[Secure-testing-commits] r8841 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Mon May 19 09:14:20 UTC 2008 

Author: joeyh
Date: 2008-05-19 09:14:18 +0000 (Mon, 19 May 2008)
New Revision: 8841

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-05-19 05:51:35 UTC (rev 8840)
+++ data/CVE/list	2008-05-19 09:14:18 UTC (rev 8841)
@@ -1,6 +1,238 @@
-CVE-2008-2276 [Cross-site request forgery (CSRF) vulnerability in Mantis]
+CVE-2008-2280 (Cross-site scripting (XSS) vulnerability in admin/index.php in Script ...)
+	TODO: check
+CVE-2008-2279 (Freelance Auction Script 1.0 stores user passwords in plaintext in the ...)
+	TODO: check
+CVE-2008-2278 (SQL injection vulnerability in browseproject.php in Freelance Auction ...)
+	TODO: check
+CVE-2008-2277 (SQL injection vulnerability in detail.php in Feedback and Rating ...)
+	TODO: check
+CVE-2008-2275 (Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to ...)
+	TODO: check
+CVE-2008-2274 (Cross-site scripting (XSS) vulnerability in the sr_feuser_register ...)
+	TODO: check
+CVE-2008-2273 (Unspecified vulnerability in the TACACS authentication component in ...)
+	TODO: check
+CVE-2008-2272 (Mltiple cross-site scripting (XSS) vulnerabilities in the web ...)
+	TODO: check
+CVE-2008-2271 (The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before ...)
+	TODO: check
+CVE-2008-2270 (Multiple PHP remote file inclusion vulnerabilities in PHPWAY ...)
+	TODO: check
+CVE-2008-2269 (AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers ...)
+	TODO: check
+CVE-2008-2268 (Open redirect vulnerability in interface/redirect.htm.php in Mjguest ...)
+	TODO: check
+CVE-2008-2267 (Incomplete blacklist vulnerability in javaUpload.php in Postlet in the ...)
+	TODO: check
+CVE-2008-2265 (SQL injection vulnerability in news.php in EMO Realty Manager allows ...)
+	TODO: check
+CVE-2008-2264 (Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 ...)
+	TODO: check
+CVE-2008-2263 (SQL injection vulnerability in linking.page.php in Automated Link ...)
+	TODO: check
+CVE-2008-2262
+	RESERVED
+CVE-2008-2261
+	RESERVED
+CVE-2008-2260
+	RESERVED
+CVE-2008-2259
+	RESERVED
+CVE-2008-2258
+	RESERVED
+CVE-2008-2257
+	RESERVED
+CVE-2008-2256
+	RESERVED
+CVE-2008-2255
+	RESERVED
+CVE-2008-2254
+	RESERVED
+CVE-2008-2253
+	RESERVED
+CVE-2008-2252
+	RESERVED
+CVE-2008-2251
+	RESERVED
+CVE-2008-2250
+	RESERVED
+CVE-2008-2249
+	RESERVED
+CVE-2008-2248
+	RESERVED
+CVE-2008-2247
+	RESERVED
+CVE-2008-2246
+	RESERVED
+CVE-2008-2245
+	RESERVED
+CVE-2008-2244
+	RESERVED
+CVE-2008-2243
+	RESERVED
+CVE-2008-2242
+	RESERVED
+CVE-2008-2241
+	RESERVED
+CVE-2008-2240
+	RESERVED
+CVE-2008-2239
+	RESERVED
+CVE-2008-2238
+	RESERVED
+CVE-2008-2237
+	RESERVED
+CVE-2008-2236
+	RESERVED
+CVE-2008-2235
+	RESERVED
+CVE-2008-2234
+	RESERVED
+CVE-2008-2233
+	RESERVED
+CVE-2008-2232
+	RESERVED
+CVE-2008-2231
+	RESERVED
+CVE-2008-2230
+	RESERVED
+CVE-2008-2229
+	RESERVED
+CVE-2008-2228 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-2227 (Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank ...)
+	TODO: check
+CVE-2008-2226 (Unspecified vulnerability in the export feature in OpenKM before 2.0 ...)
+	TODO: check
+CVE-2008-2225 (SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows ...)
+	TODO: check
+CVE-2008-2224 (Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, ...)
+	TODO: check
+CVE-2008-2223 (SQL injection vulnerability in group_posts.php in vShare YouTube Clone ...)
+	TODO: check
+CVE-2008-2222 (SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote ...)
+	TODO: check
+CVE-2008-2221 (Unspecified vulnerability in the Java plugin in IBM WebSphere ...)
+	TODO: check
+CVE-2008-2220 (Multiple PHP remote file inclusion vulnerabilities in Interact ...)
+	TODO: check
+CVE-2008-2219 (Cross-site scripting (XSS) vulnerability in install.php in C-News.fr ...)
+	TODO: check
+CVE-2008-2218 (Buffer overflow in the Multimedia PC Client in Nortel Multimedia ...)
+	TODO: check
+CVE-2008-2217 (Directory traversal vulnerability in cm/graphie.php in Content ...)
+	TODO: check
+CVE-2008-2216 (Unrestricted file upload vulnerability in src/yopy_upload.php in ...)
+	TODO: check
+CVE-2008-2215 (Multiple directory traversal vulnerabilities in Project-Based ...)
+	TODO: check
+CVE-2008-2214 (Stack-based buffer overflow in the Network Manager in Castle Rock ...)
+	TODO: check
+CVE-2008-2213 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2008-2212 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 ...)
+	TODO: check
+CVE-2008-2211 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2008-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Support ...)
+	TODO: check
+CVE-2008-2209 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2008-2208 (SQL injection vulnerability in index.php in Maian Greeting 2.1 allows ...)
+	TODO: check
+CVE-2008-2207 (Cross-site scripting (XSS) vulnerability in admin/index.php in Maian ...)
+	TODO: check
+CVE-2008-2206 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 ...)
+	TODO: check
+CVE-2008-2205 (SQL injection vulnerability in index.php in Maian Music 1.1 allows ...)
+	TODO: check
+CVE-2008-2204 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2008-2203 (SQL injection vulnerability in search.php in Maian Search 1.1 allows ...)
+	TODO: check
+CVE-2008-2202 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader ...)
+	TODO: check
+CVE-2008-2201 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2008-2200 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog ...)
+	TODO: check
+CVE-2008-2199 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-2198 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-2197 (SQL injection vulnerability in the blogwriter module 2.0 for Miniweb ...)
+	TODO: check
+CVE-2008-2196 (Cross-site scripting (XSS) vulnerability in admin.php in LifeType ...)
+	TODO: check
+CVE-2008-2195 (Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and ...)
+	TODO: check
+CVE-2008-2194 (SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier ...)
+	TODO: check
+CVE-2008-2193 (PHP remote file inclusion vulnerability in example.php in Thomas ...)
+	TODO: check
+CVE-2008-2192 (Static code injection vulnerability in box/minichat/boxpop.php in ...)
+	TODO: check
+CVE-2008-2191 (SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and ...)
+	TODO: check
+CVE-2008-2190 (SQL injection vulnerability in index.php in Online Rent (aka Online ...)
+	TODO: check
+CVE-2008-2189 (SQL injection vulnerability in viewfaqs.php in AnServ Auction XL ...)
+	TODO: check
+CVE-2008-2188 (Multiple cross-site scripting (XSS) vulnerabilities in EJ3 BlackBook ...)
+	TODO: check
+CVE-2008-2187 (Cross-site scripting (XSS) vulnerability in mjguest.php in Mjguest 6.7 ...)
+	TODO: check
+CVE-2008-2186 (Cross-site scripting (XSS) vulnerability in index.php in Chilek ...)
+	TODO: check
+CVE-2008-2185 (Directory traversal vulnerability in index.php in SMartBlog (aka ...)
+	TODO: check
+CVE-2008-2184 (Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 ...)
+	TODO: check
+CVE-2008-2183 (SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 ...)
+	TODO: check
+CVE-2008-2182 (Cross-site scripting (XSS) vulnerability in the powermail extension ...)
+	TODO: check
+CVE-2008-2181 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
+	TODO: check
+CVE-2008-2180 (Multiple SQL injection vulnerabilities in cpLinks 1.03, when ...)
+	TODO: check
+CVE-2008-2179 (Cross-site scripting (XSS) vulnerability in SystemList.jsp in SysAid ...)
+	TODO: check
+CVE-2008-2178 (Cross-site scripting (XSS) vulnerability in admin.php in LifeType ...)
+	TODO: check
+CVE-2008-2177 (Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, ...)
+	TODO: check
+CVE-2008-2176 (Cross-site scripting (XSS) vulnerability in admin/category.php in ...)
+	TODO: check
+CVE-2008-2175 (SQL injection vulnerability in comments.php in Gamma Scripts BlogMe ...)
+	TODO: check
+CVE-2008-2174 (Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal ...)
+	TODO: check
+CVE-2008-2173 (Unspecified vulnerability in Yamaha routers allows remote attackers to ...)
+	TODO: check
+CVE-2008-2172 (Unspecified vulnerability in Hitachi GR routers allows remote ...)
+	TODO: check
+CVE-2008-2171 (Unspecified vulnerability in AlaxalA AX routers allows remote ...)
+	TODO: check
+CVE-2008-2170 (Unspecified vulnerability in Century routers allows remote attackers ...)
+	TODO: check
+CVE-2008-2169 (Unspecified vulnerability in Avici routers allows remote attackers to ...)
+	TODO: check
+CVE-2008-2168 (Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier ...)
+	TODO: check
+CVE-2008-2167 (Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows ...)
+	TODO: check
+CVE-2008-2166 (Cross-site scripting (XSS) vulnerability in the search module in Sun ...)
+	TODO: check
+CVE-2008-2165 (Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in ...)
+	TODO: check
+CVE-2008-2164
+	RESERVED
+CVE-2008-2163 (Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 ...)
+	TODO: check
+CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in Mantis 1.1.1 allows ...)
 	- mantis <unfixed> (bug #481504)
-CVE-2008-2266 [UUDeview allows symlink attacks]
+CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20 allows local users to overwrite ...)
 	- uudeview <unfixed> (bug #480972)
 	- libconvert-uulib-perl <not-affected> (Code patched by libconver-uulib upstream to use mkstemp)
 	NOTE: See CVE-2004-2265, where the problem occured as well
@@ -37,7 +269,7 @@
 	NOTE: wordnet can be used as a backend to web applications
 	NOTE: wordnet will get a full audit by the debian audit team
 	TODO: version 1:3.0-10 got uploaded to unstable, however it needs to be verified that the same problem does not exist in the rest of the code
-CVE-2008-2148 (The utimensat system call in Linux kernel 2.6.22 and other versions ...)
+CVE-2008-2148 (The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and ...)
 	- linux-2.6 2.6.25-3 (bug #481195)
 	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
 	NOTE: utimensat() was introduced in 2.6.22 and sched_slice() in 2.6.24
@@ -59,8 +291,7 @@
 	RESERVED
 	- linux-2.6 <unfixed>
 	NOTE: Upstream commit: 5816339310b2d9623cf413d33e538b45e815da5d
-CVE-2008-2136 [SIT memory leak]
-	RESERVED
+CVE-2008-2136 (Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux ...)
 	- linux-2.6 <unfixed>
 	NOTE: Upstream commit: 36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02
 CVE-2008-2135 (Multiple SQL injection vulnerabilities in VisualShapers ezContents ...)
@@ -147,7 +378,7 @@
 CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.3, and 3.1.x before ...)
 	- bugzilla 3.0.4-1 (low)
 	[etch] - bugzilla <not-affected> (vulnerable code introduced in 2.23.4)
-CVE-2008-2104 (The WebService in Bugzilla before 3.1.3 allows remote authenticated ...)
+CVE-2008-2104 (The WebService in Bugzilla 3.1.3 allows remote authenticated users ...)
 	- bugzilla <not-affected> (regression introduced in 3.1.3 referring to upstream)
 CVE-2008-2103 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later ...)
 	- bugzilla 3.0.4-1 (low; bug #480190)
@@ -340,8 +571,8 @@
 	NOT-FOR-US: National Rail Enquiries Live Departure Boards gadget
 CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 ...)
 	NOT-FOR-US: Windows
-CVE-2008-2009
-	RESERVED
+CVE-2008-2009 (Xiph.org libvorbis before 1.0 does not properly check for ...)
+	TODO: check
 CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean ...)
 	NOT-FOR-US: Cerulean Studios Trillian Basic
 CVE-2008-2007
@@ -486,10 +717,10 @@
 	RESERVED
 CVE-2008-1945
 	RESERVED
-CVE-2008-1944
-	RESERVED
-CVE-2008-1943
-	RESERVED
+CVE-2008-1944 (Buffer overflow in the backend framebuffer of XenSource Xen ...)
+	TODO: check
+CVE-2008-1943 (Buffer overflow in the backend of XenSource Xen Para Virtualized Frame ...)
+	TODO: check
 CVE-2008-1942 (Foxit Reader 2.2 allows remote attackers to cause a denial of service ...)
 	NOT-FOR-US: Foxit Reader
 CVE-2008-1941 (Cross-site scripting (XSS) vulnerability in the profile update feature ...)
@@ -526,8 +757,8 @@
 	- util-linux 2.13.1.1-1 (low; bug #478135)
 CVE-2008-1923 (The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision ...)
 	- asterisk 1:1.4.19.1~dfsg-1 (medium)
-CVE-2008-1922
-	RESERVED
+CVE-2008-1922 (Multiple stack-based buffer overflows in Sarg might allow attackers to ...)
+	TODO: check
 CVE-2008-1921 (SQL injection vulnerability in store_pages/category_list.php in 5th ...)
 	NOT-FOR-US: 5th Avenue Shopping Cart
 CVE-2008-1920 (Heap-based buffer overflow in the boxelyRenderer module in the ...)
@@ -914,26 +1145,26 @@
 	NOT-FOR-US: Ksemail
 CVE-2008-1750 (SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and ...)
 	NOT-FOR-US: LiveCart
-CVE-2008-1749
-	RESERVED
-CVE-2008-1748
-	RESERVED
-CVE-2008-1747
-	RESERVED
-CVE-2008-1746
-	RESERVED
-CVE-2008-1745
-	RESERVED
-CVE-2008-1744
-	RESERVED
-CVE-2008-1743
-	RESERVED
-CVE-2008-1742
-	RESERVED
-CVE-2008-1741
-	RESERVED
-CVE-2008-1740
-	RESERVED
+CVE-2008-1749 (Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to ...)
+	TODO: check
+CVE-2008-1748 (Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before ...)
+	TODO: check
+CVE-2008-1747 (Unspecified vulnerability in Cisco Unified Communications Manager 4.1 ...)
+	TODO: check
+CVE-2008-1746 (The SNMP Trap Agent service in Cisco Unified Communications Manager ...)
+	TODO: check
+CVE-2008-1745 (Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x ...)
+	TODO: check
+CVE-2008-1744 (The Certificate Authority Proxy Function (CAPF) service in Cisco ...)
+	TODO: check
+CVE-2008-1743 (Memory leak in the Certificate Trust List (CTL) Provider service in ...)
+	TODO: check
+CVE-2008-1742 (Memory leak in the Certificate Trust List (CTL) Provider service in ...)
+	TODO: check
+CVE-2008-1741 (The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) ...)
+	TODO: check
+CVE-2008-1740 (The Presence Engine (PE) service in Cisco Unified Presence before ...)
+	TODO: check
 CVE-2008-1739
 	RESERVED
 CVE-2008-1738 (Rising Antivirus 2008 before 20.38.20 allows local users to cause a ...)
@@ -1631,16 +1862,16 @@
 	RESERVED
 CVE-2008-1439
 	RESERVED
-CVE-2008-1438
-	RESERVED
-CVE-2008-1437
-	RESERVED
+CVE-2008-1438 (Unspecified vulnerability in Microsoft Malware Protection Engine ...)
+	TODO: check
+CVE-2008-1437 (Unspecified vulnerability in Microsoft Malware Protection Engine ...)
+	TODO: check
 CVE-2008-1436 (Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 ...)
 	NOT-FOR-US: Windows
 CVE-2008-1435
 	RESERVED
-CVE-2008-1434
-	RESERVED
+CVE-2008-1434 (Use-after-free vulnerability in Microsoft Word in Office 2000 and XP ...)
+	TODO: check
 CVE-2008-1433
 	RESERVED
 CVE-2008-1432 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ...)
@@ -1661,16 +1892,16 @@
 	NOT-FOR-US: Easy-Clanpage
 CVE-2008-1424
 	RESERVED
-CVE-2008-1423
-	RESERVED
+CVE-2008-1423 (Integer overflow in a certain quantvals and quantlist calculation in ...)
+	TODO: check
 CVE-2008-1422
 	RESERVED
 CVE-2008-1421
 	RESERVED
-CVE-2008-1420
-	RESERVED
-CVE-2008-1419
-	RESERVED
+CVE-2008-1420 (Integer overflow in residue partition value (aka partvals) evaluation ...)
+	TODO: check
+CVE-2008-1419 (Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero ...)
+	TODO: check
 CVE-2008-1418
 	RESERVED
 CVE-2008-1416 (Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL ...)
@@ -2302,8 +2533,8 @@
 	NOT-FOR-US: ZyXEL ZyWALL 1050
 CVE-2008-1159
 	RESERVED
-CVE-2008-1158
-	RESERVED
+CVE-2008-1158 (The Presence Engine (PE) service in Cisco Unified Presence before ...)
+	TODO: check
 CVE-2008-1157 (Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a ...)
 	NOT-FOR-US: Cisco IPM
 CVE-2008-1156 (Unspecified vulnerability in the Multicast Virtual Private Network ...)
@@ -2500,8 +2731,8 @@
 	RESERVED
 CVE-2008-1092 (Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet ...)
 	NOT-FOR-US: Microsoft Jet Database Engine
-CVE-2008-1091
-	RESERVED
+CVE-2008-1091 (Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, ...)
+	TODO: check
 CVE-2008-1090 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-1089 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and ...)
@@ -2862,7 +3093,7 @@
 	- kvm 63+dfsg-1 (bug #469666)
 CVE-2008-0927 (dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows ...)
 	NOT-FOR-US: Novell eDirectory
-CVE-2008-0926 (Unspecified vulnerability in the eMBox utility in Novell eDirectory ...)
+CVE-2008-0926 (The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 ...)
 	NOT-FOR-US: Novell eDirectory
 CVE-2008-0925
 	RESERVED
@@ -3326,8 +3557,8 @@
 	NOT-FOR-US: ACDSee
 CVE-2008-0714 (SQL injection vulnerability in users.php in Mihalism Multi Host allows ...)
 	NOT-FOR-US: Mihalism Multi Host
-CVE-2008-0713
-	RESERVED
+CVE-2008-0713 (Unspecified vulnerability in the FTP server for HP-UX B.11.11, ...)
+	TODO: check
 CVE-2008-0712 (Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ...)
 	NOT-FOR-US: HP HPeDiag
 CVE-2008-0711 (Unspecified vulnerability in the embedded management console in HP ...)
@@ -4253,8 +4484,8 @@
 	NOT-FOR-US: Cisco
 CVE-2008-0323
 	RESERVED
-CVE-2008-0322
-	RESERVED
+CVE-2008-0322 (The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for ...)
+	TODO: check
 CVE-2008-0321
 	RESERVED
 CVE-2008-0320 (Heap-based buffer overflow in the OLE importer in OpenOffice.org ...)
@@ -4636,8 +4867,7 @@
 	{DSA-1577-1}
 	- gforge 4.6.99+svn6496-1 (low)
 	NOTE: https://rt.debian.org/Ticket/Display.html?id=672
-CVE-2008-0166 [openssl predictable random number generator]
-	RESERVED
+CVE-2008-0166 (OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based ...)
 	{DSA-1576-1 DSA-1571-1}
 	- openssl 0.9.8g-9 (high)
 	[sarge] - openssl <not-affected> (Vulnerable code not present)
@@ -4777,8 +5007,8 @@
 	RESERVED
 CVE-2008-0120
 	RESERVED
-CVE-2008-0119
-	RESERVED
+CVE-2008-0119 (Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP ...)
+	TODO: check
 CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 ...)
 	NOT-FOR-US: Microsoft Office
 CVE-2008-0117 (Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, ...)
@@ -7201,8 +7431,8 @@
 	NOT-FOR-US: IBM AIX
 CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...)
 	NOT-FOR-US: IBM AIX
-CVE-2007-5803
-	RESERVED
+CVE-2007-5803 (Cross-site scripting (XSS) vulnerability in Nagios allows remote ...)
+	TODO: check
 CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf ...)
 	NOT-FOR-US: Firewolf Technologies Synergiser
 CVE-2007-5801 (Unspecified vulnerability in WORK system e-commerce before 4.0.2 has ...)

More information about the Secure-testing-commits mailing list