[Secure-testing-commits] r8219 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Tue Feb 26 09:14:13 UTC 2008
Author: joeyh
Date: 2008-02-26 09:14:12 +0000 (Tue, 26 Feb 2008)
New Revision: 8219
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-02-26 07:52:05 UTC (rev 8218)
+++ data/CVE/list 2008-02-26 09:14:12 UTC (rev 8219)
@@ -1,3 +1,353 @@
+CVE-2008-6426
+ REJECTED
+ TODO: check
+CVE-2008-0982 (Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to ...)
+ TODO: check
+CVE-2008-0981 (Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - ...)
+ TODO: check
+CVE-2008-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python ...)
+ TODO: check
+CVE-2008-0979 (Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, ...)
+ TODO: check
+CVE-2008-0978 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
+ TODO: check
+CVE-2008-0977 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
+ TODO: check
+CVE-2008-0976 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
+ TODO: check
+CVE-2008-0975 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
+ TODO: check
+CVE-2008-0974 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
+ TODO: check
+CVE-2008-0973 (Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) ...)
+ TODO: check
+CVE-2008-0972
+ RESERVED
+CVE-2008-0971
+ RESERVED
+CVE-2008-0970
+ RESERVED
+CVE-2008-0969
+ RESERVED
+CVE-2008-0968
+ RESERVED
+CVE-2008-0967
+ RESERVED
+CVE-2008-0966
+ RESERVED
+CVE-2008-0965
+ RESERVED
+CVE-2008-0964
+ RESERVED
+CVE-2008-0963
+ RESERVED
+CVE-2008-0962
+ RESERVED
+CVE-2008-0961
+ RESERVED
+CVE-2008-0960
+ RESERVED
+CVE-2008-0959
+ RESERVED
+CVE-2008-0958
+ RESERVED
+CVE-2008-0957
+ RESERVED
+CVE-2008-0956
+ RESERVED
+CVE-2008-0955
+ RESERVED
+CVE-2008-0954
+ RESERVED
+CVE-2008-0953
+ RESERVED
+CVE-2008-0952
+ RESERVED
+CVE-2008-0951
+ RESERVED
+CVE-2008-0950
+ RESERVED
+CVE-2008-0949
+ RESERVED
+CVE-2008-0948
+ RESERVED
+CVE-2008-0947
+ RESERVED
+CVE-2008-0946 (Directory traversal vulnerability in the IM Server (aka IMserve or ...)
+ TODO: check
+CVE-2008-0945 (Format string vulnerability in the logging function in the IM Server ...)
+ TODO: check
+CVE-2008-0944 (Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote ...)
+ TODO: check
+CVE-2008-0943 (Multiple SQL injection vulnerabilities in Eagle Software Aeries ...)
+ TODO: check
+CVE-2008-0942 (SQL injection vulnerability in GradebookStuScores.asp in Eagle ...)
+ TODO: check
+CVE-2008-0941 (Cross-site scripting (XSS) vulnerability in Eagle Software Aeries ...)
+ TODO: check
+CVE-2008-0940 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...)
+ TODO: check
+CVE-2008-0939 (Multiple SQL injection vulnerabilities in wppa.php in the WP Photo ...)
+ TODO: check
+CVE-2008-0938 (Unspecified vulnerability in the dynamic tracing framework (DTrace) in ...)
+ TODO: check
+CVE-2008-0937 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...)
+ TODO: check
+CVE-2008-0936 (SQL injection vulnerability in index.php in the Prayer List ...)
+ TODO: check
+CVE-2008-0935 (Stack-based buffer overflow in the Novell iPrint Control ActiveX ...)
+ TODO: check
+CVE-2008-0934 (SQL injection vulnerability in modules.php in the NukeC 2.1 module for ...)
+ TODO: check
+CVE-2008-0933 (Multiple race conditions in the CPU Performance Counters (cpc) ...)
+ TODO: check
+CVE-2008-0931
+ RESERVED
+CVE-2008-0930
+ RESERVED
+CVE-2008-0929
+ REJECTED
+ TODO: check
+CVE-2008-0928
+ RESERVED
+CVE-2008-0927
+ RESERVED
+CVE-2008-0926
+ RESERVED
+CVE-2008-0925
+ RESERVED
+CVE-2008-0924
+ RESERVED
+CVE-2008-0923 (Directory traversal vulnerability in the Shared Folders feature for ...)
+ TODO: check
+CVE-2008-0922 (SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke ...)
+ TODO: check
+CVE-2008-0921 (SQL injection vulnerability in news.php in beContent 0.3.1 allows ...)
+ TODO: check
+CVE-2008-0920 (SQL injection vulnerability in port/modifyportform.php in Open Source ...)
+ TODO: check
+CVE-2008-0919 (Cross-site scripting (XSS) vulnerability in session/login.php in Open ...)
+ TODO: check
+CVE-2008-0918 (SQL injection vulnerability in includes/count_dl_or_link.inc.php in ...)
+ TODO: check
+CVE-2008-0917 (Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 ...)
+ TODO: check
+CVE-2008-0916 (SQL injection vulnerability in the Highwood Design hwdVideoShare ...)
+ TODO: check
+CVE-2008-0915 (The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and ...)
+ TODO: check
+CVE-2008-0914 (Multiple cross-site scripting (XSS) vulnerabilities in the Mediation ...)
+ TODO: check
+CVE-2008-0913 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...)
+ TODO: check
+CVE-2008-0912 (Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink ...)
+ TODO: check
+CVE-2008-0911 (SQL injection vulnerability in productdetails.php in iScripts ...)
+ TODO: check
+CVE-2008-0910 (Multiple F-Secure anti-virus products, including Internet Security ...)
+ TODO: check
+CVE-2008-0909 (Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires ...)
+ TODO: check
+CVE-2008-0908 (SQL injection vulnerability in browse.asp in Schoolwires Academic ...)
+ TODO: check
+CVE-2008-0907 (SQL injection vulnerability in the Inhalt module for PHP-Nuke allows ...)
+ TODO: check
+CVE-2008-0906 (SQL injection vulnerability in the Docum module in PHP-Nuke allows ...)
+ TODO: check
+CVE-2008-0905 (Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 ...)
+ TODO: check
+CVE-2008-0904 (Unspecified vulnerability in the download servlet in BEA Plumtree ...)
+ TODO: check
+CVE-2008-0903 (Unspecified vulnerability in the BEA WebLogic Server and Express proxy ...)
+ TODO: check
+CVE-2008-0902 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
+ TODO: check
+CVE-2008-0901 (BEA WebLogic Server and Express 7.0 through 10.0 allows remote ...)
+ TODO: check
+CVE-2008-0900 (Session fixation vulnerability in BEA WebLogic Server and Express 8.1 ...)
+ TODO: check
+CVE-2008-0899 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
+ TODO: check
+CVE-2008-0898 (The distributed queue feature in JMS in BEA WebLogic Server 9.0 ...)
+ TODO: check
+CVE-2008-0897 (Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 ...)
+ TODO: check
+CVE-2008-0896 (BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator ...)
+ TODO: check
+CVE-2008-0895 (BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows ...)
+ TODO: check
+CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially ...)
+ TODO: check
+CVE-2008-0893
+ RESERVED
+CVE-2008-0892
+ RESERVED
+CVE-2008-0891
+ RESERVED
+CVE-2008-0890
+ RESERVED
+CVE-2008-0889
+ RESERVED
+CVE-2008-0888
+ RESERVED
+CVE-2008-0887
+ RESERVED
+CVE-2008-0886
+ RESERVED
+CVE-2008-0885
+ RESERVED
+CVE-2008-0884
+ RESERVED
+CVE-2008-0882 (Double free vulnerability in the process_browse_data function in CUPS ...)
+ TODO: check
+CVE-2008-0881 (SQL injection vulnerability in modules.php in the Okul 1.0 module for ...)
+ TODO: check
+CVE-2008-0880 (SQL injection vulnerability in modules.php in the EasyContent module ...)
+ TODO: check
+CVE-2008-0879 (SQL injection vulnerability in modules.php in the Web_Links module for ...)
+ TODO: check
+CVE-2008-0878 (SQL injection vulnerability in index.php in the MyAnnonces 1.7 and ...)
+ TODO: check
+CVE-2008-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media ...)
+ TODO: check
+CVE-2008-0876 (Unspecified vulnerability in the SEWB3 messaging service in Hitachi ...)
+ TODO: check
+CVE-2008-0875 (Unspecified vulnerability in Hitachi EUR Print Manager, and related ...)
+ TODO: check
+CVE-2008-0874 (SQL injection vulnerability in index.php in the eEmpregos module for ...)
+ TODO: check
+CVE-2008-0873 (SQL injection vulnerability in index.php in the jlmZone Classifieds ...)
+ TODO: check
+CVE-2008-0872 (Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail ...)
+ TODO: check
+CVE-2008-0871 (Multiple stack-based buffer overflows in Now SMS/MMS Gateway ...)
+ TODO: check
+CVE-2008-0870 (BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under ...)
+ TODO: check
+CVE-2008-0869 (Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 ...)
+ TODO: check
+CVE-2008-0868 (Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic ...)
+ TODO: check
+CVE-2008-0867 (Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA ...)
+ TODO: check
+CVE-2008-0866 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
+ TODO: check
+CVE-2008-0865 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 ...)
+ TODO: check
+CVE-2008-0864 (Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can ...)
+ TODO: check
+CVE-2008-0863 (BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web ...)
+ TODO: check
+CVE-2008-0862 (IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a ...)
+ TODO: check
+CVE-2008-0861 (Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus ...)
+ TODO: check
+CVE-2008-0860 (Unspecified vulnerability in the AVG plugin in Kerio MailServer before ...)
+ TODO: check
+CVE-2008-0859 (Unspecified vulnerability in Kerio MailServer before 6.5.0 allows ...)
+ TODO: check
+CVE-2008-0858 (Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer ...)
+ TODO: check
+CVE-2008-0857 (SQL injection vulnerability in index.php in WoltLab Burning Board ...)
+ TODO: check
+CVE-2008-0856 (Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow ...)
+ TODO: check
+CVE-2008-0855 (SQL injection vulnerability in the Facile Forms (com_facileforms) ...)
+ TODO: check
+CVE-2008-0854 (SQL injection vulnerability in the com_salesrep component for Joomla! ...)
+ TODO: check
+CVE-2008-0853 (SQL injection vulnerability in the com_detail component for Joomla! ...)
+ TODO: check
+CVE-2008-0852 (freeSSHd 1.2 and earlier allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2008-0851 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 ...)
+ TODO: check
+CVE-2008-0850 (Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote ...)
+ TODO: check
+CVE-2008-0849 (SQL injection vulnerability in index.php in the Downloads ...)
+ TODO: check
+CVE-2008-0848 (Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty ...)
+ TODO: check
+CVE-2008-0847 (SQL injection vulnerability in print.php in the myTopics module for ...)
+ TODO: check
+CVE-2008-0846 (SQL injection vulnerability in index.php in the com_profile component ...)
+ TODO: check
+CVE-2008-0845 (SQL injection vulnerability in wp-people-popup.php in Dean Logan ...)
+ TODO: check
+CVE-2008-0844 (SQL injection vulnerability in index.php in the PccookBook ...)
+ TODO: check
+CVE-2008-0843 (StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2008-0842 (SQL injection vulnerability in index.php in the Classifier ...)
+ TODO: check
+CVE-2008-0841 (SQL injection vulnerability in index.php in the Giorgio Nordo Ricette ...)
+ TODO: check
+CVE-2008-0840 (Directory traversal vulnerability in view_member.php in Public ...)
+ TODO: check
+CVE-2008-0839 (SQL injection vulnerability in refer.php in the astatsPRO ...)
+ TODO: check
+CVE-2008-0838 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
+ TODO: check
+CVE-2008-0837 (Cross-site scripting (XSS) vulnerability in the log feature in the ...)
+ TODO: check
+CVE-2008-0836 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun ...)
+ TODO: check
+CVE-2008-0835 (SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and ...)
+ TODO: check
+CVE-2008-0834 (Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS ...)
+ TODO: check
+CVE-2008-0833 (SQL injection vulnerability in index.php in the com_galeria component ...)
+ TODO: check
+CVE-2008-0832 (SQL injection vulnerability in index.php in the Kemas Antonius ...)
+ TODO: check
+CVE-2008-0831 (Multiple SQL injection vulnerabilities in the Rapid Recipe ...)
+ TODO: check
+CVE-2008-0830 (The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 ...)
+ TODO: check
+CVE-2008-0829 (SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! ...)
+ TODO: check
+CVE-2008-0828 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 ...)
+ TODO: check
+CVE-2008-0827 (SQL injection vulnerability in the Books module of PHP-Nuke allows ...)
+ TODO: check
+CVE-2008-0826 (Cross-site scripting (XSS) vulnerability in Claroline before 1.8.9 ...)
+ TODO: check
+CVE-2008-0825 (SQL injection vulnerability in Claroline before 1.8.9 allows remote ...)
+ TODO: check
+CVE-2008-0824 (Unspecified vulnerability in the php2phps function in Claroline before ...)
+ TODO: check
+CVE-2008-0823 (Unspecified vulnerability in the Header Image Module before 5.x-1.1 ...)
+ TODO: check
+CVE-2008-0822 (Directory traversal vulnerability in index.php in Scribe 0.2 allows ...)
+ TODO: check
+CVE-2008-0821 (SQL injection vulnerability in admin/traffic/knowledge_searchm.php in ...)
+ TODO: check
+CVE-2008-0820 (** DISPUTED ** ...)
+ TODO: check
+CVE-2008-0819 (Directory traversal vulnerability in index.php in PlutoStatus Locator ...)
+ TODO: check
+CVE-2008-0818 (Multiple directory traversal vulnerabilities in freePHPgallery 0.6 ...)
+ TODO: check
+CVE-2008-0817 (SQL injection vulnerability in the com_filebase component for Joomla! ...)
+ TODO: check
+CVE-2008-0816 (SQL injection vulnerability in the com_sg component for Joomla! and ...)
+ TODO: check
+CVE-2008-0815 (SQL injection vulnerability in the com_mezun component for Joomla! ...)
+ TODO: check
+CVE-2008-0814 (Directory traversal vulnerability in download.php in Tracking ...)
+ TODO: check
+CVE-2008-0813 (Directory traversal vulnerability in Download.php in XPWeb 3.0.1, ...)
+ TODO: check
+CVE-2008-0812 (Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 ...)
+ TODO: check
+CVE-2008-0811 (Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote ...)
+ TODO: check
+CVE-2008-0810 (SQL injection vulnerability in the com_scheduling module for Joomla! ...)
+ TODO: check
+CVE-2008-0805 (Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b ...)
+ TODO: check
+CVE-2008-0804 (PHP remote file inclusion vulnerability in usrgetform.html in Thecus ...)
+ TODO: check
CVE-2008-XXXX [lighttpd remote DoS]
- lighttpd <unfixed> (medium; bug #466663)
NOTE: CVE id pending
@@ -2,9 +352,10 @@
CVE-2008-0883 [tmp race]
+ RESERVED
NOT-FOR-US: Adobe Acrobat Reader
NOTE: http://www.openwall.com/lists/oss-security/2008/02/21/5
CVE-2008-0803 (Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan ...)
NOT-FOR-US: LookStrike Lan Manager
-CVE-2008-0802 (SQL injection vulnerability in index.php in the com_mediaslide ...)
+CVE-2008-0802 (SQL injection vulnerability in index.php in the MediaSlide ...)
NOT-FOR-US: Joomla component
-CVE-2008-0801 (Multiple SQL injection vulnerabilities in index.php in the ...)
+CVE-2008-0801 (SQL injection vulnerability in index.php in the PAXXGallery ...)
NOT-FOR-US: Joomla component
@@ -55,17 +406,17 @@
- moin 1.5.8-5.1
CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through ...)
- moin 1.5.8-5.1
-CVE-2008-0932 [diatheke remote command execution]
+CVE-2008-0932 (diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows ...)
{DSA-1508-1}
- sword 1.5.9-8 (high; bug #466449)
NOTE: source package named sword, binary package named diatheke
-CVE-2008-0806 [insecure temp file in wyrd]
+CVE-2008-0806 (wyrd 1.4.3b allows local users to overwrite arbitrary files via a ...)
- wyrd 1.4.3b-4 (low; bug #466382)
CVE-2008-XXXX [am-utils insecure temp file /tmp/expn$$ ]
- am-utils <not-affected> (Affected code not present in the binary package)
NOTE: sendmail includes a copy of the script, which has been fixed since
NOTE: several years
-CVE-2008-0807 [missing access restriction to user contacts in turba]
+CVE-2008-0807 (lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before ...)
{DSA-1507-1}
- turba2 2.1.7-1 (bug #464058)
NOTE: CVE id pending
@@ -188,7 +539,7 @@
NOT-FOR-US: Sun Solaris
CVE-2008-0729 (Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers ...)
NOT-FOR-US: Apple iPhone
-CVE-2008-0728 (libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown ...)
+CVE-2008-0728 (The unmew11 function in libclamav/mew.c in libclamav in ClamAV before ...)
- clamav 0.92.1~dfsg-1
CVE-2008-0727
RESERVED
@@ -296,9 +647,8 @@
NOT-FOR-US: A-Blog
CVE-2008-0675 (SQL injection vulnerability in cms/index.pl in The Everything ...)
NOT-FOR-US: Everything Development System
-CVE-2008-0674
- RESERVED
- {DSA-1499-1}
+CVE-2008-0674 (Buffer overflow in PCRE before 7.6 allows remote attackers to execute ...)
+ {DSA-1499-1 DTSA-115-1}
- pcre3 7.6-1 (medium)
CVE-2008-0673 (TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an ...)
- tintin++ <unfixed> (low; bug #465643)
@@ -364,9 +714,9 @@
RESERVED
CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by Adobe ...)
NOT-FOR-US: Adobe
-CVE-2008-0808 [XSS in the meta plugin in ikiwiki]
+CVE-2008-0808 (Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki ...)
- ikiwiki 2.31.1 (low; bug #465110)
-CVE-2008-0809 [XSS in the htmlscrubber in ikiwiki]
+CVE-2008-0809 (Cross-site scripting (XSS) vulnerability in the htmlscrubber in ...)
- ikiwiki 2.31.1 (low; bug #465110)
CVE-2008-0641
RESERVED
@@ -374,8 +724,8 @@
NOT-FOR-US: Symantec Ghost Solution Suite
CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the ...)
NOT-FOR-US: Novell Client
-CVE-2008-0638
- RESERVED
+CVE-2008-0638 (Heap-based buffer overflow in the Veritas Enterprise Administrator ...)
+ TODO: check
CVE-2008-0637
RESERVED
CVE-2008-0636 (Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x ...)
@@ -461,10 +811,10 @@
RESERVED
CVE-2008-0598
RESERVED
-CVE-2008-0597
- RESERVED
-CVE-2008-0596
- RESERVED
+CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly other ...)
+ TODO: check
+CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions, allows ...)
+ TODO: check
CVE-2008-0595
RESERVED
CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web forgery ...)
@@ -552,8 +902,8 @@
NOT-FOR-US: Uniwin eCart Professiona
CVE-2008-0557 (SQL injection vulnerability in index.php in the CatalogShop ...)
NOT-FOR-US: CatalogShop componenent for Mambo and Joomla!
-CVE-2008-0556
- RESERVED
+CVE-2008-0556 (Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, ...)
+ TODO: check
CVE-2008-0555
RESERVED
CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in eTicket ...)
@@ -878,7 +1228,7 @@
NOT-FOR-US: bMachine
CVE-2008-0421 (SQL injection vulnerability in Invision Gallery 2.0.7 and earlier ...)
NOT-FOR-US: Invision Gallery
-CVE-2008-0420 (Unspecified vulnerability in Mozilla Firefox, as used in Ubuntu 6.06 ...)
+CVE-2008-0420 (modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox ...)
TODO: check
NOTE: dup? poked mitre
CVE-2008-0419 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows ...)
@@ -1132,7 +1482,7 @@
RESERVED
CVE-2008-0319
RESERVED
-CVE-2008-0318 (Integer overflow in libclamav in ClamAV before 0.92.1, as used in ...)
+CVE-2008-0318 (Integer overflow in the cli_scanpe function in libclamav in ClamAV ...)
{DSA-1497-1}
- clamav 0.92.1~dfsg-1 (medium)
CVE-2008-0317
@@ -1506,8 +1856,7 @@
CVE-2008-0163 (Linux kernel 2.6, when using vservers, allows local users to access ...)
{DSA-1494-1}
- linux-2.6 <unfixed> (high)
-CVE-2008-0162 [splitvt privilege escalation through xprop]
- RESERVED
+CVE-2008-0162 (misc.c in splitvt 1.6.6 and earlier does not drop group privileges ...)
{DSA-1500-1}
- splitvt 1.6.6-4
CVE-2008-0302 (Untrusted search path vulnerability in apt-listchanges.py in ...)
@@ -2149,7 +2498,7 @@
NOT-FOR-US: Microsoft Office Publisher
CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows ...)
NOT-FOR-US: Zoom Player
-CVE-2007-6532 (Double-free vulnerability in the Widget Library (libxfcegui4) in Xfce ...)
+CVE-2007-6532 (Double free vulnerability in the Widget Library (libxfcegui4) in Xfce ...)
- xfce4 4.4.2 (low)
[sarge] - xfce4 <no-dsa> (Minor issue)
[etch] - xfce4 <no-dsa> (Minor issue)
@@ -2412,8 +2761,8 @@
CVE-2007-6427 (The XInput extension in X.Org Xserver before 1.4.1 allows ...)
{DSA-1466-2 DTSA-110-1}
- xorg-server 2:1.4.1~git20080105-2
-CVE-2007-6426
- RESERVED
+CVE-2007-6426 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and ...)
+ TODO: check
CVE-2007-6425 (Unspecified vulnerability in HP-UX B.11.31, when running ARPA ...)
NOT-FOR-US: HP-UX
CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in ...)
@@ -2692,8 +3041,8 @@
NOT-FOR-US: xml2owl
CVE-2007-6320 (Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does ...)
NOT-FOR-US: Feature (third party drupal module)
-CVE-2007-6319
- RESERVED
+CVE-2007-6319 (Multiple unspecified vulnerabilities in Lyris ListManager 8.x before ...)
+ TODO: check
CVE-2007-6318 (SQL injection vulnerability in wp-includes/query.php in WordPress ...)
- wordpress 2.3.2-1 (low; bug #459305)
[etch] - wordpress <not-affected> (Vulnerable code not present)
@@ -2706,8 +3055,8 @@
NOT-FOR-US: BarracudaDrive
CVE-2007-6314 (BarracudaDrive Web Server before 3.8 allows remote attackers to read ...)
NOT-FOR-US: BarracudaDrive
-CVE-2007-6313
- RESERVED
+CVE-2007-6313 (MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check ...)
+ TODO: check
CVE-2007-6312 (Cross-site scripting (XSS) vulnerability in the logon page in Web ...)
NOT-FOR-US: Web Security Suite
CVE-2007-6311 (SQL injection vulnerability in (1) index.php, and possibly (2) ...)
@@ -2788,7 +3137,7 @@
NOTE: http://seclists.org/bugtraq/2007/Dec/0107.html
CVE-2007-6280
RESERVED
-CVE-2007-6279 (Multiple double-free vulnerabilities in Free Lossless Audio Codec ...)
+CVE-2007-6279 (Multiple double free vulnerabilities in Free Lossless Audio Codec ...)
- flac 1.2.1-1 (unimportant)
NOTE: According to upstream this issue is not exploitable for code injection
NOTE: due to the layout of the seektable memory
@@ -2838,8 +3187,8 @@
NOT-FOR-US: Sun SunForum
CVE-2007-6259
RESERVED
-CVE-2007-6258
- RESERVED
+CVE-2007-6258 (Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV ...)
+ TODO: check
CVE-2007-6257
RESERVED
CVE-2007-6256
@@ -3561,11 +3910,11 @@
NOT-FOR-US: JPortal
CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and ...)
NOT-FOR-US: JPortal
-CVE-2007-5972 (Double-free vulnerability in the krb5_def_store_mkey function in ...)
+CVE-2007-5972 (Double free vulnerability in the krb5_def_store_mkey function in ...)
- krb5 <unfixed> (unimportant; bug #454974)
NOTE: potential attackers must have privileges to store the krb5kdc master key
NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
-CVE-2007-5971 (Double-free vulnerability in the gss_krb5int_make_seal_token_v3 ...)
+CVE-2007-5971 (Double free vulnerability in the gss_krb5int_make_seal_token_v3 ...)
- krb5 <unfixed> (unimportant; bug #454974)
NOTE: Not exploitable in real-world circumstances:
NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
@@ -3575,7 +3924,7 @@
- mysql-dfsg <removed>
NOTE: version in experimental is affected by this
NOTE: the debian maintainers do not yet have access to this issue: http://lists.mysql.com/packagers/377
-CVE-2007-5969 (MySQL Community Server before 5.0.51, when a table relies on symlinks ...)
+CVE-2007-5969 (MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x ...)
{DSA-1451-1}
- mysql-dfsg-5.0 5.0.45-4 (low; bug #455010)
TODO: check mysql 4
@@ -4109,7 +4458,7 @@
{DSA-1412-1 DSA-1411-1 DSA-1410-1}
- ruby1.9 1.9.0+20071016-1
- ruby1.8 1.8.6.111-1 (low; bug #451374)
-CVE-2007-5769 (Double-free vulnerability in the getreply function in ftp.c in netkit ...)
+CVE-2007-5769 (Double free vulnerability in the getreply function in ftp.c in netkit ...)
- netkit-ftp <not-affected> (Vulnerable code not present)
CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password ...)
NOT-FOR-US: Globe7 soft phone client
@@ -4884,7 +5233,7 @@
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1429 (Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to ...)
NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2007-5622 (Double-free vulnerability in the ftpprchild function in ftppr in ...)
+CVE-2007-5622 (Double free vulnerability in the ftpprchild function in ftppr in ...)
NOT-FOR-US: 3proxy
CVE-2007-5621 (Multiple cross-site scripting (XSS) vulnerabilities in the Token ...)
NOT-FOR-US: Token Drupal
@@ -5622,7 +5971,7 @@
CVE-2007-5394
RESERVED
CVE-2007-5393 (Heap-based buffer overflow in the CCITTFaxStream::lookChar method in ...)
- {DSA-1480-1 DSA-1408-1 DTSA-85-1 DTSA-86-1}
+ {DSA-1509-1 DSA-1480-1 DSA-1408-1 DTSA-85-1 DTSA-86-1}
- poppler 0.6.2-1 (medium; bug #450628)
- kdegraphics 4:3.5.8-2 (medium; bug #450630)
- xpdf 3.02-1.3 (medium; bug #450629)
@@ -5639,7 +5988,7 @@
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
CVE-2007-5392 (Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in ...)
- {DSA-1480-1 DTSA-85-1 DTSA-86-1}
+ {DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
- poppler 0.6.2-1 (medium; bug #450628)
- kdegraphics 4:3.5.8-2 (medium; bug #450630)
[etch] - kdegraphics <not-affected> (Vulnerable code not used)
@@ -7583,9 +7932,9 @@
NOT-FOR-US: Apple Mac OS X
CVE-2007-4691 (The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2007-4690 (Double-free vulnerability in the NFS component in Apple Mac OS X 10.4 ...)
+CVE-2007-4690 (Double free vulnerability in the NFS component in Apple Mac OS X 10.4 ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2007-4689 (Double-free vulnerability in the Networking component in Apple Mac OS ...)
+CVE-2007-4689 (Double free vulnerability in the Networking component in Apple Mac OS ...)
NOT-FOR-US: Apple Mac OS X
CVE-2007-4688 (The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows ...)
NOT-FOR-US: Apple Mac OS X
@@ -8025,8 +8374,8 @@
RESERVED
CVE-2007-4517 (Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA ...)
NOT-FOR-US: Oracle
-CVE-2007-4516
- RESERVED
+CVE-2007-4516 (The Volume Manager Scheduler Service (aka VxSchedService.exe) in ...)
+ TODO: check
CVE-2007-4515 (Buffer overflow in a certain ActiveX control in YVerInfo.dll before ...)
NOT-FOR-US: Yahoo! Messenger
CVE-2007-4514
@@ -8412,7 +8761,7 @@
CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in ...)
NOT-FOR-US: AIX
CVE-2007-4352 (Array index error in the DCTStream::readProgressiveDataUnit method in ...)
- {DSA-1480-1 DTSA-85-1 DTSA-86-1}
+ {DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
- poppler 0.6.2-1 (medium; bug #450628)
- kdegraphics 4:3.5.8-2 (medium; bug #450630)
[etch] - kdegraphics <not-affected> (Vulnerable code not used)
@@ -12928,7 +13277,7 @@
NOT-FOR-US: Cisco
CVE-2007-2460 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: FireFly
-CVE-2007-2459 (Buffer overflow in the read_4bit_bmp function in bmp.c in Imager 0.56 ...)
+CVE-2007-2459 (Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl ...)
{DSA-1498-1}
- libimager-perl 0.58-1 (unimportant; bug #421582)
NOTE: Only CVE-2007-2413 is exploitable per upstream
@@ -13053,7 +13402,8 @@
NOT-FOR-US: Pi3Web Web Server
CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial of ...)
NOT-FOR-US: MyServer
-CVE-2007-2413 (Heap-based buffer overflow in Imager before 0.57 allows remote ...)
+CVE-2007-2413
+ REJECTED
- libimager-perl 0.58-1 (bug #421582)
CVE-2007-2412 (** DISPUTED ** ...)
NOT-FOR-US: Seir Anphin
@@ -13977,7 +14327,7 @@
NOT-FOR-US: CompreXX
CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 ...)
NOT-FOR-US: DeskPro
-CVE-2007-2010 (Double-free vulnerability in bftpd before 1.8 allows remote ...)
+CVE-2007-2010 (Double free vulnerability in bftpd before 1.8 allows remote ...)
NOT-FOR-US: bftpd
CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light ...)
NOT-FOR-US: SimpCMS Light
@@ -16045,7 +16395,7 @@
- asterisk-chan-capi 0.7.1-1.1 (bug #411293; unimportant)
- linux-2.6 2.6.21-1 (bug #411294; unimportant)
NOTE: Not exploitable over ISDN network, only theoretically through a dedicated CAPI server
-CVE-2007-1216 (Double-free vulnerability in the GSS-API library ...)
+CVE-2007-1216 (Double free vulnerability in the GSS-API library ...)
{DSA-1276-1}
- krb5 1.4.4-8 (high)
CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
@@ -18712,7 +19062,7 @@
CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users to ...)
{DSA-1269-1}
- lookup-el 1.4-5 (low)
-CVE-2007-0236 (Double-free vulnerability in the _ATPsndrsp function in Apple Mac OS X ...)
+CVE-2007-0236 (Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X ...)
NOT-FOR-US: Mac OS X
CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in ...)
{DSA-1255-1}
@@ -19780,7 +20130,7 @@
[etch] - libflash <no-dsa> (Not exploitable through directory writable by an unprivileged user)
CVE-2006-6697 (CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle ...)
NOT-FOR-US: Oracle
-CVE-2006-6696 (Double-free vulnerability in Microsoft Windows 2000, XP, 2003, and ...)
+CVE-2006-6696 (Double free vulnerability in Microsoft Windows 2000, XP, 2003, and ...)
NOT-FOR-US: Microsoft
CVE-2006-6695 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
NOT-FOR-US: Carsen Klock TextSend
@@ -20763,7 +21113,7 @@
NOT-FOR-US: Novell ZENworks
CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul ...)
NOT-FOR-US: Metyus Okul Yonetim Sistemi
-CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, ...)
+CVE-2006-6297 (Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin ...)
- kdegraphics <unfixed> (unimportant)
NOTE: Generic bug, treating it as a security problem is quite a stretch
CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) ...)
@@ -28655,7 +29005,7 @@
[sarge] - evolution <not-affected> (Not reproducible on Sarge's evolution)
NOTE: Verified that the patch has been applied in 2.4.0-1,
NOTE: may have been fixed earlier.
-CVE-2006-2788 (Double-free vulnerability in the getRawDER function for nsIX509Cert in ...)
+CVE-2006-2788 (Double free vulnerability in the getRawDER function for nsIX509Cert in ...)
{DSA-1210 DSA-1192-1 DSA-1191-1}
- mozilla <unfixed> (high)
- firefox 1.5.dfsg+1.5.0.4 (high)
@@ -28699,7 +29049,7 @@
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
- mozilla 2:1.7.13-0.3 (medium)
- xulrunner 1.8.0.4-1 (medium)
-CVE-2006-2781 (Double-free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ...)
+CVE-2006-2781 (Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ...)
{DSA-1134-1 DSA-1118}
NOTE: MFSA-2006-40
- thunderbird 1.5.0.4-1 (high)
@@ -30428,7 +30778,7 @@
NOT-FOR-US: Simplog
CVE-2006-2027 (Buffer overflow in Unicode processing in the logging functionality in ...)
NOT-FOR-US: Pablo Software
-CVE-2006-2026 (Double-free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows ...)
+CVE-2006-2026 (Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows ...)
{DSA-1054-1}
[sarge] - tiff 3.7.2-3sarge1
[woody] - tiff 3.5.5-7woody1
@@ -33715,7 +34065,7 @@
NOT-FOR-US: Squishdot
CVE-2006-0711 (The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl ...)
NOT-FOR-US: NeoMail
-CVE-2006-0710 (Double-free vulnerability in isode.eddy in Isode M-Vault Server 11.3 ...)
+CVE-2006-0710 (Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 ...)
NOT-FOR-US: Isode M-Vault
CVE-2006-0709 (Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a ...)
{DSA-995-1}
@@ -35500,7 +35850,7 @@
- sendmail 8.13.6-1 (bug #358440; high)
CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
NOT-FOR-US: Windows
-CVE-2006-0056 (Double-free vulnerability in the authentication and authentication ...)
+CVE-2006-0056 (Double free vulnerability in the authentication and authentication ...)
- pam-mysql 0.6.2-1 (bug #353589; medium)
[sarge] - pam-mysql <not-affected> (Vulnerable code not present)
CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable ...)
@@ -37598,7 +37948,7 @@
NOT-FOR-US: Exponent CMS
CVE-2005-3761 (Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and ...)
NOT-FOR-US: Exponent CMS
-CVE-2005-3760 (Double-free vulnerability in the BBOORB module in IBM WebSphere ...)
+CVE-2005-3760 (Double free vulnerability in the BBOORB module in IBM WebSphere ...)
NOT-FOR-US: WebSphere
CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
NOT-FOR-US: Google search appliance
@@ -45314,7 +45664,7 @@
NOT-FOR-US: SAP
CVE-2005-1690
REJECTED
-CVE-2005-1689 (Double-free vulnerability in the krb5_recvauth function in MIT ...)
+CVE-2005-1689 (Double free vulnerability in the krb5_recvauth function in MIT ...)
{DSA-757-1}
- krb5 1.3.6-4 (medium)
CVE-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...)
@@ -46651,7 +47001,7 @@
- ethereal 0.10.10-2sarge2
CVE-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A ...)
- ethereal 0.10.10-2sarge2
-CVE-2005-1462 (Double-free vulnerability in the ICEP dissector in Ethereal before ...)
+CVE-2005-1462 (Double free vulnerability in the ICEP dissector in Ethereal before ...)
- ethereal 0.10.10-2sarge2
CVE-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, ...)
- ethereal 0.10.10-2sarge2
@@ -48077,7 +48427,7 @@
CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...)
{DSA-722-1}
- smail 3.2.0.115-7 (bug #301428; high)
-CVE-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...)
+CVE-2005-0891 (Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...)
NOTE: The description is wrong; 2.6 is affected as well
- gtk+2.0 2.6.4-1
- gdk-pixbuf 0.22.0-7.1
@@ -52818,7 +53168,7 @@
NOT-FOR-US: Real Helix server
CVE-2004-0773
RESERVED
-CVE-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...)
+CVE-2004-0772 (Double free vulnerabilities in error handling code in krb524d for MIT ...)
{DSA-543-1}
- krb5 1.3.4-3
CVE-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...)
@@ -53138,10 +53488,10 @@
CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...)
{DSA-543-1}
- krb5 1.3.4-3
-CVE-2004-0643 (Double-free vulnerability in the krb5_rd_cred function for MIT ...)
+CVE-2004-0643 (Double free vulnerability in the krb5_rd_cred function for MIT ...)
{DSA-543-1}
- krb5 1.3.4-3
-CVE-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1 ...)
+CVE-2004-0642 (Double free vulnerabilities in the error handling code for ASN.1 ...)
{DSA-543-1}
- krb5 1.3.4-3
CVE-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and ...)
@@ -53676,7 +54026,7 @@
CVE-2004-0417 (Integer overflow in the "Max-dotdot" CVS protocol command ...)
{DSA-519}
- cvs 1:1.12.9-1
-CVE-2004-0416 (Double-free vulnerability for the error_prog_name string in CVS 1.12.x ...)
+CVE-2004-0416 (Double free vulnerability for the error_prog_name string in CVS 1.12.x ...)
{DSA-519}
- cvs 1:1.12.9-1
CVE-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...)
@@ -53799,7 +54149,7 @@
NOT-FOR-US: KAME
CVE-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...)
NOT-FOR-US: Entrust LibKmp ISAKMP library
-CVE-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...)
+CVE-2004-0368 (Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...)
NOT-FOR-US: CDE
CVE-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...)
- ethereal 0.10.3 (bug #239576)
@@ -54257,7 +54607,7 @@
NOT-FOR-US: FreeBSD jail
CVE-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...)
NOT-FOR-US: Windows bug
-CVE-2004-0123 (Double-free vulnerability in the ASN.1 library as used in Windows NT ...)
+CVE-2004-0123 (Double free vulnerability in the ASN.1 library as used in Windows NT ...)
NOT-FOR-US: Windows bug
CVE-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...)
NOT-FOR-US: Windows bug
@@ -54467,7 +54817,7 @@
NOT-FOR-US: IBM DB2
CVE-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...)
NOT-FOR-US: IBM DB2
-CVE-2003-1048 (Double-free vulnerability in mshtml.dll for certain versions of ...)
+CVE-2003-1048 (Double free vulnerability in mshtml.dll for certain versions of ...)
NOT-FOR-US: microsoft
CVE-2003-1047
REJECTED
@@ -55557,7 +55907,7 @@
- gdm 2.4.1.5
CVE-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...)
NOT-FOR-US: up2date
-CVE-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...)
+CVE-2003-0545 (Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...)
{DSA-394 DSA-393}
- openssl 0.9.7c
- openssl096 0.9.6k
More information about the Secure-testing-commits
mailing list