thr3ads.net - Secure testing commits - [Secure-testing-commits] r9846

If this information is useful, please help other people find it:
Share via:
thomasbl-guest at alioth.debian.org
2008-Sep-19 19:27 UTC
[Secure-testing-commits] r9846 - data/CVE

Author: thomasbl-guest
Date: 2008-09-19 19:27:25 +0000 (Fri, 19 Sep 2008)
New Revision: 9846

Modified:
   data/CVE/list
Log:
nfu''s



Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-09-19 18:44:18 UTC (rev 9845)
+++ data/CVE/list	2008-09-19 19:27:25 UTC (rev 9846)
@@ -301,7 +301,7 @@
 CVE-2008-3973
 	RESERVED
 CVE-2008-3972 (pkcs15-tool in OpenSC before 0.11.6 does not apply security
updates to ...)
-	TODO: check
+	NOT-FOR-US: pkcs15-tool in OpenSC
 CVE-2008-3971 (Heap-based buffer overflow in the open_man_file function in ...)
 	- gmanedit 0.4.1-1.1 (medium; bug #497835)
 CVE-2008-3970 (pam_mount 0.10 through 0.45, when luserconf is enabled, does not
...)
@@ -345,9 +345,9 @@
 CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS
allows ...)
 	NOT-FOR-US: XRMS
 CVE-2008-3947 (DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to
gain ...)
-	TODO: check
+	NOT-FOR-US: OpenVMS
 CVE-2008-3946 (The finger client in HP TCP/IP Services for OpenVMS 5.x allows
local ...)
-	TODO: check
+	NOT-FOR-US: OpenVMS
 CVE-2008-3945 (SQL injection vulnerability in index.php in Words tag 1.2 allows
...)
 	NOT-FOR-US: Words tag
 CVE-2008-3944 (SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows
...)
@@ -359,7 +359,7 @@
 CVE-2008-3941 (Cross-site scripting (XSS) vulnerability in BizDirectory 2.04
and ...)
 	NOT-FOR-US: BizDirectory
 CVE-2008-3940 (Format string vulnerability in the finger client in HP TCP/IP
Services ...)
-	TODO: check
+	NOT-FOR-US: OpenVMS
 CVE-2008-3939 (Directory traversal vulnerability in the web interface in AVTECH
PageR ...)
 	NOT-FOR-US: AVTECH PageR Enterprise
 CVE-2008-3938 (Cross-site request forgery (CSRF) vulnerability in
user_admin.php in ...)
@@ -418,7 +418,7 @@
 	- ruby1.8 1.8.7.72-1 (bug #498978)
 	- ruby1.9 <unfixed> (bug #498977)
 CVE-2008-3903 (Asterisk PBX 1.2 through 1.6 and Trixbox PBX 2.6.1, when running
with ...)
-	TODO: check
+	NOT-FOR-US: Asterisk PBX
 CVE-2008-3902 (HP firmware 68DTT F.0D stores pre-boot authentication passwords
in the ...)
 	NOT-FOR-US: HP firmware 68DTT
 CVE-2007-6717 (Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0
and ...)
@@ -490,7 +490,7 @@
 CVE-2008-3891 (The SAML Single Sign-On (SSO) Service for Google Apps allows
remote ...)
 	NOT-FOR-US: SAML Service for Google Apps
 CVE-2008-3890 (The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can
make an ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2008-3888 (SQL injection vulnerability in members.asp in Mini-NUKE Freehost
2.3 ...)
 	NOT-FOR-US: Mini-NUKE Freehost
 CVE-2008-3887 (Multiple SQL injection vulnerabilities in index.php in
dotProject ...)
@@ -1213,35 +1213,35 @@
 CVE-2008-3623
 	RESERVED
 CVE-2008-3622 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple
Mac ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2008-3621 (VideoConference in Apple Mac OS X 10.4.11 and 10.5 through
10.5.4 ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-3620
 	RESERVED
 CVE-2008-3619 (Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak
...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-3618 (The File Sharing pane in the Sharing preference pane in Apple
Mac OS X ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-3617 (Remote Management and Screen Sharing in Apple Mac OS X 10.5
through ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-3616 (Multiple integer overflows in the SearchKit API in Apple Mac OS
X ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-3615 (An unspecified third-party Indeo v5 codec for QuickTime, when
used ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows
allows ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2008-3613 (Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-3612 (The Networking subsystem in Apple iPod touch 2.0 through 2.0.2,
and ...)
 	NOT-FOR-US: Apple iPod
 CVE-2008-3611 (Login Window in Apple Mac OS X 10.4.11 does not clear the
current ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-3610 (Race condition in Login Window in Apple Mac OS X 10.5 through
10.5.4, ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-3609 (The kernel in Apple Mac OS X 10.5 through 10.5.4 does not
properly ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-3608 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows
...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-3607 (The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier
allows ...)
 	NOT-FOR-US: NoticeWare Email Server NG
 CVE-2008-3606 (Heap-based buffer overflow in the IMAP service in Qbik WinGate
...)
@@ -1291,7 +1291,7 @@
 CVE-2008-3585 (Multiple SQL injection vulnerabilities in PozScripts GreenCart
PHP ...)
 	NOT-FOR-US: PozScripts GreenCart PHP Shopping Cart
 CVE-2008-3584 (NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not
...)
-	TODO: check
+	NOT-FOR-US: NetBSD
 CVE-2008-3583 (Buffer overflow in the HTML parser in IntelliTamper 2.07 allows
remote ...)
 	NOT-FOR-US: IntelliTamper 2.07
 CVE-2008-3582 (SQL injection vulnerability in login.php in Keld PHP-MySQL News
Script ...)
@@ -1379,7 +1379,7 @@
 CVE-2008-3540
 	RESERVED
 CVE-2008-3539 (Unspecified vulnerability in HP OpenView Select Identity (HPSI)
...)
-	TODO: check
+	NOT-FOR-US: HP OpenView Select Identity (HPSI)
 CVE-2008-3538 (Unspecified vulnerability in HP Enterprise Discovery 2.0 through
2.52 ...)
 	NOT-FOR-US: HP Enterprise Discovery
 CVE-2008-3537 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network
Node ...)
@@ -1405,7 +1405,7 @@
 CVE-2008-3531 (Stack-based buffer overflow in sys/kern/vfs_mount.c in the
kernel in ...)
 	TODO: check
 CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1
does not ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD
 CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex
function in ...)
 	- libxml2 <unfixed> (bug #498768)
 CVE-2008-3528
@@ -2577,13 +2577,13 @@
 CVE-2008-3016
 	RESERVED
 CVE-2008-3015 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP
SP3, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office XP
 CVE-2008-3014 (Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet
Explorer ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-3013 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows XP ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-3012 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows XP ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-3011
 	RESERVED
 CVE-2008-3010
@@ -2591,9 +2591,9 @@
 CVE-2008-3009
 	RESERVED
 CVE-2008-3008 (Buffer overflow in a certain ActiveX control in wmex.dll in
Microsoft ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Media Encoder
 CVE-2008-3007 (Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System
Gold and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office XP
 CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and
2007 ...)
 	NOT-FOR-US: Microsoft Office Excel
 CVE-2008-3005 (Array index vulnerability in Microsoft Office Excel 2000 SP3 and
2002 ...)
@@ -3264,15 +3264,15 @@
 CVE-2008-2737
 	REJECTED
 CVE-2008-2736 (Unspecified vulnerability in Cisco Adaptive Security Appliance
(ASA) ...)
-	TODO: check
+	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
 CVE-2008-2735 (The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500
...)
-	TODO: check
+	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
 CVE-2008-2734 (Memory leak in the crypto functionality in Cisco Adaptive
Security ...)
-	TODO: check
+	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
 CVE-2008-2733 (Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2
...)
-	TODO: check
+	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
 CVE-2008-2732 (Multiple unspecified vulnerabilities in the SIP inspection ...)
-	TODO: check
+	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
 CVE-2008-2731
 	RESERVED
 CVE-2008-2730 (The Real-Time Information Server (RIS) Data Collector service in
Cisco ...)
@@ -3846,7 +3846,7 @@
 CVE-2008-2465
 	RESERVED
 CVE-2008-2464 (The mld_input function in sys/netinet6/mld6.c in the kernel in
NetBSD ...)
-	TODO: check
+	NOT-FOR-US: NetBSD
 CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in
snapview.ocx, ...)
 	NOT-FOR-US: Microsoft Office Snapshot Viewer ActiveX
 CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile
documentation ...)
@@ -3892,7 +3892,7 @@
 CVE-2008-2442
 	RESERVED
 CVE-2008-2441 (Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x,
4.1.x ...)
-	TODO: check
+	NOT-FOR-US: Cisco Secure ACS
 CVE-2008-2440
 	RESERVED
 CVE-2008-2439
@@ -3900,9 +3900,9 @@
 CVE-2008-2438
 	RESERVED
 CVE-2008-2437 (Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro
...)
-	TODO: check
+	NOT-FOR-US: Trend Micro OfficeScan
 CVE-2008-2436 (Multiple heap-based buffer overflows in the IppCreateServerRef
...)
-	TODO: check
+	NOT-FOR-US: Novell iPrint Client
 CVE-2008-2435
 	RESERVED
 CVE-2008-2434
@@ -4147,20 +4147,20 @@
 CVE-2008-2333 (Cross-site scripting (XSS) vulnerability in ldap_test.cgi in
Barracuda ...)
 	NOT-FOR-US: Barracuda
 CVE-2008-2332 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows
...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-2331 (Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly
update ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-2330 (slapconfig in Directory Services in Apple Mac OS X 10.5 through
10.5.4 ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-2329 (Directory Services in Apple Mac OS X 10.5 through 10.5.4, when
Active ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-2328
 	RESERVED
 CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2)
LZWDecodeCompat, ...)
 	{DSA-1632-1 DTSA-160-1}
 	- tiff 3.8.2-11 (medium)
 CVE-2008-2326 (mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour
for ...)
-	TODO: check
+	NOT-FOR-US: Apple Bonjour for Windows
 CVE-2008-2325 (QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote
attackers ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2008-2324 (The Repair Permissions tool in Disk Utility in Apple Mac OS X
10.4.11 ...)
@@ -4192,7 +4192,7 @@
 CVE-2008-2313 (Apple Mac OS X before 10.5 uses weak permissions for the User
Template ...)
 	NOT-FOR-US: Mac OS X
 CVE-2008-2312 (Network Preferences in Apple Mac OS X 10.4.11 stores PPP
passwords in ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-2311 (Launch Services in Apple Mac OS X before 10.5, when Open Safe
Files is ...)
 	NOT-FOR-US: Mac OS X
 CVE-2008-2310 (Format string vulnerability in c++filt in Apple Mac OS X 10.5
before ...)
@@ -4208,7 +4208,7 @@
 CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret
the ...)
 	NOT-FOR-US: Windows issue
 CVE-2008-2305 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple
Mac ...)
-	TODO: check
+	NOT-FOR-US: Apple Type Services (ATS)
 CVE-2008-2304 (Buffer overflow in Apple Core Image Fun House 2.0 and earlier in
...)
 	NOT-FOR-US: Apple Core Image Fun House
 CVE-2008-2303 (Integer signedness error in Safari on Apple iPhone before 2.0
and iPod ...)
@@ -4310,7 +4310,7 @@
 CVE-2008-2254 (Microsoft Internet Explorer 6 and 7 accesses uninitialized
memory, ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-2253 (Unspecified vulnerability in Microsoft Windows Media Player 11
allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows Media Player
 CVE-2008-2252
 	RESERVED
 CVE-2008-2251
@@ -5488,7 +5488,7 @@
 CVE-2008-1740 (The Presence Engine (PE) service in Cisco Unified Presence
before ...)
 	NOT-FOR-US: Cisco firmware
 CVE-2008-1739 (Apple QuickTime before 7.4.5 allows remote attackers to cause a
denial ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2008-1738 (Rising Antivirus 2008 before 20.38.20 allows local users to
cause a ...)
 	NOT-FOR-US: Rising Antivirus
 CVE-2008-1737 (Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime
...)
@@ -5685,7 +5685,7 @@
 	- linux-2.6.24 2.6.24-6~etchnhalf.2
 	NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2
 CVE-2008-1668 (ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11
assigns ...)
-	TODO: check
+	NOT-FOR-US: wu-ftpd in HP-UX
 CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European
...)
 	NOT-FOR-US: Probe Builder 2.2
 CVE-2008-1666 (Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7,
...)
@@ -6807,7 +6807,7 @@
 CVE-2008-1198 (The default IPSec ifup script in Red Hat Enterprise Linux 3
through 5 ...)
 	NOT-FOR-US: Red Hat specific
 CVE-2008-1197 (The Marvell driver for the Netgear WN802T Wi-Fi access point
with ...)
-	TODO: check
+	NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point
 CVE-2008-1196 (Stack-based buffer overflow in Java Web Start (javaws.exe) in
Sun JDK ...)
 	- sun-java6 6-05-1 (medium)
 	- sun-java5 1.5.0-15-1 (medium)
@@ -6950,7 +6950,7 @@
 	- kfreebsd-6 <unfixed> (bug #483152)
 	- kfreebsd-7 <unfixed> (bug #483152)
 CVE-2008-1144 (The Marvell driver for the Netgear WN802T Wi-Fi access point
with ...)
-	TODO: check
+	NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point
 CVE-2008-1143
 	RESERVED
 CVE-2008-1141 (Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and
earlier ...)
@@ -13255,7 +13255,7 @@
 CVE-2007-5475
 	RESERVED
 CVE-2007-5474 (The driver for the Linksys WRT350N Wi-Fi access point with
firmware ...)
-	TODO: check
+	NOT-FOR-US: Linksys WRT350N Wi-Fi access point
 CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when
...)
 	- mono <not-affected> (Windows-specific vulnerability)
 CVE-2007-5472 (Cross-site scripting (XSS) vulnerability in the Server component
in CA ...)
@@ -13710,7 +13710,7 @@
 CVE-2007-5349
 	RESERVED
 CVE-2007-5348 (Heap-based buffer overflow in the vector graphics link library
in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-5347 (Microsoft Internet Explorer 5.01 through 7 allows remote
attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-5346
Secure testing commits - Sep 2008 - r9846 - data/CVE

[Secure-testing-commits] r9846 - data/CVE
