Secure testing commits - Oct 2007 - r6972 - data/CVE

Author: stef-guest
Date: 2007-10-15 19:14:12 +0000 (Mon, 15 Oct 2007)
New Revision: 6972

Modified:
   data/CVE/list
Log:
add vmware-package fixed versions
(if some vulnerabilities map so specific installer versions, we should include
them to help debsecan users)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-15 17:19:30 UTC (rev 6971)
+++ data/CVE/list	2007-10-15 19:14:12 UTC (rev 6972)
@@ -2170,9 +2170,9 @@
 CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader
...)
 	NOT-FOR-US: Grandstream SIP Phone
 CVE-2007-4497 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5
Build ...)
-	- vmware-package <not-affected> (package just downloads vmware products
but not including them)
+	- vmware-package 0.16
 CVE-2007-4496 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5
Build ...)
-	- vmware-package <not-affected> (package just downloads vmware products
but not including them)
+	- vmware-package 0.16
 CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris
10 on ...)
 	NOT-FOR-US: Solaris
 CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9
before ...)
@@ -2924,7 +2924,7 @@
 CVE-2007-4156 (Multiple SQL injection vulnerabilities in wolioCMS allow remote
...)
 	NOT-FOR-US: wolioCMS
 CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
-	NOT-FOR-US: EMC VMware
+	- vmware-package 0.16
 CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1
allows ...)
 	- wordpress 2.2.2-1
 CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress
2.2.1 ...)
@@ -3136,9 +3136,9 @@
 CVE-2007-4060 (Multiple buffer overflows in the HttpSprockMake function in
http.c in ...)
 	NOT-FOR-US: corehttp
 CVE-2007-4059 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
-	NOT-FOR-US: EMC VMware
+	- vmware-package 0.16
 CVE-2007-4058 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
-	NOT-FOR-US: EMC VMware
+	- vmware-package 0.16
 CVE-2007-4057 (Unrestricted file upload vulnerability in pfs.php in Neocrome
Seditio ...)
 	NOT-FOR-US: Neocrome Seditio
 CVE-2007-4056 (SQL injection vulnerability in directory.php in Prozilla Adult
...)
@@ -13163,11 +13163,11 @@
 CVE-2007-0064
 	RESERVED
 CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation
before ...)
-	- vmware-package <not-affected> (package just downloads vmware
components, fixed upstream)
+	- vmware-package 0.16
 CVE-2007-0062 (Integer overflow in the DHCP server in EMC VMware Workstation
before ...)
-	- vmware-package <not-affected> (package just downloads vmware
components, fixed upstream)
+	- vmware-package 0.16
 CVE-2007-0061 (The DHCP server in EMC VMware Workstation before 5.5.5 Build
56455 and ...)
-	- vmware-package <not-affected> (package just downloads vmware
components, fixed upstream)
+	- vmware-package 0.16
 CVE-2007-0060 (Stack-based buffer overflow in the Message Queuing Server
(Cam.exe) in ...)
 	NOT-FOR-US: CA
 CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3
...)