Author: fw Date: 2007-04-26 07:20:48 +0000 (Thu, 26 Apr 2007) New Revision: 5735 Modified: data/CVE/list Log: NFUs CVE-2007-2231: dovecot issue CVEified CVE-2007-2243: new OpenSSH issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-04-26 07:10:08 UTC (rev 5734) +++ data/CVE/list 2007-04-26 07:20:48 UTC (rev 5735) @@ -35,9 +35,9 @@ CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) TODO: check CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3 allow ...) - TODO: check + NOT-FOR-US: Adobe Photoshop CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is ...) - TODO: check + - openssh <unfixed> (low) CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of service ...) TODO: check CVE-2007-2241 @@ -57,13 +57,14 @@ CVE-2007-2234 (include/common.php in PunBB 1.2.14 and earlier does not properly ...) TODO: check CVE-2007-2233 (cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote ...) - TODO: check + NOT-FOR-US: CoSign CVE-2007-2232 (The CHECK command in Cosign 2.0.1 and earlier allows remote attackers ...) - TODO: check + NOT-FOR-US: CoSign CVE-2007-2231 (Directory traversal vulnerability in index/mbox/mbox-storage.c in ...) - TODO: check + - dovecot 1.0.rc29-1 + [sarge] - dovecot <not-affected> (Vulnerable code not present) CVE-2007-2230 (SQL injection vulnerability in CA Clever Path Portal allows remote ...) - TODO: check + NOT-FOR-US: CA Clever Path CVE-2007-2229 RESERVED CVE-2007-2228 @@ -163,13 +164,13 @@ CVE-2007-2181 (PHP remote file inclusion vulnerability in admin/login.php in Webinsta ...) TODO: check CVE-2007-2180 (Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote ...) - TODO: check + NOT-FOR-US: Nullsoft Winamp CVE-2007-2179 (Multiple unspecified vulnerabilities in IXceedCompression in ...) TODO: check CVE-2007-2178 (Multiple unspecified vulnerabilities in Objective Development Sharity ...) TODO: check CVE-2007-2177 (Stack-based buffer overflow in the Microgaming Download Helper ActiveX ...) - TODO: check + NOT-FOR-US: Microgaming Download Helper CVE-2007-2176 (Unspecified vulnerability in Mozilla Firefox allows remote attackers ...) TODO: check CVE-2007-2175 (Unspecified vulnerability in Apple Safari allows remote attackers to ...) @@ -179,13 +180,13 @@ CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and (2) ...) TODO: check CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 causes RTA_MAX to be used ...) - TODO: check + - linux-2.6 <unfixed> (medium) CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in ...) - TODO: check + NOT-FOR-US: Novell GroupWise CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not ...) - TODO: check + NOT-FOR-US: Oracle E-Business Suite CVE-2007-2169 (Static code injection vulnerability in add.php in Mozzers SubSystem ...) - TODO: check + NOT-FOR-US: Mozzers SubSystem CVE-2007-2168 (Static code injection vulnerability in process.php in AimStats 3.2 and ...) TODO: check CVE-2007-2167 (Static code injection vulnerability in process.php in AimStats 3.2 ...) @@ -903,9 +904,6 @@ RESERVED CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable] - initramfs-tools 0.85g (low; bug #417995) -CVE-2007-XXXX [dovecot zlib plugin directory traversal] - - dovecot 1.0.rc29-1 - [sarge] - dovecot <not-affected> (Vulnerable code not present) CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...) - ldap-account-manager <unfixed> (medium) CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and ...)