Author: keescook-guest Date: 2007-04-12 21:03:21 +0000 (Thu, 12 Apr 2007) New Revision: 5652 Modified: data/CVE/list Log: NFUs: 97 unfixed: iceweasel php5 sql-ledger tinymux wordpress fixed: moodle net-snmp wordpress not-affected: sendmail Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-04-12 00:44:43 UTC (rev 5651) +++ data/CVE/list 2007-04-12 21:03:21 UTC (rev 5652) @@ -1,123 +1,123 @@ CVE-2007-XXXX [mydms SQL injection] - mydms 1.4.4+1-5 CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...) - TODO: check + NOT-FOR-US: fotokategori.asp CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...) - TODO: check + - iceweasel <unfixed> (low) CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam ...) - TODO: check + NOT-FOR-US: MyBlog CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...) - TODO: check + NOT-FOR-US: MyBlog CVE-2007-1967 (PHP remote file inclusion vulnerability in index.php in stat12 allows ...) - TODO: check + NOT-FOR-US: stat12 CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows ...) - TODO: check + NOT-FOR-US: eXV2 CMS CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS ...) - TODO: check + NOT-FOR-US: eXV2 CMS CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is ...) - TODO: check + NOT-FOR-US: MyBulletinBoard CVE-2007-1963 (SQL injection vulnerability in the create_session function in ...) - TODO: check + NOT-FOR-US: MyBulletinBoard CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02 and ...) - TODO: check + NOT-FOR-US: WF-Snippets module for Xoops CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php in the ...) - TODO: check + NOT-FOR-US: Mutant portal for phpBB CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...) - TODO: check + NOT-FOR-US: Rha7 Downloads CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in ...) - TODO: check + - tinymux <unfixed> (medium) CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause a ...) - TODO: check + - tinymux <unfixed> (medium) CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain ...) - TODO: check + NOT-FOR-US: Portail Web Php CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads ...) - TODO: check + NOT-FOR-US: Groupee UBB.threads CVE-2007-1955 (Multiple stack-based buffer overflows in the SignKorea SKCrypAX ...) - TODO: check + NOT-FOR-US: SKCrypAX ActiveX control CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 ...) - TODO: check + NOT-FOR-US: ArchiveXpert CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote ...) - TODO: check + NOT-FOR-US: onelook courts on-line CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote ...) - TODO: check + NOT-FOR-US: onelook onebyone CMS CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote ...) - TODO: check + NOT-FOR-US: onelook obo Shop CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in ...) - TODO: check + NOT-FOR-US: WebBlizzard CMS CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote ...) - TODO: check + NOT-FOR-US: WebBlizzard CMS CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers ...) - TODO: check + NOT-FOR-US: IrfanView CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...) - TODO: check + NOT-FOR-US: Firebug extension for Firefox CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might ...) TODO: check CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent ...) - TODO: check + NOT-FOR-US: ACDSee Photo Manager CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows ...) - TODO: check + NOT-FOR-US: FastStone Image Viewer CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...) - TODO: check + NOT-FOR-US: Domino Web Access CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 ...) - TODO: check + NOT-FOR-US: IBM Tivoli Business Service Manager CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded webserver in ...) - TODO: check + NOT-FOR-US: LanguageTool CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products, allows ...) - TODO: check + NOT-FOR-US: Ichitaro CVE-2007-1937 (PHP remote file inclusion vulnerability in smilies.php in Scorp Book ...) - TODO: check + NOT-FOR-US: Scorp Book CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ...) - TODO: check + NOT-FOR-US: ScarAdControl CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in ScarAdControl ...) - TODO: check + NOT-FOR-US: ScarAdControl CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard 1.0.7 ...) - TODO: check + NOT-FOR-US: eBoard module for PHP-Nuke CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook ...) - TODO: check + NOT-FOR-US: PcP-Guestbook CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in ScarNews ...) - TODO: check + NOT-FOR-US: ScarNews CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in ...) - TODO: check + NOT-FOR-US: SmodCMS CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21 ...) - TODO: check + NOT-FOR-US: cattaDoc CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0 ...) - TODO: check + NOT-FOR-US: Beryo CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows ...) - TODO: check + NOT-FOR-US: witshare CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer ...) - TODO: check + NOT-FOR-US: CmailServer WebMail CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin ...) - TODO: check + NOT-FOR-US: JBMC Software DirectAdmin CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in Tru-Zone ...) - TODO: check + NOT-FOR-US: Tru-Zone Nuke ET CVE-2007-1924 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: phpContact CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...) - TODO: check + - sql-ledger <unfixed> (unimportant; bug #409703) CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in ...) - TODO: check + NOT-FOR-US: Winamp CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other ...) - TODO: check + NOT-FOR-US: Winamp CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci module in ...) - TODO: check + NOT-FOR-US: aktualnosci module in SmodBIP CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream ...) - TODO: check + NOT-FOR-US: Arizona Dream Livre d''or CVE-2007-1918 (The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 ...) - TODO: check + NOT-FOR-US: SAP RFC Library CVE-2007-1917 (Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC ...) - TODO: check + NOT-FOR-US: SAP RFC Library CVE-2007-1916 (Buffer overflow in the RFC_START_GUI function in the SAP RFC Library ...) - TODO: check + NOT-FOR-US: SAP RFC Library CVE-2007-1915 (Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC ...) - TODO: check + NOT-FOR-US: SAP RFC Library CVE-2007-1914 (The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 ...) - TODO: check + NOT-FOR-US: SAP RFC Library CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and ...) - TODO: check + NOT-FOR-US: SAP RFC Library CVE-2007-1912 (Heap-based buffer overflow in Microsoft Windows allows user-assisted ...) TODO: check CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007 allow ...) @@ -125,17 +125,17 @@ CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote ...) TODO: check CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt ...) - TODO: check + NOT-FOR-US: Battle.net Clan Script CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant ...) - TODO: check + NOT-FOR-US: PHP121 Instant Messenger CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos Content ...) - TODO: check + NOT-FOR-US: Pathos CMS CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in eCardMAX ...) - TODO: check + NOT-FOR-US: eCardMAX HotEditor CVE-2007-1905 (Cross-site scripting (XSS) vulnerability in auth.php in Pineapple ...) - TODO: check + NOT-FOR-US: QuizShock CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 ...) - TODO: check + NOT-FOR-US: AOL Instant Messenger CVE-2007-1903 RESERVED CVE-2007-1902 @@ -143,21 +143,21 @@ CVE-2007-1901 RESERVED CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ...) - TODO: check + - php5 <unfixed> (low) CVE-2007-1899 RESERVED CVE-2007-1898 RESERVED CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...) - TODO: check + - wordpress 2.1.3-1 (medium) CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach ...) - TODO: check + NOT-FOR-US: Sky GUNNING MySpeach CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING ...) - TODO: check + NOT-FOR-US: Sky GUNNING MySpeach CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in ...) - TODO: check + - wordpress 2.1.3-1 (medium) CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows ...) - TODO: check + - wordpress 2.1.3-1 (medium) CVE-2007-1892 RESERVED CVE-2007-1891 @@ -165,7 +165,7 @@ CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...) TODO: check CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...) - TODO: check + - php5 <unfixed> (medium) CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c ...) - php4 <not-affected> (SQLite not enabled in PHP 4 packages) TODO: check PHP 5 @@ -173,27 +173,27 @@ - php4 <not-affected> (SQLite not enabled in PHP 4 packages) TODO: check PHP 5 CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP ...) - TODO: check + NOT-FOR-US: Duplicate of CVE-2007-1885 CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...) - php5 5.2.0-9 - php4 6:4.4.4-9 NOTE: Dupe of CVE-2007-0906 CVE-2007-1884 (Multiple integer signedness errors in the printf function family in ...) - TODO: check + - php5 <unfixed> (low) CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...) - php4 <unfixed> (unimportant) - php5 <unfixed> (unimportant) NOTE: Only triggerable by malicious script CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury ...) - TODO: check + NOT-FOR-US: HP Mercury Quality Center CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, ...) - TODO: check + NOT-FOR-US: Kaspersky Anti-Virus CVE-2007-1880 (Integer overflow in the _NtSetValueKey function in klif.sys in ...) - TODO: check + NOT-FOR-US: Kaspersky Anti-Virus CVE-2007-1879 (The StartUploading function in KL.SysInfo ActiveX control ...) - TODO: check + NOT-FOR-US: KL.SysInfo ActiveX control CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...) - TODO: check + NOT-FOR-US: Firebug extension for Firefox CVE-2007-1877 RESERVED CVE-2007-1876 @@ -213,11 +213,11 @@ CVE-2007-1869 RESERVED CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS ...) - TODO: check + NOT-FOR-US: IBM Tivoli Provisioning Manager CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: IrfanView CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name function in ...) - TODO: check + NOT-FOR-US: dproxy-nexgen CVE-2007-1865 RESERVED CVE-2007-1864 @@ -239,39 +239,39 @@ CVE-2007-1856 RESERVED CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in ...) - TODO: check + NOT-FOR-US: Shop-Script CVE-2007-1854 (Unspecified vulnerability in Hitachi Cosminexus Component Container ...) - TODO: check + NOT-FOR-US: Hitachi Cosminexus Component Container CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, ...) - TODO: check + NOT-FOR-US: Hitachi DeviceManager CVE-2007-1852 (Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 ...) - TODO: check + NOT-FOR-US: 2BGal CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and ...) - TODO: check + NOT-FOR-US: Really Simple PHP and Ajax CVE-2007-1850 (Directory traversal vulnerability in classes/captcha/captcha.jpg.php ...) - TODO: check + NOT-FOR-US: Drake CMS CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows ...) - TODO: check + NOT-FOR-US: Drake CMS CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php ...) - TODO: check + NOT-FOR-US: Drake CMS CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository module ...) - TODO: check + NOT-FOR-US: Repository module for Xoops CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and ...) - TODO: check + NOT-FOR-US: MyAds CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded Calendar ...) - TODO: check + NOT-FOR-US: Expanded Calendar module for PHP-Fusion CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark ...) - TODO: check + NOT-FOR-US: Aardvark Topsites CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in ...) - TODO: check + NOT-FOR-US: MapLab CVE-2007-1842 (Directory traversal vulnerability in login.php in JSBoard before ...) - TODO: check + NOT-FOR-US: JSBoard CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in ...) TODO: check CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle ...) TODO: check CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, and 5.1.x before ...) - TODO: check + - net-snmp 5.2.2-1 (medium) CVE-2005-4836 RESERVED CVE-2007-XXXX [Dos in quagga''s bgpd through MP_REACH_NLRI and MP_UNREACH_NLRI] @@ -381,7 +381,7 @@ CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary ...) NOT-FOR-US: URLshrink CVE-2007-1794 (The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, ...) - TODO: check + NOT-FOR-US: Duplicate of CVE-2006-3805 CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and ...) NOT-FOR-US: Symantec Norton Personal Firewall CVE-2007-1792 @@ -569,7 +569,7 @@ - php5 <unfixed> (unimportant) NOTE: Hardly a security problem CVE-2007-1716 (pam_console does not properly restore ownership for certain console ...) - TODO: check + NOT-FOR-US: pam_console CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...) NOT-FOR-US: Free Image Hosting CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 ...) @@ -635,13 +635,13 @@ CVE-2007-1688 RESERVED CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation iPIX ...) - TODO: check + NOT-FOR-US: iPIX Image Well ActiveX control CVE-2007-1686 RESERVED CVE-2007-1685 RESERVED CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in ...) - TODO: check + NOT-FOR-US: sldimdownload ActiveX control CVE-2007-1683 RESERVED CVE-2007-1682 @@ -649,7 +649,7 @@ CVE-2007-1681 RESERVED CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...) - TODO: check + NOT-FOR-US: AudioConf ActiveX control CVE-2007-1679 (** DISPUTED ** ...) TODO: check CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension ...) @@ -706,9 +706,9 @@ CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial ...) NOT-FOR-US: GlowWorm FW CVE-2007-1652 (OpenID allows remote attackers to forcibly log a user into an OpenID ...) - TODO: check + NOT-FOR-US: MyOpenID.com CVE-2007-1651 (Cross-site request forgery (CSRF) vulnerability in OpenID allows ...) - TODO: check + NOT-FOR-US: MyOpenID.com CVE-2007-1650 (pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to ...) NOT-FOR-US: pcapsipdump CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap ...) @@ -717,7 +717,7 @@ CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of ...) NOT-FOR-US: 0irc CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ...) - TODO: check + - moodle 1.5.3-1 (low) CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 ...) NOT-FOR-US: SubHub CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows ...) @@ -816,7 +816,7 @@ CVE-2007-1600 (PHP remote file inclusion vulnerability in module.php in Digital Eye ...) NOT-FOR-US: Digital Eye Gallery CVE-2007-1599 (wp-login.php in WordPress allows remote attackers to redirect ...) - TODO: check + - wordpress <unfixed> (low) CVE-2007-1598 (Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 ...) NOT-FOR-US: FileCOPA FTP CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the ...) @@ -850,9 +850,9 @@ - madwifi 1:0.9.2+r1842.20061207-2 (low) [etch] - madwifi <no-dsa> (Non-free not supported) CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...) - TODO: check + - sendmail <not-affected> (Not a program flaw, a DNS error) CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...) - TODO: check + - sendmail <not-affected> (Debian compiles with FFR_TLS correctly) CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c sample ...) - madwifi 1:0.9.2+r1842.20061207-2 (low) [etch] - madwifi <no-dsa> (Non-free not supported) @@ -1708,9 +1708,9 @@ CVE-2007-1272 RESERVED CVE-2007-1271 (Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow ...) - TODO: check + NOT-FOR-US: VMware ESX Server CVE-2007-1270 (Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows ...) - TODO: check + NOT-FOR-US: VMware ESX Server CVE-2007-1269 (GNUMail 1.1.2 and earlier does not properly use the --status-fd ...) - gnumail <unfixed> (unimportant) NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263 @@ -2096,7 +2096,7 @@ CVE-2007-1113 RESERVED CVE-2007-1112 (Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe ...) - TODO: check + NOT-FOR-US: Kaspersky Anti-Virus CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar ...) NOT-FOR-US: ActiveCalendar CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ...) @@ -2507,7 +2507,7 @@ - evolution <unfixed> [sarge] - evolution <not-affected> (Vulnerable code not present) CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2) readwbmp ...) - TODO: check + - php5 <unfixed> (medium) CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...) - linux-2.6 2.6.18.dfsg.1-12 (medium) CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other ...) @@ -3303,7 +3303,7 @@ CVE-2007-0735 RESERVED CVE-2007-0734 (The AirPort Disk feature of the AirPort Extreme Base Station with ...) - TODO: check + NOT-FOR-US: AirPort Extreme Base Station CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...) NOT-FOR-US: Apple Mac ImageIO CVE-2007-0732 @@ -3980,7 +3980,7 @@ CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard ...) NOT-FOR-US: HP Mercury CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand ...) - TODO: check + NOT-FOR-US: Kaspersky Anti-Virus CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...) NOT-FOR-US: Citrix CVE-2007-0443