thr3ads.net - Secure testing commits - [Secure-testing-commits] r7366

If this information is useful, please help other people find it:
Share via:
nion at alioth.debian.org
2007-Nov-21 12:00 UTC
[Secure-testing-commits] r7366 - data/CVE

Author: nion
Date: 2007-11-21 12:00:09 +0000 (Wed, 21 Nov 2007)
New Revision: 7366

Modified:
   data/CVE/list
Log:
NFUs
CVE-2007-6025 fixed in wpasupplicant 0.6.0-4
new issue: CVE-2007-6013(wordpress)
new issue: CVE-2007-5500(linux-2.6)
add note for CVE-2007-6029(clamav)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-11-20 23:37:49 UTC (rev 7365)
+++ data/CVE/list	2007-11-21 12:00:09 UTC (rev 7366)
@@ -1,9 +1,9 @@
 CVE-2007-6038 (PHP remote file inclusion vulnerability in xajax_functions.php
in the ...)
-	TODO: check
+	NOT-FOR-US: Joomla! extension
 CVE-2007-6037 (Cross-site scripting (XSS) vulnerability in
ws/generic_api_call.pl in ...)
 	NOT-FOR-US: Citrix NetScaler
 CVE-2007-6036 (The parseRTSPRequestString function in LIVE555 Media Server
2007.11.01 ...)
-	TODO: check
+	NOT-FOR-US: LIVE555 Media Server
 CVE-2007-6034 (ngIRCd before 0.10.3 allows remote attackers to cause a denial
of ...)
 	- ngircd 0.10.3-1
 	[etch] - ngircd <no-dsa> (Minor issue) 
@@ -17,14 +17,15 @@
 	NOT-FOR-US: Weird Solutions BOOTPTurbo
 CVE-2007-6029 (Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows
remote ...)
 	TODO: check
+	NOTE: this is an undisclosed vulnerability which is up for sale :/
 CVE-2007-6028 (Multiple stack-based buffer overflows in the
VSFlexGrid.VSFlexGridL ...)
 	NOT-FOR-US: ComponentOne FlexGrid
 CVE-2007-6027 (PHP remote file inclusion vulnerability in admin.jjgallery.php
in the ...)
-	TODO: check
+	NOT-FOR-US: Joomla! extension
 CVE-2007-6026 (Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0
(aka ...)
 	NOT-FOR-US: Microsoft Jet Engine
 CVE-2007-6025 (Stack-based buffer overflow in driver_wext.c in wpa_supplicant
0.6.0 ...)
-	TODO: check
+	- wpasupplicant 0.6.0-4
 CVE-2007-6024
 	RESERVED
 CVE-2007-6023
@@ -48,13 +49,15 @@
 CVE-2007-6014
 	RESERVED
 CVE-2007-6013 (Wordpress 1.5 to 2.3.1 uses cookie values based on the MD5 hash
of a ...)
-	TODO: check
+	- wordpress <unfixed> (low; bug #452251)
+	NOTE: if untrusted people are allowed to read the database they could still
+	NOTE: crack the hash with more work, so maybe this is unimportant?
 CVE-2007-6012 (SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0
allows ...)
 	NOT-FOR-US: DocuSafe
 CVE-2004-2757 (Cross-site scripting (XSS) vulnerability in the failed login
page in ...)
-	TODO: check
+	NOT-FOR-US: Novell iChain
 CVE-2004-2756 (Cross-site scripting (XSS) vulnerability in viewtopic.php in
Xoops ...)
-	TODO: check
+	NOT-FOR-US: Xoops
 CVE-2002-2426 (Cross-site request forgery (CSRF) vulnerability in Citrix
Presentation ...)
 	TODO: check
 CVE-2007-6035 (SQL injection vulnerability in Cacti before 0.8.7a allows remote
...)
@@ -1857,7 +1860,8 @@
 	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in
2.6.21)
 	NOTE:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96a2d41a3e495734b63bff4e5dd0112741b93b38
 CVE-2007-5500 (The wait_task_stopped function in the Linux kernel before
2.6.23.8 ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	NOTE: kernel-sec is already tracking this
 CVE-2007-5499
 	RESERVED
 CVE-2007-5498
Secure testing commits - Nov 2007 - r7366 - data/CVE

[Secure-testing-commits] r7366 - data/CVE
