thr3ads.net - Secure testing commits - [Secure-testing-commits] r6808

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Oct-05 21:14 UTC
[Secure-testing-commits] r6808 - data/CVE

Author: joeyh
Date: 2007-10-05 21:14:08 +0000 (Fri, 05 Oct 2007)
New Revision: 6808

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-05 20:13:03 UTC (rev 6807)
+++ data/CVE/list	2007-10-05 21:14:08 UTC (rev 6808)
@@ -1,3 +1,71 @@
+CVE-2007-5225 (Unspecified vulnerability in Named Pipes on Sun Solaris 8
through 10 ...)
+	TODO: check
+CVE-2007-5224 (inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier
allows ...)
+	TODO: check
+CVE-2007-5223 (Multiple unspecified vulnerabilities in AlstraSoft Affiliate
Network ...)
+	TODO: check
+CVE-2007-5222 (SQL injection vulnerability in index.php in MAXdev MDPro
(MD-Pro) ...)
+	TODO: check
+CVE-2007-5221 (PHP remote file inclusion vulnerability in
mail/childwindow.inc.php in ...)
+	TODO: check
+CVE-2007-5220 (SQL injection vulnerability in catalog.asp in ASP Product
Catalog ...)
+	TODO: check
+CVE-2007-5219 (Directory traversal vulnerability in the CLAVSetting.CLSetting.1
...)
+	TODO: check
+CVE-2007-5218 (Cross-site scripting (XSS) vulnerability in index.php in Don
Barnes ...)
+	TODO: check
+CVE-2007-5217 (Stack-based buffer overflow in the ADM4 ActiveX control in
adm4.dll in ...)
+	TODO: check
+CVE-2007-5216 (Multiple PHP remote file inclusion vulnerabilities in eArk
(e-Ark) 1.0 ...)
+	TODO: check
+CVE-2007-5215 (Multiple PHP remote file inclusion vulnerabilities in Jacob
Hinkle ...)
+	TODO: check
+CVE-2007-5214 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS
2100 ...)
+	TODO: check
+CVE-2007-5213 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the AXIS ...)
+	TODO: check
+CVE-2007-5212 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS
2100 ...)
+	TODO: check
+CVE-2007-5211 (Multiple cross-site scripting (XSS) vulnerabilities in Arbor
Networks ...)
+	TODO: check
+CVE-2007-5210 (Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x
before ...)
+	TODO: check
+CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools
DriveLock ...)
+	TODO: check
+CVE-2007-5208
+	RESERVED
+CVE-2007-5206
+	RESERVED
+CVE-2007-5205
+	RESERVED
+CVE-2007-5204
+	RESERVED
+CVE-2007-5203
+	RESERVED
+CVE-2007-5202
+	RESERVED
+CVE-2007-5201 (The FTP backend for Duplicity sends the password as a command
line ...)
+	TODO: check
+CVE-2007-5200
+	RESERVED
+CVE-2007-5199
+	RESERVED
+CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios
...)
+	TODO: check
+CVE-2007-5197
+	RESERVED
+CVE-2007-5196
+	RESERVED
+CVE-2007-5195
+	RESERVED
+CVE-2007-5194 (The Chroot server in rMake 1.0.11 creates a /dev/zero device
file with ...)
+	TODO: check
+CVE-2007-5192
+	RESERVED
+CVE-2007-5191 (mount and umount in util-linux call the setuid and setgid
functions in ...)
+	TODO: check
+CVE-2007-5190
+	RESERVED
 CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in
x-script ...)
 	NOT-FOR-US: X-Script
 CVE-2007-5188 (Unspecified vulnerability in the XOOPS uploader class in Xoops
...)
@@ -32,9 +100,9 @@
 	NOT-FOR-US: actSite
 CVE-2007-5173 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: phpBB Openid
-CVE-2007-5207 [insecure handling of temporary files in guilt]
+CVE-2007-5207 (guilt 0.27 allows local users to overwrite arbitrary files via a
...)
 	- guilt <unfixed> (medium; bug #445308)
-CVE-2007-5193 [possible information disclosure because of unsecure temp file
handling in twiki]
+CVE-2007-5193 (The default configuration for twiki 4.1.2 on Debian GNU/Linux,
and ...)
 	- twiki <unfixed> (bug #444982; low)
 CVE-2007-5172 (Quicksilver Forums before 1.4.1 allows remote attackers to
obtain ...)
 	NOT-FOR-US: Quicksilver Forums
@@ -235,8 +303,8 @@
 	RESERVED
 CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link
gdm with ...)
 	- gdm <not-affected> (Red Hat-specific packaging flaw)
-CVE-2007-5078
-	RESERVED
+CVE-2007-5078 (Multiple cross-site scripting (XSS) vulnerabilities in eGov
Manager ...)
+	TODO: check
 CVE-2007-5077
 	RESERVED
 CVE-2007-5076
@@ -447,14 +515,18 @@
 CVE-2007-4989
 	RESERVED
 CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick
...)
+	{DTSA-63-1}
 	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
 	- graphicsmagick <unfixed> (medium; bug #444266)
 CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in
...)
+	{DTSA-63-1}
 	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
 CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow
...)
+	{DTSA-63-1}
 	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
 	- graphicsmagick <unfixed> (medium; bug #444266)
 CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to
cause ...)
+	{DTSA-63-1}
 	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
 	- graphicsmagick <unfixed> (medium; bug #444266)
 CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com
StylesDemo ...)
@@ -1146,8 +1218,8 @@
 	RESERVED
 CVE-2007-4674
 	RESERVED
-CVE-2007-4673
-	RESERVED
+CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for
Windows XP ...)
+	TODO: check
 CVE-2007-4672
 	RESERVED
 CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1 allows
...)
@@ -2374,9 +2446,9 @@
 	NOTE: https://issues.rpath.com/browse/RPL-1731
 CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before
1.5a84 ...)
 	- star 1.5a67-1.1 (bug #440100; low)
-CVE-2007-4133
-	RESERVED
+CVE-2007-4133 (The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate
functions ...)
 	{DSA-1381-2}
+	TODO: check
 CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server
5.0.0 ...)
 	NOT-FOR-US: Red Hat Satellite Server
 CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot
function in ...)
@@ -4108,7 +4180,7 @@
 	- qt4-x11 4.3.0-5
 	NOTE: there is some dissagreement whether qt4 is affected
 CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor
function in ...)
-	{DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1
DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1}
+	{DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1
DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1 DTSA-62-1}
 	- poppler 0.5.4-6.1 (bug #435460)
 	- gpdf <removed>
 	- xpdf 3.02-1.1 (bug #435462)
@@ -14601,7 +14673,7 @@
 	NOT-FOR-US: i-Gallery
 CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my
little ...)
 	NOT-FOR-US: my little weblog
-CVE-2006-6086 (PHP remote file inclusion vulnerability in ark_inc.php in e-Ark
1.0 ...)
+CVE-2006-6086 (PHP remote file inclusion vulnerability in src/ark_inc.php in
e-Ark ...)
 	NOT-FOR-US: e-Ark
 CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same
permissions ...)
 	- kile 1:1.9.3-1 (low)
Secure testing commits - Oct 2007 - r6808 - data/CVE

[Secure-testing-commits] r6808 - data/CVE
