[Secure-testing-commits] r9065 - data/CVE

thomasbl-guest at alioth.debian.org thomasbl-guest at alioth.debian.org
Sat Jun 14 03:11:22 UTC 2008 

Author: thomasbl-guest
Date: 2008-06-14 03:11:20 +0000 (Sat, 14 Jun 2008)
New Revision: 9065

Modified:
   data/CVE/list
Log:
sorting all vmware-package issues and opened bug #486177 for the unsolved 



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-06-13 18:02:33 UTC (rev 9064)
+++ data/CVE/list	2008-06-14 03:11:20 UTC (rev 9065)
@@ -1256,11 +1256,14 @@
 	RESERVED
 CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...)
 	- vmware-package <unfixed> (low; bug #485919)
-	NOTE: it's not a real bug for vmware-package itself, see #484491
+	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
+	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
 CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 ...)
 	- vmware-package <not-affected> (Windows issue according to CVE)
 CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (HGFS) ...)
-	- vmware-package <unfixed> (bug #484491)
+	- vmware-package <unfixed> (low; bug #484491)
+	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
+	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
 CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware ESXi 3.5 ...)
 	NOT-FOR-US: Vmware ESX/i
 CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote attackers ...)
@@ -2860,7 +2863,9 @@
 CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 ...)
 	- plone3 <unfixed> (bug #473571)
 CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...)
-	NOT-FOR-US: Vmware
+	- vmware-package <unfixed> (low; bug #486177)
+	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
+	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
 CVE-2007-6711 (Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, ...)
 	NOT-FOR-US: FreeWebShop.org
 CVE-2005-4873 (Multiple stack-based buffer overflows in the phpcups PHP module for ...)
@@ -2961,13 +2966,15 @@
 CVE-2008-1365 (Stack-based buffer overflow in Trend Micro OfficeScan Corporate ...)
 	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
 CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware Workstation ...)
-	NOT-FOR-US: VMware
+	- vmware-package <unfixed> (low; bug #486177)
+	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
+	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
 CVE-2008-1363 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...)
-	NOT-FOR-US: VMware
+	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
 CVE-2008-1362 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...)
-	NOT-FOR-US: VMware
+	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
 CVE-2008-1361 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...)
-	NOT-FOR-US: VMware
+	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
 CVE-2008-1359 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...)
 	NOT-FOR-US: Invision Power Board
 CVE-2008-1358 (Stack-based buffer overflow in the IMAP server in Alt-N Technologies ...)
@@ -3008,7 +3015,9 @@
 CVE-2008-1341 (SQL injection vulnerability in SearchResults.aspx in LaGarde ...)
 	NOT-FOR-US: LaGarde StoreFront
 CVE-2008-1340 (Virtual Machine Communication Interface (VMCI) in VMware Workstation ...)
-	NOT-FOR-US: VMware
+	- vmware-package <unfixed> (low; bug #486177)
+	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
+	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
 CVE-2008-1339
 	RESERVED
 CVE-2008-1338 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...)
@@ -8992,7 +9001,7 @@
 CVE-2007-5672
 	RESERVED
 CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x before ...)
-	TODO: check
+	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
 CVE-2007-5670
 	REJECTED
 CVE-2007-5669
@@ -9232,11 +9241,15 @@
 CVE-2007-5620 (Directory traversal vulnerability in admin/inc/help.php in ...)
 	NOT-FOR-US: ZZ:FlashChat
 CVE-2007-5619 (Unspecified vulnerability in VMware Server before 1.0.4 causes user ...)
-	NOT-FOR-US: VMware Server
+	- vmware-package <unfixed> (low; bug #486177)
+	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
+	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
 CVE-2007-5618 (Unquoted Windows search path in the Authorization and other services ...)
-	NOT-FOR-US: VMware  Player
+	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
 CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 ...)
-	NOT-FOR-US: VMware Player
+	- vmware-package <unfixed> (low; bug #486177)
+	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
+	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
 CVE-2007-5616 (ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x ...)
 	NOT-FOR-US: SSH Tectia Client and Server
 CVE-2007-5615 (CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows ...)
@@ -12177,11 +12190,11 @@
 CVE-2007-4594 (Entrust Entelligence Security Provider (ESP) 8 does not properly ...)
 	NOT-FOR-US: Entrust Entelligence Security Provider
 CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 ...)
-	NOT-FOR-US: VMWare Workstation
+	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
 CVE-2007-4592 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
 	NOT-FOR-US: Rational
 CVE-2007-4591 (vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a ...)
-	NOT-FOR-US: VMWare Workstation
+	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
 CVE-2007-4590 (The get_system_info command in Ignite-UX C.7.0 through C.7.3, and ...)
 	NOT-FOR-US: Ignite-UX
 CVE-2007-4589 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx ...)

More information about the Secure-testing-commits mailing list