[Secure-testing-commits] r9794 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Wed Sep 10 21:14:10 UTC 2008
Author: joeyh
Date: 2008-09-10 21:14:09 +0000 (Wed, 10 Sep 2008)
New Revision: 9794
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-09-10 19:58:54 UTC (rev 9793)
+++ data/CVE/list 2008-09-10 21:14:09 UTC (rev 9794)
@@ -1,9 +1,217 @@
-CVE-2008-3962 [unitialized memory disclosure in ssmtp]
+CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local ...)
+ TODO: check
+CVE-2008-4017
+ RESERVED
+CVE-2008-4016
+ RESERVED
+CVE-2008-4015
+ RESERVED
+CVE-2008-4014
+ RESERVED
+CVE-2008-4013
+ RESERVED
+CVE-2008-4012
+ RESERVED
+CVE-2008-4011
+ RESERVED
+CVE-2008-4010
+ RESERVED
+CVE-2008-4009
+ RESERVED
+CVE-2008-4008
+ RESERVED
+CVE-2008-4007
+ RESERVED
+CVE-2008-4006
+ RESERVED
+CVE-2008-4005
+ RESERVED
+CVE-2008-4004
+ RESERVED
+CVE-2008-4003
+ RESERVED
+CVE-2008-4002
+ RESERVED
+CVE-2008-4001
+ RESERVED
+CVE-2008-4000
+ RESERVED
+CVE-2008-3999
+ RESERVED
+CVE-2008-3998
+ RESERVED
+CVE-2008-3997
+ RESERVED
+CVE-2008-3996
+ RESERVED
+CVE-2008-3995
+ RESERVED
+CVE-2008-3994
+ RESERVED
+CVE-2008-3993
+ RESERVED
+CVE-2008-3992
+ RESERVED
+CVE-2008-3991
+ RESERVED
+CVE-2008-3990
+ RESERVED
+CVE-2008-3989
+ RESERVED
+CVE-2008-3988
+ RESERVED
+CVE-2008-3987
+ RESERVED
+CVE-2008-3986
+ RESERVED
+CVE-2008-3985
+ RESERVED
+CVE-2008-3984
+ RESERVED
+CVE-2008-3983
+ RESERVED
+CVE-2008-3982
+ RESERVED
+CVE-2008-3981
+ RESERVED
+CVE-2008-3980
+ RESERVED
+CVE-2008-3979
+ RESERVED
+CVE-2008-3978
+ RESERVED
+CVE-2008-3977
+ RESERVED
+CVE-2008-3976
+ RESERVED
+CVE-2008-3975
+ RESERVED
+CVE-2008-3974
+ RESERVED
+CVE-2008-3973
+ RESERVED
+CVE-2008-3972 (pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to ...)
+ TODO: check
+CVE-2008-3971 (Heap-based buffer overflow in the open_man_file function in ...)
+ TODO: check
+CVE-2008-3970 (pam_mount 0.10 through 0.45, when luserconf is enabled, does not ...)
+ TODO: check
+CVE-2008-3969 (Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow ...)
+ TODO: check
+CVE-2008-3968 (Cross-site scripting (XSS) vulnerability in userlist.php in PunBB ...)
+ TODO: check
+CVE-2008-3967 (moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not ...)
+ TODO: check
+CVE-2008-3966 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka ...)
+ TODO: check
+CVE-2008-3965 (SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) ...)
+ TODO: check
+CVE-2008-3961
+ RESERVED
+CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service (aka ...)
+ TODO: check
+CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, and 8.2 before FixPak 9, allows ...)
+ TODO: check
+CVE-2008-3958 (IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2008-3957 (The Microsoft Windows Image Acquisition Logger ActiveX control allows ...)
+ TODO: check
+CVE-2008-3956 (orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted ...)
+ TODO: check
+CVE-2008-3955 (SQL injection vulnerability in index.php in Masir Camp E-Shop Module ...)
+ TODO: check
+CVE-2008-3954 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per ...)
+ TODO: check
+CVE-2008-3953 (SQL injection vulnerability in keyword_search_action.php in Vastal ...)
+ TODO: check
+CVE-2008-3952 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows ...)
+ TODO: check
+CVE-2008-3951 (SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent ...)
+ TODO: check
+CVE-2008-3950
+ RESERVED
+CVE-2008-3949
+ RESERVED
+CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS allows ...)
+ TODO: check
+CVE-2008-3947 (DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain ...)
+ TODO: check
+CVE-2008-3946 (The finger client in HP TCP/IP Services for OpenVMS 5.x allows local ...)
+ TODO: check
+CVE-2008-3945 (SQL injection vulnerability in index.php in Words tag 1.2 allows ...)
+ TODO: check
+CVE-2008-3944 (SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows ...)
+ TODO: check
+CVE-2008-3943 (SQL injection vulnerability in listtest.php in eZoneScripts Living ...)
+ TODO: check
+CVE-2008-3942 (SQL injection vulnerability in landsee.php in Full PHP Emlak Script ...)
+ TODO: check
+CVE-2008-3941 (Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and ...)
+ TODO: check
+CVE-2008-3940 (Format string vulnerability in the finger client in HP TCP/IP Services ...)
+ TODO: check
+CVE-2008-3939 (Directory traversal vulnerability in the web interface in AVTECH PageR ...)
+ TODO: check
+CVE-2008-3938 (Cross-site request forgery (CSRF) vulnerability in user_admin.php in ...)
+ TODO: check
+CVE-2008-3937 (Multiple cross-site scripting (XSS) vulnerabilities in Open Media ...)
+ TODO: check
+CVE-2008-3936 (The web interface in Dreambox DM500C allows remote attackers to cause ...)
+ TODO: check
+CVE-2008-3935 (Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and ...)
+ TODO: check
+CVE-2008-3931 (javareconf in R 2.7.2 allows local users to overwrite arbitrary files ...)
+ TODO: check
+CVE-2008-3930 (migrate_aliases.sh in Citadel Server 7.37 allows local users to ...)
+ TODO: check
+CVE-2008-3929 (gather-messages.sh in Ampache 3.4.1 allows local users to overwrite ...)
+ TODO: check
+CVE-2008-3928 (test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary ...)
+ TODO: check
+CVE-2008-3927 (genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete ...)
+ TODO: check
+CVE-2008-3926 (Multiple directory traversal vulnerabilities in Content Management ...)
+ TODO: check
+CVE-2008-3925 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
+ TODO: check
+CVE-2008-3924 (The "Make a backup" functionality in Content Management Made Easy ...)
+ TODO: check
+CVE-2008-3923 (Multiple cross-site scripting (XSS) vulnerabilities in statistics.php ...)
+ TODO: check
+CVE-2008-3922 (awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote ...)
+ TODO: check
+CVE-2008-3921 (Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals ...)
+ TODO: check
+CVE-2008-3919 (Unspecified vulnerability in multiple JustSystems Ichitaro products ...)
+ TODO: check
+CVE-2008-3918 (SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows ...)
+ TODO: check
+CVE-2008-3917 (Cross-site scripting (XSS) vulnerability in index.php in Ovidentia ...)
+ TODO: check
+CVE-2008-3916 (Heap-based buffer overflow in the strip_escapes function in signal.c ...)
+ TODO: check
+CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when ...)
+ TODO: check
+CVE-2008-3911 (The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel ...)
+ TODO: check
+CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows ...)
+ TODO: check
+CVE-2008-3905 (resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 ...)
+ TODO: check
+CVE-2008-3903 (Asterisk PBX 1.2 through 1.6 and Trixbox PBX 2.6.1, when running with ...)
+ TODO: check
+CVE-2008-3902 (HP firmware 68DTT F.0D stores pre-boot authentication passwords in the ...)
+ TODO: check
+CVE-2007-6717 (Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and ...)
+ TODO: check
+CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 ...)
+ TODO: check
+CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.62, in certain ...)
- ssmtp <unfixed> (low; bug #498366)
-CVE-2008-3963 [DoS in mysql via empty bit-string literal (b'')]
+CVE-2008-3963 (MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does ...)
- mysql-dfsg-5.0 <unfixed> (low; bug #498362)
begin claimed by white
-CVE-2008-3964 [libpng off-by-one error]
+CVE-2008-3964 (Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 ...)
- libpng <unfixed>
NOTE: off-by-one error in pngpread.c is not present, must have
NOTE: been introduced later, but I think pngtest.c is affected
@@ -13,11 +221,11 @@
CVE-2008-XXXX [multiple heap based overflows in xine-lib]
- xine-lib <unfixed> (medium; bug #498243)
NOTE: CVE ids requested
-CVE-2008-3912 [out-of-memory null dereference in clamav]
+CVE-2008-3912 (libclamav in ClamAV before 0.94 allows attackers to cause a denial of ...)
- clamav 0.94.dfsg-1
-CVE-2008-3913 [error path memleaks in clamav]
+CVE-2008-3913 (Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 ...)
- clamav 0.94.dfsg-1
-CVE-2008-3914 [file descriptor leaks in clamav]
+CVE-2008-3914 (Multiple unspecified vulnerabilities in ClamAV before 0.94 have ...)
- clamav 0.94.dfsg-1
CVE-2008-XXXX [buffer overflow via crafted configuration file (COMMAND)]
- gmanedit <unfixed> (low; bug #497835)
@@ -25,18 +233,18 @@
CVE-2008-XXXX [buffer overflow via crafted manual page caused by utf8 conversion]
- gmanedit <unfixed> (medium; bug #497835)
NOTE: CVE id requested
-CVE-2008-3934 [DoS via a crafted Tektronix .rf5 file]
+CVE-2008-3934 (Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 ...)
- wireshark <unfixed> (bug #497878)
-CVE-2008-3933 [DoS via a packet with crafted zlib-compressed data]
+CVE-2008-3933 (Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers ...)
- wireshark <unfixed> (low; bug #497878)
-CVE-2008-3932 [DoS via a crafted NCP packet]
+CVE-2008-3932 (Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to ...)
- wireshark <unfixed> (low; bug #497878)
-CVE-2008-3904 [gpicview code execution via crafted file name]
+CVE-2008-3904 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...)
- gpicview 0.1.9-2 (low; bug #498022)
-CVE-2008-3909 [CSRF in python-django]
+CVE-2008-3909 (The administration application in Django 0.91, 0.95, and 0.96 stores ...)
- python-django 1.0-1
NOTE: http://www.djangoproject.com/weblog/2008/sep/02/security/
-CVE-2008-3910 [dns2tcp buffer overflow]
+CVE-2008-3910 (dns2tcp before 0.4.1 does not properly handle negative values in a ...)
- dns2tcp 0.4.dfsg-2 (medium; bug #497730)
CVE-2008-3901 (Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, ...)
TODO: check
@@ -62,8 +270,8 @@
NOT-FOR-US: VMware COM API
CVE-2008-3891 (The SAML Single Sign-On (SSO) Service for Google Apps allows remote ...)
NOT-FOR-US: SAML Service for Google Apps
-CVE-2008-3890
- RESERVED
+CVE-2008-3890 (The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an ...)
+ TODO: check
CVE-2008-3888 (SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 ...)
NOT-FOR-US: Mini-NUKE Freehost
CVE-2008-3887 (Multiple SQL injection vulnerabilities in index.php in dotProject ...)
@@ -128,7 +336,7 @@
NOT-FOR-US: IBM DB2
CVE-2008-3857 (The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 ...)
NOT-FOR-US: IBM DB2
-CVE-2008-3856 (The routine infrastructure component in IBM DB2 9.1 before Fixpak 5 on ...)
+CVE-2008-3856 (The routine infrastructure component in IBM DB2 9.1 before Fixpak 5, ...)
NOT-FOR-US: IBM DB2
CVE-2008-3855 (Unspecified vulnerability in the DB2 Administration Server (DAS) in ...)
NOT-FOR-US: IBM DB2
@@ -161,14 +369,14 @@
- postfix 2.5.5-1 (low)
[etch] - postfix <not-affected> (Vulnerable code not present)
NOTE: http://www.postfix.org/announcements/20080902.html
-CVE-2008-3908 [several overflows in wordnet]
+CVE-2008-3908 (Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow ...)
{DSA-1634-1 DTSA-163-1}
- wordnet 1:3.0-12 (medium; bug #497441)
[lenny] - wordnet 3.0-11+lenny1
[etch] - wordnet 1:2.1-4+etch1
NOTE: 1:3.0-12 had a regression and the patch was slightly updated
NOTE: by 1:3.0-13 to fix this bug
-CVE-2008-3907 [code execution in newsbeuter via crafted url when opened in external browser]
+CVE-2008-3907 (The open-in-browser command in newsbeuter before 1.1 allows remote ...)
{DTSA-164-1 DTSA-164-2}
[lenny] - newsbeuter 0.9.1-1+lenny3
- newsbeuter 1.2-1 (medium)
@@ -179,7 +387,7 @@
CVE-2008-XXXX [NULL pointer reference]
- bitlbee 1.2.2-1
NOTE: CVE id requested on oss-sec
-CVE-2008-3920 [Overwrite current accounts]
+CVE-2008-3920 (Unspecified vulnerability in BitlBee before 1.2.2 allows remote ...)
- bitlbee 1.2.2-1
end claimed by white
CVE-2008-XXXX [GNU ed: heap overflow in CLI processing]
@@ -687,8 +895,8 @@
NOT-FOR-US: Sun Solaris 10
CVE-2008-3665
RESERVED
-CVE-2008-3664
- RESERVED
+CVE-2008-3664 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow ...)
+ TODO: check
CVE-2008-3663
RESERVED
CVE-2008-3662
@@ -759,32 +967,32 @@
RESERVED
CVE-2008-3637
RESERVED
-CVE-2008-3636
- RESERVED
-CVE-2008-3635
- RESERVED
-CVE-2008-3634
- RESERVED
+CVE-2008-3636 (Integer overflow in an unspecified third-party driver bundled with ...)
+ TODO: check
+CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an ...)
+ TODO: check
+CVE-2008-3634 (Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing ...)
+ TODO: check
CVE-2008-3633
RESERVED
-CVE-2008-3632
- RESERVED
-CVE-2008-3631
- RESERVED
-CVE-2008-3630
- RESERVED
-CVE-2008-3629
- RESERVED
-CVE-2008-3628
- RESERVED
-CVE-2008-3627
- RESERVED
-CVE-2008-3626
- RESERVED
-CVE-2008-3625
- RESERVED
-CVE-2008-3624
- RESERVED
+CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through ...)
+ TODO: check
+CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2 does not ...)
+ TODO: check
+CVE-2008-3630 (mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an ...)
+ TODO: check
+CVE-2008-3629 (Apple QuickTime before 7.5.5 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2008-3628 (Apple QuickTime before 7.5.5 on Windows allows remote attackers to ...)
+ TODO: check
+CVE-2008-3627 (Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms ...)
+ TODO: check
+CVE-2008-3626 (The CallComponentFunctionWithStorage function in Apple QuickTime ...)
+ TODO: check
+CVE-2008-3625 (Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows ...)
+ TODO: check
+CVE-2008-3624 (Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows ...)
+ TODO: check
CVE-2008-3623
RESERVED
CVE-2008-3622
@@ -801,14 +1009,14 @@
RESERVED
CVE-2008-3616
RESERVED
-CVE-2008-3615
- RESERVED
-CVE-2008-3614
- RESERVED
+CVE-2008-3615 (An unspecified third-party Indeo v5 codec for QuickTime, when used ...)
+ TODO: check
+CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows allows ...)
+ TODO: check
CVE-2008-3613
RESERVED
-CVE-2008-3612
- RESERVED
+CVE-2008-3612 (The Networking subsystem in Apple iPod touch 2.0 through 2.0.2 uses ...)
+ TODO: check
CVE-2008-3611
RESERVED
CVE-2008-3610
@@ -953,8 +1161,8 @@
RESERVED
CVE-2008-3540
RESERVED
-CVE-2008-3539
- RESERVED
+CVE-2008-3539 (Unspecified vulnerability in HP OpenView Select Identity (HPSI) ...)
+ TODO: check
CVE-2008-3538 (Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 ...)
NOT-FOR-US: HP Enterprise Discovery
CVE-2008-3537 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node ...)
@@ -975,10 +1183,10 @@
{DTSA-154-1}
- yelp 2.22.1-4 (low)
[etch] - yelp <not-affected> (Vulnerable code not present)
-CVE-2008-3531
- RESERVED
-CVE-2008-3530
- RESERVED
+CVE-2008-3531 (Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in ...)
+ TODO: check
+CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1 does not ...)
+ TODO: check
CVE-2008-3529
RESERVED
CVE-2008-3528
@@ -1819,7 +2027,7 @@
NOT-FOR-US: OllyDBG/ImpREC
CVE-2008-3147 (WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) ...)
NOT-FOR-US: WeFi
-CVE-2008-3146 (Unspecified vulnerability in Wireshark and Ethereal on SUSE Linux ...)
+CVE-2008-3146 (Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly ...)
- wireshark <unfixed> (medium; bug #497878)
CVE-2008-3144 (Multiple integer overflows in the PyOS_vsnprintf function in ...)
{DTSA-157-1}
@@ -2139,24 +2347,24 @@
RESERVED
CVE-2008-3016
RESERVED
-CVE-2008-3015
- RESERVED
-CVE-2008-3014
- RESERVED
-CVE-2008-3013
- RESERVED
-CVE-2008-3012
- RESERVED
+CVE-2008-3015 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, ...)
+ TODO: check
+CVE-2008-3014 (Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer ...)
+ TODO: check
+CVE-2008-3013 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP ...)
+ TODO: check
+CVE-2008-3012 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP ...)
+ TODO: check
CVE-2008-3011
RESERVED
CVE-2008-3010
RESERVED
CVE-2008-3009
RESERVED
-CVE-2008-3008
- RESERVED
-CVE-2008-3007
- RESERVED
+CVE-2008-3008 (Buffer overflow in a certain ActiveX control in wmex.dll in Microsoft ...)
+ TODO: check
+CVE-2008-3007 (Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and ...)
+ TODO: check
CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 ...)
NOT-FOR-US: Microsoft Office Excel
CVE-2008-3005 (Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 ...)
@@ -2826,16 +3034,16 @@
RESERVED
CVE-2008-2737
REJECTED
-CVE-2008-2736
- RESERVED
-CVE-2008-2735
- RESERVED
-CVE-2008-2734
- RESERVED
-CVE-2008-2733
- RESERVED
-CVE-2008-2732
- RESERVED
+CVE-2008-2736 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
+ TODO: check
+CVE-2008-2735 (The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 ...)
+ TODO: check
+CVE-2008-2734 (Memory leak in the crypto functionality in Cisco Adaptive Security ...)
+ TODO: check
+CVE-2008-2733 (Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 ...)
+ TODO: check
+CVE-2008-2732 (Multiple unspecified vulnerabilities in the SIP inspection ...)
+ TODO: check
CVE-2008-2731
RESERVED
CVE-2008-2730 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...)
@@ -2844,15 +3052,17 @@
{DSA-1630-1}
- linux-2.6 2.6.19-1
NOTE: 3022d734a54cbd2b65eea9a024564821101b4a9a
-CVE-2008-2728 (Integer overflow in the rb_ary_splice function in Ruby 1.6.x allows ...)
+CVE-2008-2728
+ REJECTED
NOT-FOR-US: only Ruby 1.6 is affected
-CVE-2008-2727 (Integer overflow in the rb_ary_splice function in Ruby 1.6.x allows ...)
+CVE-2008-2727
+ REJECTED
NOT-FOR-US: only Ruby 1.6 is affected
-CVE-2008-2726 (Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and ...)
+CVE-2008-2726 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and ...)
{DSA-1618-1 DSA-1612-1}
- ruby1.9 1.9.0.2-1
- ruby1.8 1.8.7.22-1
-CVE-2008-2725 (Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and ...)
+CVE-2008-2725 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and ...)
{DSA-1618-1 DSA-1612-1}
- ruby1.9 1.9.0.2-1
- ruby1.8 1.8.7.22-1
@@ -3211,7 +3421,7 @@
NOT-FOR-US: 427BB
CVE-2008-2654 (Off-by-one error in the read_client function in webhttpd.c in Motion ...)
- motion 3.2.9-3 (low; bug #484572)
-CVE-2008-2667 (SQL injection vulnerability in courier-authlib in SUSE openSUSE 10.3 ...)
+CVE-2008-2667 (SQL injection vulnerability in the Courier Authentication Library (aka ...)
- courier-authlib 0.60.1-2.1 (bug #485424)
CVE-2008-XXXX [missing sanity checks allow DoS via mis-formated timestamp]
- evolution 2.22.2-1.1 (low; bug #484639)
@@ -3406,8 +3616,8 @@
RESERVED
CVE-2008-2465
RESERVED
-CVE-2008-2464
- RESERVED
+CVE-2008-2464 (The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD ...)
+ TODO: check
CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx, ...)
NOT-FOR-US: Microsoft Office Snapshot Viewer ActiveX
CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile documentation ...)
@@ -3452,8 +3662,8 @@
NOT-FOR-US: Real Estate Script
CVE-2008-2442
RESERVED
-CVE-2008-2441
- RESERVED
+CVE-2008-2441 (Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x ...)
+ TODO: check
CVE-2008-2440
RESERVED
CVE-2008-2439
@@ -3462,8 +3672,8 @@
RESERVED
CVE-2008-2437
RESERVED
-CVE-2008-2436
- RESERVED
+CVE-2008-2436 (Multiple heap-based buffer overflows in the IppCreateServerRef ...)
+ TODO: check
CVE-2008-2435
RESERVED
CVE-2008-2434
@@ -3717,11 +3927,11 @@
RESERVED
CVE-2008-2328
RESERVED
-CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode and (2) ...)
+CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, ...)
{DSA-1632-1 DTSA-160-1}
- tiff 3.8.2-11 (medium)
-CVE-2008-2326
- RESERVED
+CVE-2008-2326 (mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for ...)
+ TODO: check
CVE-2008-2325 (QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers ...)
NOT-FOR-US: Apple Mac OS X
CVE-2008-2324 (The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 ...)
@@ -3870,8 +4080,8 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2254 (Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2008-2253
- RESERVED
+CVE-2008-2253 (Unspecified vulnerability in Microsoft Windows Media Player 11 allows ...)
+ TODO: check
CVE-2008-2252
RESERVED
CVE-2008-2251
@@ -4890,13 +5100,13 @@
CVE-2008-1809 (Heap-based buffer overflow in Novell eDirectory 8.7.3 before ...)
NOT-FOR-US: Novell eDirectory
CVE-2008-1808 (Multiple off-by-one errors in FreeType2 before 2.3.6 allow ...)
- {DTSA-139-1}
+ {DSA-1635-1 DTSA-139-1}
- freetype 2.3.6-1 (low; bug #485841)
CVE-2008-1807 (FreeType2 before 2.3.6 allow context-dependent attackers to execute ...)
- {DTSA-139-1}
+ {DSA-1635-1 DTSA-139-1}
- freetype 2.3.6-1 (medium; bug #485841)
CVE-2008-1806 (Integer overflow in FreeType2 before 2.3.6 allows context-dependent ...)
- {DTSA-139-1}
+ {DSA-1635-1 DTSA-139-1}
- freetype 2.3.6-1 (medium; bug #485841)
CVE-2008-1805 (Incomplete blacklist vulnerability in Skype 3.6.0.248, and other ...)
NOT-FOR-US: Skype
@@ -5048,8 +5258,8 @@
NOT-FOR-US: Cisco firmware
CVE-2008-1740 (The Presence Engine (PE) service in Cisco Unified Presence before ...)
NOT-FOR-US: Cisco firmware
-CVE-2008-1739
- RESERVED
+CVE-2008-1739 (Apple QuickTime before 7.4.5 allows remote attackers to cause a denial ...)
+ TODO: check
CVE-2008-1738 (Rising Antivirus 2008 before 20.38.20 allows local users to cause a ...)
NOT-FOR-US: Rising Antivirus
CVE-2008-1737 (Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime ...)
@@ -5896,8 +6106,7 @@
- asterisk 1:1.4.19.1~dfsg-1 (low)
[etch] - asterisk <not-affected> (Only 1.4.x affected)
[sarge] - asterisk <not-affected> (Only 1.4.x affected)
-CVE-2008-1389 [possible invalid memory access in clamav]
- RESERVED
+CVE-2008-1389 (libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows ...)
- clamav 0.94.dfsg-1
CVE-2008-1388
RESERVED
@@ -6368,8 +6577,8 @@
NOT-FOR-US: Microsoft Access
CVE-2008-1198 (The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 ...)
NOT-FOR-US: Red Hat specific
-CVE-2008-1197
- RESERVED
+CVE-2008-1197 (The Marvell driver for the Netgear WN802T Wi-Fi access point with ...)
+ TODO: check
CVE-2008-1196 (Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK ...)
- sun-java6 6-05-1 (medium)
- sun-java5 1.5.0-15-1 (medium)
@@ -6511,8 +6720,8 @@
[etch] - kfreebsd-5 <no-dsa> (KFreebsd not supported)
- kfreebsd-6 <unfixed> (bug #483152)
- kfreebsd-7 <unfixed> (bug #483152)
-CVE-2008-1144
- RESERVED
+CVE-2008-1144 (The Marvell driver for the Netgear WN802T Wi-Fi access point with ...)
+ TODO: check
CVE-2008-1143
RESERVED
CVE-2008-1141 (Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier ...)
@@ -12816,8 +13025,8 @@
NOT-FOR-US: Opera specific flash vulnerability
CVE-2007-5475
RESERVED
-CVE-2007-5474
- RESERVED
+CVE-2007-5474 (The driver for the Linksys WRT350N Wi-Fi access point with firmware ...)
+ TODO: check
CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when ...)
- mono <not-affected> (Windows-specific vulnerability)
CVE-2007-5472 (Cross-site scripting (XSS) vulnerability in the Server component in CA ...)
@@ -13271,8 +13480,8 @@
NOT-FOR-US: Microsoft Vista
CVE-2007-5349
RESERVED
-CVE-2007-5348
- RESERVED
+CVE-2007-5348 (Heap-based buffer overflow in the vector graphics link library in ...)
+ TODO: check
CVE-2007-5347 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5346
@@ -46166,7 +46375,7 @@
CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) ...)
{DSA-887-1 DTSA-21-1}
- clamav 0.87.1-1 (medium)
-CVE-2005-3501 (The cabd_find function in cabd.c of the the libmspack library (mspack) ...)
+CVE-2005-3501 (The cabd_find function in cabd.c of the libmspack library (mspack) for ...)
{DSA-887-1 DTSA-21-1}
- clamav 0.87.1-1 (medium)
CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...)
More information about the Secure-testing-commits
mailing list