[Secure-testing-commits] r7943 - data/CVE

stef-guest at alioth.debian.org stef-guest at alioth.debian.org
Wed Jan 16 20:21:59 UTC 2008 

Author: stef-guest
Date: 2008-01-16 20:21:58 +0000 (Wed, 16 Jan 2008)
New Revision: 7943

Modified:
   data/CVE/list
Log:
new xine-lib, freebsd, linux, horde3 issues
some NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-16 17:57:08 UTC (rev 7942)
+++ data/CVE/list	2008-01-16 20:21:58 UTC (rev 7943)
@@ -105,7 +105,7 @@
 CVE-2008-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
 	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in ...)
-	TODO: check
+	- xine-lib <unfixed> (medium; bug #460551)
 CVE-2008-XXXX [insecure use of RandomPool]
 	- python-paramiko <unfixed> (medium; bug #460706)
 	NOTE: http://www.lag.net/pipermail/paramiko/2008-January/000599.html
@@ -153,9 +153,14 @@
 CVE-2008-0218 (Cross-site scripting (XSS) vulnerability in admin/index.html in Merak ...)
 	NOT-FOR-US: Merak IceWarp Mail Server
 CVE-2008-0217 (The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes ...)
-	TODO: check
+	- kfreebsd-5 <removed>
+	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
+	- kfreebsd-6 <unfixed>
+	- kfreebsd-7 <unfixed>
 CVE-2008-0216 (The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not ...)
-	TODO: check
+	- kfreebsd-5 <not-affected>
+	- kfreebsd-6 <unfixed>
+	- kfreebsd-7 <unfixed>
 CVE-2008-0215
 	RESERVED
 CVE-2008-0214
@@ -374,7 +379,9 @@
 CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle ...)
 	TODO: check
 CVE-2008-0122 (Off-by-one error in the inet_network function in libc in FreeBSD 6.2, ...)
-	TODO: check
+	- kfreebsd-5 <not-affected>
+	- kfreebsd-6 <unfixed>
+	- kfreebsd-7 <unfixed>
 CVE-2008-0121
 	RESERVED
 CVE-2008-0120
@@ -567,17 +574,18 @@
 CVE-2008-0037
 	RESERVED
 CVE-2008-0036 (Buffer overflow in Apple QuickTime before 7.4 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2008-0035 (Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 ...)
-	TODO: check
+	NOT-FOR-US: Apple cocoa Foundation
+	NOTE: AFAICS this is not the same as libfoundation in Debian
 CVE-2008-0034 (Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through ...)
-	TODO: check
+	NOT-FOR-US: Apple iPhone
 CVE-2008-0033 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2008-0032 (Apple QuickTime before 7.4 allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2008-0031 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2007-6667 (SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier ...)
 	NOT-FOR-US: MyPHP Forum
 CVE-2007-6666 (SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 ...)
@@ -1685,7 +1693,7 @@
 CVE-2008-0002
 	RESERVED
 CVE-2008-0001 (VFS in the Linux kernel before 2.6.23.14 performs tests of access mode ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...)
 	- xen-3 3.1.2-1
 CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x ...)
@@ -2148,7 +2156,7 @@
 CVE-2007-6019
 	RESERVED
 CVE-2007-6018 (IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde ...)
-	TODO: check
+	- horde3 <unfixed> (bug filed; low)
 CVE-2007-6017
 	RESERVED
 CVE-2007-6016
@@ -3377,13 +3385,13 @@
 CVE-2007-5659
 	RESERVED
 CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and ...)
-	TODO: check
+	NOT-FOR-US: TIBCO SmartSockets RTserver
 CVE-2007-5657 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...)
-	TODO: check
+	NOT-FOR-US: TIBCO SmartSockets RTserver
 CVE-2007-5656 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...)
-	TODO: check
+	NOT-FOR-US: TIBCO SmartSockets RTserver
 CVE-2007-5655 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...)
-	TODO: check
+	NOT-FOR-US: TIBCO SmartSockets RTserver
 CVE-2007-5654 (LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger ...)
 	NOT-FOR-US: LiteSpeed
 CVE-2007-5653 (The Component Object Model (COM) functions in PHP 5.x on Windows do ...)

More information about the Secure-testing-commits mailing list