thijs at alioth.debian.org
2007-Aug-28 14:34 UTC
[Secure-testing-commits] r6415 - data/CVE
Author: thijs
Date: 2007-08-28 14:34:50 +0000 (Tue, 28 Aug 2007)
New Revision: 6415
Modified:
data/CVE/list
Log:
file bug for php5 gd issue
update konqueror cve''s, added info to bug
icedove not affected by windows-only vulnerability
some nfu''s
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-08-28 11:54:51 UTC (rev 6414)
+++ data/CVE/list 2007-08-28 14:34:50 UTC (rev 6415)
@@ -419,20 +419,20 @@
CVE-2007-4277
RESERVED
CVE-2007-4276 (Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15
and 9.1 ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2007-4275 (Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8
before ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2007-4274
REJECTED
NOT-FOR-US: Duplicate of CVE-2007-4275
CVE-2007-4273 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows
local ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2007-4272 (Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and
9.1 ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2007-4271 (Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak
15 ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2007-4270 (Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and
9.1 ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2007-4269
RESERVED
CVE-2007-4268
@@ -533,9 +533,13 @@
CVE-2007-4226 (Directory traversal vulnerability in the BlueCat Networks
Proteus IPAM ...)
NOT-FOR-US: BlueCat Networks Proteus IPAM appliance
CVE-2007-4225 (Visual truncation vulnerability in KDE Konqueror 3.5.7 allows
remote ...)
- TODO: check
+ - kdebase <unfixed> (bug #433072, low)
+ [sarge] - kdebase <no-dsa> (Minor issue)
+ [etch] - kdebase <no-dsa> (Minor issue)
CVE-2007-4224 (KDE Konqueror 3.5.7 allows remote attackers to spoof the URL
address ...)
- TODO: check
+ - kdebase <unfixed> (bug #433072, low)
+ [sarge] - kdebase <no-dsa> (Minor issue)
+ [etch] - kdebase <no-dsa> (Minor issue)
CVE-2007-4223
RESERVED
CVE-2007-4222
@@ -551,13 +555,13 @@
CVE-2007-4217
RESERVED
CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before
...)
- TODO: check
+ NOT-FOR-US: ZoneAlarm
CVE-2007-4215
RESERVED
CVE-2007-4214
RESERVED
CVE-2007-4213 (Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows
remote ...)
- TODO: check
+ NOT-FOR-US: Palm OS
CVE-2007-4212 (Multiple cross-site scripting (XSS) vulnerabilities in the
Search ...)
NOT-FOR-US: PHP-Nuke
CVE-2007-4211 (The ACL plugin in Dovecot before 1.0.3 allows remote
authenticated ...)
@@ -927,7 +931,7 @@
CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook and
...)
NOT-FOR-US: Micrsoft Outlook
CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain
URIs ...)
- TODO: check
+ - icedove <not-affected> (Windows-specific)
CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before
2.0.0.5, ...)
{DSA-1338-1}
- iceweasel 2.0.0.5-1
@@ -940,7 +944,7 @@
CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka
Yahoo! ...)
NOT-FOR-US: Yahoo! Widgets
CVE-2007-4033 (Buffer overflow in php_gd2.dll in the gd (PHP_GD2) extension in
PHP ...)
- TODO: check
+ -php5 <unfixed> (bug #439927)
CVE-2007-4032 (Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted
remote ...)
NOT-FOR-US: CrystalPlayer
CVE-2007-4031 (Directory traversal vulnerability in a certain ActiveX control
in ...)