Author: jmm-guest Date: 2007-04-11 21:34:28 +0000 (Wed, 11 Apr 2007) New Revision: 5649 Modified: data/CVE/list Log: new mydms issue two kernel issues fixed in 2.6.20 util-linux issue expected behaviour according to vendor-sec (lamont, shout if you disagree) Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-04-11 21:32:22 UTC (rev 5648) +++ data/CVE/list 2007-04-11 21:34:28 UTC (rev 5649) @@ -1,3 +1,5 @@ +CVE-2007-XXXX [mydms SQL injection] + - mydms 1.4.4+1-5 CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...) TODO: check CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...) @@ -171,7 +173,9 @@ CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP ...) TODO: check CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...) - TODO: check + - php5 5.2.0-9 + - php4 6:4.4.4-9 + NOTE: Dupe of CVE-2007-0906 CVE-2007-1884 (Multiple integer signedness errors in the printf function family in ...) TODO: check CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...) @@ -309,8 +313,9 @@ CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco ...) NOT-FOR-US: Cisco Unified CallManager CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...) - - php4 <unfixed> (medium) - - php5 <unfixed> (medium) + - php5 5.2.0-9 + - php4 6:4.4.4-9 + NOTE: Dupe of CVE-2007-0906 CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...) - php5 <unfixed> (medium) CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or ...) @@ -821,7 +826,7 @@ CVE-2007-1593 RESERVED CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...) - - linux-2.6 <unfixed> (medium) + - linux-2.6 2.6.20-1 (medium) CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus ...) NOT-FOR-US: Trend Micro CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 ...) @@ -1939,7 +1944,8 @@ CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call ...) NOT-FOR-US: Call Center Software CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when ...) - - util-linux <unfixed> (low) + - util-linux <unfixed> (unimportant) + NOTE: Expected behaviour; pam_acct_mgmt() requires prior pam_authenticate() CVE-2006-7107 (PHP remote file inclusion vulnerability in upgrade.php in Coalescent ...) NOT-FOR-US: freePBX CVE-2006-7106 (PHP remote file inclusion vulnerability in config.inc.php3 in Power ...) @@ -5629,7 +5635,7 @@ CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...) - linux-2.6 2.6.18.dfsg.1-12 CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in ...) - - linux-2.6 <unfixed> + - linux-2.6 2.6.20-1 CVE-2007-0004 RESERVED CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers ...)