[Secure-testing-commits] r10843 - data/CVE

sf at alioth.debian.org sf at alioth.debian.org
Sat Jan 3 12:47:25 UTC 2009


Author: sf
Date: 2009-01-03 12:47:25 +0000 (Sat, 03 Jan 2009)
New Revision: 10843

Modified:
   data/CVE/list
Log:
new: linux (several), konquer (unimportant), netatalk
more NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-01-03 12:25:25 UTC (rev 10842)
+++ data/CVE/list	2009-01-03 12:47:25 UTC (rev 10843)
@@ -128,11 +128,11 @@
 	- audiofile <unfixed> (medium; bug #510205)
 	TODO: request CVE id
 CVE-2008-5744 (Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) ...)
-	- zaptel <unfixed> (bug filed)
+	- zaptel <unfixed> (bug #510583)
 CVE-2008-5743 (pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a ...)
-	- pdfjam <unfixed> (low; bug filed)
+	- pdfjam <unfixed> (low; bug #510584)
 CVE-2008-5742 (Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier ...)
-	TODO: check
+	NOT-FOR-US: AIST NetCat
 CVE-2008-5741
 	RESERVED
 CVE-2008-5740
@@ -150,39 +150,39 @@
 CVE-2008-5734 (Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp ...)
 	NOT-FOR-US: IceWarp Software Merak Mail Server
 CVE-2008-5733 (SQL injection vulnerability in blog.php in the Team Impact TI Blog ...)
-	TODO: check
+	NOT-FOR-US: Team Impact TI Blog System mod for PHP-Fusion
 CVE-2008-5732 (Unrestricted file upload vulnerability in lib/image_upload.php in ...)
-	TODO: check
+	NOT-FOR-US: KafooeyBlog
 CVE-2008-5731 (The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP ...)
-	TODO: check
+	NOT-FOR-US: PGP Desktop
 CVE-2008-5730 (Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and ...)
-	TODO: check
+	NOT-FOR-US: AIST NetCat
 CVE-2008-5729 (Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat ...)
-	TODO: check
+	NOT-FOR-US: AIST NetCat
 CVE-2008-5728 (Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and ...)
-	TODO: check
+	NOT-FOR-US: AIST NetCat
 CVE-2008-5727 (SQL injection vulnerability in modules/auth/password_recovery.php in ...)
-	TODO: check
+	NOT-FOR-US: AIST NetCat
 CVE-2008-5726 (SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows ...)
-	TODO: check
+	NOT-FOR-US: stormBoards
 CVE-2008-5725 (The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in ...)
-	TODO: check
+	NOT-FOR-US: EnTech Taiwan PowerStrip
 CVE-2008-5724 (The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ...)
-	TODO: check
+	NOT-FOR-US: ESET Smart Security
 CVE-2008-5723 (Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka ...)
-	TODO: check
+	NOT-FOR-US: CGI RESCUE KanniBBS2000
 CVE-2008-5722 (Buffer overflow in SAWStudio 3.9i allows user-assisted remote ...)
-	TODO: check
+	NOT-FOR-US: SAWStudio
 CVE-2008-5721 (SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: BlackJumboDog
 CVE-2008-5720 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows ...)
-	TODO: check
+	NOT-FOR-US: Mayaa
 CVE-2008-5719 (Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2 allows remote attackers ...)
-	TODO: check
+	- netatalk <unfixed> (bug #510585)
 CVE-2008-5717 (Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated ...)
-	TODO: check
+	NOT-FOR-US: Hitachi
 CVE-2008-5716 (xend in Xen 3.3.0 does not properly restrict a guest VM's write access ...)
 	- xen-3 <not-affected> (Vulnerable code never entered Debian)
 	- xen-unstable <not-affected> (Vulnerable code never entered Debian)
@@ -196,7 +196,8 @@
 	[etch] - qemu <not-affected> (Vulnerable code not present)
 	- kvm 82-1 (low; bug #509997)
 CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux ...)
-	TODO: check
+	- linux-2.6 2.6.25-1
+	- linux-2.6.24 <removed>
 CVE-2008-5712 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...)
 	- kdebase <unfixed> (unimportant)
 	NOTE: Browser crashes not treated as security issues
@@ -217,15 +218,19 @@
 	- gpsdrive <unfixed> (low; bug #508597)
 	[etch] - gpsdrive <no-dsa> (Minor issue)
 CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	- linux-2.6.24 <removed>
 CVE-2008-5701 (Array index error in arch/mips/kernel/scall64-o32.S in the Linux ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	- linux-2.6.24 <removed>
 CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	- linux-2.6.24 <removed>
 CVE-2008-5699 (The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2008-5698 (HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 ...)
-	TODO: check
+	- konqueror <unfixed> (unimportant)
+	NOTE: browser crashes not treated as security issues
 CVE-2008-5697 (The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 ...)
 	NOT-FOR-US: Skype extension
 CVE-2008-5696 (Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is ...)




More information about the Secure-testing-commits mailing list