Author: nion Date: 2007-10-20 10:27:15 +0000 (Sat, 20 Oct 2007) New Revision: 7032 Modified: data/CVE/list Log: CVE-2007-5358 fixed in asterisk 1:1.4.13~dfsg-1 new issue: CVE-2007-5208 hplip new issue: CVE-2007-5200 hugin CVE-2007-4619 fixed in libflac 1.2.1-1 NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-10-20 10:21:37 UTC (rev 7031) +++ data/CVE/list 2007-10-20 10:27:15 UTC (rev 7032) @@ -743,7 +743,7 @@ CVE-2007-5359 RESERVED CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in Asterisk ...) - TODO: check + - asterisk 1:1.4.13~dfsg-1 (medium) CVE-2007-5357 RESERVED CVE-2007-5356 @@ -1223,7 +1223,8 @@ CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock ...) NOT-FOR-US: CenterTools CVE-2007-5208 (hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) ...) - TODO: check + - hplip <unfixed> (medium; bug #447341) + [sarge] - hplip <not-affected> (This code was using smtp directly) CVE-2007-5206 RESERVED CVE-2007-5205 @@ -1237,7 +1238,7 @@ CVE-2007-5201 (The FTP backend for Duplicity sends the password as a command line ...) - duplicity 0.4.3-2 (medium; bug #442840) CVE-2007-5200 (hugin in SUSE openSUSE 10.2 and 10.3 allows local users to overwrite ...) - TODO: check + - hugin <unfixed> (low; bug #447344) CVE-2007-5199 RESERVED CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios ...) @@ -1247,9 +1248,9 @@ CVE-2007-5197 RESERVED CVE-2007-5196 (Unspecified vulnerability in the SSL implementation in Groupwise ...) - TODO: check + NOT-FOR-US: novell-groupwise-client CVE-2007-5195 (Unspecified vulnerability in the SSL implementation in Groupwise ...) - TODO: check + NOT-FOR-US: novell-groupwise-client CVE-2007-5194 (The Chroot server in rMake 1.0.11 creates a /dev/zero device file with ...) NOT-FOR-US: rMake CVE-2007-5192 @@ -2578,7 +2579,7 @@ CVE-2007-4620 RESERVED CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...) - TODO: check + - libflac 1.2.1-1 (medium) CVE-2007-4618 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 ...) NOT-FOR-US: BEA WebLogic CVE-2007-4617 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, ...) @@ -2614,7 +2615,7 @@ CVE-2007-4602 (SQL injection vulnerability in cms/revert-content.php in Implied by ...) NOT-FOR-US: Micro-CMS CVE-2007-4600 (The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through ...) - TODO: check + NOT-FOR-US: Mathsoft Mathcad CVE-2007-4599 RESERVED CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of "12345" for the manager ...) @@ -3205,7 +3206,7 @@ CVE-2007-4344 RESERVED CVE-2007-4343 (Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows ...) - TODO: check + NOT-FOR-US: IrfanView CVE-2007-4342 (PHP remote file inclusion vulnerability in include.php in PHPCentral ...) NOT-FOR-US: PHPCentral CVE-2007-4341 (PHP remote file inclusion vulnerability in adm/my_statistics.php in ...) @@ -4727,7 +4728,7 @@ CVE-2007-3676 RESERVED CVE-2007-3675 (Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ...) - TODO: check + NOT-FOR-US: Kaspersky Online Scanner CVE-2007-3674 RESERVED CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...)