Author: nion Date: 2007-08-16 01:39:00 +0000 (Thu, 16 Aug 2007) New Revision: 6332 Modified: data/CVE/list Log: NFUs wordpress not affected by CVE-2007-4165 (this theme is not shipped with package) added bug for fail2ban CVE-2007-4321 Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-16 00:19:22 UTC (rev 6331) +++ data/CVE/list 2007-08-16 01:39:00 UTC (rev 6332) @@ -63,7 +63,7 @@ CVE-2007-4322 (BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) ...) NOT-FOR-US: BlockHosts CVE-2007-4321 (fail2ban 0.8 and earlier does not properly parse sshd log files, which ...) - - fail2ban <unfixed> (medium) + - fail2ban <unfixed> (bug #438187; medium) NOTE: only partially fixed in 0.8.0-4 according to maintainer CVE-2007-4320 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: Ncaster @@ -145,9 +145,9 @@ - serendipity 1.1.4-1 [etch] - serendipity <not-affected> (introduced in 1.1.x) CVE-2007-4281 (Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source ...) - TODO: check + NOT-FOR-US: KnowledgeTree CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in ...) - TODO: check + NOT-FOR-US FrontAccounting CVE-2007-4278 RESERVED CVE-2007-4277 @@ -176,9 +176,9 @@ CVE-2007-4266 RESERVED CVE-2007-4265 (Multiple cross-site scripting (XSS) vulnerabilities in VisionProject ...) - TODO: check + NOT-FOR-US: VisionProject CVE-2007-4264 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) - TODO: check + NOT-FOR-US: snif CVE-2007-4280 (The Skinny channel driver (chan_skinny) in Asterisk Open Source before ...) - asterisk 1:1.4.10~dfsg-1 NOTE: http://ftp.digium.com/pub/asa/ASA-2007-019.html @@ -380,21 +380,21 @@ CVE-2007-4173 (SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali ...) NOT-FOR-US: Hunkaray Okul Portali CVE-2007-4172 (Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail ...) - TODO: check + NOT-FOR-US: Openwebmail CVE-2007-4171 (SQL injection vulnerability in komentar.php in the Forum Module for ...) - TODO: check + NOT-FOR-US: Aura CMS CVE-2007-4170 (Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 ...) - TODO: check + NOT-FOR-US: AL-Athkar CVE-2007-4169 (** DISPUTED ** ...) TODO: check CVE-2007-4167 (PHP remote file inclusion vulnerability in cat_viewed.php in ...) - TODO: check + NOT-FOR-US: AL-Caricatier CVE-2007-4166 (Cross-site scripting (XSS) vulnerability in index.php in the Unnamed ...) - TODO: check + NOT-FOR-US: Xu Yiyang CVE-2007-4165 (Cross-site scripting (XSS) vulnerability in index.php in the Blue ...) - TODO: check + - wordpress <not-affected> (Wordpress doesn''t ship this theme) CVE-2007-4164 (CRLF injection vulnerability in the redirect feature in Sun Java ...) - TODO: check + NOT-FOR-US: IndexScript CVE-2007-4163 (Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 ...) TODO: check CVE-2007-4162 (TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or ...)