thr3ads.net - Secure testing commits - [Secure-testing-commits] r7667

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2007-Dec-21 09:14 UTC
[Secure-testing-commits] r7667 - data/CVE

Author: joeyh
Date: 2007-12-21 09:14:11 +0000 (Fri, 21 Dec 2007)
New Revision: 7667

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-12-20 23:31:05 UTC (rev 7666)
+++ data/CVE/list	2007-12-21 09:14:11 UTC (rev 7667)
@@ -1,3 +1,156 @@
+CVE-2007-6507 (SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for
Windows, ...)
+	TODO: check
+CVE-2007-6506 (The HPRulesEngine.ContentCollection.1 ActiveX Control in ...)
+	TODO: check
+CVE-2007-6505 (Solaris 9, with Solaris Auditing enabled and certain patches for
sshd ...)
+	TODO: check
+CVE-2007-6504 (Unspecified vulnerability in IIS/iibind.asp in Hosting
Controller 6.1 ...)
+	TODO: check
+CVE-2007-6503 (Multiple unspecified vulnerabilities in Hosting Controller 6.1
Hot fix ...)
+	TODO: check
+CVE-2007-6502 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote
...)
+	TODO: check
+CVE-2007-6501 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3
and ...)
+	TODO: check
+CVE-2007-6500 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3
and ...)
+	TODO: check
+CVE-2007-6499 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3
and ...)
+	TODO: check
+CVE-2007-6498 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1
Hot ...)
+	TODO: check
+CVE-2007-6497 (Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote
...)
+	TODO: check
+CVE-2007-6496 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2007-6495 (inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and
earlier ...)
+	TODO: check
+CVE-2007-6494 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote
attackers ...)
+	TODO: check
+CVE-2007-6493 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x,
and ...)
+	TODO: check
+CVE-2007-6492 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x,
and ...)
+	TODO: check
+CVE-2007-6491 (Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0
CMS ...)
+	TODO: check
+CVE-2007-6490 (Cross-site request forgery (CSRF) vulnerability in Falcon Series
One ...)
+	TODO: check
+CVE-2007-6489 (Multiple cross-site scripting (XSS) vulnerabilities in Falcon
Series ...)
+	TODO: check
+CVE-2007-6488 (Multiple PHP remote file inclusion vulnerabilities in Falcon
Series ...)
+	TODO: check
+CVE-2007-6487 (Unspecified vulnerability in Plain Black WebGUI 7.4.0 through
7.4.17 ...)
+	TODO: check
+CVE-2007-6486 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php
(aka ...)
+	TODO: check
+CVE-2007-6485 (Multiple PHP remote file inclusion vulnerabilities in Centreon
1.4.1 ...)
+	TODO: check
+CVE-2007-6484 (SQL injection vulnerability in index.php in phpRPG 0.8 allows
remote ...)
+	TODO: check
+CVE-2007-6483 (Directory traversal vulnerability in SafeNet Sentinel Protection
...)
+	TODO: check
+CVE-2007-6482 (Unspecified vulnerability in the Device Manager daemon
(utdevmgrd) in ...)
+	TODO: check
+CVE-2007-6481 (Unspecified vulnerability in the Device Manager daemon
(utdevmgrd) in ...)
+	TODO: check
+CVE-2007-6480 (The Oracle database component in Sun Management Center (Sun MC)
3.6.1, ...)
+	TODO: check
+CVE-2007-6479 (Unrestricted file upload vulnerability in the &quot;My
productions&quot; ...)
+	TODO: check
+CVE-2007-6478 (Stack-based buffer overflow in Rosoft Media Player 4.1.7 allows
remote ...)
+	TODO: check
+CVE-2007-6477 (Cross-site scripting (XSS) vulnerability in the on-line help
feature ...)
+	TODO: check
+CVE-2007-6476 (GF-3XPLORER 2.4 allows remote attackers to obtain configuration
...)
+	TODO: check
+CVE-2007-6475 (Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4
allow ...)
+	TODO: check
+CVE-2007-6474 (Multiple cross-site scripting (XSS) vulnerabilities in
GF-3XPLORER 2.4 ...)
+	TODO: check
+CVE-2007-6473 (Heap-based buffer overflow in Texas Imperial Software WFTPD Pro
...)
+	TODO: check
+CVE-2007-6472 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR)
1.0.9 ...)
+	TODO: check
+CVE-2007-6471 (Incomplete blacklist vulnerability in main.php in phPay 2.02.01
on ...)
+	TODO: check
+CVE-2007-6470 (phpRPG 0.8 stores sensitive information under the web root with
...)
+	TODO: check
+CVE-2007-6469 (SQL injection vulnerability in index.php in phpRPG 0.8, when
...)
+	TODO: check
+CVE-2007-6468 (Buffer overflow in the HuffDecode function in ...)
+	TODO: check
+CVE-2007-6467 (SQL injection vulnerability in index.php in MKPortal 1.1 RC1
allows ...)
+	TODO: check
+CVE-2007-6466 (Multiple SQL injection vulnerabilities in index.php in
FreeWebshop ...)
+	TODO: check
+CVE-2007-6465 (Multiple cross-site scripting (XSS) vulnerabilities in
ganglia-web in ...)
+	TODO: check
+CVE-2007-6464 (Multiple PHP remote file inclusion vulnerabilities in Form tools
...)
+	TODO: check
+CVE-2007-6463 (Multiple cross-site scripting (XSS) vulnerabilities in the admin
panel ...)
+	TODO: check
+CVE-2007-6462 (SQL injection vulnerability in fullnews.php in PHP Real Estate
...)
+	TODO: check
+CVE-2007-6461 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2007-6460 (Multiple cross-site scripting (XSS) vulnerabilities in Anon
Proxy ...)
+	TODO: check
+CVE-2007-6459 (Anon Proxy Server 0.100, and probably 0.101, allows remote
attackers ...)
+	TODO: check
+CVE-2007-6458 (SQL injection vulnerability in shop/mainfile.php in 123tkShop
0.9.1 ...)
+	TODO: check
+CVE-2007-6457 (Stack-based buffer overflow in the webmail feature in SurgeMail
38k4 ...)
+	TODO: check
+CVE-2007-6456 (Unspecified vulnerability in OpenOffice.org code in Planamesa
...)
+	TODO: check
+CVE-2007-6455 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in
servhs.cpp ...)
+	TODO: check
+CVE-2007-6453 (Directory traversal vulnerability in
raidenhttpd-admin/workspace.php ...)
+	TODO: check
+CVE-2007-6452 (Unspecified vulnerability in the benchmark reporting system in
Google ...)
+	TODO: check
+CVE-2007-6451 (Unspecified vulnerability in the CIP dissector in Wireshark
(formerly ...)
+	TODO: check
+CVE-2007-6450 (The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to
0.99.6 ...)
+	TODO: check
+CVE-2007-6449
+	REJECTED
+	TODO: check
+CVE-2007-6448
+	REJECTED
+	TODO: check
+CVE-2007-6447
+	REJECTED
+	TODO: check
+CVE-2007-6446
+	REJECTED
+	TODO: check
+CVE-2007-6445
+	REJECTED
+	TODO: check
+CVE-2007-6444
+	REJECTED
+	TODO: check
+CVE-2007-6443
+	REJECTED
+	TODO: check
+CVE-2007-6442
+	REJECTED
+	TODO: check
+CVE-2007-6441 (The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6
allows ...)
+	TODO: check
+CVE-2007-6440
+	REJECTED
+	TODO: check
+CVE-2007-6439 (Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to
cause ...)
+	TODO: check
+CVE-2007-6438 (Unspecified vulnerability in the SMB dissector in Wireshark
(formerly ...)
+	TODO: check
+CVE-2007-6437 (Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8
allows ...)
+	TODO: check
+CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server,
and ...)
+	TODO: check
 CVE-2008-0030
 	RESERVED
 CVE-2008-0029
@@ -20,8 +173,7 @@
 	RESERVED
 CVE-2007-6431
 	RESERVED
-CVE-2007-6430 [Remote Unauthenticated Sessions in asterisk]
-	RESERVED
+CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before
1.4.16, and ...)
 	- asterisk <unfixed> (low; bug #457063)
 CVE-2007-6429
 	RESERVED
@@ -46,6 +198,7 @@
 CVE-2007-6419
 	RESERVED
 CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11
through ...)
+	{DSA-1436-1}
 	- linux-2.6 2.6.23-2
 CVE-2007-6416 (The copy_to_user function in the PAL emulation functionality for
Xen ...)
 	- xen-unstable <not-affected> (We only have xen for i386 and amd64)
@@ -118,12 +271,12 @@
 	- exiftags <unfixed> (bug #457062)
 CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown
impact ...)
 	- exiftags <unfixed> (bug #457062)
-CVE-2007-6352
-	RESERVED
-CVE-2007-6351
-	RESERVED
-CVE-2007-6349
-	RESERVED
+CVE-2007-6352 (Integer overflow in libexif 0.6.16 and earlier allows ...)
+	TODO: check
+CVE-2007-6351 (libexif 0.6.16 and earlier allows context-dependent attackers to
cause ...)
+	TODO: check
+CVE-2007-6349 (P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on
...)
+	TODO: check
 CVE-2007-6418 (The libdspam7-drv-mysql cron job in Debian GNU/Linux includes
the ...)
 	- dspam <unfixed> (low; bug #448519)
 CVE-2008-0025
@@ -217,8 +370,7 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2007-6357 (Stack-based buffer overflow in Microsoft Office Access allows
remote, ...)
 	NOT-FOR-US: Microsoft Office Access
-CVE-2007-6353 [exiv2 integer overflow in EXIF parsing]
-	RESERVED
+CVE-2007-6353 (Integer overflow in exif.cpp in exiv2 library allows
context-dependent ...)
 	- exiv2 0.15-2 (medium; bug #456760)
 CVE-2007-6350 (scponly 4.6 and earlier allows remote authenticated users to
bypass ...)
 	- scponly 4.6-1.1 (high; bug #437148)
@@ -236,8 +388,8 @@
 	NOT-FOR-US: HP OpenView Network Node Manager
 CVE-2007-6342 (SQL injection vulnerability in the David Castro AuthCAS module
...)
 	NOT-FOR-US: Apache AuthCAS module
-CVE-2007-6341
-	RESERVED
+CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages
such ...)
+	TODO: check
 CVE-2007-6340
 	RESERVED
 CVE-2007-6339
@@ -248,16 +400,14 @@
 	RESERVED
 	{DTSA-101-1}
 	- clamav 0.92~dfsg-1
-CVE-2007-6336
-	RESERVED
+CVE-2007-6336 (Off-by-one error in ClamAV before 0.92 allows remote attackers
to ...)
 	{DTSA-101-1}
 	- clamav 0.92~dfsg-1
-CVE-2007-6335
-	RESERVED
+CVE-2007-6335 (Integer overflow in libclamav in ClamAV before 0.92 allows
remote ...)
 	{DTSA-101-1}
 	- clamav 0.92~dfsg-1
-CVE-2007-6334
-	RESERVED
+CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products
and ...)
+	TODO: check
 CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as
...)
 	NOT-FOR-US: HP Info Center / HP Quick Launch Buttons
 CVE-2007-6332 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as
...)
@@ -346,16 +496,16 @@
 	NOT-FOR-US: HyperVM
 CVE-2007-6286
 	RESERVED
-CVE-2007-6285
-	RESERVED
+CVE-2007-6285 (The default configuration for autofs 5 (autofs5) on Red Hat
Enterprise ...)
+	TODO: check
 CVE-2007-6284
 	RESERVED
 CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind
/etc/rndc.key ...)
 	- bind9 <not-affected> (On Debian this file is rw for user bind and just
readable for group bind)
 CVE-2007-6282
 	RESERVED
-CVE-2007-6281
-	RESERVED
+CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service
(ofmnt.exe) in ...)
+	TODO: check
 CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.52, 5.1.x before
...)
 	- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
 	TODO: check mysql4
@@ -440,16 +590,16 @@
 	RESERVED
 CVE-2007-6247
 	RESERVED
-CVE-2007-6246
-	RESERVED
-CVE-2007-6245
-	RESERVED
-CVE-2007-6244
-	RESERVED
-CVE-2007-6243
-	RESERVED
-CVE-2007-6242
-	RESERVED
+CVE-2007-6246 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and
7.x up ...)
+	TODO: check
+CVE-2007-6245 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and
7.x up ...)
+	TODO: check
+CVE-2007-6244 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe
Flash ...)
+	TODO: check
+CVE-2007-6243 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and
7.x up ...)
+	TODO: check
+CVE-2007-6242 (Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and
earlier ...)
+	TODO: check
 CVE-2007-6241 (Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have
...)
 	NOT-FOR-US: Beehive Forum
 CVE-2007-6240 (SQL injection vulnerability in active.asp in Snitz Forums 2000
3.4.06 ...)
@@ -533,6 +683,7 @@
 CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems,
does not ...)
 	- xen-3 3.1.2-1
 CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and
2.6.x ...)
+	{DSA-1436-1}
 	- linux-2.6 <unfixed>
 	NOTE: kernel-sec already tracks this
 CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS
sidebar ...)
@@ -573,7 +724,7 @@
 	NOT-FOR-US: Plumtree
 CVE-2007-6196 (Cross-site scripting (XSS) vulnerability in util.php in Calacode
@Mail ...)
 	NOT-FOR-US: Calacode
-CVE-2007-6195 (Unspecified vulnerability in HP HP-UX B.11.11 and B.11.23, when
...)
+CVE-2007-6195 (Buffer overflow in the sw_rpc_agent_init function in swagentd in
...)
 	NOT-FOR-US: HP-UX
 CVE-2007-6194 (Unspecified vulnerability in HP Select Identity 4.01 before
4.01.012 ...)
 	NOT-FOR-US: HP Select Identity
@@ -627,7 +778,7 @@
 	NOT-FOR-US: Yast2
 CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1
allows ...)
 	NOT-FOR-US: Apple QuickTime
-CVE-2007-6165 (Mail in Apple Mac OS X Leopard allows user-assisted remote
attackers ...)
+CVE-2007-6165 (Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted
remote ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2007-6164 (Multiple SQL injection vulnerabilities in Eurologon CMS allow
remote ...)
 	NOT-FOR-US: Eurologon CMS
@@ -832,6 +983,7 @@
 CVE-2007-6064
 	RESERVED
 CVE-2007-6063 (Buffer overflow in the isdn_net_setcfg function in isdn_net.c in
Linux ...)
+	{DSA-1436-1}
 	- linux-2.6 2.6.23-2
 	NOTE: kernel-sec is aware of this
 CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to
cause ...)
@@ -1115,14 +1267,14 @@
 	REJECTED
 CVE-2007-5967
 	RESERVED
-CVE-2007-5966
-	RESERVED
+CVE-2007-5966 (Integer overflow in the hrtimer_start function in
kernel/hrtimer.c in ...)
+	{DSA-1436-1}
+	TODO: check
 CVE-2007-5965
 	RESERVED
 CVE-2007-5964 (The default configuration of autofs 5 in Red Hat Enterprise
Linux ...)
 	- autofs 3.1.4-8 (medium)
-CVE-2007-5963 [kdm local resouce consumption "DoS"]
-	RESERVED
+CVE-2007-5963 (Unspecified vulnerability in kdebase allows local users to cause
a ...)
 	- kdebase <unfixed> (unimportant)
 	NOTE: This has only theoretical security impact
 CVE-2007-5962
@@ -1417,40 +1569,40 @@
 	RESERVED
 CVE-2007-5864
 	RESERVED
-CVE-2007-5863
-	RESERVED
+CVE-2007-5863 (Software Update in Apple Mac OS X 10.5.1 allows remote attackers
to ...)
+	TODO: check
 CVE-2007-5862 (Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to
...)
 	NOT-FOR-US: Cisco IP Phone 7940
-CVE-2007-5861
-	RESERVED
-CVE-2007-5860
-	RESERVED
-CVE-2007-5859
-	RESERVED
-CVE-2007-5858
-	RESERVED
-CVE-2007-5857
-	RESERVED
-CVE-2007-5856
-	RESERVED
-CVE-2007-5855
-	RESERVED
-CVE-2007-5854
-	RESERVED
-CVE-2007-5853
-	RESERVED
+CVE-2007-5861 (Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11
...)
+	TODO: check
+CVE-2007-5860 (Unspecified vulnerability in Spin Tracer in Apple Mac OS X
10.5.1 ...)
+	TODO: check
+CVE-2007-5859 (Unspecified vulnerability in Safari RSS in Apple Mac OS X
10.4.11 ...)
+	TODO: check
+CVE-2007-5858 (WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1 allows
remote ...)
+	TODO: check
+CVE-2007-5857 (Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie
from ...)
+	TODO: check
+CVE-2007-5856 (Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file,
does ...)
+	TODO: check
+CVE-2007-5855 (Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account
has ...)
+	TODO: check
+CVE-2007-5854 (Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not
treat ...)
+	TODO: check
+CVE-2007-5853 (Unspecified vulnerability in IO Storage Family in Apple Mac OS X
...)
+	TODO: check
 CVE-2007-5852
 	RESERVED
-CVE-2007-5851
-	RESERVED
-CVE-2007-5850
-	RESERVED
-CVE-2007-5849
-	RESERVED
-CVE-2007-5848
-	RESERVED
-CVE-2007-5847
-	RESERVED
+CVE-2007-5851 (iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote
...)
+	TODO: check
+CVE-2007-5850 (Heap-based buffer overflow in Desktop Services in Apple Mac OS X
...)
+	TODO: check
+CVE-2007-5849 (Integer underflow in the asn1_get_string function in the SNMP
back end ...)
+	TODO: check
+CVE-2007-5848 (Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local
admin ...)
+	TODO: check
+CVE-2007-5847 (Race condition in the CFURLWriteDataAndPropertiesToResource API
in ...)
+	TODO: check
 CVE-2007-5846 (The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows
remote ...)
 	{DTSA-88-1}
 	- net-snmp 5.4.1~dfsg-1
@@ -1636,7 +1788,7 @@
 CVE-2007-5760
 	RESERVED
 CVE-2007-5759
-	RESERVED
+	REJECTED
 CVE-2007-5758
 	RESERVED
 CVE-2007-5757
@@ -2467,8 +2619,8 @@
 	- xscreensaver 5.03-3.1 (medium; bug #448157)
 	- rss-glx 0.8.1-8 (medium)
 	NOTE: proper fix available and uploaded
-CVE-2007-5584
-	RESERVED
+CVE-2007-5584 (Unspecified vulnerability in Cisco Firewall Services Module
(FWSM) ...)
+	TODO: check
 CVE-2007-5583 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote
attackers ...)
 	NOT-FOR-US: Cisco IP Phone
 CVE-2007-5582 (Cross-site scripting (XSS) vulnerability in the login page in
Cisco ...)
@@ -4992,12 +5144,12 @@
 	NOT-FOR-US: eNetman
 CVE-2007-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Toms
Gaestebuch ...)
 	NOT-FOR-US: Toms Gaestebuch
-CVE-2007-4710
-	RESERVED
-CVE-2007-4709
-	RESERVED
-CVE-2007-4708
-	RESERVED
+CVE-2007-4710 (Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11
...)
+	TODO: check
+CVE-2007-4709 (Directory traversal vulnerability in CFNetwork in Apple Mac OS X
...)
+	TODO: check
+CVE-2007-4708 (Format string vulnerability in Address Book in Apple Mac OS X
10.4.11 ...)
+	TODO: check
 CVE-2007-4707 (Multiple unspecified vulnerabilities in the Flash media handler
in ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2007-4706 (Heap-based buffer overflow in Apple QuickTime before 7.3.1
allows ...)
@@ -5920,7 +6072,7 @@
 	NOT-FOR-US: Bilder Uploader
 CVE-2007-4325 (PHP remote file inclusion vulnerability in index.php in
Gaestebuch 1.5 ...)
 	NOT-FOR-US: Gaestebuch
-CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0 allows
remote ...)
+CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other
...)
 	- flashplugin-nonfree <not-affected> (This package just downloads the
plugin from adobe.com which has an updated version)
 	[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
 	[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
@@ -6528,7 +6680,7 @@
 	NOT-FOR-US: geoBlog
 CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery
...)
 	NOT-FOR-US: Pony Gallery
-CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote
attackers ...)
+CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and
other ...)
 	- cupsys <not-affected> (SuSE-specific regression)
 CVE-2007-4044
 	REJECTED
@@ -6858,7 +7010,7 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in
...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2007-3901 (Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0
...)
+CVE-2007-3901 (Stack-based buffer overflow in the DirectShow Synchronized
Accessible ...)
 	NOT-FOR-US: Microsoft DirectX
 CVE-2007-3900
 	RESERVED
@@ -6908,8 +7060,8 @@
 	RESERVED
 CVE-2007-3877
 	RESERVED
-CVE-2007-3876
-	RESERVED
+CVE-2007-3876 (Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11
allows ...)
+	TODO: check
 CVE-2007-3875 (arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust
Antivirus) ...)
 	NOT-FOR-US: CA Anti-Virus
 CVE-2007-3874 (Directory traversal vulnerability in the tftp/mftp daemon in the
PXE ...)
@@ -18679,6 +18831,7 @@
 CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for
NetGear ...)
 	NOT-FOR-US: NetGear
 CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x up to 2.6.18,
and ...)
+	{DSA-1436-1}
 	- linux-2.6 2.6.22-6 (unimportant)
 	NOTE: Mounting filesystem partitions should be limited to root
 CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other
versions, on ...)
Secure testing commits - Dec 2007 - r7667 - data/CVE

[Secure-testing-commits] r7667 - data/CVE
