thr3ads.net - Secure testing commits - [Secure-testing-commits] r7249

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Nov-08 21:14 UTC
[Secure-testing-commits] r7249 - data/CVE

Author: joeyh
Date: 2007-11-08 21:14:09 +0000 (Thu, 08 Nov 2007)
New Revision: 7249

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-11-08 21:11:40 UTC (rev 7248)
+++ data/CVE/list	2007-11-08 21:14:09 UTC (rev 7249)
@@ -1,3 +1,17 @@
+CVE-2007-5893 (HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows
remote ...)
+	TODO: check
+CVE-2007-5892 (Stack-based buffer overflow in the pdg2.dll ActiveX control in
...)
+	TODO: check
+CVE-2007-5891 (Multiple cross-site scripting (XSS) vulnerabilities in
jsp/Login.do in ...)
+	TODO: check
+CVE-2007-5890 (Directory traversal vulnerability in index.php in easyGB 2.1.1
allows ...)
+	TODO: check
+CVE-2007-5889 (Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0
Alpha ...)
+	TODO: check
+CVE-2007-5888 (Cross-site scripting (XSS) vulnerability in displayecard.php in
...)
+	TODO: check
+CVE-2007-5887 (SQL injection vulnerability in boards/printer.asp in ASP Message
Board ...)
+	TODO: check
 CVE-2007-5886
 	RESERVED
 CVE-2007-5885
@@ -290,8 +304,7 @@
 	RESERVED
 CVE-2007-5742
 	RESERVED
-CVE-2007-5741 [Plone interprets network data as Python pickles]
-	RESERVED
+CVE-2007-5741 (Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote
attackers ...)
 	- zope-cmfplone 2.5.2-2 (bug #449523)
 	NOTE: Fix available:
 	NOTE: http://plone.org/about/security/advisories/cve-2007-5741
@@ -1063,7 +1076,8 @@
 	- mnogosearch 3.3.4-4.1 (low; bug #447753)
 CVE-2007-5587 (Buffer overflow in Macrovision SafeDisc secdrv.sys, as shipped
in ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2007-5586 (Unspecified vulnerability in a driver in Microsoft Windows XP
SP2 and ...)
+CVE-2007-5586
+	REJECTED
 	NOT-FOR-US: Microsoft Windows
 CVE-2007-5585 (xscreensaver 5.03 and earlier, when running without ...)
 	- xscreensaver <unfixed> (medium; bug #448157)
@@ -1077,8 +1091,8 @@
 	RESERVED
 CVE-2007-5582
 	RESERVED
-CVE-2007-5581
-	RESERVED
+CVE-2007-5581 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
 CVE-2007-5580
 	RESERVED
 CVE-2003-1428 (Gallery 1.3.3 creates directories with insecure permissions,
which ...)
@@ -1704,12 +1718,11 @@
 	RESERVED
 CVE-2007-5396
 	RESERVED
-CVE-2007-5395
-	RESERVED
+CVE-2007-5395 (Stack-based buffer overflow in the separate_word function in
...)
+	TODO: check
 CVE-2007-5394
 	RESERVED
-CVE-2007-5393 [xpdf buffer overflow in CCITTFaxStream::lookChar()]
-	RESERVED
+CVE-2007-5393 (Heap-based buffer overflow in the CCITTFaxStream::lookChar
method in ...)
 	- poppler <unfixed> (medium; bug #450628)
 	- kdegraphics <unfixed> (medium; bug #450630)
 	- xpdf <unfixed> (medium; bug #450629)
@@ -1725,8 +1738,7 @@
 	NOTE: cups uses xpdf-utils and poppler-utils
 	- libextractor 0.5.12-1
 	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as
fixed
-CVE-2007-5392 [xpdf buffer overflow in DCTStream::reset()]
-	RESERVED
+CVE-2007-5392 (Integer overflow in the DCTStream::reset method in
xpdf/Stream.cc in ...)
 	- poppler <unfixed> (medium; bug #450628)
 	- kdegraphics <unfixed> (medium; bug #450630)
 	- xpdf <unfixed> (medium; bug #450629)
@@ -2457,7 +2469,7 @@
 	{DTSA-67-1}
 	- nagios-plugins 1.4.8-2.2 (low; bug #445475)
 	NOTE: Requires the webserver, which has to be checked, to be compromised
-CVE-2007-5197 (Buffer overflow in the Mono.Math.BigInteger class in Mono allows
...)
+CVE-2007-5197 (Buffer overflow in the Mono.Math.BigInteger class in Mono
1.2.5.1 and ...)
 	{DSA-1397-1 DTSA-76-1}
 	- mono 1.2.5.1-2
 CVE-2007-5196 (Unspecified vulnerability in the SSL implementation in Groupwise
...)
@@ -2635,8 +2647,7 @@
 	NOT-FOR-US: Solaris
 CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in
FrontAccounting ...)
 	NOT-FOR-US: FrontAccounting
-CVE-2007-5116 [overflow in Perl''s regular expression compiler]
-	RESERVED
+CVE-2007-5116 (Buffer overflow in the polymorphic opcode support in the Regular
...)
 	{DSA-1400-1}
 	- perl <unfixed> (medium)
 	NOTE: http://public.activestate.com/cgi-bin/perlbrowse/30647
@@ -3424,16 +3435,13 @@
 	RESERVED
 CVE-2007-4769
 	RESERVED
-CVE-2007-4768
-	RESERVED
+CVE-2007-4768 (Heap-based buffer overflow in Perl-Compatible Regular Expression
...)
 	{DSA-1399-1 DTSA-77-1}
 	- pcre3 7.3-1
-CVE-2007-4767
-	RESERVED
+CVE-2007-4767 (Perl-Compatible Regular Expression (PCRE) library before 7.3
does not ...)
 	{DSA-1399-1 DTSA-77-1}
 	- pcre3 7.3-1
-CVE-2007-4766
-	RESERVED
+CVE-2007-4766 (Multiple integer overflows in Perl-Compatible Regular Expression
...)
 	{DSA-1399-1 DTSA-77-1}
 	- pcre3 7.3-1
 CVE-2007-4765
@@ -3639,18 +3647,18 @@
 	RESERVED
 CVE-2007-4678
 	RESERVED
-CVE-2007-4677
-	RESERVED
-CVE-2007-4676
-	RESERVED
-CVE-2007-4675
-	RESERVED
+CVE-2007-4677 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows
remote ...)
+	TODO: check
+CVE-2007-4676 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows
remote ...)
+	TODO: check
+CVE-2007-4675 (Heap-based buffer overflow in the QuickTime VR extension
7.2.0.240 in ...)
+	TODO: check
 CVE-2007-4674
 	RESERVED
 CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for
Windows XP ...)
 	NOT-FOR-US: Apple QuickTime
-CVE-2007-4672
-	RESERVED
+CVE-2007-4672 (Stack-based buffer overflow in Apple QuickTime before 7.3 allows
...)
+	TODO: check
 CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1 allows
...)
 	NOT-FOR-US: Safari
 CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact
and ...)
@@ -4414,8 +4422,7 @@
 	NOT-FOR-US: AIX
 CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local
users in ...)
 	NOT-FOR-US: AIX
-CVE-2007-4352 [xpdf memory corruption in DCTStream::readProgressiveDataUnit()]
-	RESERVED
+CVE-2007-4352 (Array index error in the DCTStream::readProgressiveDataUnit
method in ...)
 	- poppler <unfixed> (medium; bug #450628)
 	- kdegraphics <unfixed> (medium; bug #450630)
 	- xpdf <unfixed> (medium; bug #450629)
@@ -4705,8 +4712,8 @@
 	- kdebase 4:3.5.7-3 (bug #433072; low)
 	[sarge] - kdebase <no-dsa> (Minor issue)
 	[etch] - kdebase <no-dsa> (Minor issue)
-CVE-2007-4223
-	RESERVED
+CVE-2007-4223 (Dbgv.sys in Microsoft Sysinternals DebugView before 4.72
provides an ...)
+	TODO: check
 CVE-2007-4222 (Buffer overflow in the TagAttributeListCopy function in
nnotes.dll in ...)
 	NOT-FOR-US: IBM Lotus Notes
 CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5
for ...)
@@ -4906,8 +4913,7 @@
 	- tar 1.18-2 (medium; bug #439335)
 CVE-2007-4130
 	RESERVED
-CVE-2007-4129 [coolkey incorrect cache file handling]
-	RESERVED
+CVE-2007-4129 (CoolKey 1.1.0 allows local users to overwrite arbitrary files
via a ...)
 	- coolkey 1.1.0-3
 CVE-2007-4128 (SQL injection vulnerability in index.php in the Firestorm
Technologies ...)
 	NOT-FOR-US: com_gmaps for Joomla!
@@ -5374,8 +5380,9 @@
 	- sun-java5 1.5.0-12-2
 	[etch] - sun-java5 <no-dsa> (non-free not supported)
 	- sun-java6 6-02-1
-CVE-2007-3921
-	RESERVED
+CVE-2007-3921 (gforge 3.1 and 4.5.14 allows local users to truncate arbitrary
files ...)
+	{DSA-1402-1}
+	TODO: check
 CVE-2007-3920 (GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz,
does not ...)
 	{DTSA-75-1}
 	- gnome-screensaver 2.20.0-1.1
@@ -5795,10 +5802,10 @@
 	NOT-FOR-US: Aplle iPhone
 CVE-2007-3752 (Heap-based buffer overflow in Apple iTunes before 7.4 allows
remote ...)
 	NOT-FOR-US: iTunes
-CVE-2007-3751
-	RESERVED
-CVE-2007-3750
-	RESERVED
+CVE-2007-3751 (Unspecified vulnerability in QuickTime for Java in Apple
QuickTime ...)
+	TODO: check
+CVE-2007-3750 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows
remote ...)
+	TODO: check
 CVE-2007-3749
 	RESERVED
 CVE-2007-3748 (Buffer overflow in the UPnP IGD (Internet Gateway Device
Standardized ...)
@@ -9061,8 +9068,8 @@
 	NOT-FOR-US: Apple Quicktime
 CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime
before ...)
 	NOT-FOR-US: Apple Quicktime
-CVE-2007-2395
-	RESERVED
+CVE-2007-2395 (Unspecified vulnerability in Apple QuickTime before 7.3 allows
remote ...)
+	TODO: check
 CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X
10.3.9 and ...)
 	NOT-FOR-US: Apple Quicktime
 CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2
allows ...)
@@ -10782,20 +10789,16 @@
 	{DSA-1318-1}
 	- ekg 1:1.7~rc2-2 (low)
 	[sarge] - ekg <not-affected> (Vulnerable code not present)
-CVE-2007-1662
-	RESERVED
+CVE-2007-1662 (Perl-Compatible Regular Expression (PCRE) library before 7.3
reads ...)
 	{DSA-1399-1 DTSA-77-1}
 	- pcre3 7.3-1
-CVE-2007-1661
-	RESERVED
+CVE-2007-1661 (Perl-Compatible Regular Expression (PCRE) library before 7.3
...)
 	{DSA-1399-1 DTSA-77-1}
 	- pcre3 7.3-1
-CVE-2007-1660
-	RESERVED
+CVE-2007-1660 (Perl-Compatible Regular Expression (PCRE) library before 7.3
does not ...)
 	{DSA-1399-1 DTSA-77-1}
 	- pcre3 7.3-1
-CVE-2007-1659
-	RESERVED
+CVE-2007-1659 (Perl-Compatible Regular Expression (PCRE) library before 7.3
allows ...)
 	{DSA-1399-1 DTSA-77-1}
 	- pcre3 7.3-1
 CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow
user-assisted ...)
Secure testing commits - Nov 2007 - r7249 - data/CVE

[Secure-testing-commits] r7249 - data/CVE
