thr3ads.net - Secure testing commits - [Secure-testing-commits] r9440

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Jul-28 09:14 UTC
[Secure-testing-commits] r9440 - data/CVE

Author: joeyh
Date: 2008-07-28 09:14:13 +0000 (Mon, 28 Jul 2008)
New Revision: 9440

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-07-27 23:11:42 UTC (rev 9439)
+++ data/CVE/list	2008-07-28 09:14:13 UTC (rev 9440)
@@ -1,14 +1,288 @@
-CVE-2008-3330 [horde XSS via contact name]
+CVE-2008-3338
+	RESERVED
+CVE-2008-3337
+	RESERVED
+CVE-2008-3336 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB
before ...)
+	TODO: check
+CVE-2008-3335 (Unspecified vulnerability in PunBB before 1.2.19 allows remote
...)
+	TODO: check
+CVE-2008-3334 (Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before
1.2.14 ...)
+	TODO: check
+CVE-2008-3333 (Directory traversal vulnerability in core/lang_api.php in Mantis
...)
+	TODO: check
+CVE-2008-3332 (Eval injection vulnerability in adm_config_set.php in Mantis
before ...)
+	TODO: check
+CVE-2008-3331 (Cross-site scripting (XSS) vulnerability in
return_dynamic_filters.php ...)
+	TODO: check
+CVE-2008-3329 (Unspecified vulnerability in Links before 2.1, when
&quot;only proxies&quot; is ...)
+	TODO: check
+CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in
Trac ...)
+	TODO: check
+CVE-2008-3324
+	RESERVED
+CVE-2008-3323
+	RESERVED
+CVE-2008-3322 (admin/index.php in Maian Recipe 1.2 and earlier allows remote
...)
+	TODO: check
+CVE-2008-3321 (admin/index.php in Maian Uploader 4.0 and earlier allows remote
...)
+	TODO: check
+CVE-2008-3320 (admin/index.php in Maian Guestbook 3.2 and earlier allows remote
...)
+	TODO: check
+CVE-2008-3319 (admin/index.php in Maian Links 3.1 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2008-3318 (admin/index.php in Maian Weblog 4.0 and earlier allows remote
...)
+	TODO: check
+CVE-2008-3317 (admin/index.php in Maian Search 1.1 and earlier allows remote
...)
+	TODO: check
+CVE-2008-3316 (Cross-site scripting (XSS) vulnerability in the search feature
in the ...)
+	TODO: check
+CVE-2008-3315 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline
...)
+	TODO: check
+CVE-2008-3314 (ZDaemon 1.08.07 and earlier allows remote attackers to cause a
denial ...)
+	TODO: check
+CVE-2008-3313 (Multiple PHP remote file inclusion vulnerabilities in CreaCMS
1.0 ...)
+	TODO: check
+CVE-2008-3312 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2008-3311 (PHP remote file inclusion vulnerability in config.php in Adam
...)
+	TODO: check
+CVE-2008-3310 (SQL injection vulnerability in default.asp in Pre Survey Poll
allows ...)
+	TODO: check
+CVE-2008-3309 (SQL injection vulnerability in info_book.asp in DigiLeave 1.2
and ...)
+	TODO: check
+CVE-2008-3308 (PHP remote file inclusion vulnerability in cuenta/cuerpo.php in
C. ...)
+	TODO: check
+CVE-2008-3307 (SQL injection vulnerability in todos.php in C. Desseno YouTube
Blog ...)
+	TODO: check
+CVE-2008-3306 (SQL injection vulnerability in info.php in C. Desseno YouTube
Blog ...)
+	TODO: check
+CVE-2008-3305 (Cross-site scripting (XSS) vulnerability in mensaje.php in C.
Desseno ...)
+	TODO: check
+CVE-2008-3304 (BilboBlog 0.2.1 allows remote attackers to obtain sensitive ...)
+	TODO: check
+CVE-2008-3303 (admin/login.php in BilboBlog 0.2.1, when register_globals is
enabled, ...)
+	TODO: check
+CVE-2008-3302 (SQL injection vulnerability in admin/delete.php in BilboBlog
0.2.1, ...)
+	TODO: check
+CVE-2008-3301 (Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog
0.2.1 ...)
+	TODO: check
+CVE-2008-3300 (AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass ...)
+	TODO: check
+CVE-2008-3299 (eSyndiCat 1.6 allows remote attackers to bypass authentication
and ...)
+	TODO: check
+CVE-2008-3298 (SocialEngine (SE) before 2.83 grants certain write privileges
for ...)
+	TODO: check
+CVE-2008-3297 (Multiple SQL injection vulnerabilities in SocialEngine (SE)
before ...)
+	TODO: check
+CVE-2008-3296 (Directory traversal vulnerability in modules/system/admin.php in
XOOPS ...)
+	TODO: check
+CVE-2008-3295 (Cross-site scripting (XSS) vulnerability in
modules/system/admin.php ...)
+	TODO: check
+CVE-2008-3294 (src/configure.in in Vim 5.0 through 7.1, when used for a build
with ...)
+	TODO: check
+CVE-2008-3293 (Directory traversal vulnerability in download.php in EZWebAlbum
allows ...)
+	TODO: check
+CVE-2008-3292 (constants.inc in EZWebAlbum 1.0 allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2008-3291 (SQL injection vulnerability in index.php in AproxEngine (aka
Aprox CMS ...)
+	TODO: check
+CVE-2008-3290 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116
allows ...)
+	TODO: check
+CVE-2008-3289 (EMC Dantz Retrospect Backup Client 7.5.116 sends the password
hash in ...)
+	TODO: check
+CVE-2008-3288 (The Server Authentication Module in EMC Dantz Retrospect Backup
Server ...)
+	TODO: check
+CVE-2008-3287 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116
allows ...)
+	TODO: check
+CVE-2008-3286 (SWAT 4 1.1 and earlier allows remote attackers to cause a denial
of ...)
+	TODO: check
+CVE-2008-3285 (The Filesys::SmbClientParser module 2.7 and earlier for Perl
allows ...)
+	TODO: check
+CVE-2008-3284
+	RESERVED
+CVE-2008-3283
+	RESERVED
+CVE-2008-3282
+	RESERVED
+CVE-2008-3281
+	RESERVED
+CVE-2008-3280
+	RESERVED
+CVE-2008-3279
+	RESERVED
+CVE-2008-3278
+	RESERVED
+CVE-2008-3277
+	RESERVED
+CVE-2008-3276
+	RESERVED
+CVE-2008-3275
+	RESERVED
+CVE-2008-3274
+	RESERVED
+CVE-2008-3273
+	RESERVED
+CVE-2008-3272
+	RESERVED
+CVE-2008-3271
+	RESERVED
+CVE-2008-3270
+	RESERVED
+CVE-2008-3269 (WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and
Full ...)
+	TODO: check
+CVE-2008-3268 (Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9,
when ...)
+	TODO: check
+CVE-2008-3267 (SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows
remote ...)
+	TODO: check
+CVE-2008-3266 (SQL injection vulnerability in picture_pic_bv.asp in SoftAcid
Hotel ...)
+	TODO: check
+CVE-2008-3265 (SQL injection vulnerability in the DT Register (com_dtregister)
2.2.3 ...)
+	TODO: check
+CVE-2008-3264 (The FWDOWNL firmware-download implementation in Asterisk Open
Source ...)
+	TODO: check
+CVE-2008-3263 (The IAX2 protocol implementation in Asterisk Open Source 1.0.x,
1.2.x ...)
+	TODO: check
+CVE-2008-3262 (Cross-site request forgery (CSRF) vulnerability in Claroline
before ...)
+	TODO: check
+CVE-2008-3261 (Open redirect vulnerability in claroline/redirector.php in
Claroline ...)
+	TODO: check
+CVE-2008-3260 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline
...)
+	TODO: check
+CVE-2008-3259 (OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the
...)
+	TODO: check
+CVE-2008-3258 (Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5
allow ...)
+	TODO: check
+CVE-2008-3257 (Stack-based buffer overflow in the Apache Connector (mod_wl) in
Oracle ...)
+	TODO: check
+CVE-2008-3256 (SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3
and ...)
+	TODO: check
+CVE-2008-3255 (Cross-site scripting (XSS) vulnerability in LunarNight
Laboratory ...)
+	TODO: check
+CVE-2008-3254 (SQL injection vulnerability in index.php in preCMS 1 allows
remote ...)
+	TODO: check
+CVE-2008-3253 (Cross-site scripting (XSS) vulnerability in the XenAPI HTTP
interfaces ...)
+	TODO: check
+CVE-2008-3252 (Stack-based buffer overflow in the read_article function in ...)
+	TODO: check
+CVE-2008-3251 (Multiple SQL injection vulnerabilities in tplSoccerSite 1.0
allow ...)
+	TODO: check
+CVE-2008-3250 (SQL injection vulnerability in index.php in Arctic Issue Tracker
2.0.0 ...)
+	TODO: check
+CVE-2008-3249 (The client in Lenovo System Update before 3.14 does not properly
...)
+	TODO: check
+CVE-2008-3248
+	RESERVED
+CVE-2008-3247 (The LDT implementation in the Linux kernel 2.6.25.x on x86_64
...)
+	TODO: check
+CVE-2008-3246 (Unspecified vulnerability in the PDF distiller component in the
...)
+	TODO: check
+CVE-2008-3245 (SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9,
4.3.10, ...)
+	TODO: check
+CVE-2008-3244 (The scanning engine before 4.4.4 in F-Prot Antivirus before
6.0.9.0 ...)
+	TODO: check
+CVE-2008-3243 (Multiple unspecified vulnerabilities in the scanning engine
before ...)
+	TODO: check
+CVE-2008-3242 (Heap-based buffer overflow in the PPMedia Class ActiveX control
in ...)
+	TODO: check
+CVE-2008-3241 (SQL injection vulnerability in players-detail.php in UltraStats
...)
+	TODO: check
+CVE-2008-3240 (SQL injection vulnerability in index.php in AlstraSoft Affiliate
...)
+	TODO: check
+CVE-2008-3239 (Unrestricted file upload vulnerability in the writeLogEntry
function ...)
+	TODO: check
+CVE-2008-3238 (Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold
allow ...)
+	TODO: check
+CVE-2008-3237 (Cross-site scripting (XSS) vulnerability in
forward_to_friend.php in ...)
+	TODO: check
+CVE-2008-3236 (Unspecified vulnerability in Wsadmin in the System ...)
+	TODO: check
+CVE-2008-3235 (Unspecified vulnerability in the PropFilePasswordEncoder utility
in ...)
+	TODO: check
+CVE-2008-3234 (sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH
...)
+	TODO: check
+CVE-2008-3233 (Cross-site scripting (XSS) vulnerability in WordPress before
2.6, SVN ...)
+	TODO: check
+CVE-2008-3232 (Unspecified vulnerability in dotclear before 1.2.8 has unknown
impact ...)
+	TODO: check
+CVE-2008-3231 (xine allows user-assisted attackers to cause a denial of service
...)
+	TODO: check
+CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause
a ...)
+	TODO: check
+CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply
certain ...)
+	TODO: check
+CVE-2008-3227 (Unspecified vulnerability in Joomla! before 1.5.4 has unknown
impact ...)
+	TODO: check
+CVE-2008-3226 (The file caching implementation in Joomla! before 1.5.4 allows
...)
+	TODO: check
+CVE-2008-3225 (Joomla! before 1.5.4 allows attackers to access administration
...)
+	TODO: check
+CVE-2008-3217 (PowerDNS Recursor before 3.1.6 does not always use the strongest
...)
+	TODO: check
+CVE-2008-3215 (libclamav/petite.c in ClamAV before 0.93.3 allows remote
attackers to ...)
+	TODO: check
+CVE-2008-3214 (dnsmasq 2.25 allows remote attackers to cause a denial of
service (1) ...)
+	TODO: check
+CVE-2008-3213 (SQL injection vulnerability in secciones/tablon/tablon.php in
WebCMS ...)
+	TODO: check
+CVE-2008-3212 (Multiple SQL injection vulnerabilities in Scripteen Free Image
Hosting ...)
+	TODO: check
+CVE-2008-3211 (Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote
...)
+	TODO: check
+CVE-2008-3210 (rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro,
allows ...)
+	TODO: check
+CVE-2008-3209 (Heap-based buffer overflow in the OpenGifFile function in
BiGif.dll in ...)
+	TODO: check
+CVE-2008-3208 (Simple DNS Plus 4.1, 5.0, and possibly other versions before
5.1.101 ...)
+	TODO: check
+CVE-2008-3207 (PHP remote file inclusion vulnerability in
cms/modules/form.lib.php in ...)
+	TODO: check
+CVE-2008-3206 (SQL injection vulnerability in browse.groups.php in Yuhhu Pubs
Black ...)
+	TODO: check
+CVE-2008-3205 (Directory traversal vulnerability in index.php in Easy-Script
Wysi ...)
+	TODO: check
+CVE-2008-3204 (SQL injection vulnerability in tops_top.php in E-topbiz Million
Pixels ...)
+	TODO: check
+CVE-2008-3203 (js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not
perform ...)
+	TODO: check
+CVE-2008-3202 (Cross-site scripting (XSS) vulnerability in index.php in Xomol
CMS 1.2 ...)
+	TODO: check
+CVE-2008-3201 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2008-3200 (SQL injection vulnerability in vlc_forum.php in Avlc Forum as of
...)
+	TODO: check
+CVE-2008-3199 (Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4
allow ...)
+	TODO: check
+CVE-2008-3198 (Mozilla Firefox 3.x before 3.0.1 allows remote attackers to
inject ...)
+	TODO: check
+CVE-2008-3195
+	RESERVED
+CVE-2008-3194 (Multiple directory traversal vulnerabilities in ...)
+	TODO: check
+CVE-2008-3193 (SQL injection vulnerability in jSite 1.0 OE allows remote
attackers to ...)
+	TODO: check
+CVE-2008-3192 (Directory traversal vulnerability in index.php in jSite 1.0 OE
allows ...)
+	TODO: check
+CVE-2008-3191 (Multiple SQL injection vulnerabilities in usercp.php in mForum
0.1a, ...)
+	TODO: check
+CVE-2008-3190 (Directory traversal vulnerability in list.php in 1Scripts CodeDB
1.1.1 ...)
+	TODO: check
+CVE-2008-3189 (SQL injection vulnerability in dreamnews-rss.php in DreamNews
Manager ...)
+	TODO: check
+CVE-2008-3188 (libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the
...)
+	TODO: check
+CVE-2008-3187 (zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and
11.0 ...)
+	TODO: check
+CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in ...)
 	- horde3 3.2.1+debian0-1 (low; bug #492578)
 	- turba 2.2.1-1 (low)
 	NOTE: CVE id requested
-CVE-2008-3325 [moodle CSRF]
+CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x
before ...)
 	- moodle 1.8.1-1 (low)
 	NOTE: http://moodle.org/mod/forum/discuss.php?d=101405
-CVE-2008-3326 [Cross-site scripting (XSS) vulnerability in blog/edit.php in
Moodle]
+CVE-2008-3326 (Cross-site scripting (XSS) vulnerability in blog/edit.php in
Moodle ...)
 	- moodle <unfixed> (low; bug #492492)
 	NOTE: http://moodle.org/mod/forum/discuss.php?d=101401
-CVE-2008-3327 [moodle leaks installation path]
+CVE-2008-3327 (Moodle 1.6.5, when display_errors is enabled, allows remote
attackers ...)
 	- moodle <unfixed> (unimportant)
 	NOTE: http://moodle.org/mod/forum/discuss.php?d=101403
 	NOTE: Does not allow any attack vendors, apart from gaining non-sensible
information
@@ -18,7 +292,7 @@
 	NOTE: CVE id requested by redhat
 	NOTE: 0008975 (CSRF) covered by CVE-2008-2276
 	NOTE: 0008976 remote code execution only possible with valid administrator
account
-CVE-2008-3196 [out of bound access]
+CVE-2008-3196 (skeleton.c in yacc does not properly handle reduction of a rule
with ...)
 	- byacc <unfixed> (low; bug #491182)
 	[etch] - byacc <no-dsa> (Minor issue)
 CVE-2008-XXXX [libetpan NULL deref]
@@ -30,10 +304,10 @@
 	- wordpress <not-affected> (Vulnerable code not present)
 	NOTE: this code was never present in a released wordpress version
 	NOTE: http://www.openwall.com/lists/oss-security/2008/07/15/5
-CVE-2008-3224 [phpbb3 urls gone through redirect()]
+CVE-2008-3224 (Unspecified vulnerability in phpBB before 3.0.1 has unknown
impact and ...)
 	- phpbb3 3.0.2-1 (low)
 	- phpbb2 <not-affected> (Vulnerable code not present)
-CVE-2008-3197 [phpmyadmin CSRF PMASA-2008-5]
+CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin
before ...)
 	- phpmyadmin 4:2.11.7.1-1 (low)
 	[etch] - phpmyadmin <no-dsa> (low impact issue)
 	NOTE: this only allows via csrf to create an empty database.
@@ -178,32 +452,31 @@
 	NOT-FOR-US: ancient issue
 CVE-2003-1559 (Microsoft Internet Explorer 5.22, and other 5 through 6 SP1
versions, ...)
 	NOT-FOR-US: ancient issue
-CVE-2008-3229 [buffer overflow in XAUTHORITY handling in op]
+CVE-2008-3229 (Stack-based buffer overflow in op before Changeset 563, when
xauth ...)
 	- op <not-affected> (not configured with xauth support)
-CVE-2008-3218 [multiple XSS related to free tagging taxonomy terms not properly
handled in node preview]
+CVE-2008-3218 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal
6.x ...)
 	- drupal5 <not-affected> (Vulnerable code not present, feature
introduced in 6.0)
 	- drupal-4.7 <not-affected> (Vulnerable code not present, feature
introduced in 6.0)
-CVE-2008-3219 [filter_xss_admin doesnt prevent use of object HTML tag in
administrator input]
+CVE-2008-3219 (The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x
before ...)
 	- drupal5 5.8-1 (low; bug #490559)
 	- drupal-4.7 <unfixed> (low)
 	TODO: report drupal-4.7 bug (see modules/filter.module line 1113, object is
returned as valid)
-CVE-2008-3220 [CSRF might delete translated strings]
+CVE-2008-3220 (Cross-site request forgery (CSRF) vulnerability in Drupal 5.x
before ...)
 	- drupal5 5.8-1 (low; bug #490559)
 	- drupal-4.7 <not-affected> (Vulnerable code not present)
 	NOTE: drupal-4.7 uses the locale_admin_string_delete callback which returns a
confirmation dialog
-CVE-2008-3221 [CSRF might delete openid identities]
+CVE-2008-3221 (Cross-site request forgery (CSRF) vulnerability in Drupal 6.x
before ...)
 	- drupal5 <not-affected> (Vulnerable code not present, openids
introduced in 6.0)
 	- drupal-4.7 <not-affected> (Vulnerable code not present, openids
introduced in 6.0)
-CVE-2008-3222 [session fixation vulnerability]
+CVE-2008-3222 (Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x
before ...)
 	- drupal5 5.9-1 (low; bug #490559)
 	- drupal-4.7 <unfixed> (low)
 	TODO: report drupal-4.7 bug (see modules/user.module line 964,
sess_regenerate() needs to be called)
 	NOTE: before login action
-CVE-2008-3223 [SQL Injection in Schema API]
+CVE-2008-3223 (SQL injection vulnerability in the Schema API in Drupal 6.x
before 6.3 ...)
 	- drupal5 <not-affected> (Vulnerable code not present, introduced in
6.0)
 	- drupal-4.7 <not-affected> (Vulnerable code not present, introduced in
6.0)
-CVE-2008-3145 [DoS via injecting a series of malformed packets]
-	RESERVED
+CVE-2008-3145 (The fragment_add_work function in epan/reassemble.c in Wireshark
...)
 	- wireshark 1.0.2-1 (low)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-04.html
 CVE-2008-3115 (Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and
...)
@@ -295,7 +568,7 @@
 	RESERVED
 CVE-2008-3084
 	RESERVED
-CVE-2008-3216 [projectl prone to symlink attack]
+CVE-2008-3216 (The save function in br/prefmanager.d in projectl 1.001 creates
a ...)
 	- projectl 1.001.dfsg1-2 (low; bug #489988)
 	[etch] - projectl <no-dsa> (Minor issue)
 CVE-2008-3083 (SQL injection vulnerability in Brightcode Weblinks ...)
@@ -549,8 +822,8 @@
 	NOT-FOR-US: CMS Mini 
 CVE-2008-2959 (Buffer overflow in a certain ActiveX control (vb6skit.dll) in
...)
 	NOT-FOR-US: ActiveX control
-CVE-2008-2951
-	RESERVED
+CVE-2008-2951 (Open redirect vulnerability in the search script in Trac before
0.10.5 ...)
+	TODO: check
 CVE-2008-2949 (Cross-domain vulnerability in Microsoft Internet Explorer 6 and
7 ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-2948 (Cross-domain vulnerability in Microsoft Internet Explorer 7 and
8 ...)
@@ -580,10 +853,9 @@
 	RESERVED
 CVE-2008-2935
 	RESERVED
-CVE-2008-2934
-	RESERVED
-CVE-2008-2933 [command line urls can launch multiple tabs when firefox is not
running]
-	RESERVED
+CVE-2008-2934 (Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote
attackers to ...)
+	TODO: check
+CVE-2008-2933 (Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1,
interprets ''|'' ...)
 	{DSA-1615-1 DSA-1614-1}
 	- iceweasel 3.0.1-1 (low)
 	NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
@@ -802,7 +1074,7 @@
 	- dnsmasq 2.26-1 (medium)
 	NOTE: CVE id requested by Ubuntu
 	NOTE:
http://freshmeat.net/projects/dnsmasq/?branch_id=1991&release_id=217681
-CVE-2008-2952 (liblber/io.c in OpenLDAP 2.3.41, 2.3.42, and possibly other
versions ...)
+CVE-2008-2952 (liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers
to ...)
 	{DTSA-151-1}
 	- openldap2.3 <removed> (medium; bug #488710)
 	- openldap <unfixed> (medium; bug #488710)
@@ -897,7 +1169,7 @@
 	- linux-2.6 2.6.25-7
 	- linux-2.6.24 2.6.24-6~etchnhalf.4
 CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before
2.0.0.15, ...)
-	{DSA-1615-1 DSA-1607-1}
+	{DSA-1621-1 DSA-1615-1 DSA-1607-1}
 	- iceweasel 3.0
 	NOTE: Firefox 3 not affected
 	- iceape 1.1.10-1
@@ -907,7 +1179,7 @@
 	- iceweasel <not-affected> (Windows-specific)
 	- iceape <not-affected> (Windows-specific)
 CVE-2008-2809 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15,
...)
-	{DSA-1615-1 DSA-1607-1}
+	{DSA-1621-1 DSA-1615-1 DSA-1607-1}
 	- iceweasel 3.0
 	NOTE: Firefox 3 not affected
 	- iceape 1.1.10-1
@@ -919,7 +1191,7 @@
 	- iceape 1.1.10-1
 	- xulrunner <unfixed>
 CVE-2008-2807 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do
not ...)
-	{DSA-1615-1 DSA-1607-1}
+	{DSA-1621-1 DSA-1615-1 DSA-1607-1}
 	- iceweasel 3.0
 	- iceape 1.1.10-1
 	- xulrunner <unfixed>
@@ -936,12 +1208,12 @@
 CVE-2008-2804
 	RESERVED
 CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox
...)
-	{DSA-1615-1 DSA-1607-1}
+	{DSA-1621-1 DSA-1615-1 DSA-1607-1}
 	- iceweasel 3.0~b2-1
 	- iceape 1.1.10-1
 	- xulrunner 2.0.0.16-1
 CVE-2008-2802 (Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and
earlier, and ...)
-	{DSA-1615-1 DSA-1607-1}
+	{DSA-1621-1 DSA-1615-1 DSA-1607-1}
 	- iceweasel 3.0~b2-1
 	- iceape 1.1.10-1
 	- xulrunner 2.0.0.16-1
@@ -956,13 +1228,13 @@
 	- iceape 1.1.10-1
 	- xulrunner <unfixed>
 CVE-2008-2799 (Multiple unspecified vulnerabilities in Mozilla Firefox before
...)
-	{DSA-1615-1 DSA-1607-1}
+	{DSA-1621-1 DSA-1615-1 DSA-1607-1}
 	- iceweasel 3.0~b2-1
 	- iceape 1.1.10-1
 	- xulrunner <unfixed>
 	- icedove 2.0.0.16-1
 CVE-2008-2798 (Multiple unspecified vulnerabilities in Mozilla Firefox before
...)
-	{DSA-1615-1 DSA-1607-1}
+	{DSA-1621-1 DSA-1615-1 DSA-1607-1}
 	- iceweasel 3.0~b2-1
 	- iceape 1.1.10-1
 	- xulrunner <unfixed>
@@ -1003,8 +1275,8 @@
 	- iceweasel <unfixed> (bug #488358)
 	- iceape <unfixed> (bug #491162)
 	- xulrunner <unfixed> (bug #491160)
-CVE-2008-2785 (Unspecified vulnerability in Firefox 3.0 and 2.0.x has unknown
impact ...)
-	{DSA-1615-1 DSA-1614-1}
+CVE-2008-2785 (Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1,
Thunderbird ...)
+	{DSA-1621-1 DSA-1615-1 DSA-1614-1}
 	- iceweasel 3.0 (medium; bug #488358)
 	- icedove 2.0.0.16-1
 	- iceape 1.1.11-1 (bug #491163)
@@ -1451,19 +1723,19 @@
 	RESERVED
 CVE-2008-2583 (Unspecified vulnerability in the sample Discussion Forum Portlet
for ...)
 	NOT-FOR-US: Oracle database
-CVE-2008-2582 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+CVE-2008-2582 (Unspecified vulnerability in the WebLogic Server component in
Oracle ...)
 	NOT-FOR-US: BEA Product Suite
-CVE-2008-2581 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+CVE-2008-2581 (Unspecified vulnerability in the WebLogic Server component in
Oracle ...)
 	NOT-FOR-US: BEA Product Suite
-CVE-2008-2580 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+CVE-2008-2580 (Unspecified vulnerability in the WebLogic Server component in
Oracle ...)
 	NOT-FOR-US: BEA Product Suite
 CVE-2008-2579 (Unspecified vulnerability in the WebLogic Server Plugins for
Apache, ...)
 	NOT-FOR-US: BEA Product Suite
-CVE-2008-2578 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+CVE-2008-2578 (Unspecified vulnerability in the WebLogic Server component in
Oracle ...)
 	NOT-FOR-US: BEA Product Suite
-CVE-2008-2577 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+CVE-2008-2577 (Unspecified vulnerability in the WebLogic Server component in
Oracle ...)
 	NOT-FOR-US: BEA Product Suite
-CVE-2008-2576 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+CVE-2008-2576 (Unspecified vulnerability in the WebLogic Server component in
Oracle ...)
 	NOT-FOR-US: BEA Product Suite
 CVE-2008-2574 (Unrestricted file upload vulnerability in
admin/Editor/imgupload.php ...)
 	NOT-FOR-US: FlashBlog
@@ -2191,8 +2463,7 @@
 	RESERVED
 CVE-2008-2233
 	RESERVED
-CVE-2008-2232 [privilege escalation in afuse]
-	RESERVED
+CVE-2008-2232 (The expand_template function in afuse.c in afuse 0.2 allows
local ...)
 	{DSA-1611-1 DTSA-149-1}
 	- afuse 0.2-3 (bug #490921; medium)
 CVE-2008-2231 (SQL injection vulnerability in Slashdot Like Automated
Storytelling ...)
@@ -2339,7 +2610,7 @@
 	RESERVED
 CVE-2008-2163 (Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1
...)
 	NOT-FOR-US: IBM Lotus Quickr
-CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in Mantis 1.1.1
allows ...)
+CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in ...)
 	- mantis 1.0.8-4.1 (bug #481504)
 CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before
0.3.0 and ...)
 	- uudeview 0.5.20-3.1 (low; bug #480972)
@@ -3523,10 +3794,10 @@
 	RESERVED
 CVE-2008-1667
 	RESERVED
-CVE-2008-1666
-	RESERVED
-CVE-2008-1665
-	RESERVED
+CVE-2008-1666 (Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7,
...)
+	TODO: check
+CVE-2008-1665 (Multiple unspecified vulnerabilities in HP Select Identity
(HPSI) ...)
+	TODO: check
 CVE-2008-1664
 	RESERVED
 CVE-2008-1663 (Cross-site scripting (XSS) vulnerability in HP System Management
...)
@@ -6752,6 +7023,7 @@
 CVE-2008-0305
 	RESERVED
 CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before
2.0.0.12 and ...)
+	{DSA-1621-1}
 	- icedove 2.0.0.12-1 (medium)
 	- iceape 1.1.8-1 (medium)
 CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...)
Secure testing commits - Jul 2008 - r9440 - data/CVE

[Secure-testing-commits] r9440 - data/CVE
