thr3ads.net - Secure testing commits - [Secure-testing-commits] r7240

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Nov-07 21:14 UTC
[Secure-testing-commits] r7240 - data/CVE

Author: joeyh
Date: 2007-11-07 21:14:08 +0000 (Wed, 07 Nov 2007)
New Revision: 7240

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-11-07 18:36:49 UTC (rev 7239)
+++ data/CVE/list	2007-11-07 21:14:08 UTC (rev 7240)
@@ -1,3 +1,99 @@
+CVE-2007-5886
+	RESERVED
+CVE-2007-5885
+	RESERVED
+CVE-2007-5884
+	RESERVED
+CVE-2007-5883
+	RESERVED
+CVE-2007-5882
+	RESERVED
+CVE-2007-5881
+	RESERVED
+CVE-2007-5880
+	RESERVED
+CVE-2007-5879
+	RESERVED
+CVE-2007-5878
+	RESERVED
+CVE-2007-5877
+	RESERVED
+CVE-2007-5876
+	RESERVED
+CVE-2007-5875
+	RESERVED
+CVE-2007-5874
+	RESERVED
+CVE-2007-5873
+	RESERVED
+CVE-2007-5872
+	RESERVED
+CVE-2007-5871
+	RESERVED
+CVE-2007-5870
+	RESERVED
+CVE-2007-5869
+	RESERVED
+CVE-2007-5868
+	RESERVED
+CVE-2007-5867
+	RESERVED
+CVE-2007-5866
+	RESERVED
+CVE-2007-5865
+	RESERVED
+CVE-2007-5864
+	RESERVED
+CVE-2007-5863
+	RESERVED
+CVE-2007-5862
+	RESERVED
+CVE-2007-5861
+	RESERVED
+CVE-2007-5860
+	RESERVED
+CVE-2007-5859
+	RESERVED
+CVE-2007-5858
+	RESERVED
+CVE-2007-5857
+	RESERVED
+CVE-2007-5856
+	RESERVED
+CVE-2007-5855
+	RESERVED
+CVE-2007-5854
+	RESERVED
+CVE-2007-5853
+	RESERVED
+CVE-2007-5852
+	RESERVED
+CVE-2007-5851
+	RESERVED
+CVE-2007-5850
+	RESERVED
+CVE-2007-5849
+	RESERVED
+CVE-2007-5848
+	RESERVED
+CVE-2007-5847
+	RESERVED
+CVE-2007-5846 (The SNMP agent in net-snmp 5.4.1 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2007-5845 (Directory traversal vulnerability in error.php in GuppY 4.6.3,
4.5.16, ...)
+	TODO: check
+CVE-2007-5844 (Directory traversal vulnerability in inc/includes.inc in GuppY
4.6.3 ...)
+	TODO: check
+CVE-2007-5843 (PHP remote file inclusion vulnerability in includes/common.php
in ...)
+	TODO: check
+CVE-2007-5842 (Multiple PHP remote file inclusion vulnerabilities in Vortex
Portal ...)
+	TODO: check
+CVE-2007-5841 (PHP remote file inclusion vulnerability in admin/index.php in
nuBoard ...)
+	TODO: check
+CVE-2007-5840 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2007-5838 (Aclient in Symantec Altiris Deployment Solution 6.x before
6.8.380.0 ...)
+	TODO: check
 CVE-2007-5837 (GUI.pm in yarssr 0.2.2, when Gnome default URL handling is
disabled, ...)
 	- yarssr 0.2.2-3 (bug #448721)
 CVE-2007-5836 (SQL injection vulnerability in Amazing Flash AFCommerce allows
remote ...)
@@ -85,7 +181,7 @@
 	NOT-FOR-US: Blue Coat ProxySG
 CVE-2007-5794
 	RESERVED
-CVE-2007-5839 [insecure temporary file handling in ircii-pana]
+CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows
local ...)
 	- ircii-pana <unfixed> (low; bug #449149)
 CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when
...)
 	- emacs22 22.1+1-2.1 (medium; bug #449008)
@@ -347,7 +443,7 @@
 	NOT-FOR-US: eLouai''s Force Download
 CVE-2007-5731 (Absolute path traversal vulnerability in Apache Jakarta Slide
2.1 and ...)
 	- slide-webdavclient <unfixed> (low; bug #448841)
-CVE-2007-5730 (Heap-based buffer overflow in QEMU 0.8.2 allows local users to
execute ...)
+CVE-2007-5730 (Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and
possibly ...)
 	- qemu 0.9.0-2 (bug #424070)
 CVE-2007-5729 (The NE2000 emulator in QEMU 0.8.2 allows local users to execute
...)
 	- qemu 0.9.0-2 (bug #424070)
@@ -1091,7 +1187,7 @@
 	NOT-FOR-US: NEC mobile handset
 CVE-2007-5556 (Unspecified vulnerability in the Avaya VoIP Handset allows
remote ...)
 	NOT-FOR-US: Avaya VoIP Handset
-CVE-2007-5555 (Symantec Altiris Deployment Solution 6 allows local users to
obtain ...)
+CVE-2007-5555 (Unspecified vulnerability in Symantec Altiris Deployment
Solution ...)
 	NOT-FOR-US: Symantec Altiris Deployment Solution
 CVE-2007-5554 (Oracle allows remote attackers to obtain server memory contents
via ...)
 	NOT-FOR-US: Oracle
@@ -1872,6 +1968,7 @@
 CVE-2007-5336
 	REJECTED
 CVE-2007-5335 (Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to
obtain ...)
+	{DSA-1396-1}
 	- iceweasel 2.0.0.8-1 (low)
 	NOTE: Firefox 2.0-specific issue, doesn''t affect xulrunner, iceape or
icedove
 	NOTE: not mentioned in debian changelog, but mozilla #390983 confirms it went
into 2.0.0.8
@@ -2784,8 +2881,7 @@
 	- pidgin 2.2.2-1 (medium)
 CVE-2007-4998
 	RESERVED
-CVE-2007-4997 [kernel ieee80211 DoS]
-	RESERVED
+CVE-2007-4997 (Integer underflow in the ieee80211_rx function in ...)
 	- linux-2.6 <unfixed>
 CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN
nudge ...)
 	- pidgin 2.2.1-1 (medium)
@@ -2795,8 +2891,8 @@
 	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
 	- openssl096 <not-affected> (DTLS support was introduced in 0.9.8)
 	[sarge] - openssl <not-affected> (DTLS support was introduced in 0.9.8)
-CVE-2007-4994
-	RESERVED
+CVE-2007-4994 (Certificate Server 7.2 in Red Hat Certificate System (RHCS) does
not ...)
+	TODO: check
 CVE-2007-4993 (pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting
a ...)
 	{DSA-1384-1}
 	- xen-3 3.1.1-1 (medium; bug #444430)
@@ -5334,8 +5430,8 @@
 	RESERVED
 CVE-2007-3875 (arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust
Antivirus) ...)
 	NOT-FOR-US: CA Anti-Virus
-CVE-2007-3874
-	RESERVED
+CVE-2007-3874 (Directory traversal vulnerability in the tftp/mftp daemon in the
PXE ...)
+	TODO: check
 CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the
SSAPI ...)
 	NOT-FOR-US: SSAPI Engine
 CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace
Service ...)
@@ -11497,7 +11593,7 @@
 CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by
executing ...)
 	{DSA-1284-1 DTSA-38-1}
 	- qemu 0.9.0-2 (bug #424070)
-CVE-2007-1321 (Integer signedness error in the NE2000 emulator in QEMU 0.8.2
allows ...)
+CVE-2007-1321 (Integer signedness error in the NE2000 emulator in QEMU 0.8.2,
as used ...)
 	{DSA-1284-1 DTSA-38-1}
 	- qemu 0.9.0-2 (bug #424070)
 CVE-2007-1320 (Multiple heap-based buffer overflows in the
cirrus_invalidate_region ...)
@@ -14629,7 +14725,7 @@
 	NOT-FOR-US: bitweaver
 CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System
...)
 	NOT-FOR-US: Deadlock
-CVE-2006-6921 (Unspecified versions of the Linux kernel allows local users to
cause a ...)
+CVE-2006-6921 (Unspecified versions of the Linux kernel allow local users to
cause a ...)
 	- linux-2.6 2.6.18-1 (low)
 CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP
...)
 	NOT-FOR-US: HP
Secure testing commits - Nov 2007 - r7240 - data/CVE

[Secure-testing-commits] r7240 - data/CVE
