[Secure-testing-commits] r10843 - data/CVE
sf at alioth.debian.org
sf at alioth.debian.org
Sat Jan 3 12:47:25 UTC 2009
Author: sf
Date: 2009-01-03 12:47:25 +0000 (Sat, 03 Jan 2009)
New Revision: 10843
Modified:
data/CVE/list
Log:
new: linux (several), konquer (unimportant), netatalk
more NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-03 12:25:25 UTC (rev 10842)
+++ data/CVE/list 2009-01-03 12:47:25 UTC (rev 10843)
@@ -128,11 +128,11 @@
- audiofile <unfixed> (medium; bug #510205)
TODO: request CVE id
CVE-2008-5744 (Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) ...)
- - zaptel <unfixed> (bug filed)
+ - zaptel <unfixed> (bug #510583)
CVE-2008-5743 (pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a ...)
- - pdfjam <unfixed> (low; bug filed)
+ - pdfjam <unfixed> (low; bug #510584)
CVE-2008-5742 (Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier ...)
- TODO: check
+ NOT-FOR-US: AIST NetCat
CVE-2008-5741
RESERVED
CVE-2008-5740
@@ -150,39 +150,39 @@
CVE-2008-5734 (Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp ...)
NOT-FOR-US: IceWarp Software Merak Mail Server
CVE-2008-5733 (SQL injection vulnerability in blog.php in the Team Impact TI Blog ...)
- TODO: check
+ NOT-FOR-US: Team Impact TI Blog System mod for PHP-Fusion
CVE-2008-5732 (Unrestricted file upload vulnerability in lib/image_upload.php in ...)
- TODO: check
+ NOT-FOR-US: KafooeyBlog
CVE-2008-5731 (The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP ...)
- TODO: check
+ NOT-FOR-US: PGP Desktop
CVE-2008-5730 (Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and ...)
- TODO: check
+ NOT-FOR-US: AIST NetCat
CVE-2008-5729 (Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat ...)
- TODO: check
+ NOT-FOR-US: AIST NetCat
CVE-2008-5728 (Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and ...)
- TODO: check
+ NOT-FOR-US: AIST NetCat
CVE-2008-5727 (SQL injection vulnerability in modules/auth/password_recovery.php in ...)
- TODO: check
+ NOT-FOR-US: AIST NetCat
CVE-2008-5726 (SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows ...)
- TODO: check
+ NOT-FOR-US: stormBoards
CVE-2008-5725 (The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in ...)
- TODO: check
+ NOT-FOR-US: EnTech Taiwan PowerStrip
CVE-2008-5724 (The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ...)
- TODO: check
+ NOT-FOR-US: ESET Smart Security
CVE-2008-5723 (Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka ...)
- TODO: check
+ NOT-FOR-US: CGI RESCUE KanniBBS2000
CVE-2008-5722 (Buffer overflow in SAWStudio 3.9i allows user-assisted remote ...)
- TODO: check
+ NOT-FOR-US: SAWStudio
CVE-2008-5721 (SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: BlackJumboDog
CVE-2008-5720 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows ...)
- TODO: check
+ NOT-FOR-US: Mayaa
CVE-2008-5719 (Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2 allows remote attackers ...)
- TODO: check
+ - netatalk <unfixed> (bug #510585)
CVE-2008-5717 (Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated ...)
- TODO: check
+ NOT-FOR-US: Hitachi
CVE-2008-5716 (xend in Xen 3.3.0 does not properly restrict a guest VM's write access ...)
- xen-3 <not-affected> (Vulnerable code never entered Debian)
- xen-unstable <not-affected> (Vulnerable code never entered Debian)
@@ -196,7 +196,8 @@
[etch] - qemu <not-affected> (Vulnerable code not present)
- kvm 82-1 (low; bug #509997)
CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux ...)
- TODO: check
+ - linux-2.6 2.6.25-1
+ - linux-2.6.24 <removed>
CVE-2008-5712 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...)
- kdebase <unfixed> (unimportant)
NOTE: Browser crashes not treated as security issues
@@ -217,15 +218,19 @@
- gpsdrive <unfixed> (low; bug #508597)
[etch] - gpsdrive <no-dsa> (Minor issue)
CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in ...)
- TODO: check
+ - linux-2.6 <unfixed>
+ - linux-2.6.24 <removed>
CVE-2008-5701 (Array index error in arch/mips/kernel/scall64-o32.S in the Linux ...)
- TODO: check
+ - linux-2.6 <unfixed>
+ - linux-2.6.24 <removed>
CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum ...)
- TODO: check
+ - linux-2.6 <unfixed>
+ - linux-2.6.24 <removed>
CVE-2008-5699 (The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2008-5698 (HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 ...)
- TODO: check
+ - konqueror <unfixed> (unimportant)
+ NOTE: browser crashes not treated as security issues
CVE-2008-5697 (The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 ...)
NOT-FOR-US: Skype extension
CVE-2008-5696 (Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is ...)
More information about the Secure-testing-commits
mailing list