Author: fw
Date: 2007-07-17 19:57:23 +0000 (Tue, 17 Jul 2007)
New Revision: 6147
Modified:
data/CVE/list
Log:
CVE-2007-3564: curl
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-07-16 20:56:04 UTC (rev 6146)
+++ data/CVE/list 2007-07-17 19:57:23 UTC (rev 6147)
@@ -400,8 +400,9 @@
RESERVED
CVE-2007-3565
RESERVED
-CVE-2007-3564
+CVE-2007-3564 [curl doesn''t check certificate parameters in GNUTLS
mode]
RESERVED
+ - curl <unfixed> (low)
CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV
Arcade ...)
TODO: check
CVE-2007-3562 (SQL injection vulnerability in videos.php in PHP Director 0.21
and ...)
@@ -682,15 +683,15 @@
CVE-2007-3456 (Unspecified vulnerability in Adobe Flash Player 9.0.45.0 and
earlier ...)
TODO: check
CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow
remote ...)
- - firebird1.5 <unfixed> (bug filed)
+ - firebird1.5 <unfixed> (bug #432753)
- firebird2 <removed>
- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA
and ...)
- - firebird1.5 <unfixed> (bug filed)
+ - firebird1.5 <unfixed> (bug #432753)
- firebird2 <removed>
- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects
WNET, ...)
- - firebird1.5 <unfixed> (bug filed)
+ - firebird1.5 <unfixed> (bug #432753)
- firebird2 <removed>
- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the
...)
@@ -2203,7 +2204,7 @@
CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote attackers
to ...)
NOT-FOR-US: eTicket
CVE-2007-2799 (Integer overflow in the "file" program 4.20,
when running on 32-bit ...)
- - file 4.21-1 (medium)
+ - file 4.21-1 (medium)
CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc
function in ...)
{DSA-1323-1}
- krb5 1.6.dfsg.1-5 (high; bug #430785)
@@ -2677,7 +2678,7 @@
CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php
in ...)
- squirrelmail 2:1.4.10a-1 (low)
CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and
...)
- - wu-ftpd 2.6.2-26 (unimportant; bug #425162)
+ - wu-ftpd 2.6.2-26 (unimportant; bug #425162)
NOTE: Linux'' limit is 4096 chars
CVE-2006-7203 (The compat_sys_mount function in fs/compat.c in Linux kernel
2.6.20 ...)
- linux-2.6 2.6.18.dfsg.1-9 (low)
@@ -3361,7 +3362,7 @@
[lenny] - asterisk <not-affected> (vulnerable code not present)
NOTE: only in 1.4.x
CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication
support for ...)
- - iceweasel (low)
+ - iceweasel <unfixed> (low)
[etch] - iceweasel <no-dsa> (Minor issue)
- firefox <removed> (low)
- mozilla <removed> (low)
@@ -6335,7 +6336,7 @@
CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before
1.0.1.52, ...)
NOT-FOR-US: FTP Explorer
CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before
4.0.5, ...)
- - typo3-src 4.0.5+debian-1
+ - typo3-src 4.0.5+debian-1
[etch] - typo3-src 4.0.2+debian-3
CVE-2007-1080 (Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572
allow ...)
NOT-FOR-US: TurboFTP
@@ -9440,7 +9441,7 @@
NOT-FOR-US: myPHPCalendar
CVE-2006-6811 (KsIRC 1.3.12 allows remote attackers to cause a denial of
service ...)
- kdenetwork 4:3.5.5-4 (low; bug #405828)
- [sarge] - kdenetwork <no-dsa> (Minor issue)
+ [sarge] - kdenetwork <no-dsa> (Minor issue)
CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in
...)
NOT-FOR-US: DB Hub
CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in
process.php in ...)
@@ -14398,7 +14399,7 @@
CVE-2006-4605 (PHP remote file inclusion vulnerability in index.php in Longino
Jacome ...)
NOT-FOR-US: php-Revista
CVE-2006-4604 (PHP remote file inclusion vulnerability in
LFXlib/access_manager.php ...)
- NOT-FOR-US: Lanifex Database of Managed Objects (DMO)
+ NOT-FOR-US: Lanifex Database of Managed Objects (DMO)
CVE-2006-4603 (NCH Swift Sound Web Dictate 1.02 allows remote attackers to
bypass ...)
NOT-FOR-US: Swift Sound Web Dictate
CVE-2006-4601 (SQL injection vulnerability in index.php in Annuaire 1Two 2.2
allows ...)
@@ -15838,7 +15839,7 @@
CVE-2006-3996 (SQL injection vulnerability in links/index.php in ATutor 1.5.3.1
and ...)
NOT-FOR-US: ATutor
CVE-2006-3995 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
- NOT-FOR-US: UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo
+ NOT-FOR-US: UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo
CVE-2006-3994 (SQL injection vulnerability in the u2u_send_recp function in
...)
NOT-FOR-US: XMB (aka extreme message board)
CVE-2006-3993 (PHP remote file inclusion vulnerability in copyright.php in Olaf
...)
@@ -24345,7 +24346,7 @@
- phpbb2 <unfixed> (unimportant)
NOTE: As discussed with the phpbb maintainers; this is only a lack of feature
NOTE: (phpbb2 doesn''t allow a kind of rate control for maximum
login/searches for
- NOTE: a certain time frame), but not a directly fixable security problem
+ NOTE: a certain time frame), but not a directly fixable security problem
CVE-2006-0449 (Early termination vulnerability in the IMAP service in E-Post
Mail ...)
NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0448 (Multiple directory traversal vulnerabilities in (1)
EPSTIMAP4S.EXE and ...)
@@ -35477,11 +35478,11 @@
CVE-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote
attackers to ...)
NOT-FOR-US: phpATM
CVE-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers
to ...)
- NOT-FOR-US: NiteEnterprises Remote File Manager
+ NOT-FOR-US: NiteEnterprises Remote File Manager
CVE-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based
File ...)
NOT-FOR-US: Net56 Browser Based File Manager
CVE-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under
the ...)
- NOT-FOR-US: MRO Maximo Self Service
+ NOT-FOR-US: MRO Maximo Self Service
CVE-2005-1600 (A "mathematical flaw" in the implementation of
the El Gamal signature ...)
NOT-FOR-US: LibTomCrypt
CVE-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies
...)