thr3ads.net - Secure testing commits - [Secure-testing-commits] r6707

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Sep-25 21:14 UTC
[Secure-testing-commits] r6707 - data/CVE

Author: joeyh
Date: 2007-09-25 21:14:08 +0000 (Tue, 25 Sep 2007)
New Revision: 6707

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-09-25 21:07:13 UTC (rev 6706)
+++ data/CVE/list	2007-09-25 21:14:08 UTC (rev 6707)
@@ -1,3 +1,61 @@
+CVE-2007-5081
+	RESERVED
+CVE-2007-5080
+	RESERVED
+CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link
gdm with ...)
+	TODO: check
+CVE-2007-5078
+	RESERVED
+CVE-2007-5077
+	RESERVED
+CVE-2007-5076
+	RESERVED
+CVE-2007-5075
+	RESERVED
+CVE-2007-5074
+	RESERVED
+CVE-2007-5073
+	RESERVED
+CVE-2007-5072 (Unspecified vulnerability in Simple PHP Blog before 0.5.1 has
unknown ...)
+	TODO: check
+CVE-2007-5071 (Incomplete blacklist vulnerability in upload_img_cgi.php in
Simple PHP ...)
+	TODO: check
+CVE-2007-5070 (Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX
...)
+	TODO: check
+CVE-2007-5069 (Directory traversal vulnerability in data/compatible.php in the
Nuke ...)
+	TODO: check
+CVE-2007-5068 (SQL injection vulnerability in index.php in phpFullAnnu (PFA)
6.0 ...)
+	TODO: check
+CVE-2007-5067 (Multiple buffer overflows in iMatix Xitami Web Server 2.5c2
allow ...)
+	TODO: check
+CVE-2007-5066 (Unspecified vulnerability in Webmin before 1.370 on Windows
allows ...)
+	TODO: check
+CVE-2007-5065 (PHP remote file inclusion vulnerability in admin.slideshow1.php
in the ...)
+	TODO: check
+CVE-2007-5064 (Buffer overflow in a certain ActiveX control in Xunlei Web
Thunder ...)
+	TODO: check
+CVE-2007-5063 (Adam Scheinberg Flip 3.0 and earlier stores sensitive
information ...)
+	TODO: check
+CVE-2007-5062 (account.php in Adam Scheinberg Flip 3.0 and earlier allows
remote ...)
+	TODO: check
+CVE-2007-5061 (SQL injection vulnerability in mods/banners/navlist.php in
Clansphere ...)
+	TODO: check
+CVE-2007-5060 (Cross-site request forgery (CSRF) vulnerability in the cpass
...)
+	TODO: check
+CVE-2007-5059 (Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL
allow ...)
+	TODO: check
+CVE-2007-5058 (Cross-site scripting (XSS) vulnerability in the Monitor Web
Syslog ...)
+	TODO: check
+CVE-2007-5057 (NetSupport Manager Client before 10.20.0004 allows remote
attackers to ...)
+	TODO: check
+CVE-2007-5056 (Eval injection vulnerability in adodb-perf-module.inc.php in
ADOdb ...)
+	TODO: check
+CVE-2007-5055 (Multiple directory traversal vulnerabilities in iziContents 1
RC6 and ...)
+	TODO: check
+CVE-2007-5054 (Multiple PHP remote file inclusion vulnerabilities in
iziContents 1 ...)
+	TODO: check
+CVE-2007-5053 (Multiple incomplete blacklist vulnerabilities in iziContents 1
RC6 and ...)
+	TODO: check
 CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
 	NOT-FOR-US: Vigile CMS
 CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in
PhpGedView ...)
@@ -165,14 +223,14 @@
 	RESERVED
 CVE-2007-4989
 	RESERVED
-CVE-2007-4988
-	RESERVED
-CVE-2007-4987
-	RESERVED
-CVE-2007-4986
-	RESERVED
-CVE-2007-4985
-	RESERVED
+CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick
...)
+	TODO: check
+CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in
...)
+	TODO: check
+CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow
...)
+	TODO: check
+CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to
cause ...)
+	TODO: check
 CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com
StylesDemo ...)
 	NOT-FOR-US: StylesDemo
 CVE-2007-4983 (Directory traversal vulnerability in the JetAudio.Interface.1
ActiveX ...)
@@ -526,7 +584,7 @@
 	[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
 CVE-2007-4827 (Unspecified vulnerability in the Modbus/TCP Diagnostic function
in ...)
 	TODO: check
-CVE-2007-4826 (bgpd in Quagga before 0.99.9, when debugging is enabled, allows
remote ...)
+CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows explicitly configured BGP
peers to ...)
 	- quagga 0.99.9-1 (low; bug #442133)
 	NOTE: Upstream says that this can only be exploited by configured peers.
 CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier
allows ...)
@@ -1099,8 +1157,7 @@
 	RESERVED
 CVE-2007-4574
 	RESERVED
-CVE-2007-4573 [linux local privilege escalation on x86_64]
-	RESERVED
+CVE-2007-4573 (The IA32 system call emulation functionality in Linux kernel
2.4.x and ...)
 	- linux-2.6 <unfixed> (medium)
 CVE-2007-4572
 	RESERVED
@@ -1109,6 +1166,7 @@
 CVE-2007-4570
 	RESERVED
 CVE-2007-4569 (backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when
autologin is ...)
+	{DSA-1376-1 DTSA-60-1}
 	- kdebase 4:3.5.7-4
 	NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt
 CVE-2007-4568
@@ -1118,6 +1176,7 @@
 CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in
Alpha ...)
 	NOT-FOR-US: SIDVault
 CVE-2007-4565 (fetchmail before 6.3.9 allows context-dependent attackers to
cause a ...)
+	{DSA-1377-2 DSA-1377-1}
 	- fetchmail 6.3.8-8 (bug #440006; low)
 	[etch] - fetchmail <no-dsa> (Hardly a security problem)
 	[sarge] - fetchmail <no-dsa> (Hardly a security problem)
@@ -2065,7 +2124,7 @@
 	- qt4-x11 <not-affected> (Not exploitable according to upstream)
 CVE-2007-4136
 	RESERVED
-CVE-2007-4135 (Unspecified vulnerability in the NFSv4 ID mapper (nfsidmap) on
SUSE ...)
+CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly
handle ...)
 	- libnfsidmap 0.18-0 (low; bug #442935)
 	NOTE: https://issues.rpath.com/browse/RPL-1731
 CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before
1.5a84 ...)
@@ -4868,7 +4927,7 @@
 CVE-2007-2954 (Multiple stack-based buffer overflows in the Spooler service
...)
 	NOT-FOR-US: Novell Client
 CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...)
-	{DSA-1364-1}
+	{DSA-1364-2 DSA-1364-1}
 	- vim 1:7.1-056+1 (low)
 CVE-2007-2952
 	RESERVED
@@ -5169,6 +5228,7 @@
 	{DSA-1328-1}
 	- unicon 3.0.4-12 (bug #431336)
 CVE-2007-2834 (Integer overflow in the TIFF parser in OpenOffice.org (OOo)
before 2.3 ...)
+	{DSA-1375-1}
 	- openoffice.org 2.2.1-9 (medium)
 CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of
service ...)
 	{DSA-1316-1}
@@ -5244,7 +5304,7 @@
 CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote attackers
to ...)
 	NOT-FOR-US: eTicket
 CVE-2007-2799 (Integer overflow in the &quot;file&quot; program 4.20,
when running on 32-bit ...)
-	{DSA-1343-1}
+	{DSA-1343-2 DSA-1343-1}
 	- file 4.21-1 (medium; bug #428293)
 CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc
function in ...)
 	{DSA-1323-1}
@@ -6082,7 +6142,7 @@
 CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and
earlier for ...)
 	NOT-FOR-US: Caucho Resin Professional
 CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1)
writefile, ...)
-	{DSA-1364-1}
+	{DSA-1364-2 DSA-1364-1}
 	- vim 1:7.1-022+1 (bug #435401; low)
 	[sarge] - vim <not-affected> (Vulnerable code not present)
 	NOTE: Exploitable through modelines, needs to be used with care in any case
@@ -7556,6 +7616,7 @@
 CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco
Trust ...)
 	NOT-FOR-US: Cisco
 CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent
before ...)
+	{DSA-1799-1}
 	- ktorrent 2.1.4.dfsg.1-1 (medium; bug #432007)
 CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3
allows ...)
 	NOT-FOR-US: IBM AIX
Secure testing commits - Sep 2007 - r6707 - data/CVE

[Secure-testing-commits] r6707 - data/CVE
