thr3ads.net - Secure testing commits - [Secure-testing-commits] r6198

If this information is useful, please help other people find it:
Share via:
stef-guest at alioth.debian.org
2007-Jul-31 19:33 UTC
[Secure-testing-commits] r6198 - data/CVE

Author: stef-guest
Date: 2007-07-31 19:33:49 +0000 (Tue, 31 Jul 2007)
New Revision: 6198

Modified:
   data/CVE/list
Log:
- already fixed: tor
- new: festival, mldonkey
- CVEified: asterisk
- NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-07-31 17:40:03 UTC (rev 6197)
+++ data/CVE/list	2007-07-31 19:33:49 UTC (rev 6198)
@@ -1,89 +1,89 @@
 CVE-2007-4116 (SQL injection vulnerability in philboard_forum.asp in Metyus
Forum ...)
-	TODO: check
+	NOT-FOR-US: Metyus Forum Portal
 CVE-2007-4115 (Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS
(itcms) ...)
-	TODO: check
+	NOT-FOR-US: IT!CMS (itcms)
 CVE-2007-4114 (Multiple SQL injection vulnerabilities in unuttum.asp in ...)
-	TODO: check
+	NOT-FOR-US: SuskunDuygular Uyelik Sistemi
 CVE-2007-4113 (Unspecified vulnerability in Advanced Webhost Billing System
(AWBS) ...)
-	TODO: check
+	NOT-FOR-US: Advanced Webhost Billing System (AWBS)
 CVE-2007-4112 (Multiple SQL injection vulnerabilities in Advanced Webhost
Billing ...)
-	TODO: check
+	NOT-FOR-US: Advanced Webhost Billing System (AWBS)
 CVE-2007-4111 (SQL injection vulnerability in the login script in Real Estate
listing ...)
-	TODO: check
+	NOT-FOR-US: Real Estate listing website
 CVE-2007-4110 (SQL injection vulnerability in sign_in.aspx in Message Board /
...)
-	TODO: check
+	NOT-FOR-US: Message Board / Threaded Discussion Forum Application Template
 CVE-2007-4109 (SQL injection vulnerability in sign_in.aspx in WebStore (Online
Store ...)
-	TODO: check
+	NOT-FOR-US: WebStore (Online StoreWebStore (Online Store Application Template)
 CVE-2007-4108 (SQL injection vulnerability in sign_in.aspx in WebEvents (Online
Event ...)
-	TODO: check
+	NOT-FOR-US: WebEvents (Online Event Registration Template)
 CVE-2007-4107 (SQL injection vulnerability in editpost.php in phpMyForum before
4.1.4 ...)
-	TODO: check
+	NOT-FOR-US: phpMyForum
 CVE-2007-4106 (SQL injection vulnerability in login.asp in CodeWidgets Pay Roll
- ...)
-	TODO: check
+	NOT-FOR-US: CodeWidgets Pay Roll - Time Sheet and Punch Card Application With
Web Interface
 CVE-2007-4105 (A certain ActiveX control in BaiduBar.dll in Baidu Soba Search
Bar 5.4 ...)
-	TODO: check
+	NOT-FOR-US: Baidu Soba Search Bar
 CVE-2007-4104 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: WP-FeedStats plugin for WordPress
 CVE-2007-4103 (The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x
before ...)
-	TODO: check
+	- asterisk 1:1.4.9~dfsg-1
 CVE-2007-4102 (Cross-site scripting (XSS) vulnerability in search.php for sBlog
0.7.3 ...)
-	TODO: check
+	NOT-FOR-US: sBlog
 CVE-2007-4101 (Multiple PHP remote file inclusion vulnerabilities in Madoa Poll
1.1 ...)
-	TODO: check
+	NOT-FOR-US: Madoa Poll
 CVE-2007-4100 (MLDonkey before 2.9.0 does not load certain code from ...)
-	TODO: check
+	- mldonkey <unfixed> (bug #435439)
 CVE-2007-4099 (Tor before 0.1.2.15 can select a guard node beyond the first
listed ...)
-	TODO: check
+	- tor 0.1.2.15-1
 CVE-2007-4098 (Tor before 0.1.2.15 does not properly distinguish
&quot;streamids from ...)
-	TODO: check
+	- tor 0.1.2.15-1
 CVE-2007-4097 (Tor before 0.1.2.15 sends &quot;destroy cells&quot;
containing the reason for ...)
-	TODO: check
+	- tor 0.1.2.15-1
 CVE-2007-4096 (Buffer overflow in Tor before 0.1.2.15, when using BSD natd
support, ...)
-	TODO: check
+	- tor 0.1.2.15-1
 CVE-2007-4095 (SQL injection vulnerability in BSM Store Dependent Forums 1.02
allows ...)
-	TODO: check
+	NOT-FOR-US: BSM Store Dependent Forums
 CVE-2007-4094 (PHP remote file inclusion vulnerability in library/authorize.php
in ...)
-	TODO: check
+	NOT-FOR-US: IDevSpot PhpHostBot
 CVE-2007-4093 (Minb Is Not a Blog (minb) stores sensitive information under the
web ...)
-	TODO: check
+	NOT-FOR-US: Minb Is Not a Blog (minb)
 CVE-2007-4092 (Directory traversal vulnerability in index.php in iFoto 1.0.1
and ...)
-	TODO: check
+	NOT-FOR-US: iFoto
 CVE-2007-4091
 	RESERVED
 CVE-2007-4090 (Multiple cross-site scripting (XSS) vulnerabilities in
Vikingboard ...)
-	TODO: check
+	NOT-FOR-US: Vikingboard
 CVE-2007-4089 (Vikingboard 0.1.2 allows remote attackers to obtain sensitive
...)
-	TODO: check
+	NOT-FOR-US: Vikingboard
 CVE-2007-4088 (Multiple cross-site scripting (XSS) vulnerabilities in
Vikingboard ...)
-	TODO: check
+	NOT-FOR-US: Vikingboard
 CVE-2007-4087 (AlstraSoft Video Share Enterprise allows remote attackers to
obtain ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft Video Share Enterprise
 CVE-2007-4086 (Multiple SQL injection vulnerabilities in AlstraSoft Video Share
...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft Video Share Enterprise
 CVE-2007-4085 (Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro
allow ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft AskMe Pro
 CVE-2007-4084 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate
Network ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft Affiliate Network
 CVE-2007-4083 (Multiple cross-site scripting (XSS) vulnerabilities in
AlstraSoft ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft AskMe Pro
 CVE-2007-4082 (Cross-site scripting (XSS) vulnerability in contact_author.php
...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft Article Manager Pro
 CVE-2007-4081 (Multiple cross-site scripting (XSS) vulnerabilities in
AlstraSoft ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft Affiliate Network Pro
 CVE-2007-4080 (Cross-site scripting (XSS) vulnerability in index.php AlstraSoft
...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft
 CVE-2007-4079 (Multiple cross-site scripting (XSS) vulnerabilities in
AlstraSoft SMS ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft
 CVE-2007-4078 (Multiple cross-site scripting (XSS) vulnerabilities in
AlstraSoft Text ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft
 CVE-2007-4077 (Multiple cross-site scripting (XSS) vulnerabilities in
AlstraSoft ...)
-	TODO: check
+	NOT-FOR-US: AlstraSoft
 CVE-2007-4076 (Multiple SQL injection vulnerabilities in index.asp in Alisveris
...)
-	TODO: check
+	NOT-FOR-US: Alisveris Sitesi Scripti
 CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in
Alisveris ...)
-	TODO: check
+	NOT-FOR-US: Alisveris Sitesi Scripti
 CVE-2007-4074 (The default configuration of Centre for Speech Technology
Research ...)
-	TODO: check
+	- festival <unfixed> (bug filed; low)
 CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of
&quot;mail a ...)
 	TODO: check
 CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path
within ...)
@@ -203,7 +203,7 @@
 	RESERVED
 CVE-2007-5645
 	REJECTED
-	TODO: check
+	NOTE: duplicate of CVE-2006-5645
 CVE-2007-4018 (Citrix Access Gateway Advanced Edition before firmware 4.5.5
allows ...)
 	TODO: check
 CVE-2007-4017 (Cross-site request forgery (CSRF) vulnerability in the web-based
...)
@@ -502,9 +502,6 @@
 	RESERVED
 CVE-2006-7221 (Multiple off-by-one errors in fsplib.c in fsplib before 0.8
allow ...)
 	TODO: check
-CVE-2007-XXXX [asterisk DoS in IAX2 channel driver]
-	- asterisk 1:1.4.9~dfsg-1
-	NOTE: ASA-2007-018
 CVE-2007-XXXX [dokuwiki XSS in spellchecker]
 	- dokuwiki 0.0.20070626b-1 (unimportant; bug #434134)
 	NOTE: IE browser bug are not treated as security issues in packages
applications
Secure testing commits - Jul 2007 - r6198 - data/CVE

[Secure-testing-commits] r6198 - data/CVE
