Author: jmm-guest Date: 2007-04-08 20:47:19 +0000 (Sun, 08 Apr 2007) New Revision: 5634 Modified: data/CVE/list Log: sql-ledger documented as insecure horde3 fixed libwpd fixed new kernel issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-04-06 11:11:29 UTC (rev 5633) +++ data/CVE/list 2007-04-08 20:47:19 UTC (rev 5634) @@ -685,9 +685,13 @@ CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running ...) NOT-FOR-US: Cisco CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only ...) - - sql-ledger <unfixed> (bug #409703) + - sql-ledger <unfixed> (unimportant, bug #409703) + NOTE: It''s documented behaviour that SQL-Ledger should only be run in an + NOTE: authenticated HTTP zone and without untrusted users CVE-2007-1540 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 and ...) - - sql-ledger <unfixed> (bug #409703) + - sql-ledger <unfixed> (unimportant, bug #409703) + NOTE: It''s documented behaviour that SQL-Ledger should only be run in an + NOTE: authenticated HTTP zone and without untrusted users CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX ...) NOT-FOR-US: pragmaMX Landkarten CVE-2007-1538 (** DISPUTED ** ...) @@ -843,9 +847,9 @@ CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ...) - php4 <unfixed> (low) CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in Horde ...) - - horde3 <unfixed> (medium) + - horde3 3.1.3-4 (medium) CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in ...) - - horde3 <unfixed> (medium) + - horde3 <unfixed> (low) CVE-2007-1472 (Variable overwrite vulnerability in groupit/base/groupit.start.inc in ...) NOT-FOR-US: Groupit CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass ...) @@ -860,6 +864,7 @@ NOT-FOR-US: Cisco Secure Access Control Server CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents ...) - libwpd 0.8.9-1 (medium) + [etch] - libwpd 0.8.7-6 CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 ...) NOT-FOR-US: dproxy CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in ...) @@ -943,9 +948,13 @@ CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers to cause ...) NOT-FOR-US: Avant Browser CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger ...) - - sql-ledger <unfixed> (bug #409703) + - sql-ledger <unfixed> (unimportant, bug #409703) + NOTE: It''s documented behaviour that SQL-Ledger should only be run in an + NOTE: authenticated HTTP zone and without untrusted users CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...) - - sql-ledger <unfixed> (bug #409703) + - sql-ledger <unfixed> (unimportant, bug #409703) + NOTE: It''s documented behaviour that SQL-Ledger should only be run in an + NOTE: authenticated HTTP zone and without untrusted users CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to ...) NOT-FOR-US: D-Link TFTP Server CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly ...) @@ -1111,8 +1120,9 @@ - libapache-mod-security <removed> CVE-2007-1358 RESERVED -CVE-2007-1357 +CVE-2007-1357 [linux kernel appletalk remote DoS] RESERVED + - linux-2.6 2.6.20-1 CVE-2007-1356 RESERVED CVE-2007-1355 @@ -5355,6 +5365,7 @@ NOTE: openoffice.org changelog indicates libwpd is included but not used - openoffice.org 2.0.4.dfsg.2-6 [etch] - openoffice.org 2.0.4.dfsg.2-5etch1 + [etch] - libwpd 0.8.7-6 CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl -w) in ...) - linux-2.6 <unfixed> CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in ...)