[Secure-testing-commits] r8279 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Thu Mar 6 12:35:14 UTC 2008


Author: nion
Date: 2008-03-06 12:35:12 +0000 (Thu, 06 Mar 2008)
New Revision: 8279

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-0304 unfixed in icedove, fixed in iceape 1.1.8-1
new issue: s9y (CVE-2008-0124)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-03-06 12:10:25 UTC (rev 8278)
+++ data/CVE/list	2008-03-06 12:35:12 UTC (rev 8279)
@@ -160,7 +160,7 @@
 CVE-2008-1056 (Multiple stack-based buffer overflows in Symark PowerBroker 2.8 ...)
 	NOT-FOR-US: Symark PowerBroker
 CVE-2003-1545 (Absolute path traversal vulnerability in nukestyles.com viewpage.php ...)
-	TODO: check
+	NOT-FOR-US: nukestyles.com addon for PHP-Nuke
 CVE-2008-1111 [lighttpd sends cgi source if it fails to fork the cgi handler]
 	RESERVED
 	- lighttpd <unfixed> (low; bug #469307)
@@ -1672,7 +1672,7 @@
 	- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable code and uses sed secure)
 	NOTE: xdg-open-generic replaces the vulnerable code and runs view-mailcap or sensible-browser
 CVE-2008-0385 (SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 ...)
-	TODO: check
+	NOT-FOR-US: Urulu
 CVE-2008-0384 (OpenBSD 4.2 allows local users to cause a denial of service (kernel ...)
 	NOT-FOR-US: OpenBSD
 CVE-2008-0383 (Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier ...)
@@ -1830,9 +1830,9 @@
 CVE-2008-0310
 	RESERVED
 CVE-2008-0309 (Stack-based buffer overflow in Symantec Decomposer, as used in certain ...)
-	TODO: check
+	NOT-FOR-US: Symantec Decomposer
 CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus products ...)
-	TODO: check
+	NOT-FOR-US: Symantec Decomposer
 CVE-2008-0307
 	RESERVED
 CVE-2008-0306
@@ -1840,9 +1840,10 @@
 CVE-2008-0305
 	RESERVED
 CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and ...)
-	TODO: check
+	- icedove <unfixed> (medium)
+	- iceape 1.1.8-1 (medium)
 CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...)
-	TODO: check
+	NOT-FOR-US: Canon printer firmware
 CVE-2008-0301
 	RESERVED
 CVE-2008-0300
@@ -2292,7 +2293,7 @@
 CVE-2008-0125
 	RESERVED
 CVE-2008-0124 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before ...)
-	TODO: check
+	- serendipity <unfixed> (low; bug #469667)
 CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle ...)
 	- moodle <unfixed> (unimportant)
 	NOTE: the issue itself has a quite small attack vector
@@ -3532,7 +3533,7 @@
 CVE-2007-6253
 	RESERVED
 CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation ...)
-	TODO: check
+	NOT-FOR-US: Street Technologies
 CVE-2007-6251
 	RESERVED
 CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl ...)
@@ -4124,9 +4125,9 @@
 	- horde3 3.1.6-1 (bug #461131; low)
 	- imp4 <not-affected> (xss.php is only present in horde3 package)
 CVE-2007-6017 (A Symantec ActiveX control related to the scheduler component in the ...)
-	TODO: check
+	NOT-FOR-US: Symantec Backup Exec
 CVE-2007-6016 (Multiple stack-based buffer overflows in a Symantec ActiveX control ...)
-	TODO: check
+	NOT-FOR-US: Symantec Backup Exec
 CVE-2007-6015 (Stack-based buffer overflow in the send_mailslot function in nmbd in ...)
 	{DSA-1427-1 DTSA-100-1}
 	- samba 3.0.28-1 (high)
@@ -6294,7 +6295,7 @@
 	{DSA-1409-3 DSA-1409-2 DSA-1409-1}
 	- samba 3.0.27-1 (high)
 CVE-2007-5397 (Heap-based buffer overflow in the activePDF Server service (aka ...)
-	TODO: check
+	NOT-FOR-US: activePDF Server
 CVE-2007-5396 (Format string vulnerability in the ext_yahoo_contact_added function in ...)
 	NOT-FOR-US: Miranda
 CVE-2007-5395 (Stack-based buffer overflow in the separate_word function in ...)




More information about the Secure-testing-commits mailing list