jmm-guest at alioth.debian.org
2007-Sep-03 23:10 UTC
[Secure-testing-commits] r6486 - data/CVE
Author: jmm-guest Date: 2007-09-03 23:10:38 +0000 (Mon, 03 Sep 2007) New Revision: 6486 Modified: data/CVE/list Log: php, mozilla non-issues po4a no-dsa NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-03 21:56:41 UTC (rev 6485) +++ data/CVE/list 2007-09-03 23:10:38 UTC (rev 6486) @@ -75,11 +75,12 @@ CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...) NOT-FOR-US: SunShop Shopping Cart CVE-2007-4596 (The perl extension in PHP does not follow safe_mode restrictions, ...) - TODO: check + - php5 <unfixed> (unimportant) + NOTE: Safe mode violations not treated as vulnerabilities CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows ...) TODO: check CVE-2007-4594 (Entrust Entelligence Security Provider (ESP) 8 does not properly ...) - TODO: check + NOT-FOR-US: Entrust Entelligence Security Provider CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 ...) NOT-FOR-US: VMWare Workstation CVE-2007-4592 @@ -276,7 +277,7 @@ CVE-2007-4508 (Stack-based buffer overflow in Rebellion Asura engine, as used for the ...) NOT-FOR-US: Rebellion Asura engine CVE-2007-4507 (Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 ...) - TODO: check + NOT-FOR-US: External PHP component only relevant for Windows CVE-2007-4506 (SQL injection vulnerability in index.php in the NeoRecruit component ...) NOT-FOR-US: NeoRecruit component for Joomla! CVE-2007-4505 (SQL injection vulnerability in index.php in the RemoSitory component ...) @@ -292,25 +293,25 @@ CVE-2007-4500 (Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 ...) NOT-FOR-US: SSHKeychain CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American ...) - TODO: check + NOT-FOR-US: American Financing eMail Image Upload CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...) NOT-FOR-US: Grandstream SIP Phone -CVE-2007-4497 +3BCVE-2007-4497 RESERVED CVE-2007-4496 RESERVED CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on ...) - TODO: check + NOT-FOR-US: Solaris CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before ...) TODO: check CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check ...) TODO: check CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in Sun ...) - TODO: check + NOT-FOR-US: Solaris CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows ...) TODO: check CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ...) - TODO: check + NOT-FOR-US: Trend Micro CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...) TODO: check CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the Siemens ...) @@ -356,7 +357,7 @@ CVE-2007-4468 RESERVED CVE-2007-4467 (Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX ...) - TODO: check + NOT-FOR-US: Oracle CVE-2007-4466 RESERVED CVE-2006-7222 (Buffer overflow in the CFLICStream::_deltachunk function in ...) @@ -373,6 +374,7 @@ NOT-FOR-US: Total Commander CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to ...) - po4a 0.31-1 (bug #439226) + [etch] - po4a <no-dsa> (Minor issue) CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote ...) - nufw 2.2.4-1 (bug #439227) [etch] - nufw <not-affected> @@ -469,7 +471,7 @@ CVE-2007-4417 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not ...) NOT-FOR-US: IBM DB2 CVE-2007-4416 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: BellaBook CVE-2007-4415 (Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 ...) NOT-FOR-US: Cisco VPN client/windows CVE-2007-4414 (Cisco VPN Client on Windows before 4.8.02.0010 allows local users to ...) @@ -541,7 +543,7 @@ CVE-2007-4384 (Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in ...) NOT-FOR-US: Stephane Pineau VOTE CVE-2007-4383 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Trackeur CVE-2007-4382 (CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote ...) TODO: check CVE-2007-4381 (Unspecified vulnerability in the font parsing implementation in Sun ...) @@ -610,10 +612,10 @@ CVE-2007-4358 (Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of ...) NOT-FOR-US: Zoidcom CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof ...) - - mozilla-firefox <removed> - - mozilla <removed> - - iceweasel <unfixed> - - iceape <unfixed> + - mozilla-firefox <removed> (unimportant) + - mozilla <removed> (unimportant) + - iceweasel <unfixed> (unimportant) + - iceape <unfixed> (unimportant) CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2007-4355 (Buffer overflow in the at program on IBM AIX 5.3 allows local users to ...) @@ -904,9 +906,9 @@ CVE-2007-4222 RESERVED CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for ...) - TODO: check + NOT-FOR-US: Motorola Timbuktu CVE-2007-4220 (Directory traversal vulnerability in Motorola Timbuktu Pro before ...) - TODO: check + NOT-FOR-US: Motorola Timbuktu CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as ...) TODO: check CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) ...) @@ -1088,7 +1090,7 @@ CVE-2007-4133 RESERVED CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 ...) - TODO: check + NOT-FOR-US: Red Hat Satellite Server CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...) - tar <unfixed> (high; bug #439335) CVE-2007-4130