white at alioth.debian.org
2008-Dec-20 17:11 UTC
[Secure-testing-commits] r10743 - data/CVE
Author: white Date: 2008-12-20 17:11:40 +0000 (Sat, 20 Dec 2008) New Revision: 10743 Modified: data/CVE/list Log: Some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-12-20 15:42:40 UTC (rev 10742) +++ data/CVE/list 2008-12-20 17:11:40 UTC (rev 10743) @@ -1,17 +1,17 @@ CVE-2008-5678 (Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote ...) - TODO: check + NOT-FOR-US: OLIB7 WebView CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and ...) - TODO: check + NOT-FOR-US: Kwalbum CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka ...) TODO: check CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 ...) - TODO: check + NOT-FOR-US: IBM WebSphere Portal CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet Network ...) - TODO: check + NOT-FOR-US: Darkwet Network webcamXP CVE-2008-5673 (PHParanoid before 0.4 does not properly restrict access to the members ...) - TODO: check + NOT-FOR-US: PHParanoid CVE-2008-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - TODO: check + NOT-FOR-US: PHParanoid CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...) NOT-FOR-US: Joomla CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password ...) @@ -25,15 +25,15 @@ CVE-2008-5666 (WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows ...) NOT-FOR-US: WinFTP CVE-2008-5665 (SQL injection vulnerability in index.php in the xhresim module in ...) - TODO: check + NOT-FOR-US: XOOPS CVE-2008-5664 (Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound ...) - TODO: check + NOT-FOR-US: Realtek Media Player CVE-2008-5663 (Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and ...) - TODO: check + NOT-FOR-US: Kusaba CVE-2008-5662 (Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC ...) TODO: check CVE-2008-5661 (The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and ...) TODO: check CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows ...) @@ -1050,7 +1050,7 @@ NOTE: memcpy fails for copying from the complete addressable address space long before any code is executed NOTE: the malloc check for type_specific_data is missing, minor issue filed as #508065 CVE-2008-5237 (Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and ...) - - xine-lib <unfixed> (bug #509265) + - xine-lib <unfixed> (bug #509265; low) CVE-2008-5236 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ...) TODO: check CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk function in ...)