Author: keescook-guest Date: 2007-03-08 20:11:21 +0000 (Thu, 08 Mar 2007) New Revision: 5525 Modified: data/CVE/list data/embedded-code-copies Log: NFUs: 6 unfixed: mplayer viewcvs xine-lib fixed: iceweasel libapache2-mod-python xulrunner Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-03-08 09:14:17 UTC (rev 5524) +++ data/CVE/list 2007-03-08 20:11:21 UTC (rev 5525) @@ -137,7 +137,8 @@ CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs ...) NOT-FOR-US: aWebNews CVE-2007-1246 (The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in ...) - TODO: check + - mplayer <unfixed> (medium) + - xine-lib <unfixed> (medium) CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service ...) NOT-FOR-US: IrfanView CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in ...) @@ -151,9 +152,9 @@ CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS ...) NOT-FOR-US: Docebo CMS CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which allows ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive ...) NOT-FOR-US: sitex CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information via a ...) @@ -187,9 +188,9 @@ CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and Drop by ...) NOT-FOR-US: Parallels Desktop CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows ...) - TODO: check + NOT-FOR-US: Microsoft Xbox 360 CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not ...) - TODO: check + NOT-FOR-US: Microsoft Xbox 360 CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin ...) NOT-FOR-US: Phorum CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in libcapi, as ...) @@ -304,7 +305,7 @@ CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and ...) NOT-FOR-US: webSPELL CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement Project ...) - TODO: check + NOT-FOR-US: Common Controls ActiveX control CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call ...) NOT-FOR-US: Call Center Software CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when ...) @@ -340,11 +341,11 @@ CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g allows ...) NOT-FOR-US: Oracle Database Server CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the ...) - TODO: check + - viewcvs <unfixed> (low) CVE-2005-4830 (CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote ...) - viewcvs <unfixed> (low) CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...) - TODO: check + - libapache2-mod-python 3.2.8-1 (low) CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the ...) - tcpdump 3.9.5-2 (bug #413430; medium) CVE-2007-XXXX [puttygen can create world-readable private keys] @@ -759,7 +760,7 @@ CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 ...) NOT-FOR-US: PGPFreeware CVE-2002-2223 (Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to ...) - TODO: check + NOT-FOR-US: NetScreen-Remote CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and ...) NOT-FOR-US: FreeBSD CVE-2007-XXXX [vserver patch allows renice of processes in different context] @@ -867,7 +868,9 @@ CVE-2007-0997 RESERVED CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before ...) - TODO: check + NOTE: MFSA-2007-02 + - iceweasel 2.0.0.2+dfsg-1 (low) + - xulrunner 1.8.0.10-1 (low) CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey ...) NOTE: MFSA-2007-02 - iceweasel 2.0.0.2+dfsg-1 (low) @@ -1322,7 +1325,7 @@ NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-", NOTE: which probably turns this into remote code execution NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration - TODO: unrar-free and clamav (which embeds unrar-free code) need to be checked + NOTE: unrar-free and clamav (which embeds unrar-free code) not affected CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in cPanel ...) NOT-FOR-US: cPanel WebHost Manager CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers ...) Modified: data/embedded-code-copies ==================================================================--- data/embedded-code-copies 2007-03-08 09:14:17 UTC (rev 5524) +++ data/embedded-code-copies 2007-03-08 20:11:21 UTC (rev 5525) @@ -252,3 +252,5 @@ unrar-free: (maybe this code is derived from the original rar, too?) clamav (seems to be disabled in default config) +mplayer: +xine-lib (libw32dll)