stef-guest at alioth.debian.org
2008-Jan-16 20:21 UTC
[Secure-testing-commits] r7943 - data/CVE
Author: stef-guest Date: 2008-01-16 20:21:58 +0000 (Wed, 16 Jan 2008) New Revision: 7943 Modified: data/CVE/list Log: new xine-lib, freebsd, linux, horde3 issues some NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-01-16 17:57:08 UTC (rev 7942) +++ data/CVE/list 2008-01-16 20:21:58 UTC (rev 7943) @@ -105,7 +105,7 @@ CVE-2008-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...) NOT-FOR-US: Sun Java System Identity Manager CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in ...) - TODO: check + - xine-lib <unfixed> (medium; bug #460551) CVE-2008-XXXX [insecure use of RandomPool] - python-paramiko <unfixed> (medium; bug #460706) NOTE: http://www.lag.net/pipermail/paramiko/2008-January/000599.html @@ -153,9 +153,14 @@ CVE-2008-0218 (Cross-site scripting (XSS) vulnerability in admin/index.html in Merak ...) NOT-FOR-US: Merak IceWarp Mail Server CVE-2008-0217 (The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes ...) - TODO: check + - kfreebsd-5 <removed> + [etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported) + - kfreebsd-6 <unfixed> + - kfreebsd-7 <unfixed> CVE-2008-0216 (The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not ...) - TODO: check + - kfreebsd-5 <not-affected> + - kfreebsd-6 <unfixed> + - kfreebsd-7 <unfixed> CVE-2008-0215 RESERVED CVE-2008-0214 @@ -374,7 +379,9 @@ CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle ...) TODO: check CVE-2008-0122 (Off-by-one error in the inet_network function in libc in FreeBSD 6.2, ...) - TODO: check + - kfreebsd-5 <not-affected> + - kfreebsd-6 <unfixed> + - kfreebsd-7 <unfixed> CVE-2008-0121 RESERVED CVE-2008-0120 @@ -567,17 +574,18 @@ CVE-2008-0037 RESERVED CVE-2008-0036 (Buffer overflow in Apple QuickTime before 7.4 allows remote attackers ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2008-0035 (Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 ...) - TODO: check + NOT-FOR-US: Apple cocoa Foundation + NOTE: AFAICS this is not the same as libfoundation in Debian CVE-2008-0034 (Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through ...) - TODO: check + NOT-FOR-US: Apple iPhone CVE-2008-0033 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2008-0032 (Apple QuickTime before 7.4 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2008-0031 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2007-6667 (SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier ...) NOT-FOR-US: MyPHP Forum CVE-2007-6666 (SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 ...) @@ -1685,7 +1693,7 @@ CVE-2008-0002 RESERVED CVE-2008-0001 (VFS in the Linux kernel before 2.6.23.14 performs tests of access mode ...) - TODO: check + - linux-2.6 <unfixed> CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...) - xen-3 3.1.2-1 CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x ...) @@ -2148,7 +2156,7 @@ CVE-2007-6019 RESERVED CVE-2007-6018 (IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde ...) - TODO: check + - horde3 <unfixed> (bug filed; low) CVE-2007-6017 RESERVED CVE-2007-6016 @@ -3377,13 +3385,13 @@ CVE-2007-5659 RESERVED CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and ...) - TODO: check + NOT-FOR-US: TIBCO SmartSockets RTserver CVE-2007-5657 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...) - TODO: check + NOT-FOR-US: TIBCO SmartSockets RTserver CVE-2007-5656 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...) - TODO: check + NOT-FOR-US: TIBCO SmartSockets RTserver CVE-2007-5655 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...) - TODO: check + NOT-FOR-US: TIBCO SmartSockets RTserver CVE-2007-5654 (LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger ...) NOT-FOR-US: LiteSpeed CVE-2007-5653 (The Component Object Model (COM) functions in PHP 5.x on Windows do ...)