Author: fw Date: 2007-04-21 08:41:10 +0000 (Sat, 21 Apr 2007) New Revision: 5693 Modified: data/CVE/list Log: clamav issues fixed: CVE-2007-1997, CVE-2007-1745, unnamed Python strxfrm issue classified Cisco NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-04-21 07:47:51 UTC (rev 5692) +++ data/CVE/list 2007-04-21 08:41:10 UTC (rev 5693) @@ -1,3 +1,7 @@ +CVE-2007-XXXX [unspecified vulnerability in Clamav''s PDF parser] + - clamav 0.90.2-1 (unknown; bug #418849) + NOTE: closed report: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=459 + NOTE: Commit r3021 looks as if it''s just a null pointer dereference. CVE-2007-XXXX [heap-based buffer overflow in git-blame with long file names] - git-core <unfixed> (low) NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb @@ -113,7 +117,9 @@ CVE-2007-2053 RESERVED CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in ...) - TODO: check + - python2.4 2.4.4-3 (bug #416931; low) + - python2.5 <unfixed> (bug #416934; low) + - python2.3 <unfixed> (low) CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has ...) NOT-FOR-US: bftpd CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in ...) @@ -135,25 +141,25 @@ CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...) NOT-FOR-US: MOSMedia Lite CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller (WLC) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, ...) NOT-FOR-US: 3proxy CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might ...) @@ -226,7 +232,7 @@ CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) ...) NOT-FOR-US: HIOX Guest Book CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract ...) - TODO: check + - clamav 0.90.2-1 (high) CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, ...) NOT-FOR-US: CodeBreak CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier ...) @@ -799,7 +805,7 @@ CVE-2007-1746 RESERVED CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam ...) - TODO: check + - clamav 0.90.2-1 (high) CVE-2007-1744 RESERVED CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...)