jmm-guest at alioth.debian.org
2007-Aug-13 17:18 UTC
[Secure-testing-commits] r6293 - data/CVE
Author: jmm-guest
Date: 2007-08-13 17:18:12 +0000 (Mon, 13 Aug 2007)
New Revision: 6293
Modified:
data/CVE/list
Log:
openoffice non-issue
NFUs
sisiphos: three closed, two new
zziplib no-dsa
-- Diese und die folgenden Zeilen werden ignoriert --
M data/CVE/list
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-08-13 12:30:11 UTC (rev 6292)
+++ data/CVE/list 2007-08-13 17:18:12 UTC (rev 6293)
@@ -31,7 +31,8 @@
CVE-2007-4252 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
TODO: check
CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with
multiple ...)
- TODO: check
+ - openoffice.org (unimportant)
+ NOTE: Only a crasher with malformed documents
CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar
allows ...)
TODO: check
CVE-2007-4249 (The isChecked function in Toolbar.DLL in the ExportNation
toolbar for ...)
@@ -153,17 +154,17 @@
CVE-2007-4191 (Panda Antivirus 2008 stores service executables under the
product''s ...)
TODO: check
CVE-2007-4190 (CRLF injection vulnerability in Joomla! before 1.0.13 (aka
Sunglow) ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2007-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2007-4188 (Session fixation vulnerability in Joomla! before 1.0.13 (aka
Sunglow) ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2007-4187 (Multiple eval injection vulnerabilities in the com_search
component in ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2007-4186 (PHP remote file inclusion vulnerability in admin.tour_toto.php
in the ...)
- TODO: check
+ NOT-FOR-US: Joomla! addon
CVE-2007-4185 (Joomla! 1.0.12 allows remote attackers to obtain sensitive
information ...)
- TODO: check
+ NOT-FOR-US: Joomla!
CVE-2007-4184 (SQL injection vulnerability in
administrator/popups/pollwindow.php in ...)
TODO: check
CVE-2007-4183 (SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and
...)
@@ -223,9 +224,9 @@
CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
TODO: check
CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1
allows ...)
- TODO: check
+ - wordpress <unfixed>
CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress
2.2.1 ...)
- TODO: check
+ - wordpress <unfixed>
CVE-2007-4152 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft
Audit ...)
TODO: check
CVE-2007-4151 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft
Audit ...)
@@ -2524,6 +2525,7 @@
NOT-FOR-US: phpWebThings
CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2
allows ...)
- wordpress 2.2.1-1 (bug #428073)
+ [etch] - wordpress <not-affected> (Doesn''t affect 2.0.x branch)
CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default
...)
NOT-FOR-US: Quick.Cart
CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution
...)
@@ -3327,7 +3329,7 @@
NOT-FOR-US: eTicket
CVE-2007-2799 (Integer overflow in the "file" program 4.20,
when running on 32-bit ...)
{DSA-1343-1}
- - file 4.21-1 (medium)
+ - file 4.21-1 (medium; bug #428293)
CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc
function in ...)
{DSA-1323-1}
- krb5 1.6.dfsg.1-5 (high; bug #430785)
@@ -6054,6 +6056,7 @@
NOT-FOR-US: ScriptMagix
CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function
in ...)
- zziplib <unfixed> (bug #436701; low)
+ [etch] - zziplib <no-dsa> (Minor issue)
NOTE:
http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
NOTE: If an attacker can supply arbitrary file names, we likely suffer from
NOTE: an information disclosure issue anyway.
@@ -7105,6 +7108,7 @@
NOT-FOR-US: IrfanView
CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the
AdminPanel in ...)
- wordpress 2.1.2-1 (medium)
+ [etch] - wordpress 2.0.10
CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass
authentication ...)
NOT-FOR-US: Audins Audiens
CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins
Audiens 3.3 ...)
@@ -7133,6 +7137,7 @@
NOT-FOR-US: SQLiteManager
CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- wordpress 2.1.2-1 (medium)
+ [etch] - wordpress 2.0.10
CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ...)
NOT-FOR-US: Nullsoft ShoutcastServer
CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9
before Fix ...)