thr3ads.net - Secure testing commits - [Secure-testing-commits] r6567

If this information is useful, please help other people find it:
Share via:
keescook-guest at alioth.debian.org
2007-Sep-10 23:03 UTC
[Secure-testing-commits] r6567 - data/CVE

Author: keescook-guest
Date: 2007-09-10 23:03:16 +0000 (Mon, 10 Sep 2007)
New Revision: 6567

Modified:
   data/CVE/list
Log:
NFUs: 31
unfixed: alien-arena tomcat5.5
fixed: dar nvclock sun-java6 wordpress
not-affected: apache2
removed: tomcat5
fixed name of t1lib


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-09-10 21:14:09 UTC (rev 6566)
+++ data/CVE/list	2007-09-10 23:03:16 UTC (rev 6567)
@@ -1,27 +1,27 @@
 CVE-2007-4764 (Directory traversal vulnerability in pawfaliki.php in Pawfaliki
0.5.1 ...)
-	TODO: check
+	NOT-FOR-US: Pawfaliki
 CVE-2007-4763 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: PHPOF
 CVE-2007-4762 (Multiple SQL injection vulnerabilities in embadmin/login.asp in
...)
-	TODO: check
+	NOT-FOR-US: E-SMARTCART
 CVE-2007-4761 (Unrestricted file upload vulnerability in upload.php in Barbo91
1.1 ...)
-	TODO: check
+	NOT-FOR-US: Barbo91
 CVE-2007-4760 (The javadoc tool in Cosminexus Developer''s Kit for Java
in Cosminexus ...)
-	TODO: check
+	NOT-FOR-US: Cosminexus Developer''s Kit
 CVE-2007-4759 (Multiple unspecified vulnerabilities in the image-processing
APIs in ...)
-	TODO: check
+	NOT-FOR-US: Cosminexus Developer''s Kit
 CVE-2007-4758 (Multiple buffer overflows in the image-processing APIs in
Cosminexus ...)
-	TODO: check
+	NOT-FOR-US: Cosminexus Developer''s Kit
 CVE-2007-4757 (PHP remote file inclusion vulnerability in menu.php in
phpMytourney ...)
-	TODO: check
+	NOT-FOR-US: phpMytourney
 CVE-2007-4756 (Directory traversal vulnerability in the FTP client in Total
Commander ...)
-	TODO: check
+	NOT-FOR-US: Total Commander
 CVE-2007-4755 (Alien Arena 2007 6.10 and earlier allows remote attackers to
cause a ...)
-	TODO: check
+	- alien-arena <unfixed> (low)
 CVE-2007-4754 (Format string vulnerability in the safe_bprintf function in ...)
-	TODO: check
+	- alien-arena <unfixed> (medium)
 CVE-2007-4753 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Thomson ST 2030 SIP phone
 CVE-2007-4751
 	RESERVED
 CVE-2007-4750
@@ -609,13 +609,13 @@
 CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris
10 on ...)
 	NOT-FOR-US: Solaris
 CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9
before ...)
-	TODO: check
+	NOT-FOR-US: eZ publish
 CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly
check ...)
-	TODO: check
+	NOT-FOR-US: eZ publish
 CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in
Sun ...)
 	NOT-FOR-US: Solaris
 CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Gurur haber
 CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ...)
 	NOT-FOR-US: Trend Micro
 CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx
2.0.1 ...)
@@ -627,19 +627,19 @@
 CVE-2007-4486 (Multiple PHP remote file inclusion vulnerabilities in index.php
in ...)
 	NOT-FOR-US: Linkliste
 CVE-2007-4485 (PHP remote file inclusion vulnerability in visitor.php in
Butterfly ...)
-	TODO: check
+	NOT-FOR-US: Butterfly online visitors counter
 CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in
My_REFERER ...)
-	TODO: check
+	NOT-FOR-US: My_REFERER
 CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the
WordPress ...)
-	TODO: check
+	- wordpress 2.1.3-1 (medium)
 CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the
Pool ...)
-	TODO: check
+	NOT-FOR-US: Pool 1.0.7 theme for WordPress
 CVE-2007-4481 (Cross-site scripting (XSS) vulnerability in index.php in the (1)
Blix ...)
-	TODO: check
+	NOT-FOR-US: Rus themes for WordPress
 CVE-2007-4480 (Cross-site scripting (XSS) vulnerability in index.php in the
Sirius ...)
-	TODO: check
+	NOT-FOR-US: Sirius 1.0 theme for WordPress
 CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in
Search ...)
-	TODO: check
+	NOT-FOR-US: Search Engine Builder
 CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet
...)
 	TODO: check
 CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router
allows ...)
@@ -851,7 +851,7 @@
 CVE-2007-4383 (** DISPUTED ** ...)
 	NOT-FOR-US: Trackeur
 CVE-2007-4382 (CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows
remote ...)
-	TODO: check
+	NOT-FOR-US: CounterPath X-Lite
 CVE-2007-4381 (Unspecified vulnerability in the font parsing implementation in
Sun ...)
 	- sun-java5 1.5.0-10-1
 CVE-2007-4380 (Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2
...)
@@ -1216,9 +1216,9 @@
 CVE-2007-4220 (Directory traversal vulnerability in Motorola Timbuktu Pro
before ...)
 	NOT-FOR-US: Motorola Timbuktu
 CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in
StRpcSrv.dll, as ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro ServerProtect
 CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service
(SpntSvc.exe) ...)
-	TODO: check
+	NOT-FOR-US: Trend Micro ServerProtect
 CVE-2007-4217
 	RESERVED
 CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before
...)
@@ -1613,7 +1613,7 @@
 CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka
Yahoo! ...)
 	NOT-FOR-US: Yahoo! Widgets
 CVE-2007-4033 (Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in
PHP ...)
-	- libt1 <unfixed> (bug #439927)
+	- t1lib <unfixed> (bug #439927)
 	NOTE: originally posted as a php vuln, actually in libt1
 	NOTE: http://www.securityfocus.com/bid/25079 (particularly the discussions)
 CVE-2007-4032 (Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted
remote ...)
@@ -1950,7 +1950,7 @@
 CVE-2007-3874
 	RESERVED
 CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the
SSAPI ...)
-	TODO: check
+	NOT-FOR-US: SSAPI Engine
 CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace
Service ...)
 	NOT-FOR-US: HP OpenView
 CVE-2007-3871
@@ -2005,14 +2005,15 @@
 CVE-2007-3850
 	RESERVED
 CVE-2007-3849 (Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced
...)
-	TODO: check
+	NOT-FOR-US: RedHat Advanced Intrusion Detection Environment
 CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to
send ...)
 	{DSA-1356-1}
 	- linux-2.6 2.6.22-4
 CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy)
in ...)
-	TODO: check
+	- apache2 <not-affected> (low)
+	NOTE: Only 2.3.0 affected
 CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as
used ...)
-	TODO: check
+	NOT-FOR-US: TortoiseSVN on Windows
 CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and
2.x ...)
 	{DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
 	- iceweasel 2.0.0.6-1 (medium)
@@ -2346,7 +2347,7 @@
 CVE-2007-3717 (rcp on Sun Solaris 8, 9, and 10 before 20070710 does not
properly call ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2007-3716 (The Java XML Digital Signature implementation in Sun JDK and JRE
6 ...)
-	TODO: check
+	- sun-java6 6-02-1 (medium)
 CVE-2007-3715 (Sun Java System Application Server and Web Server 7.0 through
9.0 ...)
 	NOT-FOR-US: Sun Java System Application Server and Web Server
 CVE-2007-3714 (Directory traversal vulnerability in Ada Image Server (ImgSvr)
0.6.5 ...)
@@ -2380,7 +2381,7 @@
 CVE-2007-3701 (TippingPoint IPS before 20070710 does not properly handle a ...)
 	NOT-FOR-US: TippingPoint IPS
 CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity
Server) ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Access Manager
 CVE-2007-3699
 	RESERVED
 CVE-2007-3698 (The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6
Update 1 ...)
@@ -2556,7 +2557,7 @@
 CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard
1.0.2 ...)
 	NOT-FOR-US: Maia Mailguard
 CVE-2007-3618 (Stack-based buffer overflow in the NetWorker Remote Exec Service
...)
-	TODO: check
+	NOT-FOR-US: EMC Software NetWorker
 CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly
apply ...)
 	NOT-FOR-US: vtiger CRM
 CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated
users ...)
@@ -2736,13 +2737,13 @@
 	[sarge] - nvidia-kernel-common <no-dsa> (Contrib and non-free not
supported)
 	[etch] - nvidia-kernel-common <no-dsa> (Contrib and non-free not
supported)
 CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia
NVClock ...)
-	TODO: check
+	- nvclock 0.8b-1 (low)
 CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and
...)
 	NOT-FOR-US: PHPDirector
 CVE-2007-3529 (videos.php in PHPDirector 0.21 and earlier allows remote
attackers to ...)
 	NOT-FOR-US: PHPDirector
 CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC
...)
-	TODO: check
+	- dar 2.3.3-1 (low; bug #425335)
 CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated
users ...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
 	[etch] - firebird2 <unfixed>
@@ -3121,17 +3122,19 @@
 	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as
fixed
 	TODO: check ipe (only small parts, but with renamed source files:
ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp)
 CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager
Servlet ...)
-	TODO: check
+	- tomcat5.5 <unfixed>
 CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30,
4.1.0 ...)
-	TODO: check
+	- tomcat5.5 <unfixed>
+	- tomcat5 <removed>
 CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: tomcat 3.3
 CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in
the ...)
 	- tomcat4 <removed> (low)
 	[sarge] - tomcat4 <no-dsa> (minor issue)
 	NOTE: affects example app in tomcat4-webapps
 CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30,
4.1.0 ...)
-	TODO: check
+	- tomcat5.5 <unfixed>
+	- tomcat5.5 <removed>
 CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13,
2.16.x ...)
 	- gdm 2.18.4-1 (low)
 	[sarge] - gdm <no-dsa> (Minor issue)
@@ -4162,7 +4165,7 @@
 CVE-2007-2955 (Multiple unspecified &quot;input validation error&quot;
vulnerabilities in ...)
 	NOT-FOR-US: Norton Antivirus/Internet Security/System Works
 CVE-2007-2954 (Multiple stack-based buffer overflows in the Spooler service
...)
-	TODO: check
+	NOT-FOR-US: Novell Client
 CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...)
 	{DSA-1364-1}
 	- vim 1:7.1-056+1 (low)
@@ -10584,7 +10587,7 @@
 CVE-2007-0438
 	RESERVED
 CVE-2007-0437 (Multiple cross-site scripting (XSS) vulnerabilities in the
sample ...)
-	TODO: check
+	NOT-FOR-US: InterSystems Cache
 CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install
...)
 	NOT-FOR-US: X-Kryptor
 CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in
...)
@@ -32630,7 +32633,7 @@
 	- pine 4.64-1 (medium; bug #348407)
 	[sarge] - pine <no-dsa> (pine is non-free; doesn''t permit
distribution of modified binaries)
 CVE-2005-2932 (Multiple Check Point Zone Labs ZoneAlarm products before
7.0.362, ...)
-	TODO: check
+	NOT-FOR-US: Check Point Zone Labs ZoneAlarm
 CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server
8.20 ...)
 	NOT-FOR-US: Ipswitch Collaboration Suite
 CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote
...)
Secure testing commits - Sep 2007 - r6567 - data/CVE

[Secure-testing-commits] r6567 - data/CVE
