keescook-guest at alioth.debian.org
2007-Jul-05 12:14 UTC
[Secure-testing-commits] r6096 - data/CVE
Author: keescook-guest
Date: 2007-07-05 12:14:11 +0000 (Thu, 05 Jul 2007)
New Revision: 6096
Modified:
data/CVE/list
Log:
NFUs: 41
unfixed: apache2 flac123 freetype
fixed: libnet-dns-perl
not-affected: dia postgresql-8.1 postgresql-8.2
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-07-04 19:32:36 UTC (rev 6095)
+++ data/CVE/list 2007-07-05 12:14:11 UTC (rev 6096)
@@ -1,9 +1,9 @@
CVE-2007-3514 (Cross-domain vulnerability in Apple Safari for Windows 3.0.2
allows ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the Linux
...)
- linux-2.6 <unfixed>
CVE-2007-3512 (Stack-based buffer overflow in Lhaca File Archiver before 1.22
allows ...)
- TODO: check
+ NOT-FOR-US: Lhaca
CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox
1.5.0.12 ...)
TODO: check
CVE-2007-3510
@@ -15,63 +15,63 @@
- glibc <unfixed> (unimportant)
NOTE: Not security-relevant
CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value
function ...)
- TODO: check
+ - flac123 <unfixed> (medium)
CVE-2007-3506 (The ft_bitmap_assure_buffer function in src/base/ftbimap.c in
FreeType ...)
- TODO: check
+ - freetype <unfixed> (medium)
CVE-2007-3505 (Multiple directory traversal vulnerabilities in QuickTalk forum
1.3 ...)
- TODO: check
+ NOT-FOR-US: QuickTalk forum
CVE-2007-3504 (Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and
Java ...)
TODO: check
CVE-2007-3503 (The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate
HTML ...)
TODO: check
CVE-2007-3502 (Unspecified vulnerability in the web-based product configuration
...)
- TODO: check
+ NOT-FOR-US: Kaspersky Anti-Spam
CVE-2007-3501 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in
...)
- TODO: check
+ NOT-FOR-US: DirectAdmin
CVE-2007-3500 (Xeweb XEForum allows remote attackers to gain privileges via a
...)
- TODO: check
+ NOT-FOR-US: Xeweb XEForum
CVE-2007-3499 (SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as
...)
- TODO: check
+ NOT-FOR-US: SlackRoll
CVE-2007-3498 (Cross-site scripting (XSS) vulnerability in
smoketests/configForm.php ...)
- TODO: check
+ NOT-FOR-US: HTML Purifier
CVE-2007-3497 (Microsoft Internet Explorer 7 allows remote attackers to
determine the ...)
TODO: check
CVE-2007-3496 (Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java
...)
- TODO: check
+ NOT-FOR-US: SAP Web Dynpro Java
CVE-2007-3495 (Multiple cross-site scripting (XSS) vulnerabilities in the SAP
...)
- TODO: check
+ NOT-FOR-US: SAP Internet Communication Framework
CVE-2007-3494 (Papoo CMS 3.6, and possibly earlier, does not verify user
privileges ...)
- TODO: check
+ NOT-FOR-US: Papoo CMS
CVE-2007-3493 (A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148
in ...)
TODO: check
CVE-2007-3492 (Conti FtpServer 1.0 allows remote authenticated users to cause a
...)
- TODO: check
+ NOT-FOR-US: Conti FtpServer
CVE-2007-3491 (Buffer overflow in _mprosrv in Progress Software OpenEdge before
...)
- TODO: check
+ NOT-FOR-US: Progress Software OpenEdge
CVE-2007-3490 (Unspecified vulnerability in Microsoft Excel 2003 SP2 allows
remote ...)
TODO: check
CVE-2007-3489 (Cross-site request forgery (CSRF) vulnerability in pop/WizU.html
in ...)
- TODO: check
+ NOT-FOR-US: Check Point VPN-1 Edge X
CVE-2007-3488 (Heap-based buffer overflow in the viewer ActiveX control in Sony
...)
TODO: check
CVE-2007-3487 (Absolute directory traversal in a certain ActiveX control in
...)
TODO: check
CVE-2007-3486 (Cross-site scripting (XSS) vulnerability in AltaVista search
engine ...)
- TODO: check
+ NOT-FOR-US: AltaVista
CVE-2007-3485 (Multiple cross-site scripting (XSS) vulnerabilities in
Yandex.Server ...)
- TODO: check
+ NOT-FOR-US: Yandex.Server
CVE-2007-3484 (Cross-site scripting (XSS) vulnerability in search.php in Google
...)
- TODO: check
+ NOT-FOR-US: Google Custom Search Engine
CVE-2007-3483 (Research in Motion BlackBerry Enterprise Server 4.0 through 4.1
has a ...)
- TODO: check
+ NOT-FOR-US: BlackBerry Enterprise Server
CVE-2007-3482 (Cross-domain vulnerability in Apple Safari allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2007-3481 (Cross-domain vulnerability in Microsoft Internet Explorer allows
...)
TODO: check
CVE-2007-3480 (PCSoft WinDEV 11 (01F110053p) allows user-assisted remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: PCSoft WinDEV
CVE-2007-3479 (Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p)
allows ...)
- TODO: check
+ NOT-FOR-US: PCSoft WinDEV
CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c
in ...)
TODO: check
CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics
...)
@@ -87,11 +87,11 @@
CVE-2007-3472 (Integer overflow in gdImageCreateTrueColor function in the GD
Graphics ...)
TODO: check
CVE-2007-3471 (Buffer overflow in the dtsession Common Desktop Environment
(CDE) ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris dtsession
CVE-2007-3470 (Multiple unspecified vulnerabilities in the KSSL kernel module
in Sun ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2007-3469 (Unspecified vulnerability in the TCP Loopback/Fusion
implementation in ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2007-3468 (input.c in VideoLAN VLC Media Player before 0.8.6c allows remote
...)
- vlc 0.8.6.c.debian-1 (bug #429726)
CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c
VideoLAN ...)
@@ -99,17 +99,17 @@
CVE-2007-3466
RESERVED
CVE-2007-3465 (Check Point SofaWare Safe at Office, with firmware before
Embedded NGX ...)
- TODO: check
+ NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3464 (Check Point SofaWare Safe at Office, with firmware before
Embedded NGX ...)
- TODO: check
+ NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3463 (** DISPUTED ** ...)
TODO: check
CVE-2007-3462 (Cross-site request forgery (CSRF) vulnerability in Check Point
...)
- TODO: check
+ NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3461 (SQL injection vulnerability in property.php in elkagroup Image
Gallery ...)
- TODO: check
+ NOT-FOR-US: elkagroup Image Gallery
CVE-2007-3460 (Multiple PHP remote file inclusion vulnerabilities in index.php3
in ...)
- TODO: check
+ NOT-FOR-US: EVA-Web
CVE-2007-3459 (A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech
Avax ...)
TODO: check
CVE-2007-3458 (The libsldap library in Sun Solaris 8, 9, and 10 allows local
users to ...)
@@ -119,17 +119,17 @@
CVE-2007-3456
RESERVED
CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow
remote ...)
- TODO: check
+ NOT-FOR-US: Firebird
CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA
and ...)
- TODO: check
+ NOT-FOR-US: Firebird
CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects
WNET, ...)
- TODO: check
+ NOT-FOR-US: Firebird
CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the
...)
- TODO: check
+ NOT-FOR-US: Firebird
CVE-2006-7210 (Microsoft Windows 2000, XP, and Server 2003 allows remote
attackers to ...)
TODO: check
CVE-2005-4848 (Buffer overflow in the decompression algorithm in Research in
Motion ...)
- TODO: check
+ NOT-FOR-US: BlackBerry Enterprise Server
CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan
...)
NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2007-3454 (Buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend
Micro ...)
@@ -223,9 +223,10 @@
CVE-2007-3410 (Stack-based buffer overflow in the
SmilTimeValue::parseWallClockValue ...)
- helix-player <not-affected> (Debian versions of Helix player not
affected according to maintainer)
CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to
cause ...)
- TODO: check
+ - libnet-dns-perl 0.60-1 (low)
CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have
...)
- TODO: check
+ - dia <not-affected>
+ NOTE: Windows packaging with bundled FreeType libs
CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers
to ...)
NOT-FOR-US: Simple HTTPD
CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft
Internet ...)
@@ -278,7 +279,7 @@
- php4 <unfixed> (unimportant)
- php5 <unfixed> (unimportant)
CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates
...)
- TODO: check
+ - libnet-dns-perl 0.60-1 (low)
CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows
...)
TODO: check
CVE-2007-3375 (Stack-based buffer overflow in Lhaca File Archiver before 1.21
allows ...)
@@ -522,11 +523,17 @@
CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php
Hosting ...)
NOT-FOR-US: Php Hosting Biller
CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements
...)
- TODO: check
+ - postgresql-8.1 <not-affected>
+ - postgresql-8.2 <not-affected>
+ NOTE: Neither PL/pgsql nor dblink are enabled by default.
CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL
...)
- TODO: check
+ - postgresql-8.1 <not-affected>
+ - postgresql-8.2 <not-affected>
+ NOTE: Neither PL/pgsql nor dblink are enabled by default.
CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust
...)
- TODO: check
+ - postgresql-8.1 <not-affected>
+ - postgresql-8.2 <not-affected>
+ NOTE: local trust authentication is not enabled in Debian.
CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module
for ...)
NOT-FOR-US: localization module for WIKINDX
CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site at
School ...)
@@ -566,17 +573,17 @@
CVE-2007-3259 (Calendarix 0.7.20070307 allows remote attackers to obtain
sensitive ...)
NOT-FOR-US: Calendarix
CVE-2007-3258 (calendar.php in Calendarix 0.7.20070307 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Calendarix
CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for
Evolution Data ...)
{DSA-1325-1 DSA-1321-1}
- evolution-data-server 1.10.2-2 (bug #429876)
[sarge] - evolution-data-server <not-affected> (Vulnerable code present
in a different source package)
CVE-2007-3256 (Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL),
and ...)
- TODO: check
+ NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3255 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Xythos ...)
- TODO: check
+ NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3254 (Multiple cross-site scripting (XSS) vulnerabilities in Xythos
...)
- TODO: check
+ NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3253 (Multiple unspecified vulnerabilities in Astaro Security Gateway
(ASG) ...)
NOT-FOR-US: Astaro Security Gateway
CVE-2007-3252 (PortalApp stores sensitive information under the web root with
...)
@@ -1625,9 +1632,9 @@
CVE-2007-2802 (Cross-site scripting (XSS) vulnerability in
cp/ps/Main/login/Login in ...)
NOT-FOR-US: RM EasyMail Plus
CVE-2007-2801 (Multiple cross-site scripting (XSS) vulnerabilities in open.php
in ...)
- TODO: check
+ NOT-FOR-US: eTicket
CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: eTicket
CVE-2007-2799 (Integer overflow in the "file" program 4.20,
when running on 32-bit ...)
- file 4.21-1 (medium)
CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc
function in ...)
@@ -3901,7 +3908,7 @@
CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33
and ...)
NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1792 (libdayzero.dll in the Filter Hub Service (filter-hub.exe) in
Symantec ...)
- TODO: check
+ NOT-FOR-US: Symantec Mail Security
CVE-2007-1791 (SQL injection vulnerability in wall.php in Picture-Engine 1.2.0
and ...)
NOT-FOR-US: Picture-Engine
CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo
Auction ...)
@@ -11298,7 +11305,7 @@
{DSA-1304}
- linux-2.6 <unfixed>
CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the
...)
- TODO: check
+ - apache2 <unfixed> (low)
CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
{DSA-1233}
- linux-2.6 2.6.18-8 (medium)