thr3ads.net - Secure testing commits - [Secure-testing-commits] r6784

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Oct-03 21:14 UTC
[Secure-testing-commits] r6784 - data/CVE

Author: joeyh
Date: 2007-10-03 21:14:11 +0000 (Wed, 03 Oct 2007)
New Revision: 6784

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-03 20:11:36 UTC (rev 6783)
+++ data/CVE/list	2007-10-03 21:14:11 UTC (rev 6784)
@@ -1,3 +1,9 @@
+CVE-2007-5172 (Quicksilver Forums before 1.4.1 allows remote attackers to
obtain ...)
+	TODO: check
+CVE-2007-5171 (Unspecified vulnerability in Quicksilver Forums before 1.4.1
allows ...)
+	TODO: check
+CVE-2007-5170 (Unspecified vulnerability in the embedded service processor (SP)
...)
+	TODO: check
 CVE-2007-5169
 	RESERVED
 CVE-2007-5168 (Multiple PHP remote file inclusion vulnerabilities in ClanLite
...)
@@ -158,6 +164,7 @@
 CVE-2007-5094 (Heap-based buffer overflow in iaspam.dll in the SMTP Server in
...)
 	NOT-FOR-US: Ipswitch IMail Server
 CVE-2007-5093 (The disconnect method in the Philips USB Webcam (pwc) driver in
Linux ...)
+	{DSA-1381-2}
 	NOT-FOR-US: Philips firmware
 CVE-2007-5092 (Directory traversal vulnerability in index.php in the Dance
Music ...)
 	NOT-FOR-US: phpNuke module
@@ -175,14 +182,11 @@
 	NOT-FOR-US: Kaspersky Anti-Virus and Internet Security 7.0
 CVE-2007-5085 (Unspecified vulnerability in the management EJB (MEJB) in Apache
...)
 	NOT-FOR-US: Geronimo Apache
-CVE-2007-5084
-	RESERVED
+CVE-2007-5084 (Multiple SQL injection vulnerabilities in Computer Associates
(CA) ...)
 	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
-CVE-2007-5083
-	RESERVED
+CVE-2007-5083 (Multiple integer overflows in Computer Associates (CA)
BrightStor ...)
 	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
-CVE-2007-5082
-	RESERVED
+CVE-2007-5082 (Multiple stack-based buffer overflows in Computer Associates
(CA) ...)
 	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
 CVE-2002-2227 (Buffer underflow in ssldump 0.9b2 and earlier allows remote
attackers ...)
 	- ssldump 0.9b3-1 (low)
@@ -365,17 +369,13 @@
 CVE-2007-5007 (Stack-based buffer overflow in the ir_fetch_seq function in
balsa ...)
 	- balsa 2.3.20-1 (low)
 	NOTE: attacker needs to get the victim a prepared server to use
-CVE-2007-5006
-	RESERVED
+CVE-2007-5006 (Multiple command handlers in CA (Computer Associates) BrightStor
...)
 	NOT-FOR-US: CA ARCserve Backup
-CVE-2007-5005
-	RESERVED
+CVE-2007-5005 (Directory traversal vulnerability in rxRPC.dll in CA (Computer
...)
 	NOT-FOR-US: CA ARCserve Backup
-CVE-2007-5004
-	RESERVED
+CVE-2007-5004 (Integer overflow in CA (Computer Associates) BrightStor ARCserve
...)
 	NOT-FOR-US: CA ARCserve Backup
-CVE-2007-5003
-	RESERVED
+CVE-2007-5003 (Multiple stack-based buffer overflows in CA (Computer
Associates) ...)
 	NOT-FOR-US: CA ARCserve Backup
 CVE-2007-5002
 	RESERVED
@@ -389,8 +389,7 @@
 	RESERVED
 CVE-2007-4997
 	RESERVED
-CVE-2007-4996 [pidgin MSN nudge DoS]
-	RESERVED
+CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN
nudge ...)
 	- pidgin 2.2.1-1 (medium)
 	NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0
 CVE-2007-4995
@@ -772,6 +771,7 @@
 CVE-2007-4827 (Unspecified vulnerability in the Modbus/TCP Diagnostic function
in ...)
 	NOT-FOR-US: Modbus Slave ActiveX Control
 CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows explicitly configured BGP
peers to ...)
+	{DSA-1382-1}
 	- quagga 0.99.9-1 (low; bug #442133)
 	NOTE: Upstream says that this can only be exploited by configured peers.
 CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier
allows ...)
@@ -1145,6 +1145,7 @@
 	- php5 <unfixed> (unimportant)
 	NOTE: open_basedir not supported
 CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP
before ...)
+	{DTSA-61-1}
 	- php5 5.2.4-1
 	NOTE: fixed in php5/etch svn
 	NOTE: fix is at
http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/openssl.c?r1=1.146&r2=1.147
@@ -1153,19 +1154,23 @@
 	NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue only
 	NOTE: triggerable by malicious script
 CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP
before ...)
+	{DTSA-61-1}
 	- php5 5.2.4-1
 	NOTE: fixed in php5/etch svn
 	NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.60&r2=1.445.2.14.2.61&pathrev=PHP_5_2
 	NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.61&r2=1.445.2.14.2.62&pathrev=PHP_5_2
 CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not
...)
+	{DTSA-61-1}
 	- php5 5.2.4-1
 	NOTE: fixed in php5/etch svn
 CVE-2007-4658 (The money_format function in PHP before 5.2.4 permits multiple
(1) %i ...)
+	{DTSA-61-1}
 	- php5 5.2.4-1 (low)
 	NOTE: fixed in php5/etch svn
 	NOTE:
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641,
starting "Line 7667"
 	NOTE: limited format string vulnerability, the will be put into strfmon and
the format string chars are limited to i,n and %
 CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5
before ...)
+	{DTSA-61-1}
 	- php5 5.2.4-1
 	- php4 <removed>
 	NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
@@ -1352,7 +1357,7 @@
 CVE-2007-4574
 	RESERVED
 CVE-2007-4573 (The IA32 system call emulation functionality in Linux kernel
2.4.x and ...)
-	{DSA-1378-2 DSA-1378-1}
+	{DSA-1381-2 DSA-1378-2 DSA-1378-1}
 	- linux-2.6 <unfixed> (medium)
 CVE-2007-4572
 	RESERVED
@@ -2330,6 +2335,7 @@
 	- star 1.5a67-1.1 (bug #440100; low)
 CVE-2007-4133
 	RESERVED
+	{DSA-1381-2}
 CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server
5.0.0 ...)
 	NOT-FOR-US: Red Hat Satellite Server
 CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot
function in ...)
@@ -2629,6 +2635,7 @@
 	- krb5 1.6.dfsg.1-7 (high)
 	[sarge] - krb5 <not-affected> (Vulnerable code not present)
 CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before
5.2.4, ...)
+	{DTSA-61-1}
 	- php5 5.2.4-1 (medium)
 	NOTE: i think it is medium since it can be easily used to DoS on shared
hosting systems
 	NOTE: a diff between 5.2.3 (debian) and 5.2.4 (upstream) of
ext/standard/string.c
@@ -3055,6 +3062,7 @@
 CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape
Forum ...)
 	NOT-FOR-US: SiteScape Forum
 CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent
attackers to ...)
+	{DTSA-61-1}
 	- php5 5.2.4-1 (medium; bug #441433)
 	- php4 <removed>
 	[etch] - php5 <no-dsa> (requires malicious script)
@@ -3073,6 +3081,7 @@
 CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan)
component ...)
 	NOT-FOR-US: Symantec
 CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7
and ...)
+	{DTSA-61-1}
 	NOTE: this does not affect default installs, only those who have written
 	NOTE: custom session handlers (which isn''t *that* uncommon though),
and
 	NOTE: also may not work if other cookie values are set.
@@ -4479,7 +4488,7 @@
 	NOT-FOR-US: PHP Live!
 CVE-2007-3217 (Multiple PHP remote file inclusion vulnerabilities in Prototype
of an ...)
 	NOT-FOR-US: Prototype of an PHP application
-CVE-2007-3216 (Multiple unspecified vulnerabilities in the server component of
CA ...)
+CVE-2007-3216 (Multiple buffer overflows in the LGServer component of CA
(Computer ...)
 	NOT-FOR-US: CA BrightStor products
 CVE-2007-3215 (PHPMailer 1.7, when configured to use sendmail, allows remote
...)
 	{DSA-1315-1}
@@ -15271,6 +15280,7 @@
 CVE-2006-5756
 	REJECTED
 CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does
not ...)
+	{DSA-1381-2}
 	- linux-2.6 2.6.18.dfsg.1-10
 CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly
...)
 	{DSA-1304}
Secure testing commits - Oct 2007 - r6784 - data/CVE

[Secure-testing-commits] r6784 - data/CVE
