joeyh at alioth.debian.org
2007-Dec-06 21:14 UTC
[Secure-testing-commits] r7534 - data/CVE
Author: joeyh
Date: 2007-12-06 21:14:08 +0000 (Thu, 06 Dec 2007)
New Revision: 7534
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-12-06 19:43:49 UTC (rev 7533)
+++ data/CVE/list 2007-12-06 21:14:08 UTC (rev 7534)
@@ -1,3 +1,15 @@
+CVE-2007-6264
+ RESERVED
+CVE-2007-6263 (The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd)
0.17, ...)
+ TODO: check
+CVE-2007-6262 (A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6
before ...)
+ TODO: check
+CVE-2007-6261 (Integer overflow in the load_threadstack function in the Mach-O
loader ...)
+ TODO: check
+CVE-2007-6260 (The installation process for Oracle 10g and llg uses accounts
with ...)
+ TODO: check
+CVE-2004-2758 (Multiple unspecified vulnerabilities in the H.323 protocol ...)
+ TODO: check
CVE-2007-6259
RESERVED
CVE-2007-6258
@@ -116,7 +128,7 @@
RESERVED
CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems,
does not ...)
- xen-3 3.1.2-1
-CVE-2007-6206 (Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly
other ...)
+CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and
2.6.x ...)
- linux-2.6 <unfixed>
NOTE: kernel-sec already tracks this
CVE-2007-6205
@@ -132,7 +144,7 @@
CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local
users ...)
- claws-mail 3.1.0-2 (low; bug #454089)
CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs
"UserParameter" ...)
- {DSA-1420-1}
+ {DSA-1420-1 DTSA-93-1}
- zabbix 1.4.2-4 (bug #452682)
CVE-2007-6202 (SQL injection vulnerability in plugins/search/search.php in
Neocrome ...)
NOT-FOR-US: Neocrome Seditio CMS
@@ -158,8 +170,8 @@
NOT-FOR-US: Calacode
CVE-2007-6195
RESERVED
-CVE-2007-6194
- RESERVED
+CVE-2007-6194 (Unspecified vulnerability in HP Select Identity 4.01 before
4.01.012 ...)
+ TODO: check
CVE-2007-6193 (The web management interface in Citrix NetScaler 8.0 build 47.8
stores ...)
NOT-FOR-US: Citrix
CVE-2007-6192 (The web management interface in Citrix NetScaler 8.0 build 47.8
uses ...)
@@ -674,10 +686,10 @@
NOT-FOR-US: JPortal
CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and
...)
NOT-FOR-US: JPortal
-CVE-2007-5972
- RESERVED
-CVE-2007-5971
- RESERVED
+CVE-2007-5972 (Double-free vulnerability in the krb5_def_store_mkey function in
...)
+ TODO: check
+CVE-2007-5971 (Double-free vulnerability in the gss_krb5int_make_seal_token_v3
...)
+ TODO: check
CVE-2007-5970
RESERVED
CVE-2007-5969
@@ -757,10 +769,10 @@
CVE-2007-5940 (feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local
users ...)
- texlive-bin 2005.dfsg.2-1
- feynmf 1.08-1
-CVE-2007-5939
- RESERVED
-CVE-2007-5938
- RESERVED
+CVE-2007-5939 (The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal
0.7.2 ...)
+ TODO: check
+CVE-2007-5938 (The iwl_set_rate function in compatible/iwl3945-base.c in
iwlwifi ...)
+ TODO: check
CVE-2007-5937 (Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and
TeXlive ...)
- texlive-bin 2007-13
CVE-2007-5936 (dvips in teTeX and TeXlive 2007 and earlier allows local users
to ...)
@@ -862,10 +874,10 @@
- linux-2.6 <unfixed>
CVE-2007-5903
RESERVED
-CVE-2007-5902
- RESERVED
-CVE-2007-5901
- RESERVED
+CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in
...)
+ TODO: check
+CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function
in ...)
+ TODO: check
CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection
mechanisms ...)
- php5 <unfixed> (bug #453295)
NOTE: http://bugs.php.net/bug.php?id=41561
@@ -885,8 +897,8 @@
NOTE: Browser crashes not treated as security problems
CVE-2007-5895
RESERVED
-CVE-2007-5894
- RESERVED
+CVE-2007-5894 (The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos
5 ...)
+ TODO: check
CVE-2006-7224
REJECTED
CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise
Edition ...)
@@ -1170,8 +1182,8 @@
{DSA-1412-1 DSA-1411-1 DSA-1410-1}
- ruby1.9 1.9.0+20071016-1
- ruby1.8 1.8.6.111-1 (low; bug #451374)
-CVE-2007-5769
- RESERVED
+CVE-2007-5769 (Double-free vulnerability in the getreply function in ftp.c in
netkit ...)
+ TODO: check
CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password
...)
NOT-FOR-US: Globe7 soft phone client
CVE-2007-5767 (Heap-based buffer overflow in the Client Trust application ...)
@@ -4245,8 +4257,8 @@
NOT-FOR-US: DirectAdmin
CVE-2007-4829 (Directory traversal vulnerability in the Archive::Tar Perl
module 1.36 ...)
- libarchive-tar-perl (low; bug #449544)
- [sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
- [etch] - libarchive-tar-perl <no-dsa> (Minor issue)
+ [sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
+ [etch] - libarchive-tar-perl <no-dsa> (Minor issue)
CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API
pretty-printing ...)
- mediawiki 1.10.2-1 (low; bug #442255)
[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
@@ -4848,8 +4860,7 @@
NOT-FOR-US: Sophos
CVE-2007-4576
RESERVED
-CVE-2007-4575
- RESERVED
+CVE-2007-4575 (Unspecified vulnerability in HSQLDB before 1.8.0.9 in
OpenOffice.org ...)
{DSA-1419-1}
- openoffice.org 2.3.1~rc1-1 (medium; bug #454463)
- hsqldb 1.8.0.9-1