stef-guest at alioth.debian.org
2008-Feb-02 12:19 UTC
[Secure-testing-commits] r8071 - data/CVE
Author: stef-guest
Date: 2008-02-02 12:19:51 +0000 (Sat, 02 Feb 2008)
New Revision: 8071
Modified:
data/CVE/list
Log:
- new linux-2.6 issue
- new icu issues
- NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-02-02 10:37:32 UTC (rev 8070)
+++ data/CVE/list 2008-02-02 12:19:51 UTC (rev 8071)
@@ -198,7 +198,7 @@
CVE-2008-0411
RESERVED
CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel
2.4.21 ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2008-XXXX [openssh local users may hijack forwarded X connections]
- openssh <unfixed> (bug #463011)
CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
@@ -209,17 +209,17 @@
CVE-2007-6697 [buffer overflow in libsdl-image in GIF handling]
- sdl-image1.2 1.2.6-2 (medium)
CVE-2008-0410 (HTTP File Server (HFS) before 2.2c allows remote attackers to
obtain ...)
- TODO: check
+ NOT-FOR-US: HTTP File Server
CVE-2008-0409 (Cross-site scripting (XSS) vulnerability in HTTP File Server
(HFS) ...)
- TODO: check
+ NOT-FOR-US: HTTP File Server
CVE-2008-0408 (HTTP File Server (HFS) before 2.2c allows remote attackers to
append ...)
- TODO: check
+ NOT-FOR-US: HTTP File Server
CVE-2008-0407 (HTTP File Server (HFS) before 2.2c tags HTTP request log entries
with ...)
- TODO: check
+ NOT-FOR-US: HTTP File Server
CVE-2008-0406 (HTTP File Server (HFS) before 2.2c, when account names are used
as log ...)
- TODO: check
+ NOT-FOR-US: HTTP File Server
CVE-2008-0405 (Multiple directory traversal vulnerabilities in HTTP File Server
(HFS) ...)
- TODO: check
+ NOT-FOR-US: HTTP File Server
CVE-2008-0404 (Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1
allows ...)
- mantis <not-affected> (Vulnerable code not present)
NOTE: code was introduced in the 1.1.x series, which are not shipped by us yet
@@ -744,11 +744,11 @@
CVE-2008-0177
RESERVED
CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY
HMI ...)
- TODO: check
+ NOT-FOR-US: GE Fanuc CIMPLICITY
CVE-2008-0175 (Unrestricted file upload vulnerability in GE Fanuc Proficy
Real-Time ...)
- TODO: check
+ NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal
CVE-2008-0174 (GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier
uses ...)
- TODO: check
+ NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal
CVE-2008-0172 (The get_repeat_type function in basic_regex_creator.hpp in the
Boost ...)
- boost <unfixed> (low; bug #461236)
CVE-2008-0171 (regex/v4/perl_matcher_non_recursive.hpp in the Boost regex
library ...)
@@ -1638,9 +1638,9 @@
CVE-2008-0030
RESERVED
CVE-2008-0029 (Cisco Application Velocity System (AVS) before 5.1.0 is
installed with ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2008-0028 (Unspecified vulnerability in Cisco PIX 500 Series Security
Appliance ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2008-0027 (Heap-based buffer overflow in the Certificate Trust List (CTL)
...)
NOT-FOR-US: Cisco
CVE-2008-0026
@@ -1674,7 +1674,7 @@
CVE-2007-6426
RESERVED
CVE-2007-6425 (Unspecified vulnerability in HP-UX B.11.31, when running ARPA
...)
- TODO: check
+ NOT-FOR-US: HP-UX
CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running
in ...)
NOT-FOR-US: Fonality Trixbox
CVE-2007-6423 (** DISPUTED ** ...)
@@ -3371,7 +3371,7 @@
CVE-2007-5765
RESERVED
CVE-2007-5764 (Buffer overflow in the pioout program in printers.rte in IBM AIX
5.2, ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2007-5763
RESERVED
CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91
SP4, ...)
@@ -6624,9 +6624,9 @@
- postgresql-8.1 8.1.11-1
[sarge] - postgresql <unfixed>
CVE-2007-4771 (Heap-based buffer overflow in the doInterval function in
regexcmp.cpp ...)
- TODO: check
+ - icu <unfixed> (bug filed)
CVE-2007-4770 (libicu in International Components for Unicode (ICU) 3.8.1 and
earlier ...)
- TODO: check
+ - icu <unfixed> (bug filed)
CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in
...)
{DSA-1463-1 DSA-1460-1}
- postgresql-8.2 8.2.6-1