joeyh at alioth.debian.org
2007-Sep-12 09:14 UTC
[Secure-testing-commits] r6585 - data/CVE
Author: joeyh
Date: 2007-09-12 09:14:06 +0000 (Wed, 12 Sep 2007)
New Revision: 6585
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-09-12 08:39:26 UTC (rev 6584)
+++ data/CVE/list 2007-09-12 09:14:06 UTC (rev 6585)
@@ -764,7 +764,7 @@
- nufw 2.2.4-1 (bug #439227)
[etch] - nufw <not-affected>
CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka
libid3) ...)
- {DSA-1365-1}
+ {DSA-1365-2 DSA-1365-1}
- id3lib3.8.3 3.8.3-7 (low; bug #438540)
CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and
other SIP ...)
NOT-FOR-US: Cisco IP Phone
@@ -3678,16 +3678,21 @@
CVE-2007-3194 (** DISPUTED ** ...)
NOT-FOR-US: myBloggie
CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the ...)
+ {DSA-1371-1}
- phpwiki 1.3.12p3-6.1 (low; bug #429201)
CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System
(JFFNMS) ...)
+ {DSA-1374-1}
- jffnms 0.8.3dfsg.1-4 (medium)
NOTE: 20_security.dpatch is addressing this bug however the maintainer
didn''t include
NOTE: a note about the CVE id.
CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows
remote ...)
+ {DSA-1374-1}
- jffnms 0.8.3dfsg.1-4
CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For
Fun ...)
+ {DSA-1374-1}
- jffnms 0.8.3dfsg.1-4
CVE-2007-3189 (Cross-site scripting (XSS) vulnerability in auth.php in Just For
Fun ...)
+ {DSA-1374-1}
- jffnms 0.8.3dfsg.1-4
CVE-2007-3188 (SQL injection vulnerability in down_indir.asp in Fullaspsite
GeometriX ...)
NOT-FOR-US: Fullaspsite GeometriX Download Portal
@@ -5921,7 +5926,7 @@
CVE-2007-2246 (Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when
running ...)
NOT-FOR-US: HP-UX
CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
- {DSA-1370-1}
+ {DSA-1370-2 DSA-1370-1}
- phpmyadmin 4:2.10.1-1 (low)
NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4
CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3 allow
...)
@@ -6419,8 +6424,10 @@
[etch] - file <no-dsa> (Hardly any security impact)
[sarge] - file <not-affected> (version too old)
CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature
...)
+ {DSA-1371-1}
- phpwiki 1.3.12p3-6.1 (bug #441390)
CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature
...)
+ {DSA-1371-1}
- phpwiki 1.3.12p3-6.1 (bug #441390)
CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the
authorization and ...)
NOT-FOR-US: Secustick USB flash drive
@@ -7952,7 +7959,7 @@
- php5 <unfixed> (unimportant)
NOTE: Non-issue
CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin
2.8.0 ...)
- {DSA-1370-1}
+ {DSA-1370-2 DSA-1370-1}
- phpmyadmin 4:2.10.0.2-1 (medium)
[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-1394 (Direct static code injection vulnerability in startsession.php
in Flat ...)
@@ -8125,7 +8132,7 @@
- serendipity <unfixed> (unimportant)
NOTE: http://blog.s9y.org/archives/164-Serendipity-1.1.2-released.html
CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php
in ...)
- {DSA-1370-1}
+ {DSA-1370-2 DSA-1370-1}
- phpmyadmin 4:2.10.0.2-1
[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the
...)
@@ -10997,13 +11004,13 @@
CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in
LunarPoll, when ...)
NOT-FOR-US: LunarPoll
CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass
Allow/Deny ...)
- {DSA-1370-1}
+ {DSA-1370-2 DSA-1370-1}
- phpmyadmin 4:2.9.1.1-2 (medium)
CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the
full ...)
- phpmyadmin 4:2.9.1.1-2 (unimportant)
NOTE: Only path disclosure
CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in
PhpMyAdmin ...)
- {DSA-1370-1}
+ {DSA-1370-2 DSA-1370-1}
- phpmyadmin 4:2.9.1.1-2 (medium)
NOTE: All versions 2.9.1 is vulnerable, solution is 2.9.1.1 or newer.
CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote
attackers to ...)