[Secure-testing-commits] r8372 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Wed Mar 19 14:08:37 UTC 2008
Author: nion
Date: 2008-03-19 14:08:36 +0000 (Wed, 19 Mar 2008)
New Revision: 8372
Modified:
data/CVE/list
Log:
NFUs
new bzip2 issue (CVE-2008-1372)
CVE-2008-1367 fixed in kfreebsd and glibc, linux kernel and gcc still unfixed
new zabbix issue (CVE-2008-1353)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-03-19 09:14:11 UTC (rev 8371)
+++ data/CVE/list 2008-03-19 14:08:36 UTC (rev 8372)
@@ -15,7 +15,7 @@
CVE-2008-1384
RESERVED
CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or ...)
- TODO: check
+ NOT-FOR-US: Gentoo Linux Ebuilds
CVE-2008-1382
RESERVED
CVE-2008-1381
@@ -37,21 +37,25 @@
CVE-2008-1373
RESERVED
CVE-2008-1372 (bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to ...)
- TODO: check
+ - bzip2 <unfixed> (bug #471670)
CVE-2008-1371 (Absolute path traversal vulnerability in install/index.php in Drake ...)
- TODO: check
+ NOT-FOR-US: Drake CMS
CVE-2008-1370 (PHP remote file inclusion vulnerability in index.php in wildmary Yap ...)
- TODO: check
+ NOT-FOR-US: wildmary Yap Blog
CVE-2008-1369 (A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2008-1368 (CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-1367 (gcc 4.3.x does not generate a cld instruction while compiling ...)
- TODO: check
+ - linux-2.6 <unfixed> (bug #469058)
+ - kfreebsd-6 6.3-4 (bug #469564)
+ - kfreebsd-7 7.0-2 (bug #469565)
+ - gcc-4.3 <unfixed> (bug #469567)
+ - glibc 2.7-8 (bug #465583)
CVE-2008-1366 (Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and ...)
- TODO: check
+ NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2008-1365 (Stack-based buffer overflow in Trend Micro OfficeScan Corporate ...)
- TODO: check
+ NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2008-1364
RESERVED
CVE-2008-1363
@@ -61,53 +65,53 @@
CVE-2008-1361
RESERVED
CVE-2008-1359 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...)
- TODO: check
+ NOT-FOR-US: Invision Power Board
CVE-2008-1358 (Sack-based buffer overflow in the IMAP server in Alt-N Technologies ...)
- TODO: check
+ NOT-FOR-US: MDaemon
CVE-2008-1357 (Format string vulnerability in the logDetail function of applib.dll in ...)
- TODO: check
+ NOT-FOR-US: McAfee Common Management Agent
CVE-2008-1356 (Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2008-1355 (Cross-site scripting (XSS) vulnerability in index.php in Jeebles ...)
- TODO: check
+ NOT-FOR-US: Jeebles Directory
CVE-2008-1354 (SQL injection vulnerability in MyIssuesView.asp in Advanced Data ...)
- TODO: check
+ NOT-FOR-US: VSO-XP
CVE-2008-1353 (zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a ...)
- TODO: check
+ - zabbix <unfixed> (low; bug #471678)
CVE-2008-1352 (Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 ...)
- TODO: check
+ NOT-FOR-US: EdiorCMS
CVE-2008-1351 (SQL injection vulnerability in the Tutorials 2.1b module for XOOPS ...)
- TODO: check
+ NOT-FOR-US: Tutorials module for XOOPS
CVE-2008-1350 (SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) ...)
- TODO: check
+ NOT-FOR-US: Fully Modded phpBB
CVE-2008-1349 (SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama ...)
- TODO: check
+ NOT-FOR-US: bamaGalerie
CVE-2008-1348 (Cross-site scripting (XSS) vulnerability in index.php in the eWebsite ...)
- TODO: check
+ NOT-FOR-US: eWeather module for PHP-Nuke
CVE-2008-1347 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: MyioSoft EasyGallery
CVE-2008-1346 (SQL injection vulnerability in staticpages/easygallery/index.php in ...)
- TODO: check
+ NOT-FOR-US: MyioSoft EasyGallery
CVE-2008-1345 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: MyioSoft EasyCalendar
CVE-2008-1344 (Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr ...)
- TODO: check
+ NOT-FOR-US: MyioSoft EasyCalendar
CVE-2008-1343 (Directory traversal vulnerability in pkgadd and pkgrm in SCO UnixWare ...)
- TODO: check
+ NOT-FOR-US: SCO Unixware
CVE-2008-1342 (Multiple cross-site scripting (XSS) vulnerabilities in the search ...)
- TODO: check
+ NOT-FOR-US: Polymita BPM-Suite and CollagePortal
CVE-2008-1341 (SQL injection vulnerability in SearchResults.aspx in LaGarde ...)
- TODO: check
+ NOT-FOR-US: LaGarde StoreFront
CVE-2008-1340
RESERVED
CVE-2008-1339
RESERVED
CVE-2008-1338 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...)
- TODO: check
+ NOT-FOR-US: Perforce Server
CVE-2008-1337 (The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier ...)
- TODO: check
+ NOT-FOR-US: Timbuktu Pro for Windows
CVE-2008-1336 (SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows ...)
- TODO: check
+ NOT-FOR-US: Koobi CMS
CVE-2008-1335 (The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 ...)
TODO: check
CVE-2008-1334 (cgi/b on the BT Home Hub router allows remote attackers to bypass ...)
@@ -10220,7 +10224,10 @@
{DSA-1438-1}
- tar 1.18-2 (medium; bug #439335)
CVE-2007-4130 (The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux ...)
- TODO: check
+ - linux-2.6 2.6.12-1 (low)
+ NOTE: a fix is included in 2.6, see line 854 mempolicy.c
+ NOTE: it was maybe fixed earlier, 2.6.12 is the first version in git
+ NOTE: which I can see and ships the fix
CVE-2007-4129 (CoolKey 1.1.0 allows local users to overwrite arbitrary files via a ...)
- coolkey 1.1.0-3
CVE-2007-4128 (SQL injection vulnerability in index.php in the Firestorm Technologies ...)
More information about the Secure-testing-commits
mailing list