thr3ads.net - Secure testing commits - [Secure-testing-commits] r10790

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Dec-23 21:14 UTC
[Secure-testing-commits] r10790 - data/CVE

Author: joeyh
Date: 2008-12-23 21:14:10 +0000 (Tue, 23 Dec 2008)
New Revision: 10790

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-12-23 20:18:43 UTC (rev 10789)
+++ data/CVE/list	2008-12-23 21:14:10 UTC (rev 10790)
@@ -1,3 +1,55 @@
+CVE-2008-5704 (src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4
might ...)
+	TODO: check
+CVE-2008-5703 (gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to
...)
+	TODO: check
+CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in ...)
+	TODO: check
+CVE-2008-5701 (Array index error in arch/mips/kernel/scall64-o32.S in the Linux
...)
+	TODO: check
+CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum
...)
+	TODO: check
+CVE-2008-5699 (The name service cache daemon (nscd) in Sun Solaris 10 and
OpenSolaris ...)
+	TODO: check
+CVE-2008-5698 (HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and
3.5.10 ...)
+	TODO: check
+CVE-2008-5697 (The skype_tool.copy_num method in the Skype extension BETA
2.2.0.95 ...)
+	TODO: check
+CVE-2008-5696 (Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux
server is ...)
+	TODO: check
+CVE-2008-5695 (wp-admin/options.php in WordPress MU before 1.3.2, and WordPress
2.3.2 ...)
+	TODO: check
+CVE-2008-5694 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2008-5693 (Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly
other ...)
+	TODO: check
+CVE-2008-5692 (Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other
...)
+	TODO: check
+CVE-2008-5691 (Heap-based buffer overflow in the Phoenician Casino FlashAX
ActiveX ...)
+	TODO: check
+CVE-2008-5690 (The Kerberos credential renewal feature in Solaris 8, 9, and 10,
and ...)
+	TODO: check
+CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through
snv_76 ...)
+	TODO: check
+CVE-2008-5688 (MediaWiki 1.8.1 through 1.13.3, when the wgShowExceptionDetails
...)
+	TODO: check
+CVE-2008-5687 (MediaWiki 1.11 through 1.13.3 does not properly protect against
the ...)
+	TODO: check
+CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006,
when its ...)
+	TODO: check
+CVE-2008-5685 (Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on
Sun ...)
+	TODO: check
+CVE-2008-5684 (Unspecified vulnerability in the X Inter Client Exchange library
(aka ...)
+	TODO: check
+CVE-2008-5683 (Unspecified vulnerability in Opera before 9.63 allows remote
attackers ...)
+	TODO: check
+CVE-2008-5682 (Cross-site scripting (XSS) vulnerability in Opera before 9.63
allows ...)
+	TODO: check
+CVE-2008-5681 (Opera before 9.63 does not block unspecified &quot;scripted
URLs&quot; during ...)
+	TODO: check
+CVE-2008-5680 (Multiple buffer overflows in Opera before 9.63 might allow (1)
remote ...)
+	TODO: check
+CVE-2008-5679 (The HTML parsing engine in Opera before 9.63 allows remote
attackers ...)
+	TODO: check
 CVE-2008-5678 (Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows
remote ...)
 	NOT-FOR-US: OLIB7 WebView
 CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2,
and ...)
@@ -1001,16 +1053,13 @@
 	RESERVED
 CVE-2008-5253
 	RESERVED
-CVE-2008-5252 [CSRF vulnerability affecting the Special:Import feature]
-	RESERVED
+CVE-2008-5252 (Cross-site request forgery (CSRF) vulnerability in the
Special:Import ...)
 	- mediawiki 1:1.13.3-1 (bug #508870)
 CVE-2008-5251
 	RESERVED
-CVE-2008-5250 [local script injection vulnerabilities on MediaWiki
installations with uploads enabled]
-	RESERVED
+CVE-2008-5250 (Cross-site scripting (XSS) vulnerability in MediaWiki before
1.6.11, ...)
 	- mediawiki 1:1.13.3-1 (bug #508869)
-CVE-2008-5249 [XSS vulnerability affecting all MediaWiki installations between
1.13.0 and 1.13.2]
-	RESERVED
+CVE-2008-5249 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0
through ...)
 	- mediawiki <not-affected> (vulnerable code was introduced in 1.13.0)
 	TODO: [experimental] - mediawiki 1:1.13.3-1 (bug #508868)
 CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the
Real ...)
@@ -1046,7 +1095,6 @@
 CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation
before ...)
 	- xine-lib 1.1.14-3 (low)
 CVE-2008-5244 (Unspecified vulnerability in xine-lib before 1.1.15 has unknown
impact ...)
-	{DTSA-181-1}
 	- xine-lib 1.1.14-3
 	- faad2 2.6.1-1
 	- mplayer 1.0~rc2-20 (bug #407010)
@@ -1168,11 +1216,11 @@
 	- wireshark 1.0.5-1 (low; bug #506741)
 CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably
other ...)
 	- shadow 1:4.1.1-6 (bug #505271)
-CVE-2008-5706 [possibility of attack with the help of symlinks]
+CVE-2008-5706 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger
...)
 	- verlihub <unfixed> (low; bug #506530)
 	TODO: further investigation on this package is needed
 	NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats
-CVE-2008-5705 [verlihub remote command execution]
+CVE-2008-5705 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger
...)
 	- verlihub <unfixed> (low; bug #506530)
 	TODO: further investigation on this package is needed
 	NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats
@@ -1426,8 +1474,8 @@
 	NOT-FOR-US: PHPKB
 CVE-2008-5087 (SQL injection vulnerability in TYPO3 Another Backend Login ...)
 	NOT-FOR-US: wrg_anotherbelogin extension for typo3
-CVE-2008-5086
-	RESERVED
+CVE-2008-5086 (Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if
a ...)
+	TODO: check
 CVE-2008-5085
 	RESERVED
 CVE-2008-5084
@@ -1447,8 +1495,8 @@
 	- linux-2.6 2.6.26-12
 	- linux-2.6.24 <removed>
 	NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
-CVE-2008-5078
-	RESERVED
+CVE-2008-5078 (Multiple buffer overflows in the (1) recognize_eps_file function
...)
+	TODO: check
 CVE-2008-5077
 	RESERVED
 CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0
(aka ...)
@@ -2499,6 +2547,7 @@
 CVE-2008-4611 (SQL injection vulnerability in index.php in PHP Arsivimiz Php
...)
 	NOT-FOR-US: PHP Arsivimiz Php Ziyaretci Defteri
 CVE-2008-4610 (MPlayer allows remote attackers to cause a denial of service
...)
+	{DTSA-181-1}
 	- mplayer 1.0~rc2-20 (low; bug #407010)
 	NOTE: only the aac issue affected mplayer because it built against a copy of
faad
 	NOTE: the ogm issue is a problem in ffmpeg
@@ -3343,7 +3392,7 @@
 	RESERVED
 CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual
...)
 	NOT-FOR-US: Microsoft Visual Basic
-CVE-2008-4255 (The Windows Common ActiveX control (mscomct2.ocx) in Microsoft
Visual ...)
+CVE-2008-4255 (Heap-based buffer overflow in mscomct2.ocx (aka Windows Common
ActiveX ...)
 	NOT-FOR-US: Microsoft Visual Basic
 CVE-2008-4254 (Multiple integer overflows in the Hierarchical FlexGrid ActiveX
...)
 	NOT-FOR-US: Microsoft Visual Basic
@@ -3654,8 +3703,7 @@
 	RESERVED
 CVE-2008-4123
 	RESERVED
-CVE-2008-4122
-	RESERVED
+CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session
cookie in ...)
 	NOT-FOR-US: Joomla
 CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in
cpCommerce ...)
 	NOT-FOR-US: cpCommerce
@@ -5365,7 +5413,7 @@
 	NOT-FOR-US: Microsoft Excel
 CVE-2008-3476 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly
handle ...)
 	NOT-FOR-US: Microsoft
-CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors
...)
+CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors
related ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-3474 (Microsoft Internet Explorer 6 and 7 does not properly determine
the ...)
 	NOT-FOR-US: Microsoft
@@ -7894,8 +7942,7 @@
 CVE-2008-2381 [gforge sql injection in GroupJoinRequest.class.php]
 	RESERVED
 	- gforge 4.7~rc2-7
-CVE-2008-2380 [SQL injection vulnerability with PGSQL]
-	RESERVED
+CVE-2008-2380 (SQL injection vulnerability in authpgsqllib.c in Courier-Authlib
...)
 	{DSA-1688-1 DTSA-180-1}
 	- courier-authlib 0.61.0-1+lenny1
 CVE-2008-2379 (Cross-site scripting (XSS) vulnerability in SquirrelMail before
1.4.17 ...)
@@ -11000,8 +11047,7 @@
 	- graphicsmagick 1.1.11-3.2 (medium; bug #414370)
 CVE-2008-1095 (Unspecified vulnerability in the Internet Protocol (IP)
implementation ...)
 	NOT-FOR-US: Sun Solaris
-CVE-2008-1094
-	RESERVED
+CVE-2008-1094 (SQL injection vulnerability in index.cgi in the Account View
page in ...)
 	NOT-FOR-US: Barracuda Spam Firewall
 CVE-2008-1093 (Acresso InstallShield Update Agent does not properly verify the
...)
 	NOT-FOR-US: FLEXnet Connect 
@@ -11275,8 +11321,7 @@
 	NOT-FOR-US: Double-Take
 CVE-2008-0972
 	RESERVED
-CVE-2008-0971
-	RESERVED
+CVE-2008-0971 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi
in ...)
 	NOT-FOR-US: Barracuda Networks products
 CVE-2008-0970
 	RESERVED
@@ -65033,7 +65078,7 @@
 CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may
allow ...)
 	{DSA-590-1}
 	- gnats 4.0-6.1
-CVE-2004-0622 (Mac OS X 10.3.4 does not properly clear memory for user login,
...)
+CVE-2004-0622 (Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions
does ...)
 	NOT-FOR-US: MacOS
 CVE-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...)
 	NOT-FOR-US: Newsletter ZWS
Secure testing commits - Dec 2008 - r10790 - data/CVE

[Secure-testing-commits] r10790 - data/CVE
