Author: nion Date: 2007-09-27 11:31:43 +0000 (Thu, 27 Sep 2007) New Revision: 6724 Modified: data/CVE/list Log: NFUs CVE-2007-4497,CVE-2007-4496 vmware-package not affected Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-27 11:25:24 UTC (rev 6723) +++ data/CVE/list 2007-09-27 11:31:43 UTC (rev 6724) @@ -77,7 +77,6 @@ NOTE: links to poppler since 0.8-4, thus marking as fixed - libextractor 0.5.12-1 NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed - TODO: check CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote ...) NOT-FOR-US: lhaplus CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly validate ...) @@ -307,11 +306,11 @@ CVE-2007-4952 (SQL injection vulnerability in article.php in OmniStar Article Manager ...) NOT-FOR-US: OmniStar Article Manager CVE-2007-4951 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: YaPiG CVE-2007-4950 (** DISPUTED ** PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Phportal CVE-2007-4949 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: phpreactor CVE-2007-4948 (Multiple PHP remote file inclusion vulnerabilities in Webmedia ...) NOT-FOR-US: Webmedia Explorer CVE-2007-4947 (Multiple PHP remote file inclusion vulnerabilities in myphpPagetool ...) @@ -585,7 +584,7 @@ - mediawiki 1.10.2-1 (low; bug #442255) [etch] - mediawiki <not-affected> (Does not include the vulnerable code) CVE-2007-4827 (Unspecified vulnerability in the Modbus/TCP Diagnostic function in ...) - TODO: check + NOT-FOR-US: Modbus Slave ActiveX Control CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to ...) - quagga 0.99.9-1 (low; bug #442133) NOTE: Upstream says that this can only be exploited by configured peers. @@ -744,9 +743,9 @@ CVE-2007-4753 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote ...) NOT-FOR-US: Thomson ST 2030 SIP phone CVE-2007-4751 (RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in ...) - TODO: check + NOT-FOR-US: RemoteDocs R-Viewer CVE-2007-4750 (Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 ...) - TODO: check + NOT-FOR-US: RemoteDocs R-Viewer CVE-2007-4749 (The cmdjob utility in Autodesk Backburner 3.0.2 allows remote ...) NOT-FOR-US: Autodesk Backburner CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an untrusted ...) @@ -1334,9 +1333,9 @@ CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...) NOT-FOR-US: Grandstream SIP Phone CVE-2007-4497 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...) - TODO: check + - vmware-package <not-affected> (package just downloads vmware products but not including them) CVE-2007-4496 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...) - TODO: check + - vmware-package <not-affected> (package just downloads vmware products but not including them) CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on ...) NOT-FOR-US: Solaris CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before ...)