stef-guest at alioth.debian.org
2007-Aug-13 19:27 UTC
[Secure-testing-commits] r6295 - data/CVE
Author: stef-guest
Date: 2007-08-13 19:27:48 +0000 (Mon, 13 Aug 2007)
New Revision: 6295
Modified:
data/CVE/list
Log:
new issues:
rar, unrar-nonfree (low)
php4, php5
linux-2.6, kfreebsd-5 (low)
ice*
imlib (low)
NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-08-13 18:08:15 UTC (rev 6294)
+++ data/CVE/list 2007-08-13 19:27:48 UTC (rev 6295)
@@ -7,7 +7,7 @@
[sarge] - asterisk <not-affected> (not affected according to advisory)
[etch] - asterisk <not-affected> (not affected according to advisory)
CVE-2007-4263 (Unspecified vulnerability in the server side of the Secure Copy
(SCP) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2007-4262 (Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and
...)
TODO: NOT-FOR-US EZPhotoSales
CVE-2007-4261 (EZPhotoSales 1.9.3 and earlier stores sensitive information
under the ...)
@@ -17,7 +17,7 @@
CVE-2007-4259 (EZPhotoSales 1.9.3 and earlier allows remote attackers to
download ...)
TODO: NOT-FOR-US EZPhotoSales
CVE-2007-4258 (SQL injection vulnerability in directory.php in Prozilla Pub
Site ...)
- TODO: check
+ NOT-FOR-US: Prozilla
CVE-2007-4257 (Multiple buffer overflows in Live for Speed (LFS) S1 and S2
allow ...)
TODO: check
CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal
System ...)
@@ -912,7 +912,10 @@
CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X
allows ...)
NOT-FOR-US: Apple Mac OS X
CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain
(aka ...)
- TODO: check
+ - mozilla-firefox <removed>
+ - iceweasel <unfixed>
+ - iceape <unfixed>
+ - xulrunner <unfixed>
CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3825 (Multiple stack-based buffer overflows in the RPC implementation
in ...)
@@ -952,7 +955,11 @@
CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape
Forum ...)
NOT-FOR-US: SiteScape Forum
CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent
attackers to ...)
- TODO: check
+ - php5 <unfixed>
+ - php4 <removed>
+ [etch] - php5 <no-dsa> (requires malicious script)
+ [etch] - php4 <no-dsa> (requires malicious script)
+ [sarge] - php4 <no-dsa> (requires malicious script)
CVE-2007-3805 (The IKE implementation in Clavister CorePlus before 8.80.03, and
...)
NOT-FOR-US: Clavister CorePlus
CVE-2007-3804 (The AntiVirus engine in the HTTP-ALG in Clavister CorePlus
before ...)
@@ -966,7 +973,8 @@
CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan)
component ...)
NOT-FOR-US: Symantec
CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7
and ...)
- TODO: check
+ - php4 <unfixed>
+ - php5 <unfixed>
CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump
3.9.6 ...)
{DSA-1353-1}
- tcpdump 3.9.5-3 (bug #434030)
@@ -985,7 +993,8 @@
CVE-2007-3791 (Buffer overflow in the w_read function in sockets.c in Cami
Sardinha ...)
- postfix-policyd 1.80-2.2 (bug #435735)
CVE-2007-3790 (The com_print_typeinfo function in the bz2 extension in PHP
5.2.3 ...)
- TODO: check
+ - php5 <unfixed>
+ - php4 <unfixed>
CVE-2007-3789 (SQL injection vulnerability in admin/index.php in Inmostore 4.0
allows ...)
NOT-FOR-US: Inmostore
CVE-2007-3788 (The eSoft InstaGate EX2 UTM device stores the admin password
within ...)
@@ -1086,13 +1095,13 @@
CVE-2007-3749
RESERVED
CVE-2007-3748 (Buffer overflow in the UPnP IGD (Internet Gateway Device
Standardized ...)
- TODO: check
+ NOT-FOR-US: iChat on Apple Mac OS X
CVE-2007-3747 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and
10.4.10 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2007-3746 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and
10.4.10 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2007-3745 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and
10.4.10 ...)
- TODO: check
+ NOT-FOR-US: Apple Mac OS X
CVE-2007-3744 (Buffer overflow in the UPnP IGD (Internet Gateway Device
Standardized ...)
TODO: check
CVE-2007-3743 (Stack-based buffer overflow in bookmark handling in Apple Safari
3 ...)
@@ -1150,7 +1159,8 @@
CVE-2007-3727 (Multiple unspecified vulnerabilities in Webmatic before 2.7 have
...)
NOT-FOR-US: WebMatic
CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp
in ...)
- TODO: check
+ - unrar-nonfree <unfixed> (low; bug #437703)
+ - rar <unfixed> (low; bug #437704)
CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91
allows ...)
{DSA-1340-1 DTSA-43-1}
- clamav 0.91-1
@@ -1160,13 +1170,13 @@
CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make
use of ...)
NOT-FOR-US: Solaris
CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs
scheduling ...)
- TODO: check
+ - kfreebsd-5 <unfixed> (low)
CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives preference
to ...)
- TODO: check
+ - kfreebsd-5 <unfixed> (low)
CVE-2007-3720 (The process scheduler in the Linux kernel 2.4 performs
scheduling ...)
TODO: check
CVE-2007-3719 (The process scheduler in the Linux kernel 2.6.16 gives
preference to ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2007-3718 (Multiple unspecified vulnerabilities in the SVG parsing engine
in ...)
TODO: check
CVE-2007-3717 (rcp on Sun Solaris 8, 9, and 10 before 20070710 does not
properly call ...)
@@ -1174,9 +1184,9 @@
CVE-2007-3716 (The Java XML Digital Signature implementation in Sun JDK and JRE
6 ...)
TODO: check
CVE-2007-3715 (Sun Java System Application Server and Web Server 7.0 through
9.0 ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Application Server and Web Server
CVE-2007-3714 (Directory traversal vulnerability in Ada Image Server (ImgSvr)
0.6.5 ...)
- TODO: check
+ NOT-FOR-US: Ada Image Server
CVE-2007-3713 (Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21
allow ...)
TODO: check
CVE-2007-3712 (Multiple cross-site scripting (XSS) vulnerabilities in
HiddenChest "is ...)
@@ -1340,11 +1350,11 @@
CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote
attackers ...)
NOT-FOR-US: MKPortal
CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin
2.1 for ...)
- TODO: check
+ NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3635 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin
before ...)
- TODO: check
+ NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for ...)
- TODO: check
+ NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3633 (Absolute path traversal vulnerability in the Chilkat Software
Chilkat ...)
NOT-FOR-US: Chilkat Software
CVE-2007-3632 (Multiple PHP remote file inclusion vulnerabilities in LimeSurvey
(aka ...)
@@ -1373,7 +1383,7 @@
CVE-2007-3621 (Multiple CRLF injection vulnerabilities in callboth.php in
AsteriDex ...)
NOT-FOR-US: AsteriDex
CVE-2007-3620 (Multiple directory traversal vulnerabilities in Maia Mailguard
1.0.2 ...)
- TODO: check
+ NOT-FOR-US: Maia Mailguard
CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard
1.0.2 ...)
NOT-FOR-US: Maia Mailguard
CVE-2007-3618
@@ -1385,7 +1395,7 @@
CVE-2007-3615 (Internet Communication Manager (aka ICMAN.exe or ICM) in SAP
NetWeaver ...)
NOT-FOR-US: SAP
CVE-2007-3614 (Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP
DB ...)
- TODO: check
+ NOT-FOR-US: SAP DB Web Server
CVE-2007-3613 (Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in
SAP ...)
NOT-FOR-US: SAP
CVE-2007-3612 (Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows
remote IRC ...)
@@ -1435,7 +1445,7 @@
CVE-2007-3590 (Cross-site scripting (XSS) vulnerability in visitenkarte.php in
b1gBB ...)
NOT-FOR-US: b1gBB
CVE-2007-3589 (Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow
remote ...)
- TODO: check
+ NOT-FOR-US: b1gbb
CVE-2007-3588 (SQL injection vulnerability in reply.php in VBZooM 1.12 allows
remote ...)
NOT-FOR-US: VBZooM
CVE-2007-3587 (MyCMS 0.9.8 and earlier allows remote attackers to gain
privileges via ...)
@@ -1453,7 +1463,7 @@
CVE-2007-3581 (The Jedox Palo 1.5 client transmits the password in cleartext,
which ...)
NOT-FOR-US: Jedox
CVE-2007-3580 (PHPIDS does not properly handle certain code containing
newlines, as ...)
- TODO: check
+ NOT-FOR-US: PHPIDS
CVE-2007-3579 (PHPIDS before 20070703 does not properly handle setting the
.text ...)
NOT-FOR-US: PHPIDS
CVE-2007-3578 (PHPIDS before 20070703 does not properly handle (1) arithmetic
...)
@@ -1477,11 +1487,11 @@
CVE-2007-3569 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver
Library ...)
NOT-FOR-US: Oliver Library Management System
CVE-2007-3568 (The _LoadBMP function in imlib 1.9.15 and earlier allows ...)
- TODO: check
+ - imlib <unfixed> (bug filed; low)
CVE-2007-3567 (MySQLDumper 1.21b through 1.23 REV227 uses a "Limit
GET" statement in ...)
NOT-FOR-US: MysqlDumper
CVE-2007-3566 (Stack-based buffer overflow in the database service
(ibserver.exe) in ...)
- TODO: check
+ NOT-FOR-US: Borland InterBase
CVE-2007-3565
RESERVED
CVE-2007-3564 (libcurl 7.14.0 through 7.16.3, when built with GnuTLS support,
does ...)
@@ -1500,7 +1510,7 @@
CVE-2007-3558 (SQL injection vulnerability in Coppermine Photo Gallery (CPG)
before ...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-3557 (SQL injection vulnerability in admin/login.php in Wheatblog (wB)
1.1, ...)
- TODO: check
+ NOT-FOR-US: Wheatblog
CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web
root with ...)
NOT-FOR-US: Liesbeth
CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle
1.7.1 ...)