thr3ads.net - Secure testing commits - [Secure-testing-commits] r7233

If this information is useful, please help other people find it:
Share via:
nion at alioth.debian.org
2007-Nov-06 22:09 UTC
[Secure-testing-commits] r7233 - data/CVE

Author: nion
Date: 2007-11-06 22:09:21 +0000 (Tue, 06 Nov 2007)
New Revision: 7233

Modified:
   data/CVE/list
Log:
CVE-2007-5837 fixed in yarssr 0.2.2-3
CVE-2007-5827 iscsitarget fixed in 0.4.15-5
NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-11-06 21:43:24 UTC (rev 7232)
+++ data/CVE/list	2007-11-06 22:09:21 UTC (rev 7233)
@@ -1,71 +1,71 @@
 CVE-2007-5837 (GUI.pm in yarssr 0.2.2, when Gnome default URL handling is
disabled, ...)
-	TODO: check
+	- yarssr 0.2.2-3 (bug #448721)
 CVE-2007-5836 (SQL injection vulnerability in Amazing Flash AFCommerce allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Amazing Flash AFCommerce
 CVE-2007-5835 (Install.php in BosDev BosNews 4 and 5 does not require
authentication ...)
-	TODO: check
+	NOT-FOR-US: BosDev BosNews
 CVE-2007-5834 (Cross-site scripting (XSS) vulnerability in BosDev BosNews 4
allows ...)
-	TODO: check
+	NOT-FOR-US: BosDev BosNews
 CVE-2007-5833 (Multiple cross-site scripting (XSS) vulnerabilities in BosDev
...)
-	TODO: check
+	NOT-FOR-US: BosDev BosMarket Business Directory System
 CVE-2007-5832 (Unspecified vulnerability in selectLanguage.do in SSL-Explorer
before ...)
-	TODO: check
+	NOT-FOR-US: SSL-Explorer
 CVE-2007-5831 (Directory traversal vulnerability in fileSystem.do in
SSL-Explorer ...)
-	TODO: check
+	NOT-FOR-US: SSL-Explorer
 CVE-2007-5830 (Unspecified vulnerability in the administrative interface in
Avaya ...)
-	TODO: check
+	NOT-FOR-US: Avaya Messaging Storage Server
 CVE-2007-5829 (The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x
and ...)
-	TODO: check
+	NOT-FOR-US: Symantec AntiVirus
 CVE-2007-5828 (Cross-site request forgery (CSRF) vulnerability in the admin
panel in ...)
 	TODO: check
 CVE-2007-5827 (iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak
permissions for ...)
-	TODO: check
+	- iscsitarget 0.4.15-5 (bug #448873)
 CVE-2007-5826 (Absolute path traversal vulnerability in the EDraw Flowchart
ActiveX ...)
-	TODO: check
+	NOT-FOR-US: EDraw Flowchart
 CVE-2007-5825 (Format string vulnerability in the ws_addarg function in
webserver.c ...)
-	TODO: check
+	NOT-FOR-US: Firefly Media Server
 CVE-2007-5824 (webserver.c in mt-dappd in Firefly Media Server 0.2.4 and
earlier ...)
-	TODO: check
+	NOT-FOR-US: Firefly Media Server
 CVE-2007-5823 (Directory traversal vulnerability in forum.php in Ben Ng Scribe
0.2 ...)
-	TODO: check
+	NOT-FOR-US: Ben Ng Scribe
 CVE-2007-5822 (Direct static code injection vulnerability in forum.php in Ben
Ng ...)
-	TODO: check
+	NOT-FOR-US: Ben Ng Scribe
 CVE-2007-5821 (Multiple directory traversal vulnerabilities in DM Guestbook
0.4.1 and ...)
-	TODO: check
+	NOT-FOR-US: DM Guestbook
 CVE-2007-5820 (Directory traversal vulnerability in index.php in Ax Developer
CMS ...)
-	TODO: check
+	NOT-FOR-US: Ax Developer CMS
 CVE-2007-5819 (IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses
weak ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli
 CVE-2007-5818 (Cross-site request forgery (CSRF) vulnerability in
blocks_edit_do.php ...)
-	TODO: check
+	NOT-FOR-US: sBlog
 CVE-2007-5817 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote
...)
-	TODO: check
+	NOT-FOR-US: CONTENTCustomizer
 CVE-2007-5816 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote
...)
-	TODO: check
+	NOT-FOR-US: CONTENTCustomizer
 CVE-2007-5815 (Absolute path traversal vulnerability in the WebCacheCleaner
ActiveX ...)
-	TODO: check
+	NOT-FOR-US: WebCacheCleaner
 CVE-2007-5814 (Multiple buffer overflows in the SonicWall SSL-VPN NetExtender
...)
-	TODO: check
+	NOT-FOR-US: SonicWall SSL-VPN NetExtender
 CVE-2007-5813 (Multiple directory traversal vulnerabilities in download.php in
...)
-	TODO: check
+	NOT-FOR-US: ISPworker
 CVE-2007-5812 (Directory traversal vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: ModuleBuilder
 CVE-2007-5811 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: phpMyConferences
 CVE-2007-5810 (Hitachi Web Server 01-00 through 03-00-01, as used by certain
...)
-	TODO: check
+	NOT-FOR-US: Hitachi Web Server
 CVE-2007-5809 (Cross-site scripting (XSS) vulnerability in Hitachi Web Server
01-00 ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Web Server
 CVE-2007-5808 (Unspecified vulnerability in the Groupmax Collaboration -
Schedule ...)
-	TODO: check
+	NOT-FOR-US: Hitachi Groupmax Collaboration Portal
 CVE-2007-5807 (Buffer overflow in the register function in Ultra Star Reader
ActiveX ...)
-	TODO: check
+	NOT-FOR-US: SSReader
 CVE-2007-5806 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: ILIAS
 CVE-2007-5805 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the
argument ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX
 CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the
argument ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX
 CVE-2007-5803
 	RESERVED
 CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf ...)
@@ -929,7 +929,7 @@
 CVE-2007-5604
 	RESERVED
 CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender
...)
-	TODO: check
+	NOT-FOR-US: SonicWall SSL-VPN NetExtender
 CVE-2007-5602
 	RESERVED
 CVE-2007-5601 (Stack-based buffer overflow in the Database Component in
MPAMedia.dll ...)
@@ -3667,11 +3667,11 @@
 CVE-2007-4624 (Cross-site scripting (XSS) vulnerability in pframe.php in
AbleDesign ...)
 	NOT-FOR-US: AbleDesign Dynamic Picture Frame
 CVE-2007-4623 (Stack-based buffer overflow in the sendrmt function in bellmail
in IBM ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX
 CVE-2007-4622 (Integer underflow in the dns_name_fromtext function in (1) ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX
 CVE-2007-4621 (Buffer overflow in crontab in IBM AIX 5.2 allows local users to
gain ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX
 CVE-2007-4620
 	RESERVED
 CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC)
libFLAC ...)
@@ -3915,7 +3915,7 @@
 CVE-2007-4514
 	RESERVED
 CVE-2007-4513 (Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3
allow ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX
 CVE-2007-4512 (Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus
for ...)
 	NOT-FOR-US: Sophos Anti-Virus for Windows
 CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not
apply ...)
@@ -4576,7 +4576,7 @@
 CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service
(SpntSvc.exe) ...)
 	NOT-FOR-US: Trend Micro ServerProtect
 CVE-2007-4217 (Stack-based buffer overflow in the domacro function in ftp in
IBM AIX ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX
 CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before
...)
 	NOT-FOR-US: ZoneAlarm
 CVE-2007-4215
@@ -15262,7 +15262,7 @@
 CVE-2007-0012
 	RESERVED
 CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix
Advanced ...)
-	TODO: check
+	NOT-FOR-US: Citrix Access Gateway
 CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400
V5R3M0 ...)
 	NOT-FOR-US: IBM
 CVE-2006-6835 (SQL injection vulnerability in Journal.inc.php in Neocrome Land
Down ...)
Secure testing commits - Nov 2007 - r7233 - data/CVE

[Secure-testing-commits] r7233 - data/CVE
