thr3ads.net - Secure testing commits - [Secure-testing-commits] r6020

If this information is useful, please help other people find it:
Share via:
fw at alioth.debian.org
2007-Jun-16 14:21 UTC
[Secure-testing-commits] r6020 - data/CVE

Author: fw
Date: 2007-06-16 14:21:13 +0000 (Sat, 16 Jun 2007)
New Revision: 6020

Modified:
   data/CVE/list
Log:
CVE-2007-2650: clamav fixed
NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-06-16 14:04:25 UTC (rev 6019)
+++ data/CVE/list	2007-06-16 14:21:13 UTC (rev 6020)
@@ -251,15 +251,15 @@
 CVE-2007-3130 (Multiple PHP remote file inclusion vulnerabilities in the
OpenWiki ...)
 	NOT-FOR-US: OpenWiki
 CVE-2005-4845 (The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the
1.4.2_03 and ...)
-	TODO: check
+	NOT-FOR-US: Sun Java on Microsoft Windows
 CVE-2005-4844 (The CLSID_ApprenticeICW control allows remote attackers to cause
a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2005-4843 (The SmartConnect Class control allows remote attackers to cause
a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2005-4842 (The System Monitor Source Properties control allows remote
attackers ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to
cause a ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-XXXX [jffnms multiple issues]
 	- jffnms 0.8.3dfsg.1-4
 CVE-2007-3129
@@ -401,7 +401,7 @@
 CVE-2007-3061 (Cactushop 6 and earlier stores sensitive information under the
web ...)
 	NOT-FOR-US: Cactushop
 CVE-2007-3060 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live!
3.2.2 ...)
-	TODO: check
+	NOT-FOR-US: PHP Live!
 CVE-2007-3059 (SendCard 3.3.0 allows remote attackers to obtain sensitive
information ...)
 	NOT-FOR-US: SendCard
 CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish
Webmail ...)
@@ -579,13 +579,13 @@
 CVE-2007-2971 (SQL injection vulnerability in getnewsitem.php in gCards 1.46
and ...)
 	NOT-FOR-US: gCards
 CVE-2007-2970 (Multiple cross-site scripting (XSS) vulnerabilities in
cgi/block.cgi ...)
-	TODO: check
+	NOT-FOR-US: 8e6 R3000 Internet Filter
 CVE-2007-2969 (PHP remote file inclusion vulnerability in newsletter.php in
...)
-	TODO: check
+	NOT-FOR-US: WAnewsletter
 CVE-2007-2968 (Cross-site scripting (XSS) vulnerability in register.php in
cpCommerce ...)
-	TODO: check
+	NOT-FOR-US: cpCommerce
 CVE-2005-4840 (The Outlook Express Address Book control, when using Internet
Explorer ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2000-1243 (Privacy leak in Dansie Shopping Cart 3.04, and probably earlier
...)
 	TODO: check
 CVE-2007-XXXX [webpy HTTP response splitting vulnerability]
@@ -689,15 +689,15 @@
 CVE-2007-2922
 	RESERVED
 CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx
...)
-	TODO: check
+	NOT-FOR-US: Corel
 CVE-2007-2920 (Multiple stack-based buffer overflows in the Zoomify Viewer
ActiveX ...)
-	TODO: check
+	NOT-FOR-US: Zoomify Viewer
 CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading
ActiveX ...)
-	TODO: check
+	NOT-FOR-US: FViewerLoading
 CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1)
VibeC in ...)
-	TODO: check
+	NOT-FOR-US: Logitech
 CVE-2007-2917 (Multiple buffer overflows in a certain ActiveX control in
odapi.dll in ...)
-	TODO: check
+	NOT-FOR-US: Authentium
 CVE-2007-2916 (Cross-site scripting (XSS) vulnerability in showown.php in GMTT
Music ...)
 	NOT-FOR-US: GMTT Music Distro
 CVE-2007-2915 (Cross-site scripting (XSS) vulnerability in RM EasyMail Plus
allows ...)
@@ -715,7 +715,7 @@
 CVE-2007-2909 (Cross-site scripting (XSS) vulnerability in calendar.php in
Jelsoft ...)
 	NOT-FOR-US: Jelsoft vBulletin
 CVE-2007-2908 (Cross-site scripting (XSS) vulnerability in calendar.php in
Jelsoft ...)
-	TODO: check
+	NOT-FOR-US: vBulletin
 CVE-2007-2907 (Unspecified vulnerability in SSL-Explorer before 0.2.13 allows
remote ...)
 	NOT-FOR-US: SSL-Explorer
 CVE-2007-2906 (Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a
...)
@@ -751,7 +751,7 @@
 CVE-2007-2891 (Multiple PHP remote file inclusion vulnerabilities in FirmWorX
0.1.2 ...)
 	NOT-FOR-US: FirmWorX
 CVE-2007-2890 (SQL injection vulnerability in category.php in cpCommerce 1.1.0
and ...)
-	TODO: check
+	NOT-FOR-US: cpCommerce
 CVE-2007-2889 (SQL injection vulnerability in tracking/courseLog.php in Dokeos
1.6.5 ...)
 	NOT-FOR-US: Dokeos
 CVE-2007-2888 (Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier
allows ...)
@@ -840,9 +840,9 @@
 CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in
phpPgAdmin ...)
 	- phppgadmin 4.1.2-1 (low; bug #427151)
 CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before
content ...)
-	TODO: check
+	NOT-FOR-US: CA Anti-Virus
 CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before
content ...)
-	TODO: check
+	NOT-FOR-US: CA Anti-Virus
 CVE-2007-2862 (Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might
allow ...)
 	NOT-FOR-US: CubeCart
 CVE-2007-2861 (Multiple PHP remote file inclusion vulnerabilities in Simple
...)
@@ -1000,7 +1000,7 @@
 	RESERVED
 	- xterm <not-affected> (Debian uses safe compile-time settings)
 CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial
of ...)
-	TODO: check
+	NOT-FOR-US: Arris Cadant
 CVE-2007-2795
 	RESERVED
 CVE-2007-2794
@@ -1321,7 +1321,7 @@
 CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27
allow ...)
 	NOT-FOR-US: VooDoo cIRCle
 CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote
attackers to ...)
-	TODO: check
+	- clamav 0.90.2-1
 CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays
for ...)
 	NOT-FOR-US: Speedport W 700v
 CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2
...)
@@ -1600,11 +1600,11 @@
 CVE-2007-2515
 	RESERVED
 CVE-2007-2514 (Stack-based buffer overflow in XferWan.exe as used in multiple
...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2007-2513 (Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before
6.5 ...)
-	TODO: check
+	NOT-FOR-US: Novell GroupWise
 CVE-2007-2512 (Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0
and ...)
-	TODO: check
+	NOT-FOR-US: Alcatel-Lucent
 CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in
PHP ...)
 	{DTSA-39-1}
 	- php5 5.2.2-1 (unimportant)
@@ -1826,7 +1826,7 @@
 	NOTE: secure connections, possibly defeating HTTPS encryption.
 	NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
 CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll) in
...)
-	TODO: check
+	NOT-FOR-US: Macrovision
 CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible
Messaging ...)
 	NOT-FOR-US: Cerulean Trillian
 CVE-2007-2417
@@ -1882,7 +1882,7 @@
 CVE-2007-2392
 	RESERVED
 CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta
3.0.1 ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9
allows ...)
 	NOT-FOR-US: Apple
 CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not
clear ...)
@@ -1890,9 +1890,9 @@
 CVE-2007-2388 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not
...)
 	NOT-FOR-US: Apple
 CVE-2007-2387 (Apple Xserve Lights-Out Management before Firmware Update 1.0 on
Intel ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to
10.4.9 ...)
-	TODO: check
+	NOT-FOR-US: Apple mDNSResponder
 CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object
...)
 	TODO: check yui
 	NOTE: see
http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
@@ -2148,7 +2148,7 @@
 CVE-2007-2280
 	RESERVED
 CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage
...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal
6.1.1 ...)
 	NOT-FOR-US: DCP-Portal
 CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote
attackers to ...)
@@ -2245,7 +2245,7 @@
 CVE-2007-2238
 	RESERVED
 CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll)
allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-2236 (footer.php in PunBB 1.2.14 and earlier allows remote attackers
to ...)
 	NOT-FOR-US: PunBB
 CVE-2007-2235 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB
1.2.14 ...)
@@ -2262,29 +2262,29 @@
 CVE-2007-2230 (SQL injection vulnerability in CA Clever Path Portal allows
remote ...)
 	NOT-FOR-US: CA Clever Path
 CVE-2007-2229 (Microsoft Windows Vista uses insecure default permissions for
...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-2228
 	RESERVED
 CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and
Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-2226
 	RESERVED
 CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in
Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-2224
 	RESERVED
 CVE-2007-2223
 	RESERVED
 CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll)
and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in
Microsoft ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-2220
 	RESERVED
 CVE-2007-2219 (Unspecified vulnerability in the Win32 API on Microsoft Windows
2000, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security
Package for ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-2217
 	RESERVED
 CVE-2007-2216
@@ -3338,11 +3338,11 @@
 	RESERVED
 CVE-2007-1752
 	REJECTED
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6
allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-1749
 	RESERVED
 CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain
Name ...)
@@ -3495,7 +3495,7 @@
 CVE-2007-1686
 	RESERVED
 CVE-2007-1685 (Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection
3.2.36, ...)
-	TODO: check
+	NOT-FOR-US: BlueCoat
 CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in
...)
 	NOT-FOR-US: sldimdownload ActiveX control
 CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in
the ...)
@@ -3692,7 +3692,7 @@
 CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in
Asterisk ...)
 	- asterisk <unfixed> (low)
 CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator
(VVR) ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
 	{DSA-1286-1}
 	- linux-2.6 2.6.20-1 (medium)
@@ -5572,13 +5572,13 @@
 CVE-2007-0937
 	RESERVED
 CVE-2007-0936 (Multiple unspecified vulnerabilities in Microsoft Visio 2002
allow ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-0935
 	RESERVED
 CVE-2007-0934 (Unspecified vulnerability in Microsoft Visio 2002 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link
DWL-G650+ ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and
(2) ...)
 	NOT-FOR-US: Aruba Mobility Controller
 CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1)
Aruba ...)
@@ -6173,13 +6173,13 @@
 CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3
allows ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2007-0753 (Format string vulnerability in the VPN daemon (vpnd) in Apple
Mac OS X ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2007-0752 (The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership
of the ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2007-0751 (A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9
might ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2007-0750 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to
10.4.9 ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2007-0749 (Multiple stack-based buffer overflows in the is_command function
in ...)
 	NOT-FOR-US: Apple Darwin Streaming Server
 CVE-2007-0748 (Heap-based buffer overflow in Apple Darwin Streaming Proxy, when
using ...)
@@ -6199,7 +6199,7 @@
 CVE-2007-0741 (Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9
...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2007-0740 (Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not
display ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2007-0739 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays
the ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2007-0738 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not
...)
@@ -6293,15 +6293,15 @@
 CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN
In(tra|ter)net ...)
 	NOT-FOR-US: Free LAN Intranet Portal
 CVE-2007-0694 (Cross-site scripting (XSS) vulnerability in footer.php in DGNews
2.1 ...)
-	TODO: check
+	NOT-FOR-US: DGNews
 CVE-2007-0693 (SQL injection vulnerability in news.php in DGNews 2.1 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: DGNews
 CVE-2007-0692 (DGNews 2.1 allows remote attackers to obtain sensitive
information via ...)
-	TODO: check
+	NOT-FOR-US: DGNews
 CVE-2007-0691
 	REJECTED
 CVE-2007-0690 (myEvent 1.6 allows remote attackers to obtain sensitive
information ...)
-	TODO: check
+	NOT-FOR-US: myEvent
 CVE-2007-0689 (MyBB 1.2.4 allows remote attackers to obtain sensitive
information via ...)
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group moderation
...)
@@ -7160,7 +7160,7 @@
 CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote
...)
 	NOT-FOR-US: Joonas Viljanen JV2 Folder Gallery
 CVE-2007-0328 (The DWUpdateService ActiveX control in the agent (agent.exe) in
...)
-	TODO: check
+	NOT-FOR-US: Macrovision
 CVE-2007-0327
 	RESERVED
 CVE-2007-0326
@@ -7420,7 +7420,7 @@
 CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM
objects ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-0218 (Microsoft Internet Explorer 5.01 and 6 allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer
5.01 ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-0216
@@ -7828,9 +7828,9 @@
 CVE-2007-0069
 	RESERVED
 CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the
signature ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Domino
 CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0,
6.5.x ...)
-	TODO: check
+	NOT-FOR-US: Lotus Domino Server
 CVE-2007-0066
 	RESERVED
 CVE-2007-0065
@@ -14598,7 +14598,7 @@
 CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows
remote ...)
 	NOT-FOR-US: CA eTrust Antivirus WebScan
 CVE-2006-3974 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin in
3Com ...)
-	TODO: check
+	NOT-FOR-US: 3Com
 CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe
is ...)
 	NOT-FOR-US: My Firewall Plus
 CVE-2006-3972 (Directory traversal vulnerability in ...)
Secure testing commits - Jun 2007 - r6020 - data/CVE

[Secure-testing-commits] r6020 - data/CVE
