[Secure-testing-commits] r8407 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Tue Mar 25 15:43:20 UTC 2008 

Author: nion
Date: 2008-03-25 15:43:19 +0000 (Tue, 25 Mar 2008)
New Revision: 8407

Modified:
   data/CVE/list
Log:
new vlc issue (CVE-2008-1489; medium)
php5-apc has an itp (CVE-2008-1488)
new xine-lib issues (CVE-2008-1482; medium)
CVE-2008-1475 does not affect roundup in Debian
new roundup issue (CVE-2008-1474; low)
new namazu2 issue (CVE-2008-1468;low)
new centerim issue (CVE-2008-1467) not really relevant
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-03-25 13:20:38 UTC (rev 8406)
+++ data/CVE/list	2008-03-25 15:43:19 UTC (rev 8407)
@@ -1,65 +1,68 @@
 CVE-2008-1489 (Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC ...)
-	TODO: check
+	- vlc <unfixed> (medium; bug #472635)
 CVE-2008-1488 (Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) ...)
-	TODO: check
+	- php5-apc <itp> (bug #335404)
 CVE-2008-1487 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
-	TODO: check
+	NOT-FOR-US: LinPHA
 CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6 , when mysql_use_ft ...)
-	TODO: check
+	NOT-FOR-US: Phorum
 CVE-2008-1485 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier ...)
-	TODO: check
+	NOT-FOR-US: PunBB
 CVE-2008-1484 (The password reset feature in PunBB 1.2.16 and earlier uses ...)
-	TODO: check
+	NOT-FOR-US: PunBB
 CVE-2008-1483 (OpenSSH 4.3p2, and probably other versions, allows local users to ...)
 	- openssh 1:4.7p1-5 (bug #463011)
 CVE-2008-1482 (Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote ...)
-	TODO: check
+	- xine-lib <unfixed> (medium; bug #472639)
 CVE-2008-1481 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL ...)
-	TODO: check
+	NOT-FOR-US: webSPELL
 CVE-2008-1480 (rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris
 CVE-2008-1479 (Cross-site scripting (XSS) vulnerability in index.php in ...)
-	TODO: check
+	NOT-FOR-US: cfnetgs
 CVE-2008-1478 (Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of ...)
-	TODO: check
+	NOT-FOR-US: Home FTP Server
 CVE-2008-1477 (Multiple cross-site scripting (XSS) vulnerabilities in busca.php in ...)
-	TODO: check
+	NOT-FOR-US: eForum
 CVE-2008-1475 (The xml-rpc server in Roundup 1.4.4 does not check property ...)
-	TODO: check
+	- roundup <not-affected> (xml-rpc code introduced in 1.4.0)
 CVE-2008-1474 (Multiple unspecified vulnerabilities in Roundup before 1.4.4 have ...)
-	TODO: check
+	- roundup <unfixed> (low; bug #472643)
 CVE-2008-1473 (The Altiris Client Service (AClient.exe) in Symantec Altiris ...)
-	TODO: check
+	NOT-FOR-US: Symantec Altiris
 CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl.ocx ActiveX Control in CA ...)
-	TODO: check
+	NOT-FOR-US: ARCserve Backup
 CVE-2008-1471 (The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ ...)
-	TODO: check
+	NOT-FOR-US: Panda Internet Security/Antivirus+ Firewall
 CVE-2008-1470 (Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID ...)
-	TODO: check
+	NOT-FOR-US: WebID RSA Authentication Agent
 CVE-2008-1469 (Gallarific Free Edition 1.1 does not require authentication for (1) ...)
-	TODO: check
+	NOT-FOR-US: Gallarific
 CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu ...)
-	TODO: check
+	- namazu2 <unfixed> (low; bug #472644)
 CVE-2008-1467 (CenterIM 4.22.3 and earlier allows remote attackers to execute ...)
-	TODO: check
+	- centerim <unfixed> (low; bug #472649)
+	NOTE: the victim needs to list the URLs in the message with F2 and press enter on it
+	NOTE: the victim can see the complete URL including the commands however so the impact
+	NOTE: is really low, setting it to unimportant maybe?
 CVE-2008-1466 (Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 ...)
-	TODO: check
+	NOT-FOR-US: W-Agora
 CVE-2008-1465 (SQL injection vulnerability in the Detodas Restaurante ...)
-	TODO: check
+	NOT-FOR-US: com_restaurante component for Mambo and Joomla!
 CVE-2008-1464 (Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 ...)
-	TODO: check
+	NOT-FOR-US: Gallarific
 CVE-2008-1463 (Cross-site scripting (XSS) vulnerability in the management GUI in ...)
-	TODO: check
+	NOT-FOR-US: Imperva SecureSphere MX Management Server
 CVE-2008-1462 (SQL injection vulnerability in the sections (Section) module in RunCMS ...)
-	TODO: check
+	NOT-FOR-US: RunCMS
 CVE-2008-1461 (Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers ...)
-	TODO: check
+	NOT-FOR-US: XnView
 CVE-2008-1460 (SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and ...)
-	TODO: check
+	NOT-FOR-US: com_joovideo component for Mambo and Joomla!
 CVE-2008-1459 (SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and ...)
-	TODO: check
+	NOT-FOR-US: com_alberghi component for Mambo and Joomla!
 CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 ...)
-	TODO: check
+	NOT-FOR-US: CS-Cart
 CVE-2008-1457
 	RESERVED
 CVE-2008-1456
@@ -111,17 +114,17 @@
 CVE-2008-1433
 	RESERVED
 CVE-2008-1432 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ...)
-	TODO: check
+	NOT-FOR-US: ManageEngine SupportCenter Plus
 CVE-2008-1431 (RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a ...)
-	TODO: check
+	NOT-FOR-US: RaidSonic NAS-4220-B firmware
 CVE-2008-1430 (SQL injection vulnerability in links.asp in ASPapp allows remote ...)
-	TODO: check
+	NOT-FOR-US: ASPapp
 CVE-2008-1429 (Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows ...)
-	TODO: check
+	- silcd 1.1.1-1 (medium)
 CVE-2008-1428 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...)
-	TODO: check
+	NOT-FOR-US: Ubercart
 CVE-2008-1427 (SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 ...)
-	TODO: check
+	NOT-FOR-US: com_acajoom component for Joomla!
 CVE-2008-1426 (SQL injection vulnerability in album.asp in KAPhotoservice allows ...)
 	TODO: check
 CVE-2008-1425 (SQL injection vulnerability in index.php in the gallery module in ...)

More information about the Secure-testing-commits mailing list