joeyh at alioth.debian.org
2007-Dec-19 09:14 UTC
[Secure-testing-commits] r7656 - data/CVE
Author: joeyh Date: 2007-12-19 09:14:12 +0000 (Wed, 19 Dec 2007) New Revision: 7656 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-12-19 01:55:55 UTC (rev 7655) +++ data/CVE/list 2007-12-19 09:14:12 UTC (rev 7656) @@ -1,21 +1,127 @@ -CVE-2007-6358 (files/pdftops.pl before 1.20 in pdftops allows local users to ...) +CVE-2008-0030 + RESERVED +CVE-2008-0029 + RESERVED +CVE-2008-0028 + RESERVED +CVE-2008-0027 + RESERVED +CVE-2008-0026 + RESERVED +CVE-2007-6436 (Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, ...) + TODO: check +CVE-2007-6435 (Stack-based buffer overflow in Novell GroupWise before 6.5.7, when ...) + TODO: check +CVE-2007-6434 (Linux kernel 2.6.23 allows local users to create low pages in virtual ...) + TODO: check +CVE-2007-6433 (The getRenderedEjbql method in the org.jboss.seam.framework.Query ...) + TODO: check +CVE-2007-6432 + RESERVED +CVE-2007-6431 + RESERVED +CVE-2007-6430 + RESERVED +CVE-2007-6429 + RESERVED +CVE-2007-6428 + RESERVED +CVE-2007-6427 + RESERVED +CVE-2007-6426 + RESERVED +CVE-2007-6425 + RESERVED +CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in ...) + TODO: check +CVE-2007-6423 + RESERVED +CVE-2007-6422 + RESERVED +CVE-2007-6421 + RESERVED +CVE-2007-6420 + RESERVED +CVE-2007-6419 + RESERVED +CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through ...) + TODO: check +CVE-2007-6416 (The copy_to_user function in the PAL emulation functionality for Xen ...) + TODO: check +CVE-2007-6415 + RESERVED +CVE-2007-6414 (admin/administrator.php in Adult Script 1.6 and earlier sends a ...) + TODO: check +CVE-2007-6413 (Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later ...) + TODO: check +CVE-2007-6412 (Direct static code injection vulnerability in wiki/index.php in ...) + TODO: check +CVE-2007-6411 (Multiple buffer overflows in the HandleEmotsConfig function in the GG ...) + TODO: check +CVE-2007-6410 (Gadu-Gadu does not properly perform protocol handling, which allows ...) + TODO: check +CVE-2007-6409 (The gg protocol handler in Gadu-Gadu, when this product is installed ...) + TODO: check +CVE-2007-6408 (IBM Tivoli Provisioning Manager Express provides unspecified ...) + TODO: check +CVE-2007-6407 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...) + TODO: check +CVE-2007-6406 (Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly ...) + TODO: check +CVE-2007-6405 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows ...) + TODO: check +CVE-2007-6404 (Directory traversal vulnerability in Sergey Lyubka Simple HTTPD ...) + TODO: check +CVE-2007-6403 (Stack-based buffer overflow in Nullsoft Winamp 5.32 allows ...) + TODO: check +CVE-2007-6402 (Stack-based buffer overflow in mplayerc.exe in Media Player Classic ...) + TODO: check +CVE-2007-6401 (Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media ...) + TODO: check +CVE-2007-6400 (Directory traversal vulnerability in download_file.php in PolDoc CMS ...) + TODO: check +CVE-2007-6399 (index.php in Flat PHP Board 1.2 and earlier allows remote ...) + TODO: check +CVE-2007-6398 (Flat PHP Board 1.2 and earlier allows remote attackers to bypass ...) + TODO: check +CVE-2007-6397 (Multiple directory traversal vulnerabilities in index.php in Flat PHP ...) + TODO: check +CVE-2007-6396 (Direct static code injection vulnerability in index.php in Flat PHP ...) + TODO: check +CVE-2007-6395 (Flat PHP Board 1.2 and earlier stores sensitive information under the ...) + TODO: check +CVE-2007-6394 (SQL injection vulnerability in index.php in Content Injector 1.53 ...) + TODO: check +CVE-2007-6393 (SQL injection vulnerability in albums.php in Ace Image Hosting Script ...) + TODO: check +CVE-2007-6392 (SQL injection vulnerability in DWdirectory 2.1 and earlier allows ...) + TODO: check +CVE-2007-6391 (SQL injection vulnerability in patch/comments.php in SH-News 3.0 ...) + TODO: check +CVE-2007-6390 (Cross-site request forgery (CSRF) vulnerability in the mycalendar ...) + TODO: check +CVE-2007-6389 (The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 ...) + TODO: check +CVE-2007-6388 + RESERVED +CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local users ...) - cupsys <unfixed> (low; bug #456960) NOTE: the debian package is a bit confusing here as it also ships a pdftops NOTE: wrapper script as an example but the original script is installed NOTE: under /usr/lib/cups/filters -CVE-2007-6356 - RESERVED -CVE-2007-6355 - RESERVED -CVE-2007-6354 - RESERVED +CVE-2007-6356 (exiftags before 1.01 allows attackers to cause a denial of service ...) + TODO: check +CVE-2007-6355 (Unspecified vulnerability in exiftags before 1.01 has unknown impact ...) + TODO: check +CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown impact ...) + TODO: check CVE-2007-6352 RESERVED CVE-2007-6351 RESERVED CVE-2007-6349 RESERVED -CVE-2007-6418 [insecure mysql call in cron job passing user and password as command line arguments] +CVE-2007-6418 (The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the ...) - dspam <unfixed> (low; bug #448519) CVE-2008-0025 RESERVED @@ -81,7 +187,8 @@ NOT-FOR-US: JUNOS CVE-2007-6371 (Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote ...) NOT-FOR-US: Nokia N95 -CVE-2007-6370 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...) +CVE-2007-6370 + REJECTED NOT-FOR-US: Cisco IP Phone 7940 CVE-2007-6369 (Multiple directory traversal vulnerabilities in resize.php in the ...) NOT-FOR-US: PictPress @@ -112,7 +219,7 @@ - exiv2 0.15-2 (medium; bug #456760) CVE-2007-6350 (scponly 4.6 and earlier allows remote authenticated users to bypass ...) - scponly 4.6-1.1 (high; bug #437148) -CVE-2007-6348 (SquirrelMail 1.4.11 and 1.4.12, as distributed on www.squirrelmail.org ...) +CVE-2007-6348 (SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net ...) - squirrelmail <not-affected> (Compromised packages were never in Debian) CVE-2007-6347 (PHP remote file inclusion vulnerability in blocks/block_site_map.php ...) NOT-FOR-US: ViArt, CMS, HelpDesk, Shop Evaluation, Shop Free @@ -240,8 +347,8 @@ RESERVED CVE-2007-6284 RESERVED -CVE-2007-6283 - RESERVED +CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key ...) + TODO: check CVE-2007-6282 RESERVED CVE-2007-6281 @@ -1309,7 +1416,7 @@ RESERVED CVE-2007-5863 RESERVED -CVE-2007-5862 +CVE-2007-5862 (Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to ...) NOT-FOR-US: Cisco IP Phone 7940 CVE-2007-5861 RESERVED @@ -2359,8 +2466,8 @@ NOTE: proper fix available and uploaded CVE-2007-5584 RESERVED -CVE-2007-5583 - RESERVED +CVE-2007-5583 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...) + TODO: check CVE-2007-5582 (Cross-site scripting (XSS) vulnerability in the login page in Cisco ...) NOT-FOR-US: Cisco CVE-2007-5581 (Multiple cross-site scripting (XSS) vulnerabilities in ...) @@ -5442,7 +5549,7 @@ RESERVED CVE-2007-4474 RESERVED -CVE-2007-4473 +CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly validate ...) NOT-FOR-US: Gesytec Easylon OPC Server CVE-2007-4472 (Multiple buffer overflows in the Broderbund Expressit 3DGreetings ...) NOT-FOR-US: Broderbund Expressit @@ -8953,11 +9060,13 @@ - php5 5.2.3-1 (unimportant) CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted ...) NOT-FOR-US: Acoustica MP3 CD Burner -CVE-2007-3005 (Unspecified vulnerability in the Sun Java Runtime Environment in JDK ...) +CVE-2007-3005 + REJECTED [etch] - sun-java5 <no-dsa> (Non-free not supported) - sun-java5 1.5.0-11-1 (low) - sun-java6 6-01-0ubuntu1 (low) -CVE-2007-3004 (Buffer overflow in the image parsing implementation in the Sun Java ...) +CVE-2007-3004 + REJECTED [etch] - sun-java5 <no-dsa> (Non-free not supported) - sun-java5 1.5.0-11-1 (medium) - sun-java6 6-01-0ubuntu1 (medium)