Novell Client
 CVE-2006-7231 (SQL injection vulnerability in display.asp in Civica Software Civica ...)
-	TODO: check
+	NOT-FOR-US: Civica Software Civica
 CVE-2003-1544 (Unrestricted critical resource lock in Terminal Services for Windows ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2003-1543 (Cross-site scripting (XSS) vulnerability in Bajie Http Web Server ...)
-	TODO: check
+	NOT-FOR-US: Bajie Http Web Server
 CVE-2003-1542 (Directory traversal vulnerability in plugins/file.php in ...)
-	TODO: check
+	NOT-FOR-US: phpWebFileManager
 CVE-2003-1541 (PlanetMoon Guestbook tr3.a stores sensitive information under the web ...)
-	TODO: check
+	NOT-FOR-US: PlanetMoon Guestbook
 CVE-2003-1540 (WF-Chat 1.0 Beta stores sensitive information under the web root with ...)
-	TODO: check
+	NOT-FOR-US: WF-Chat
 CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows symlinks ...)
 	NOT-FOR-US: Apache Geronimo
 CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not ...)
@@ -650,10 +650,8 @@
 CVE-2008-0486 (Array index vulnerability in libmpdemux/demux_audio.c in MPlayer ...)
 	- mplayer 1.0~rc2-8 (bug #464060)
 	- xine-lib 1.1.10.1-1 (bug #464696)
-	TODO: check embedded code in other packages
 CVE-2008-0485 (Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and ...)
 	- mplayer 1.0~rc2-8 (bug #464060)
-	TODO: check embedded code in other packages
 CVE-2008-0484
 	RESERVED
 CVE-2008-0483
@@ -1351,9 +1349,7 @@
 	NOTE: full path and DB structure already known on Debian
 	NOTE: poked hendry
 CVE-2008-0194 (Directory traversal vulnerability in wp-db-backup.php in WordPress ...)
-	- wordpress <unfixed>
-	TODO: check
-	NOTE: poked hendry
+	- wordpress <not-affected> (Vulnerable code removed since 2.1 release)
 CVE-2008-0193 (Cross-site scripting (XSS) vulnerability in wp-db-backup.php in ...)
 	- wordpress <unfixed>
 	TODO: check; exact affectedness needs to be verified
@@ -2314,7 +2310,7 @@
 CVE-2007-6432
 	RESERVED
 CVE-2007-6431 (Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Media Server
 CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and ...)
 	- asterisk 1:1.4.16.2~dfsg-1 (low; bug #457063)
 	[etch] - asterisk <no-dsa> (Minor issue, eventually fix in a later DSA)
@@ -3027,9 +3023,9 @@
 	{DSA-1479-1}
 	- linux-2.6 2.6.23-2
 CVE-2007-6149 (Multiple integer overflows in the Edge server in Adobe Flash Media ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Media Server
 CVE-2007-6148 (Use-after-free vulnerability in the Edge server in Adobe Flash Media ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Media Server
 CVE-2007-6147 (Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE ...)
 	NOT-FOR-US: IAPR COMMENCE
 CVE-2007-6146 (Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on ...)
@@ -4049,7 +4045,7 @@
 CVE-2007-5758
 	RESERVED
 CVE-2007-5757 (Untrusted search path vulnerability in db2pd in IBM DB2 Universal ...)
-	TODO: check
+	NOT-FOR-US: IBM DB2
 CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in NPF.SYS ...)
 	NOT-FOR-US: WinPcap
 CVE-2007-5755 (Multiple stack-based buffer overflows in the AOL AmpX ActiveX control ...)
@@ -9902,7 +9898,7 @@
 CVE-1999-1592 (Multiple unspecified vulnerabilities in sendmail 5, as installed on ...)
 	- sendmail <not-affected> (Concerns only ancient sendmail V5)
 CVE-2007-3676 (IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before ...)
-	TODO: check
+	NOT-FOR-US: IBM DB2
 CVE-2007-3675 (Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ...)
 	NOT-FOR-US: Kaspersky Online Scanner 
 CVE-2007-3674
@@ -18653,7 +18649,7 @@
 CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-0216 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...)
 	NOT-FOR-US: Microsoft Excel
 CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 ...)
@@ -19064,7 +19060,7 @@
 CVE-2007-0066 (The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2007-0065 (Heap-based buffer overflow in Object Linking and Embedding (OLE) ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, ...)
 	NOT-FOR-US: Windows
 CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation before ...)

More information about the Secure-testing-commits mailing list