thijs at alioth.debian.org
2007-Sep-09 14:32 UTC
[Secure-testing-commits] r6551 - data/CVE
Author: thijs Date: 2007-09-09 14:32:21 +0000 (Sun, 09 Sep 2007) New Revision: 6551 Modified: data/CVE/list Log: many firebird vulnerabilities reprepro does not affect sarge filed bug for gallery2 sarge/etch backup-manager some NFU''s Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-09 13:08:27 UTC (rev 6550) +++ data/CVE/list 2007-09-09 14:32:21 UTC (rev 6551) @@ -25,6 +25,7 @@ CVE-2007-4739 (reprepro 1.3.0 through 2.2.3 does not properly verify signatures when ...) - reprepro 2.2.4-1 (high; bug #440535) NOTE: patch for etch in the BTS + [sarge] - reprepro <not-affected> (Vulnerable code introduced in 1.3.0) CVE-2007-4738 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP ...) NOT-FOR-US: SpeedTech PHP Library CVE-2007-4737 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP ...) @@ -174,17 +175,29 @@ CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact and ...) TODO: check CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated ...) - TODO: check + - firebird2.0 <unfixed> (bug #441405) + [etch] - firebird2 <unfixed> + [sarge] - firebird2 <unfixed> CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...) - TODO: check + - firebird2.0 <unfixed> (bug #441405) + [etch] - firebird2 <unfixed> + [sarge] - firebird2 <unfixed> CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before 2.0.2 ...) - TODO: check + - firebird2.0 <unfixed> (bug #441405) + [etch] - firebird2 <unfixed> + [sarge] - firebird2 <unfixed> CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before 2.0.2, when ...) - TODO: check + - firebird2.0 <unfixed> (bug #441405) + [etch] - firebird2 <unfixed> + [sarge] - firebird2 <unfixed> CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...) - TODO: check + - firebird2.0 <unfixed> (bug #441405) + [etch] - firebird2 <unfixed> + [sarge] - firebird2 <unfixed> CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2) create ...) - TODO: check + - firebird2.0 <unfixed> (bug #441405) + [etch] - firebird2 <unfixed> + [sarge] - firebird2 <unfixed> CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...) TODO: check CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before ...) @@ -200,21 +213,23 @@ CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...) TODO: check CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP ...) - TODO: check + - backup-manager 0.7.6-3 (bug #439392) CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE Shopping ...) - TODO: check + NOT-FOR-US: CGI RESCUE Shopping Basket CVE-2007-4654 (Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on ...) - TODO: check + NOT-FOR-US: SSHield CVE-2007-4653 (SQL injection vulnerability in links.php in the Links MOD 1.2.2 and ...) - TODO: check + NOT-FOR-US: Cisco Content Services Switch CVE-2007-4652 (PHP before 5.2.4 might allow local users to bypass open_basedir ...) TODO: check CVE-2007-4651 RESERVED CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow ...) - TODO: check + - gallery2 2.2.3-1 + [etch] - gallery2 <unfixed> (bug #441407) + NOTE: does not affect gallery 1.x (package ''gallery'') CVE-2005-4861 (functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows ...) - TODO: check + NOT-FOR-US: Ragnarok CVE-2007-XXXX [libgd several issues] - libgd2 2.0.35.dfsg-2 CVE-2007-4649 (MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and ...) @@ -2694,7 +2709,9 @@ CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC ...) TODO: check CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users ...) - TODO: check + - firebird2.0 <unfixed> (bug #441405) + [etch] - firebird2 <unfixed> + [sarge] - firebird2 <unfixed> CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier ...) NOT-FOR-US: Buddy Zone CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers to ...) @@ -3564,7 +3581,9 @@ CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in Calendarix ...) NOT-FOR-US: Calendarix CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows ...) - - firebird2 <unfixed> (medium) + - firebird2.0 <unfixed> (medium) + [etch] - firebird2 <unfixed> (medium) + [sarge] - firebird2 <unfixed> (medium) CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP Windows ...) NOT-FOR-US: HP CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in Particle ...) @@ -4929,7 +4948,9 @@ CVE-2007-2607 (PHP remote file inclusion vulnerability in views/print/printbar.php in ...) NOT-FOR-US: LaVague CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger ...) - - firebird2 <unfixed> (low) + - firebird2.0 <unfixed> (low) + [etch] - firebird2 <unfixed> (low) + [sarge] - firebird2 <unfixed> (low) CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ...) NOT-FOR-US: Brujula Toolbar CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control allows ...)