thr3ads.net - Secure testing commits - [Secure-testing-commits] r8147

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Feb-13 09:14 UTC
[Secure-testing-commits] r8147 - data/CVE

Author: joeyh
Date: 2008-02-13 09:14:27 +0000 (Wed, 13 Feb 2008)
New Revision: 8147

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-02-12 23:05:04 UTC (rev 8146)
+++ data/CVE/list	2008-02-13 09:14:27 UTC (rev 8147)
@@ -1,3 +1,135 @@
+CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows
symlinks ...)
+	TODO: check
+CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does
not ...)
+	TODO: check
+CVE-2008-0730 (The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean,
and ...)
+	TODO: check
+CVE-2008-0729 (Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote
attackers ...)
+	TODO: check
+CVE-2008-0728 (libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown
...)
+	TODO: check
+CVE-2008-0727
+	RESERVED
+CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier
allows ...)
+	TODO: check
+CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and
(2) ...)
+	TODO: check
+CVE-2008-0724 (The Everything Development Engine in The Everything Development
System ...)
+	TODO: check
+CVE-2008-0723 (Cross-site scripting (XSS) vulnerability in mynews.inc.php in
MyNews ...)
+	TODO: check
+CVE-2008-0722 (Cross-site scripting (XSS) vulnerability in index.php in
Pagetool ...)
+	TODO: check
+CVE-2008-0721 (SQL injection vulnerability in index.php in the Sermon
(com_sermon) ...)
+	TODO: check
+CVE-2008-0720 (Cross-site scripting (XSS) vulnerability in Webmin 1.370 and
1.390 and ...)
+	TODO: check
+CVE-2008-0719 (SQL injection vulnerability in customer_testimonials.php in the
...)
+	TODO: check
+CVE-2008-0718 (Unspecified vulnerability in the USB Mouse STREAMS module
(usbms) in ...)
+	TODO: check
+CVE-2008-0717 (Cross-site scripting (XSS) vulnerability in Caching Proxy (CP)
5.1 ...)
+	TODO: check
+CVE-2008-0716 (The agent in Symantec Altiris Notification Server before 6.0 SP3
R7 ...)
+	TODO: check
+CVE-2008-0715 (Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0
allows ...)
+	TODO: check
+CVE-2008-0714 (SQL injection vulnerability in users.php in Mihalism Multi Host
allows ...)
+	TODO: check
+CVE-2008-0713
+	RESERVED
+CVE-2008-0712
+	RESERVED
+CVE-2008-0711
+	RESERVED
+CVE-2008-0710
+	RESERVED
+CVE-2008-0709
+	RESERVED
+CVE-2008-0708
+	RESERVED
+CVE-2008-0707
+	RESERVED
+CVE-2008-0706
+	RESERVED
+CVE-2008-0705
+	RESERVED
+CVE-2008-0704
+	RESERVED
+CVE-2008-0703 (Multiple directory traversal vulnerabilities in sflog! 0.96
allow ...)
+	TODO: check
+CVE-2008-0702 (Multiple heap-based buffer overflows in Titan FTP Server 6.03
and ...)
+	TODO: check
+CVE-2008-0701 (ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not
check ...)
+	TODO: check
+CVE-2008-0700 (Cross-site scripting (XSS) vulnerability in search.php in Crux
...)
+	TODO: check
+CVE-2008-0699 (Unspecified vulnerability in SYSPROC.ADMIN_SP_C in IBM DB2 UDB
before ...)
+	TODO: check
+CVE-2008-0698 (Buffer overflow in the DAS server in IBM DB2 UDB before 8.2
Fixpak 16 ...)
+	TODO: check
+CVE-2008-0697 (Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2
Fixpak 16 ...)
+	TODO: check
+CVE-2008-0696 (IBM DB2 UDB before 8.2 Fixpak 16 does not properly check
authorization ...)
+	TODO: check
+CVE-2008-0695 (SQL injection vulnerability in index.php in BookmarkX script
2007 ...)
+	TODO: check
+CVE-2008-0694 (Cross-site scripting (XSS) vulnerability in the HTTP Server in
IBM ...)
+	TODO: check
+CVE-2008-0693 (Stack-based buffer overflow in PQCore.exe in Print Manager Plus
2008 ...)
+	TODO: check
+CVE-2008-0692 (SQL injection vulnerability in bidhistory.php in iTechBids 3
Gold and ...)
+	TODO: check
+CVE-2008-0691 (Multiple cross-site scripting (XSS) vulnerabilities in
admin_panel.php ...)
+	TODO: check
+CVE-2008-0690 (SQL injection vulnerability in index.php in the mosDirectory
...)
+	TODO: check
+CVE-2008-0689 (SQL injection vulnerability in index.php in the Marketplace ...)
+	TODO: check
+CVE-2008-0688 (Cross-site scripting (XSS) vulnerability in catalog.php in
Smartscript ...)
+	TODO: check
+CVE-2008-0687 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2008-0686 (SQL injection vulnerability in index.php in the NeoReferences
...)
+	TODO: check
+CVE-2008-0685 (SQL injection vulnerability in ViewCat.php in iTechClassifieds
3.0 ...)
+	TODO: check
+CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in ...)
+	TODO: check
+CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ...)
+	TODO: check
+CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew
plugin ...)
+	TODO: check
+CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 allows
...)
+	TODO: check
+CVE-2008-0680 (SNMPd in MicroTik RouterOS 3.2 and earlier allows remote
attackers to ...)
+	TODO: check
+CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in BlogPHP
2.0 ...)
+	TODO: check
+CVE-2008-0678 (SQL injection vulnerability in index.php in BlogPHP 2.0 allows
remote ...)
+	TODO: check
+CVE-2008-0677 (SQL injection vulnerability in blog.php in A-Blog 2 allows
remote ...)
+	TODO: check
+CVE-2008-0676 (Cross-site scripting (XSS) vulnerability in search.php in A-Blog
2 ...)
+	TODO: check
+CVE-2008-0675 (SQL injection vulnerability in cms/index.pl in The Everything
...)
+	TODO: check
+CVE-2008-0674
+	RESERVED
+CVE-2008-0673 (TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of
an ...)
+	TODO: check
+CVE-2008-0672 (The process_chat_input function in TinTin++ 1.97.9 and WinTin++
1.97.9 ...)
+	TODO: check
+CVE-2008-0671 (Stack-based buffer overflow in the add_line_buffer function in
...)
+	TODO: check
+CVE-2008-0670 (SQL injection vulnerability in index.php in the Noticias ...)
+	TODO: check
+CVE-2008-0669 (Cross-site scripting (XSS) vulnerability in search.cgi in Sift
Unity ...)
+	TODO: check
+CVE-2008-0668 (The excel_read_HLINK function in plugins/excel/ms-excel-read.c
in ...)
+	TODO: check
+CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by
Adobe ...)
+	TODO: check
 CVE-2008-0663 (Novell Challenge Response Client (LCM) 2.7.5 and earlier, as
used with ...)
 	NOT-FOR-US: Novell Challenge Response Client
 CVE-2008-0662 (The Auto Local Logon feature in Check Point VPN-1 ...)
@@ -16,7 +148,7 @@
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 CVE-2008-0656 (Unrestricted file upload vulnerability in dmclTrace.jsp in EMC
...)
 	NOT-FOR-US: Documentum Administrator and Webtop
-CVE-2008-0655 (Multiple unspecified vulnerabilities in Adobe Reader before
8.1.2 have ...)
+CVE-2008-0655 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat
...)
 	NOT-FOR-US: Adobe Reader
 CVE-2008-0654 (Multiple directory traversal vulnerabilities in Azucar CMS 1.3
allow ...)
 	NOT-FOR-US: Azucar CMS
@@ -57,8 +189,8 @@
 	RESERVED
 CVE-2008-0637
 	RESERVED
-CVE-2008-0636
-	RESERVED
+CVE-2008-0636 (Level Platforms, Inc. (LPI) Managed Workplace Service Center
4.x, 5.x ...)
+	TODO: check
 CVE-2008-0635 (Unspecified vulnerability in the delivery engine in Openads
2.4.0 ...)
 	NOT-FOR-US: Openads
 CVE-2008-0634 (Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX
control in ...)
@@ -131,8 +263,7 @@
 	NOT-FOR-US: All Club CMS (ACCMS)
 CVE-2008-0601 (SQL injection vulnerability in index.php in All Club CMS (ACCMS)
...)
 	NOT-FOR-US: All Club CMS (ACCMS)
-CVE-2008-0600 [linux vmsplice privilege escalation vulnerability]
-	RESERVED
+CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through
2.6.24.1 ...)
 	{DSA-1494-1 DTSA-113-1}
 	- linux-2.6 2.6.24-4 (high)
 CVE-2008-0599
@@ -286,7 +417,7 @@
 	RESERVED
 CVE-2008-0526
 	RESERVED
-CVE-2008-0525 (PatchLink Update client for Unix allows local users to (1)
truncate ...)
+CVE-2008-0525 (PatchLink Update client for Unix, as used by Novell ZENworks
Patch ...)
 	NOT-FOR-US: PatchLink Update client for Unix
 CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the
management ...)
 	NOT-FOR-US: Yamaha router firmware
@@ -367,13 +498,11 @@
 	NOTE: control over the mailinglist, so not a very important issue.
 	NOTE: This enhances the fix for CVE-2006-3636.
 	NOTE:
http://mail.python.org/pipermail/mailman-announce/2008-February/000095.html
-CVE-2008-0665 [insecure tmp file usage in ipp backend in webwml]
-	RESERVED
+CVE-2008-0665 (wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11
...)
 	{DSA-1492-1}
 	- wml 2.0.11-3.1 (low; bug #463907)
 	[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
-CVE-2008-0666 [insecure tmp file usage wmg.cgi and eperl backend in webwml]
-	RESERVED
+CVE-2008-0666 (Website META Language (WML) 2.0.11 allows local users to
overwrite ...)
 	{DSA-1492-1}
 	- wml 2.0.11-3.1 (low; bug #463907)
 	[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
@@ -558,8 +687,8 @@
 	NOT-FOR-US: bMachine
 CVE-2008-0421 (SQL injection vulnerability in Invision Gallery 2.0.7 and
earlier ...)
 	NOT-FOR-US: Invision Gallery
-CVE-2008-0420
-	RESERVED
+CVE-2008-0420 (Unspecified vulnerability in Mozilla Firefox, as used in Ubuntu
6.06 ...)
+	TODO: check
 CVE-2008-0419 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8
allows ...)
 	{DSA-1489-1 DSA-1485-1 DSA-1484-1}
 	- iceweasel 2.0.0.12-1
@@ -576,9 +705,9 @@
 	{DSA-1489-1 DSA-1485-1 DSA-1484-1}
 	- iceweasel 2.0.0.12-1
 	- xulrunner 1.8.1.12-1
-CVE-2008-0416
-	RESERVED
+CVE-2008-0416 (Multiple unspecified vulnerabilities in Mozilla Firefox, as used
in ...)
 	{DSA-1489-1 DSA-1485-1 DSA-1484-1}
+	TODO: check
 CVE-2008-0415 (Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12,
and ...)
 	{DSA-1489-1 DSA-1485-1 DSA-1484-1}
 	- iceweasel 2.0.0.12-1
@@ -810,8 +939,8 @@
 	RESERVED
 CVE-2008-0319
 	RESERVED
-CVE-2008-0318
-	RESERVED
+CVE-2008-0318 (Integer overflow in libclamav in ClamAV before 0.92.1, as used
in ...)
+	TODO: check
 CVE-2008-0317
 	RESERVED
 CVE-2008-0316
@@ -1064,11 +1193,11 @@
 	- kfreebsd-5 <not-affected>
 	- kfreebsd-6 <unfixed>
 	- kfreebsd-7 <unfixed>
-CVE-2008-0215
-	RESERVED
+CVE-2008-0215 (Multiple unspecified vulnerabilities in HP Storage Essentials
Storage ...)
+	TODO: check
 CVE-2008-0214 (Multiple unspecified vulnerabilities in HP Select Identity 4.00,
4.01, ...)
 	TODO: check
-CVE-2008-0213 (Unspecified vulnerability in an ActiveX control for HP Virtual
Rooms ...)
+CVE-2008-0213 (Unspecified vulnerability in a certain ActiveX control for HP
Virtual ...)
 	TODO: check
 CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) ...)
 	NOT-FOR-US: HP OpenView Network Node Manager
@@ -1176,8 +1305,7 @@
 	RESERVED
 CVE-2008-0164
 	RESERVED
-CVE-2008-0163 [linux vserver kernel allows to access other vservers via
symlinks]
-	RESERVED
+CVE-2008-0163 (Linux kernel 2.6, when using vservers, allows local users to
access ...)
 	{DSA-1494-1}
 	- linux-2.6 <unfixed> (high)
 CVE-2008-0162
@@ -1325,22 +1453,22 @@
 	RESERVED
 CVE-2008-0110
 	RESERVED
-CVE-2008-0109
-	RESERVED
-CVE-2008-0108
-	RESERVED
+CVE-2008-0109 (Unspecified vulnerability in Word in Microsoft Office 2000 SP3,
XP ...)
+	TODO: check
+CVE-2008-0108 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and
SP3, ...)
+	TODO: check
 CVE-2008-0107
 	RESERVED
 CVE-2008-0106
 	RESERVED
-CVE-2008-0105
-	RESERVED
-CVE-2008-0104
-	RESERVED
-CVE-2008-0103
-	RESERVED
-CVE-2008-0102
-	RESERVED
+CVE-2008-0105 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and
SP3, ...)
+	TODO: check
+CVE-2008-0104 (Unspecified vulnerability in Microsoft Office Publisher 2000,
2002, ...)
+	TODO: check
+CVE-2008-0103 (Unspecified vulnerability in Microsoft Office 2000 SP3, Office
XP SP3, ...)
+	TODO: check
+CVE-2008-0102 (Unspecified vulnerability in Microsoft Office Publisher 2000,
2002, ...)
+	TODO: check
 CVE-2008-0101 (Format string vulnerability in the swDebugf function in
DuneApp.cpp in ...)
 	- whitedune 0.28.13-1 (medium)
 CVE-2008-0100 (Stack-based buffer overflow in the Scene::errorf function in
Scene.cpp ...)
@@ -1389,36 +1517,36 @@
 	NOT-FOR-US: DivX Player
 CVE-2008-0089 (SQL injection vulnerability in uprofile.php in ClipShare allows
remote ...)
 	NOT-FOR-US: ClipShare
-CVE-2008-0088
-	RESERVED
+CVE-2008-0088 (Unspecified vulnerability in Active Directory on Microsoft
Windows ...)
+	TODO: check
 CVE-2008-0087
 	RESERVED
 CVE-2008-0086
 	RESERVED
 CVE-2008-0085
 	RESERVED
-CVE-2008-0084
-	RESERVED
+CVE-2008-0084 (Unspecified vulnerability in the TCP/IP support in Microsoft
Windows ...)
+	TODO: check
 CVE-2008-0083
 	RESERVED
 CVE-2008-0082
 	RESERVED
 CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2004 and earlier,
and ...)
 	NOT-FOR-US: Microsoft
-CVE-2008-0080
-	RESERVED
+CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in
Microsoft ...)
+	TODO: check
 CVE-2008-0079
 	RESERVED
-CVE-2008-0078
-	RESERVED
-CVE-2008-0077
-	RESERVED
-CVE-2008-0076
-	RESERVED
-CVE-2008-0075
-	RESERVED
-CVE-2008-0074
-	RESERVED
+CVE-2008-0078 (Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in
...)
+	TODO: check
+CVE-2008-0077 (Unspecified vulnerability in Microsoft Internet Explorer 6 SP1,
6 SP2, ...)
+	TODO: check
+CVE-2008-0076 (Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6
SP1 ...)
+	TODO: check
+CVE-2008-0075 (Unspecified vulnerability in Microsoft Internet Information
Services ...)
+	TODO: check
+CVE-2008-0074 (Unspecified vulnerability in Microsoft Internet Information
Services ...)
+	TODO: check
 CVE-2008-0073
 	RESERVED
 CVE-2008-0072
@@ -1479,18 +1607,18 @@
 	RESERVED
 CVE-2008-0043 (Format string vulnerability in Apple iPhoto before 7.1.2 allows
remote ...)
 	TODO: check
-CVE-2008-0042
-	RESERVED
-CVE-2008-0041
-	RESERVED
-CVE-2008-0040
-	RESERVED
-CVE-2008-0039
-	RESERVED
-CVE-2008-0038
-	RESERVED
-CVE-2008-0037
-	RESERVED
+CVE-2008-0042 (Argument injection vulnerability in Terminal.app in Terminal in
Apple ...)
+	TODO: check
+CVE-2008-0041 (Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts
...)
+	TODO: check
+CVE-2008-0040 (Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through
10.5.1 ...)
+	TODO: check
+CVE-2008-0039 (Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11
allows ...)
+	TODO: check
+CVE-2008-0038 (Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an
...)
+	TODO: check
+CVE-2008-0037 (X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly
handle ...)
+	TODO: check
 CVE-2008-0036 (Buffer overflow in Apple QuickTime before 7.4 allows remote
attackers ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2008-0035 (Unspecified vulnerability in Foundation, as used in Apple iPhone
1.0 ...)
@@ -2426,8 +2554,8 @@
 	NOT-FOR-US: TCExam
 CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in
Lxlabs ...)
 	NOT-FOR-US: HyperVM
-CVE-2007-6286
-	RESERVED
+CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15,
when the ...)
+	TODO: check
 CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux
...)
 	NOTE: maintainer will patch autofs5 in upload to unstable
 	TODO: check when autofs5 hits unstable
@@ -2613,12 +2741,10 @@
 	NOT-FOR-US: WebED
 CVE-2007-6212 (Directory traversal vulnerability in region.php in KML share 1.1
...)
 	NOT-FOR-US: KML share
-CVE-2008-0010 [linux vmsplice local priv escalation]
-	RESERVED
+CVE-2008-0010 (The copy_from_user_mmap_sem function in fs/splice.c in the Linux
...)
 	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
-CVE-2008-0009 [kernel: insecure dereference of memory refs from user space,
local priv escalation]
-	RESERVED
+CVE-2008-0009 (The vmsplice_to_user function in fs/splice.c in the Linux kernel
...)
 	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
 CVE-2008-0008 (The pa_drop_root function in PulseAudio 0.9.8, and a certain
0.9.9 ...)
@@ -2642,8 +2768,8 @@
 	RESERVED
 CVE-2008-0003 (Stack-based buffer overflow in the
PAMBasicAuthenticator::PAMCallback ...)
 	NOT-FOR-US: OpenPegasus CIM management server
-CVE-2008-0002
-	RESERVED
+CVE-2008-0002 (Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the
context ...)
+	TODO: check
 CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before
...)
 	{DSA-1479-1}
 	- linux-2.6 <unfixed>
@@ -4331,22 +4457,22 @@
 	RESERVED
 CVE-2007-5667 (NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows
2000, ...)
 	NOT-FOR-US: Novell Client
-CVE-2007-5666
-	RESERVED
+CVE-2007-5666 (Untrusted search path vulnerability in Adobe Reader and Acrobat
8.1.1 ...)
+	TODO: check
 CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security
Management ...)
 	NOT-FOR-US: Novell ZENworks Endpoint Security Management
 CVE-2007-5664
 	RESERVED
-CVE-2007-5663
-	RESERVED
+CVE-2007-5663 (Adobe Reader and Acrobat 8.1.1 and earlier allows remote
attackers to ...)
+	TODO: check
 CVE-2007-5662
 	RESERVED
 CVE-2007-5661
 	RESERVED
 CVE-2007-5660 (Unspecified vulnerability in the Update Service ActiveX control
in ...)
 	NOT-FOR-US:  MacroVision FLEXnet Connect and InstallShield 2008
-CVE-2007-5659
-	RESERVED
+CVE-2007-5659 (Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and
...)
+	TODO: check
 CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0
and ...)
 	NOT-FOR-US: TIBCO SmartSockets RTserver
 CVE-2007-5657 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before
4.0.4, ...)
@@ -5590,8 +5716,8 @@
 	- xulrunner 1.8.1.9-1
 	- iceape 1.1.5
 	NOTE: MFSA2007-33
-CVE-2007-5333
-	RESERVED
+CVE-2007-5333 (Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and
4.1.0 ...)
+	TODO: check
 CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2)
caloggerd ...)
 	NOT-FOR-US: ARCServe BackUp
 CVE-2007-5331 (Queue.dll for the message queuing service (LQserver.exe) in CA
...)
@@ -6999,7 +7125,7 @@
 	NOT-FOR-US: ibstat IBM AIX
 CVE-2007-4791 (Buffer overflow in the swcons command in bos.rte.console in IBM
AIX ...)
 	NOT-FOR-US: swcons IBM AIX
-CVE-2007-4790 (Stack-based buffer overflow in a certain ActiveX control in
FPOLE.OCX ...)
+CVE-2007-4790 (Stack-based buffer overflow in certain ActiveX controls in (1)
...)
 	NOT-FOR-US: Microsoft Visual FoxPro
 CVE-2007-4789 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and
Cisco ...)
 	NOT-FOR-US: Cisco CSM
@@ -9486,7 +9612,7 @@
 CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in
gimp ...)
 	- gimp 2.2.17-1 (unimportant)
 	NOTE: Only DoS by memleaks or double-frees, not treated as security problems
-CVE-2007-3740 (The CIFS filesystem, when Unix extension support is enabled,
does not ...)
+CVE-2007-3740 (The CIFS filesystem in the Linux kernel before 2.6.22, when Unix
...)
 	{DSA-1378-2 DSA-1378-1}
 	- linux-2.6 <unfixed>
 CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems,
does not ...)
@@ -18408,8 +18534,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer
5.01 ...)
 	NOT-FOR-US: Microsoft
-CVE-2007-0216
-	RESERVED
+CVE-2007-0216 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and
SP3, ...)
+	TODO: check
 CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002
SP3, ...)
 	NOT-FOR-US: Microsoft Excel
 CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows
2000 ...)
@@ -18819,8 +18945,8 @@
 	NOT-FOR-US: Lotus Domino Server
 CVE-2007-0066 (The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server
2003, ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2007-0065
-	RESERVED
+CVE-2007-0065 (Heap-based buffer overflow in Object Linking and Embedding (OLE)
...)
+	TODO: check
 CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1,
9, ...)
 	NOT-FOR-US: Windows
 CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation
before ...)
Secure testing commits - Feb 2008 - r8147 - data/CVE

[Secure-testing-commits] r8147 - data/CVE
