thr3ads.net - Secure testing commits - [Secure-testing-commits] r7776

If this information is useful, please help other people find it:
Share via:
stef-guest at alioth.debian.org
2008-Jan-01 11:11 UTC
[Secure-testing-commits] r7776 - data/CVE

Author: stef-guest
Date: 2008-01-01 11:11:33 +0000 (Tue, 01 Jan 2008)
New Revision: 7776

Modified:
   data/CVE/list
Log:
new mozilla/konqueror issues
NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-12-31 21:14:29 UTC (rev 7775)
+++ data/CVE/list	2008-01-01 11:11:33 UTC (rev 7776)
@@ -1,63 +1,68 @@
 CVE-2007-6594 (IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified
weak ...)
-	TODO: check
+	NOT-FOR-US: Lotus Notes
 CVE-2007-6593 (Multiple stack-based buffer overflows in l123sr.dll in Autonomy
...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Notes
 CVE-2007-6592 (Apple Safari 2, when a user accepts an SSL server certificate on
the ...)
-	TODO: check
+	NOT-FOR-US: Safari
 CVE-2007-6591 (KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL
server ...)
-	TODO: check
+	- konqueror <unfixed> (medium)
+	NOTE: filed http://bugs.kde.org/show_bug.cgi?id=154921
 CVE-2007-6590 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2, SeaMonkey 1.1.5,
...)
-	TODO: check
+	- iceape <unfixed> (medium)
+	- iceweasel <unfixed> (medium)
+	TODO: check mozilla derivatives/xulrunner
 CVE-2007-6589 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and
...)
-	TODO: check
+	- iceape 1.1.7-1 (medium)
+	- iceweasel 2.0.0.10-1 (medium)
+	TODO: check mozilla derivatives/xulrunner
 CVE-2007-6588 (Cross-site scripting (XSS) vulnerability in PHCDownload 1.10
allows ...)
-	TODO: check
+	NOT-FOR-US: PHCDownload
 CVE-2007-6587 (SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta
3.0 ...)
-	TODO: check
+	NOT-FOR-US: Plogger
 CVE-2007-6586 (SQL injection vulnerability in sezione_news.php in nicLOR-CMS
allows ...)
-	TODO: check
+	NOT-FOR-US: nicLOR-CMS
 CVE-2007-6585 (PHP remote file inclusion vulnerability in
confirmUnsubscription.php ...)
-	TODO: check
+	NOT-FOR-US: NmnNewsletter
 CVE-2007-6584 (Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1
allow ...)
-	TODO: check
+	NOT-FOR-US: 1024 CMS
 CVE-2007-6583 (SQL injection vulnerability in admin/ops/findip/ajax/search.php
in ...)
-	TODO: check
+	NOT-FOR-US: 1024 CMS
 CVE-2007-6582 (Directory traversal vulnerability in index.php in mBlog 1.2
allows ...)
-	TODO: check
+	NOT-FOR-US: mBlog
 CVE-2007-6581 (Multiple directory traversal vulnerabilities in Social Engine
2.0 ...)
-	TODO: check
+	NOT-FOR-US: Social Engine
 CVE-2007-6580 (Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09
allow ...)
-	TODO: check
+	NOT-FOR-US: Wallpaper Site
 CVE-2007-6579 (Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow
remote ...)
-	TODO: check
+	NOT-FOR-US: Ip Reg
 CVE-2007-6578 (SQL injection vulnerability in go.php in PHP ZLink 0.3 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: PHP ZLink
 CVE-2007-6577 (Multiple SQL injection vulnerabilities in index.php in zBlog 1.2
allow ...)
-	TODO: check
+	NOT-FOR-US: zBlog
 CVE-2007-6576 (Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and
...)
-	TODO: check
+	NOT-FOR-US: Adult Script
 CVE-2007-6575 (SQL injection vulnerability in default.php in MMSLamp allows
remote ...)
-	TODO: check
+	NOT-FOR-US: MMSLamp
 CVE-2007-6574 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos
1.8.4 ...)
-	TODO: check
+	NOT-FOR-US: Dokeos
 CVE-2007-6573 (QK SMTP Server 3 allows remote attackers to cause a denial of
service ...)
-	TODO: check
+	NOT-FOR-US: QK SMTP
 CVE-2007-6572 (Cross-site scripting (XSS) vulnerability in Sun Java System Web
Server ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Web Server
 CVE-2007-6571 (Cross-site scripting (XSS) vulnerability in Sun Java System Web
Proxy ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Web Proxy
 CVE-2007-6570 (Cross-site scripting (XSS) vulnerability in the View URL
Database ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Web Proxy Server
 CVE-2007-6569 (Cross-site scripting (XSS) vulnerability in the View Error Log
...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Web Proxy Server
 CVE-2007-6568 (PHP remote file inclusion vulnerability in config.inc.php in
XZero ...)
-	TODO: check
+	NOT-FOR-US: XZero Community Classifieds
 CVE-2007-6567 (Directory traversal vulnerability in index.php in XZero
Community ...)
-	TODO: check
+	NOT-FOR-US: XZero Community Classifieds
 CVE-2007-6566 (SQL injection vulnerability in post.php in XZero Community
Classifieds ...)
-	TODO: check
+	NOT-FOR-US: XZero Community Classifieds
 CVE-2007-6565 (Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A
Beta ...)
-	TODO: check
+	NOT-FOR-US: Blakord Portal
 CVE-2007-XXXX [XSS via file upload in mantis]
 	- mantis 1.0.8-4 (low; bug #458377)
 CVE-2007-XXXX [vlc mozilla plugin arbitrary file overwrite vulnerability]
Secure testing commits - Jan 2008 - r7776 - data/CVE

[Secure-testing-commits] r7776 - data/CVE
