thomasbl-guest at alioth.debian.org
2008-Jun-11 16:32 UTC
[Secure-testing-commits] r9033 - data/CVE
Author: thomasbl-guest
Date: 2008-06-11 16:32:12 +0000 (Wed, 11 Jun 2008)
New Revision: 9033
Modified:
data/CVE/list
Log:
opened bug #485807 for wordpress
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-06-11 15:22:43 UTC (rev 9032)
+++ data/CVE/list 2008-06-11 16:32:12 UTC (rev 9033)
@@ -347,10 +347,8 @@
CVE-2008-2393 (SQL injection vulnerability in play.php in EntertainmentScript
1.4.0 ...)
NOT-FOR-US: EntertainmentScript
CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and
earlier ...)
- - wordpress <unfixed>
- NOTE: could not reproduce this. Anyway, wordpress security policy
- NOTE: checks files only by extension so this should only affect misconfigured
- NOTE: webservers. Poked wordpress upstream to get a confirmation of this
vulnerability
+ - wordpress 2.5.1-3 (low; bug #485807)
+ NOTE: seems to be fixed within wordpress-bug #7113
CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and
cause a ...)
NOT-FOR-US: SubSonic
CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe
(1) ...)
@@ -1333,10 +1331,10 @@
CVE-2008-1945
RESERVED
CVE-2008-1944 (Buffer overflow in the backend framebuffer of XenSource Xen ...)
- TODO: check
+ NOT-FOR-US: ?
NOTE: sent email to XEN team
CVE-2008-1943 (Buffer overflow in the backend of XenSource Xen Para Virtualized
Frame ...)
- TODO: check
+ NOT-FOR-US: help
NOTE: sent email to XEN team
CVE-2008-1942 (Foxit Reader 2.2 allows remote attackers to cause a denial of
service ...)
NOT-FOR-US: Foxit Reader
@@ -2079,7 +2077,7 @@
CVE-2008-1620 (Directory traversal vulnerability in 2X TFTP service (TFTPd.exe)
...)
NOT-FOR-US: ThinClientServer
CVE-2008-1619 (The ssm_i emulation in Xen 5.1 on IA64 architectures allows
attackers ...)
- TODO: check
+ NOT-FOR-US: 1
CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when
performing ...)
NOT-FOR-US: Watchguard Firebox
CVE-2008-1617 (Double free vulnerability in Web TransferCtrl Class 8,2,1,4 ...)
@@ -2331,7 +2329,7 @@
[sarge] - otrs <not-affected> (Vulnerable code not present)
NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
CVE-2008-1514 (ptrace in Linux kernel 2.6.9 on Fedora 7 and 8 allows local
users to ...)
- TODO: check
+ NOT-FOR-US: wapiti
NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24
here
CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and
...)
NOT-FOR-US: Danneo CMS
@@ -3641,7 +3639,7 @@
CVE-2008-0968
RESERVED
CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware
...)
- TODO: check
+ NOT-FOR-US: help
CVE-2008-0966
RESERVED
CVE-2008-0965
@@ -8697,7 +8695,7 @@
CVE-2007-5672
RESERVED
CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x
before ...)
- TODO: check
+ NOT-FOR-US: wordpress
CVE-2007-5670
REJECTED
CVE-2007-5669
@@ -9409,7 +9407,7 @@
CVE-2007-5499
REJECTED
CVE-2007-5498 (The Xen hypervisor block backend driver for Linux kernel 2.6.18,
when ...)
- TODO: check
+ NOT-FOR-US: ?
CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs before
1.40.3 ...)
{DSA-1422-1 DTSA-95-1}
- e2fsprogs 1.40.3-1 (bug #454760)