Author: nion Date: 2007-09-24 23:11:46 +0000 (Mon, 24 Sep 2007) New Revision: 6686 Modified: data/CVE/list Log: NFUs new issue: CVE-2007-5051 phpgedview new issue: CVE-2007-5049 poppler, xpdf CVE-2007-5045 iceweasel, icedove not-affected CVE-2007-5038 bugzilla, not-affected new issue: CVE-2007-5037 inotify-tools new issue: CVE-2007-5034 elinks Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-24 21:14:07 UTC (rev 6685) +++ data/CVE/list 2007-09-24 23:11:46 UTC (rev 6686) @@ -1,45 +1,63 @@ CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: Vigile CMS CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView ...) - TODO: check + - phpgedview <unfixed> (low; bug #443901) CVE-2007-5050 (Directory traversal vulnerability in index.php in Neuron News 1.0 ...) - TODO: check + NOT-FOR-US: Neuron News CVE-2007-5049 (Stack-based buffer overflow in the StreamPredictor::getNextLine ...) + - poppler <unfixed> (medium; bug #443903) + - gpdf <removed> + - xpdf <unfixed> (medium; bug #443906) + - kdegraphics <unfixed> TODO: check + - koffice <unfixed> + TODO: check + - pdftohtml <removed> + - tetex-bin 3.0-12 + NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed + - cupsys <not-affected> (unimportant; bug #436099) + NOTE: cups uses xpdf-utils + - pdfkit.framework 0.8-4 + NOTE: links to poppler since 0.8-4, thus marking as fixed + - libextractor 0.5.12-1 + NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed + TODO: check CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote ...) - TODO: check + NOT-FOR-US: lhaplus CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly validate ...) - TODO: check + NOT-FOR-US: Norton Internet Security CVE-2007-5046 (Cross-site scripting (XSS) vulnerability in the Webmail interface for ...) - TODO: check + NOT-FOR-US: IceWarp Merak Mail Server CVE-2007-5045 (Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, ...) - TODO: check + - iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows) + - icedove <not-affected> (Only affects Firefox/Thunderbird on Windows) CVE-2007-5044 (ZoneAlarm Pro 7.0.362.000 does not properly validate certain ...) - TODO: check + NOT-FOR-US: ZoneAlam Pro CVE-2007-5043 (Kaspersky Internet Security 7.0.0.125 does not properly validate ...) - TODO: check + NOT-FOR-US: Kaspersky Internet Security CVE-2007-5042 (Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain ...) - TODO: check + NOT-FOR-US: Outpost Firewall PRO CVE-2007-5041 (G DATA InternetSecurity 2007 does not properly validate certain ...) - TODO: check + NOT-FOR-US: G DATA InternetSecurity CVE-2007-5040 (Ghost Security Suite alpha 1.200 does not properly validate certain ...) - TODO: check + NOT-FOR-US: Ghost Security Suite CVE-2007-5039 (Ghost Security Suite beta 1.110 does not properly validate certain ...) - TODO: check + NOT-FOR-US: Ghost Security Suite CVE-2007-5038 (The offer_account_by_email function in User.pm in the WebService for ...) - TODO: check + - bugzilla <not-affected> (Vulnerable code not present in the version we ship) + TODO: check when newer upstream version enters the pool CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in ...) - TODO: check + - inotify-tools <unfixed> (medium; bug #443913) CVE-2007-5036 (Multiple buffer overflows in the AirDefense Airsensor M520 with ...) - TODO: check + NOT-FOR-US: AirDefense firmware CVE-2007-5035 (** DISPUTED ** ...) TODO: check CVE-2007-5034 (ELinks before 0.11.3, when sending a POST request for an https URL, ...) - TODO: check + - elinks <unfixed> (low; bug #443914) CVE-2007-5033 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 ...) TODO: check CVE-2007-5032 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...) - TODO: check + NOT-FOR-US: Php-Nuke CVE-2007-5031 (The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in ...) TODO: check CVE-2007-5030 (Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to ...)