thr3ads.net - Secure testing commits - [Secure-testing-commits] r8219

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Feb-26 09:14 UTC
[Secure-testing-commits] r8219 - data/CVE

Author: joeyh
Date: 2008-02-26 09:14:12 +0000 (Tue, 26 Feb 2008)
New Revision: 8219

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-02-26 07:52:05 UTC (rev 8218)
+++ data/CVE/list	2008-02-26 09:14:12 UTC (rev 8219)
@@ -1,3 +1,353 @@
+CVE-2008-6426
+	REJECTED
+	TODO: check
+CVE-2008-0982 (Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers
to ...)
+	TODO: check
+CVE-2008-0981 (Open redirect vulnerability in spyce/examples/redirect.spy in
Spyce - ...)
+	TODO: check
+CVE-2008-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Spyce -
Python ...)
+	TODO: check
+CVE-2008-0979 (Stack consumption vulnerability in Double-Take 5.0.0.2865 and
earlier, ...)
+	TODO: check
+CVE-2008-0978 (Double-Take 5.0.0.2865 and earlier, distributed under the HP
...)
+	TODO: check
+CVE-2008-0977 (Double-Take 5.0.0.2865 and earlier, distributed under the HP
...)
+	TODO: check
+CVE-2008-0976 (Double-Take 5.0.0.2865 and earlier, distributed under the HP
...)
+	TODO: check
+CVE-2008-0975 (Double-Take 5.0.0.2865 and earlier, distributed under the HP
...)
+	TODO: check
+CVE-2008-0974 (Double-Take 5.0.0.2865 and earlier, distributed under the HP
...)
+	TODO: check
+CVE-2008-0973 (Buffer overflow in Double-Take (aka HP StorageWorks Storage
Mirroring) ...)
+	TODO: check
+CVE-2008-0972
+	RESERVED
+CVE-2008-0971
+	RESERVED
+CVE-2008-0970
+	RESERVED
+CVE-2008-0969
+	RESERVED
+CVE-2008-0968
+	RESERVED
+CVE-2008-0967
+	RESERVED
+CVE-2008-0966
+	RESERVED
+CVE-2008-0965
+	RESERVED
+CVE-2008-0964
+	RESERVED
+CVE-2008-0963
+	RESERVED
+CVE-2008-0962
+	RESERVED
+CVE-2008-0961
+	RESERVED
+CVE-2008-0960
+	RESERVED
+CVE-2008-0959
+	RESERVED
+CVE-2008-0958
+	RESERVED
+CVE-2008-0957
+	RESERVED
+CVE-2008-0956
+	RESERVED
+CVE-2008-0955
+	RESERVED
+CVE-2008-0954
+	RESERVED
+CVE-2008-0953
+	RESERVED
+CVE-2008-0952
+	RESERVED
+CVE-2008-0951
+	RESERVED
+CVE-2008-0950
+	RESERVED
+CVE-2008-0949
+	RESERVED
+CVE-2008-0948
+	RESERVED
+CVE-2008-0947
+	RESERVED
+CVE-2008-0946 (Directory traversal vulnerability in the IM Server (aka IMserve
or ...)
+	TODO: check
+CVE-2008-0945 (Format string vulnerability in the logging function in the IM
Server ...)
+	TODO: check
+CVE-2008-0944 (Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows
remote ...)
+	TODO: check
+CVE-2008-0943 (Multiple SQL injection vulnerabilities in Eagle Software Aeries
...)
+	TODO: check
+CVE-2008-0942 (SQL injection vulnerability in GradebookStuScores.asp in Eagle
...)
+	TODO: check
+CVE-2008-0941 (Cross-site scripting (XSS) vulnerability in Eagle Software
Aeries ...)
+	TODO: check
+CVE-2008-0940 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI
before ...)
+	TODO: check
+CVE-2008-0939 (Multiple SQL injection vulnerabilities in wppa.php in the WP
Photo ...)
+	TODO: check
+CVE-2008-0938 (Unspecified vulnerability in the dynamic tracing framework
(DTrace) in ...)
+	TODO: check
+CVE-2008-0937 (SQL injection vulnerability in index.php in the Tiny Event
(tinyevent) ...)
+	TODO: check
+CVE-2008-0936 (SQL injection vulnerability in index.php in the Prayer List ...)
+	TODO: check
+CVE-2008-0935 (Stack-based buffer overflow in the Novell iPrint Control ActiveX
...)
+	TODO: check
+CVE-2008-0934 (SQL injection vulnerability in modules.php in the NukeC 2.1
module for ...)
+	TODO: check
+CVE-2008-0933 (Multiple race conditions in the CPU Performance Counters (cpc)
...)
+	TODO: check
+CVE-2008-0931
+	RESERVED
+CVE-2008-0930
+	RESERVED
+CVE-2008-0929
+	REJECTED
+	TODO: check
+CVE-2008-0928
+	RESERVED
+CVE-2008-0927
+	RESERVED
+CVE-2008-0926
+	RESERVED
+CVE-2008-0925
+	RESERVED
+CVE-2008-0924
+	RESERVED
+CVE-2008-0923 (Directory traversal vulnerability in the Shared Folders feature
for ...)
+	TODO: check
+CVE-2008-0922 (SQL injection vulnerability in the Manuales 0.1 module for
PHP-Nuke ...)
+	TODO: check
+CVE-2008-0921 (SQL injection vulnerability in news.php in beContent 0.3.1
allows ...)
+	TODO: check
+CVE-2008-0920 (SQL injection vulnerability in port/modifyportform.php in Open
Source ...)
+	TODO: check
+CVE-2008-0919 (Cross-site scripting (XSS) vulnerability in session/login.php in
Open ...)
+	TODO: check
+CVE-2008-0918 (SQL injection vulnerability in includes/count_dl_or_link.inc.php
in ...)
+	TODO: check
+CVE-2008-0917 (Cross-site scripting (XSS) vulnerability in Tor World Tor Search
1.1 ...)
+	TODO: check
+CVE-2008-0916 (SQL injection vulnerability in the Highwood Design hwdVideoShare
...)
+	TODO: check
+CVE-2008-0915 (The Mediation server in IPdiva SSL VPN Server 2.2 before
2.2.8.84 and ...)
+	TODO: check
+CVE-2008-0914 (Multiple cross-site scripting (XSS) vulnerabilities in the
Mediation ...)
+	TODO: check
+CVE-2008-0913 (Cross-site scripting (XSS) vulnerability in Invision Power Board
(IPB ...)
+	TODO: check
+CVE-2008-0912 (Multiple heap-based buffer overflows in mlsrv10.exe in Sybase
MobiLink ...)
+	TODO: check
+CVE-2008-0911 (SQL injection vulnerability in productdetails.php in iScripts
...)
+	TODO: check
+CVE-2008-0910 (Multiple F-Secure anti-virus products, including Internet
Security ...)
+	TODO: check
+CVE-2008-0909 (Cross-site scripting (XSS) vulnerability in browse.asp in
Schoolwires ...)
+	TODO: check
+CVE-2008-0908 (SQL injection vulnerability in browse.asp in Schoolwires
Academic ...)
+	TODO: check
+CVE-2008-0907 (SQL injection vulnerability in the Inhalt module for PHP-Nuke
allows ...)
+	TODO: check
+CVE-2008-0906 (SQL injection vulnerability in the Docum module in PHP-Nuke
allows ...)
+	TODO: check
+CVE-2008-0905 (Directory traversal vulnerability in globsy_edit.php in Globsy
1.0 ...)
+	TODO: check
+CVE-2008-0904 (Unspecified vulnerability in the download servlet in BEA
Plumtree ...)
+	TODO: check
+CVE-2008-0903 (Unspecified vulnerability in the BEA WebLogic Server and Express
proxy ...)
+	TODO: check
+CVE-2008-0902 (Multiple cross-site scripting (XSS) vulnerabilities in BEA
WebLogic ...)
+	TODO: check
+CVE-2008-0901 (BEA WebLogic Server and Express 7.0 through 10.0 allows remote
...)
+	TODO: check
+CVE-2008-0900 (Session fixation vulnerability in BEA WebLogic Server and
Express 8.1 ...)
+	TODO: check
+CVE-2008-0899 (Cross-site scripting (XSS) vulnerability in the Administration
Console ...)
+	TODO: check
+CVE-2008-0898 (The distributed queue feature in JMS in BEA WebLogic Server 9.0
...)
+	TODO: check
+CVE-2008-0897 (Unspecified vulnerability in BEA WebLogic Server 9.0 through
10.0 ...)
+	TODO: check
+CVE-2008-0896 (BEA WebLogic Portal 10.0 and 9.2 through MP1, when an
administrator ...)
+	TODO: check
+CVE-2008-0895 (BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows
...)
+	TODO: check
+CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially
...)
+	TODO: check
+CVE-2008-0893
+	RESERVED
+CVE-2008-0892
+	RESERVED
+CVE-2008-0891
+	RESERVED
+CVE-2008-0890
+	RESERVED
+CVE-2008-0889
+	RESERVED
+CVE-2008-0888
+	RESERVED
+CVE-2008-0887
+	RESERVED
+CVE-2008-0886
+	RESERVED
+CVE-2008-0885
+	RESERVED
+CVE-2008-0884
+	RESERVED
+CVE-2008-0882 (Double free vulnerability in the process_browse_data function in
CUPS ...)
+	TODO: check
+CVE-2008-0881 (SQL injection vulnerability in modules.php in the Okul 1.0
module for ...)
+	TODO: check
+CVE-2008-0880 (SQL injection vulnerability in modules.php in the EasyContent
module ...)
+	TODO: check
+CVE-2008-0879 (SQL injection vulnerability in modules.php in the Web_Links
module for ...)
+	TODO: check
+CVE-2008-0878 (SQL injection vulnerability in index.php in the MyAnnonces 1.7
and ...)
+	TODO: check
+CVE-2008-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Jinzora
Media ...)
+	TODO: check
+CVE-2008-0876 (Unspecified vulnerability in the SEWB3 messaging service in
Hitachi ...)
+	TODO: check
+CVE-2008-0875 (Unspecified vulnerability in Hitachi EUR Print Manager, and
related ...)
+	TODO: check
+CVE-2008-0874 (SQL injection vulnerability in index.php in the eEmpregos module
for ...)
+	TODO: check
+CVE-2008-0873 (SQL injection vulnerability in index.php in the jlmZone
Classifieds ...)
+	TODO: check
+CVE-2008-0872 (Cross-site scripting (XSS) vulnerability in SmarterTools
SmarterMail ...)
+	TODO: check
+CVE-2008-0871 (Multiple stack-based buffer overflows in Now SMS/MMS Gateway
...)
+	TODO: check
+CVE-2008-0870 (BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2,
under ...)
+	TODO: check
+CVE-2008-0869 (Cross-site scripting (XSS) vulnerability in BEA WebLogic
Workshop 8.1 ...)
+	TODO: check
+CVE-2008-0868 (Cross-site scripting (XSS) vulnerability in Groupspace in BEA
WebLogic ...)
+	TODO: check
+CVE-2008-0867 (Cross-site scripting (XSS) vulnerability in portal/server.pt in
BEA ...)
+	TODO: check
+CVE-2008-0866 (Multiple cross-site scripting (XSS) vulnerabilities in BEA
WebLogic ...)
+	TODO: check
+CVE-2008-0865 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6
...)
+	TODO: check
+CVE-2008-0864 (Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can ...)
+	TODO: check
+CVE-2008-0863 (BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the
web ...)
+	TODO: check
+CVE-2008-0862 (IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet
when a ...)
+	TODO: check
+CVE-2008-0861 (Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM
Lotus ...)
+	TODO: check
+CVE-2008-0860 (Unspecified vulnerability in the AVG plugin in Kerio MailServer
before ...)
+	TODO: check
+CVE-2008-0859 (Unspecified vulnerability in Kerio MailServer before 6.5.0
allows ...)
+	TODO: check
+CVE-2008-0858 (Buffer overflow in the Visnetic anti-virus plugin in Kerio
MailServer ...)
+	TODO: check
+CVE-2008-0857 (SQL injection vulnerability in index.php in WoltLab Burning
Board ...)
+	TODO: check
+CVE-2008-0856 (Multiple SQL injection vulnerabilities in e-Vision CMS 2.02
allow ...)
+	TODO: check
+CVE-2008-0855 (SQL injection vulnerability in the Facile Forms
(com_facileforms) ...)
+	TODO: check
+CVE-2008-0854 (SQL injection vulnerability in the com_salesrep component for
Joomla! ...)
+	TODO: check
+CVE-2008-0853 (SQL injection vulnerability in the com_detail component for
Joomla! ...)
+	TODO: check
+CVE-2008-0852 (freeSSHd 1.2 and earlier allows remote attackers to cause a
denial of ...)
+	TODO: check
+CVE-2008-0851 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos
1.8.4 ...)
+	TODO: check
+CVE-2008-0850 (Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow
remote ...)
+	TODO: check
+CVE-2008-0849 (SQL injection vulnerability in index.php in the Downloads ...)
+	TODO: check
+CVE-2008-0848 (Cross-site scripting (XSS) vulnerability in lostsheep.php in
Crafty ...)
+	TODO: check
+CVE-2008-0847 (SQL injection vulnerability in print.php in the myTopics module
for ...)
+	TODO: check
+CVE-2008-0846 (SQL injection vulnerability in index.php in the com_profile
component ...)
+	TODO: check
+CVE-2008-0845 (SQL injection vulnerability in wp-people-popup.php in Dean Logan
...)
+	TODO: check
+CVE-2008-0844 (SQL injection vulnerability in index.php in the PccookBook ...)
+	TODO: check
+CVE-2008-0843 (StatCounteX 3.0 and 3.1 allows remote attackers to obtain
sensitive ...)
+	TODO: check
+CVE-2008-0842 (SQL injection vulnerability in index.php in the Classifier ...)
+	TODO: check
+CVE-2008-0841 (SQL injection vulnerability in index.php in the Giorgio Nordo
Ricette ...)
+	TODO: check
+CVE-2008-0840 (Directory traversal vulnerability in view_member.php in Public
...)
+	TODO: check
+CVE-2008-0839 (SQL injection vulnerability in refer.php in the astatsPRO ...)
+	TODO: check
+CVE-2008-0838 (Multiple cross-site scripting (XSS) vulnerabilities in the web
...)
+	TODO: check
+CVE-2008-0837 (Cross-site scripting (XSS) vulnerability in the log feature in
the ...)
+	TODO: check
+CVE-2008-0836 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun
...)
+	TODO: check
+CVE-2008-0835 (SQL injection vulnerability in indexen.php in Simple CMS 1.0.3
and ...)
+	TODO: check
+CVE-2008-0834 (Cross-site scripting (XSS) vulnerability in Lotus Quickr for
i5/OS ...)
+	TODO: check
+CVE-2008-0833 (SQL injection vulnerability in index.php in the com_galeria
component ...)
+	TODO: check
+CVE-2008-0832 (SQL injection vulnerability in index.php in the Kemas Antonius
...)
+	TODO: check
+CVE-2008-0831 (Multiple SQL injection vulnerabilities in the Rapid Recipe ...)
+	TODO: check
+CVE-2008-0830 (The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3
...)
+	TODO: check
+CVE-2008-0829 (SQL injection vulnerability in jooget.php in the Joomlapixel
Jooget! ...)
+	TODO: check
+CVE-2008-0828 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor
1.5.5 ...)
+	TODO: check
+CVE-2008-0827 (SQL injection vulnerability in the Books module of PHP-Nuke
allows ...)
+	TODO: check
+CVE-2008-0826 (Cross-site scripting (XSS) vulnerability in Claroline before
1.8.9 ...)
+	TODO: check
+CVE-2008-0825 (SQL injection vulnerability in Claroline before 1.8.9 allows
remote ...)
+	TODO: check
+CVE-2008-0824 (Unspecified vulnerability in the php2phps function in Claroline
before ...)
+	TODO: check
+CVE-2008-0823 (Unspecified vulnerability in the Header Image Module before
5.x-1.1 ...)
+	TODO: check
+CVE-2008-0822 (Directory traversal vulnerability in index.php in Scribe 0.2
allows ...)
+	TODO: check
+CVE-2008-0821 (SQL injection vulnerability in
admin/traffic/knowledge_searchm.php in ...)
+	TODO: check
+CVE-2008-0820 (** DISPUTED ** ...)
+	TODO: check
+CVE-2008-0819 (Directory traversal vulnerability in index.php in PlutoStatus
Locator ...)
+	TODO: check
+CVE-2008-0818 (Multiple directory traversal vulnerabilities in freePHPgallery
0.6 ...)
+	TODO: check
+CVE-2008-0817 (SQL injection vulnerability in the com_filebase component for
Joomla! ...)
+	TODO: check
+CVE-2008-0816 (SQL injection vulnerability in the com_sg component for Joomla!
and ...)
+	TODO: check
+CVE-2008-0815 (SQL injection vulnerability in the com_mezun component for
Joomla! ...)
+	TODO: check
+CVE-2008-0814 (Directory traversal vulnerability in download.php in Tracking
...)
+	TODO: check
+CVE-2008-0813 (Directory traversal vulnerability in Download.php in XPWeb
3.0.1, ...)
+	TODO: check
+CVE-2008-0812 (Directory traversal vulnerability in DMS/index.php in BanPro DMS
1.0 ...)
+	TODO: check
+CVE-2008-0811 (Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow
remote ...)
+	TODO: check
+CVE-2008-0810 (SQL injection vulnerability in the com_scheduling module for
Joomla! ...)
+	TODO: check
+CVE-2008-0805 (Unrestricted file upload vulnerability in image.php in PHPizabi
0.848b ...)
+	TODO: check
+CVE-2008-0804 (PHP remote file inclusion vulnerability in usrgetform.html in
Thecus ...)
+	TODO: check
 CVE-2008-XXXX [lighttpd remote DoS]
 	- lighttpd <unfixed> (medium; bug #466663)
 	NOTE: CVE id pending
@@ -2,9 +352,10 @@
 CVE-2008-0883 [tmp race]
+	RESERVED
 	NOT-FOR-US: Adobe Acrobat Reader
 	NOTE: http://www.openwall.com/lists/oss-security/2008/02/21/5
 CVE-2008-0803 (Multiple PHP remote file inclusion vulnerabilities in LookStrike
Lan ...)
 	NOT-FOR-US: LookStrike Lan Manager
-CVE-2008-0802 (SQL injection vulnerability in index.php in the com_mediaslide
...)
+CVE-2008-0802 (SQL injection vulnerability in index.php in the MediaSlide ...)
 	NOT-FOR-US: Joomla component
-CVE-2008-0801 (Multiple SQL injection vulnerabilities in index.php in the ...)
+CVE-2008-0801 (SQL injection vulnerability in index.php in the PAXXGallery ...)
 	NOT-FOR-US: Joomla component
@@ -55,17 +406,17 @@
 	- moin 1.5.8-5.1
 CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x
through ...)
 	- moin 1.5.8-5.1
-CVE-2008-0932 [diatheke remote command execution]
+CVE-2008-0932 (diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier
allows ...)
 	{DSA-1508-1}
 	- sword 1.5.9-8 (high; bug #466449)
 	NOTE: source package named sword, binary package named diatheke
-CVE-2008-0806 [insecure temp file in wyrd]
+CVE-2008-0806 (wyrd 1.4.3b allows local users to overwrite arbitrary files via
a ...)
 	- wyrd 1.4.3b-4 (low; bug #466382)
 CVE-2008-XXXX [am-utils insecure temp file /tmp/expn$$ ]
 	- am-utils <not-affected> (Affected code not present in the binary
package)
 	NOTE: sendmail includes a copy of the script, which has been fixed since
 	NOTE: several years
-CVE-2008-0807 [missing access restriction to user contacts in turba]
+CVE-2008-0807 (lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x
before ...)
 	{DSA-1507-1}
 	- turba2 2.1.7-1 (bug #464058)
 	NOTE: CVE id pending
@@ -188,7 +539,7 @@
 	NOT-FOR-US: Sun Solaris
 CVE-2008-0729 (Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote
attackers ...)
 	NOT-FOR-US: Apple iPhone
-CVE-2008-0728 (libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown
...)
+CVE-2008-0728 (The unmew11 function in libclamav/mew.c in libclamav in ClamAV
before ...)
 	- clamav 0.92.1~dfsg-1
 CVE-2008-0727
 	RESERVED
@@ -296,9 +647,8 @@
 	NOT-FOR-US: A-Blog
 CVE-2008-0675 (SQL injection vulnerability in cms/index.pl in The Everything
...)
 	NOT-FOR-US: Everything Development System
-CVE-2008-0674
-	RESERVED
-	{DSA-1499-1}
+CVE-2008-0674 (Buffer overflow in PCRE before 7.6 allows remote attackers to
execute ...)
+	{DSA-1499-1 DTSA-115-1}
 	- pcre3 7.6-1 (medium)
 CVE-2008-0673 (TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of
an ...)
 	- tintin++ <unfixed> (low; bug #465643)
@@ -364,9 +714,9 @@
 	RESERVED
 CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by
Adobe ...)
 	NOT-FOR-US: Adobe
-CVE-2008-0808 [XSS in the meta plugin in ikiwiki]
+CVE-2008-0808 (Cross-site scripting (XSS) vulnerability in the meta plugin in
Ikiwiki ...)
 	- ikiwiki 2.31.1 (low; bug #465110)
-CVE-2008-0809 [XSS in the htmlscrubber in ikiwiki]
+CVE-2008-0809 (Cross-site scripting (XSS) vulnerability in the htmlscrubber in
...)
 	- ikiwiki 2.31.1 (low; bug #465110)
 CVE-2008-0641
 	RESERVED
@@ -374,8 +724,8 @@
 	NOT-FOR-US: Symantec Ghost Solution Suite
 CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the
...)
 	NOT-FOR-US: Novell Client
-CVE-2008-0638
-	RESERVED
+CVE-2008-0638 (Heap-based buffer overflow in the Veritas Enterprise
Administrator ...)
+	TODO: check
 CVE-2008-0637
 	RESERVED
 CVE-2008-0636 (Level Platforms, Inc. (LPI) Managed Workplace Service Center
4.x, 5.x ...)
@@ -461,10 +811,10 @@
 	RESERVED
 CVE-2008-0598
 	RESERVED
-CVE-2008-0597
-	RESERVED
-CVE-2008-0596
-	RESERVED
+CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly
other ...)
+	TODO: check
+CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions,
allows ...)
+	TODO: check
 CVE-2008-0595
 	RESERVED
 CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web
forgery ...)
@@ -552,8 +902,8 @@
 	NOT-FOR-US: Uniwin eCart Professiona
 CVE-2008-0557 (SQL injection vulnerability in index.php in the CatalogShop ...)
 	NOT-FOR-US: CatalogShop componenent for Mambo and Joomla!
-CVE-2008-0556
-	RESERVED
+CVE-2008-0556 (Cross-site request forgery (CSRF) vulnerability in OpenCA PKI
0.9.2.5, ...)
+	TODO: check
 CVE-2008-0555
 	RESERVED
 CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in eTicket
...)
@@ -878,7 +1228,7 @@
 	NOT-FOR-US: bMachine
 CVE-2008-0421 (SQL injection vulnerability in Invision Gallery 2.0.7 and
earlier ...)
 	NOT-FOR-US: Invision Gallery
-CVE-2008-0420 (Unspecified vulnerability in Mozilla Firefox, as used in Ubuntu
6.06 ...)
+CVE-2008-0420 (modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox
...)
 	TODO: check
 	NOTE: dup? poked mitre
 CVE-2008-0419 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8
allows ...)
@@ -1132,7 +1482,7 @@
 	RESERVED
 CVE-2008-0319
 	RESERVED
-CVE-2008-0318 (Integer overflow in libclamav in ClamAV before 0.92.1, as used
in ...)
+CVE-2008-0318 (Integer overflow in the cli_scanpe function in libclamav in
ClamAV ...)
 	{DSA-1497-1}
 	- clamav 0.92.1~dfsg-1 (medium)
 CVE-2008-0317
@@ -1506,8 +1856,7 @@
 CVE-2008-0163 (Linux kernel 2.6, when using vservers, allows local users to
access ...)
 	{DSA-1494-1}
 	- linux-2.6 <unfixed> (high)
-CVE-2008-0162 [splitvt privilege escalation through xprop]
-	RESERVED
+CVE-2008-0162 (misc.c in splitvt 1.6.6 and earlier does not drop group
privileges ...)
 	{DSA-1500-1}
 	- splitvt 1.6.6-4
 CVE-2008-0302 (Untrusted search path vulnerability in apt-listchanges.py in
...)
@@ -2149,7 +2498,7 @@
 	NOT-FOR-US: Microsoft Office Publisher
 CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows
...)
 	NOT-FOR-US: Zoom Player
-CVE-2007-6532 (Double-free vulnerability in the Widget Library (libxfcegui4) in
Xfce ...)
+CVE-2007-6532 (Double free vulnerability in the Widget Library (libxfcegui4) in
Xfce ...)
 	- xfce4 4.4.2 (low)
 	[sarge] - xfce4 <no-dsa> (Minor issue)
 	[etch] - xfce4 <no-dsa> (Minor issue)
@@ -2412,8 +2761,8 @@
 CVE-2007-6427 (The XInput extension in X.Org Xserver before 1.4.1 allows ...)
 	{DSA-1466-2 DTSA-110-1}
 	- xorg-server 2:1.4.1~git20080105-2
-CVE-2007-6426
-	RESERVED
+CVE-2007-6426 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2,
and ...)
+	TODO: check
 CVE-2007-6425 (Unspecified vulnerability in HP-UX B.11.31, when running ARPA
...)
 	NOT-FOR-US: HP-UX
 CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running
in ...)
@@ -2692,8 +3041,8 @@
 	NOT-FOR-US: xml2owl
 CVE-2007-6320 (Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module,
does ...)
 	NOT-FOR-US: Feature (third party drupal module)
-CVE-2007-6319
-	RESERVED
+CVE-2007-6319 (Multiple unspecified vulnerabilities in Lyris ListManager 8.x
before ...)
+	TODO: check
 CVE-2007-6318 (SQL injection vulnerability in wp-includes/query.php in
WordPress ...)
 	- wordpress 2.3.2-1 (low; bug #459305)
 	[etch] - wordpress <not-affected> (Vulnerable code not present)
@@ -2706,8 +3055,8 @@
 	NOT-FOR-US: BarracudaDrive
 CVE-2007-6314 (BarracudaDrive Web Server before 3.8 allows remote attackers to
read ...)
 	NOT-FOR-US: BarracudaDrive
-CVE-2007-6313
-	RESERVED
+CVE-2007-6313 (MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not
check ...)
+	TODO: check
 CVE-2007-6312 (Cross-site scripting (XSS) vulnerability in the logon page in
Web ...)
 	NOT-FOR-US: Web Security Suite
 CVE-2007-6311 (SQL injection vulnerability in (1) index.php, and possibly (2)
...)
@@ -2788,7 +3137,7 @@
 	NOTE: http://seclists.org/bugtraq/2007/Dec/0107.html
 CVE-2007-6280
 	RESERVED
-CVE-2007-6279 (Multiple double-free vulnerabilities in Free Lossless Audio
Codec ...)
+CVE-2007-6279 (Multiple double free vulnerabilities in Free Lossless Audio
Codec ...)
 	- flac 1.2.1-1 (unimportant)
 	NOTE: According to upstream this issue is not exploitable for code injection
 	NOTE: due to the layout of the seektable memory
@@ -2838,8 +3187,8 @@
 	NOT-FOR-US: Sun SunForum
 CVE-2007-6259
 	RESERVED
-CVE-2007-6258
-	RESERVED
+CVE-2007-6258 (Multiple stack-based buffer overflows in the legacy mod_jk2
2.0.3-DEV ...)
+	TODO: check
 CVE-2007-6257
 	RESERVED
 CVE-2007-6256
@@ -3561,11 +3910,11 @@
 	NOT-FOR-US: JPortal
 CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and
...)
 	NOT-FOR-US: JPortal
-CVE-2007-5972 (Double-free vulnerability in the krb5_def_store_mkey function in
...)
+CVE-2007-5972 (Double free vulnerability in the krb5_def_store_mkey function in
...)
 	- krb5 <unfixed> (unimportant; bug #454974)
 	NOTE: potential attackers must have privileges to store the krb5kdc master key
 	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
-CVE-2007-5971 (Double-free vulnerability in the gss_krb5int_make_seal_token_v3
...)
+CVE-2007-5971 (Double free vulnerability in the gss_krb5int_make_seal_token_v3
...)
 	- krb5 <unfixed> (unimportant; bug #454974)
 	NOTE: Not exploitable in real-world circumstances:
 	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
@@ -3575,7 +3924,7 @@
 	- mysql-dfsg <removed>
 	NOTE: version in experimental is affected by this
 	NOTE: the debian maintainers do not yet have access to this issue:
http://lists.mysql.com/packagers/377
-CVE-2007-5969 (MySQL Community Server before 5.0.51, when a table relies on
symlinks ...)
+CVE-2007-5969 (MySQL Community Server 5.0.x before 5.0.51, Enterprise Server
5.0.x ...)
 	{DSA-1451-1}
 	- mysql-dfsg-5.0 5.0.45-4 (low; bug #455010)
 	TODO: check mysql 4
@@ -4109,7 +4458,7 @@
 	{DSA-1412-1 DSA-1411-1 DSA-1410-1}
 	- ruby1.9 1.9.0+20071016-1
 	- ruby1.8 1.8.6.111-1 (low; bug #451374)
-CVE-2007-5769 (Double-free vulnerability in the getreply function in ftp.c in
netkit ...)
+CVE-2007-5769 (Double free vulnerability in the getreply function in ftp.c in
netkit ...)
 	- netkit-ftp <not-affected> (Vulnerable code not present)
 CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password
...)
 	NOT-FOR-US: Globe7 soft phone client
@@ -4884,7 +5233,7 @@
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2003-1429 (Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers
to ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2007-5622 (Double-free vulnerability in the ftpprchild function in ftppr in
...)
+CVE-2007-5622 (Double free vulnerability in the ftpprchild function in ftppr in
...)
 	NOT-FOR-US: 3proxy
 CVE-2007-5621 (Multiple cross-site scripting (XSS) vulnerabilities in the Token
...)
 	NOT-FOR-US: Token Drupal
@@ -5622,7 +5971,7 @@
 CVE-2007-5394
 	RESERVED
 CVE-2007-5393 (Heap-based buffer overflow in the CCITTFaxStream::lookChar
method in ...)
-	{DSA-1480-1 DSA-1408-1 DTSA-85-1 DTSA-86-1}
+	{DSA-1509-1 DSA-1480-1 DSA-1408-1 DTSA-85-1 DTSA-86-1}
 	- poppler 0.6.2-1 (medium; bug #450628)
 	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
 	- xpdf 3.02-1.3 (medium; bug #450629)
@@ -5639,7 +5988,7 @@
 	- libextractor 0.5.12-1
 	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as
fixed
 CVE-2007-5392 (Integer overflow in the DCTStream::reset method in
xpdf/Stream.cc in ...)
-	{DSA-1480-1 DTSA-85-1 DTSA-86-1}
+	{DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
 	- poppler 0.6.2-1 (medium; bug #450628)
 	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
 	[etch] - kdegraphics <not-affected> (Vulnerable code not used)  
@@ -7583,9 +7932,9 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2007-4691 (The NSURL component in Apple Mac OS X 10.4 through 10.4.10
performs ...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2007-4690 (Double-free vulnerability in the NFS component in Apple Mac OS X
10.4 ...)
+CVE-2007-4690 (Double free vulnerability in the NFS component in Apple Mac OS X
10.4 ...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2007-4689 (Double-free vulnerability in the Networking component in Apple
Mac OS ...)
+CVE-2007-4689 (Double free vulnerability in the Networking component in Apple
Mac OS ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2007-4688 (The Networking component in Apple Mac OS X 10.4 through 10.4.10
allows ...)
 	NOT-FOR-US: Apple Mac OS X
@@ -8025,8 +8374,8 @@
 	RESERVED
 CVE-2007-4517 (Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA
...)
 	NOT-FOR-US: Oracle
-CVE-2007-4516
-	RESERVED
+CVE-2007-4516 (The Volume Manager Scheduler Service (aka VxSchedService.exe) in
...)
+	TODO: check
 CVE-2007-4515 (Buffer overflow in a certain ActiveX control in YVerInfo.dll
before ...)
 	NOT-FOR-US: Yahoo! Messenger
 CVE-2007-4514
@@ -8412,7 +8761,7 @@
 CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local
users in ...)
 	NOT-FOR-US: AIX
 CVE-2007-4352 (Array index error in the DCTStream::readProgressiveDataUnit
method in ...)
-	{DSA-1480-1 DTSA-85-1 DTSA-86-1}
+	{DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
 	- poppler 0.6.2-1 (medium; bug #450628)
 	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
 	[etch] - kdegraphics <not-affected> (Vulnerable code not used)  
@@ -12928,7 +13277,7 @@
 	NOT-FOR-US: Cisco
 CVE-2007-2460 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: FireFly
-CVE-2007-2459 (Buffer overflow in the read_4bit_bmp function in bmp.c in Imager
0.56 ...)
+CVE-2007-2459 (Heap-based buffer overflow in the BMP reader (bmp.c) in Imager
perl ...)
 	{DSA-1498-1}
 	- libimager-perl 0.58-1 (unimportant; bug #421582)
 	NOTE: Only CVE-2007-2413 is exploitable per upstream
@@ -13053,7 +13402,8 @@
 	NOT-FOR-US: Pi3Web Web Server
 CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial
of ...)
 	NOT-FOR-US: MyServer
-CVE-2007-2413 (Heap-based buffer overflow in Imager before 0.57 allows remote
...)
+CVE-2007-2413
+	REJECTED
 	- libimager-perl 0.58-1 (bug #421582)
 CVE-2007-2412 (** DISPUTED ** ...)
 	NOT-FOR-US: Seir Anphin
@@ -13977,7 +14327,7 @@
 	NOT-FOR-US: CompreXX
 CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro
2.0.1 ...)
 	NOT-FOR-US: DeskPro
-CVE-2007-2010 (Double-free vulnerability in bftpd before 1.8 allows remote ...)
+CVE-2007-2010 (Double free vulnerability in bftpd before 1.8 allows remote ...)
 	NOT-FOR-US: bftpd
 CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS
Light ...)
 	NOT-FOR-US: SimpCMS Light
@@ -16045,7 +16395,7 @@
 	- asterisk-chan-capi 0.7.1-1.1 (bug #411293; unimportant)
 	- linux-2.6 2.6.21-1 (bug #411294; unimportant)
 	NOTE: Not exploitable over ISDN network, only theoretically through a
dedicated CAPI server
-CVE-2007-1216 (Double-free vulnerability in the GSS-API library ...)
+CVE-2007-1216 (Double free vulnerability in the GSS-API library ...)
 	{DSA-1276-1}
 	- krb5 1.4.4-8 (high)
 CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in
Microsoft ...)
@@ -18712,7 +19062,7 @@
 CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users
to ...)
 	{DSA-1269-1}
 	- lookup-el 1.4-5 (low)
-CVE-2007-0236 (Double-free vulnerability in the _ATPsndrsp function in Apple
Mac OS X ...)
+CVE-2007-0236 (Double free vulnerability in the _ATPsndrsp function in Apple
Mac OS X ...)
 	NOT-FOR-US: Mac OS X
 CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s
function in ...)
 	{DSA-1255-1}
@@ -19780,7 +20130,7 @@
 	[etch] - libflash <no-dsa> (Not exploitable through directory writable
by an unprivileged user)
 CVE-2006-6697 (CRLF injection vulnerability in webapp/jsp/calendar.jsp in
Oracle ...)
 	NOT-FOR-US: Oracle
-CVE-2006-6696 (Double-free vulnerability in Microsoft Windows 2000, XP, 2003,
and ...)
+CVE-2006-6696 (Double free vulnerability in Microsoft Windows 2000, XP, 2003,
and ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-6695 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
 	NOT-FOR-US: Carsen Klock TextSend
@@ -20763,7 +21113,7 @@
 	NOT-FOR-US: Novell ZENworks
 CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus
Okul ...)
 	NOT-FOR-US: Metyus Okul Yonetim Sistemi
-CVE-2006-6297 (Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in
kdegraphics 3, ...)
+CVE-2006-6297 (Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg)
plugin ...)
 	- kdegraphics <unfixed> (unimportant)
 	NOTE: Generic bug, treating it as a security problem is quite a stretch
 CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler
(spoolsv.exe) ...)
@@ -28655,7 +29005,7 @@
 	[sarge] - evolution <not-affected> (Not reproducible on Sarge''s
evolution)
 	NOTE: Verified that the patch has been applied in 2.4.0-1,
 	NOTE: may have been fixed earlier.
-CVE-2006-2788 (Double-free vulnerability in the getRawDER function for
nsIX509Cert in ...)
+CVE-2006-2788 (Double free vulnerability in the getRawDER function for
nsIX509Cert in ...)
 	{DSA-1210 DSA-1192-1 DSA-1191-1}
 	- mozilla <unfixed> (high)
 	- firefox 1.5.dfsg+1.5.0.4 (high)
@@ -28699,7 +29049,7 @@
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- mozilla 2:1.7.13-0.3 (medium)
 	- xulrunner 1.8.0.4-1 (medium)
-CVE-2006-2781 (Double-free vulnerability in nsVCard.cpp in Mozilla Thunderbird
before ...)
+CVE-2006-2781 (Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird
before ...)
 	{DSA-1134-1 DSA-1118}
 	NOTE: MFSA-2006-40
 	- thunderbird 1.5.0.4-1 (high)
@@ -30428,7 +30778,7 @@
 	NOT-FOR-US: Simplog
 CVE-2006-2027 (Buffer overflow in Unicode processing in the logging
functionality in ...)
 	NOT-FOR-US: Pablo Software
-CVE-2006-2026 (Double-free vulnerability in tif_jpeg.c in libtiff before 3.8.1
allows ...)
+CVE-2006-2026 (Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1
allows ...)
 	{DSA-1054-1}
 	[sarge] - tiff 3.7.2-3sarge1
 	[woody] - tiff 3.5.5-7woody1
@@ -33715,7 +34065,7 @@
 	NOT-FOR-US: Squishdot
 CVE-2006-0711 (The (1) addfolder and (2) deletefolder functions in
neomail-prefs.pl ...)
 	NOT-FOR-US: NeoMail
-CVE-2006-0710 (Double-free vulnerability in isode.eddy in Isode M-Vault Server
11.3 ...)
+CVE-2006-0710 (Double free vulnerability in isode.eddy in Isode M-Vault Server
11.3 ...)
 	NOT-FOR-US: Isode M-Vault
 CVE-2006-0709 (Buffer overflow in Metamail 2.7-50 allows remote attackers to
cause a ...)
 	{DSA-995-1}
@@ -35500,7 +35850,7 @@
 	- sendmail 8.13.6-1 (bug #358440; high)
 CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote
attackers ...)
 	NOT-FOR-US: Windows
-CVE-2006-0056 (Double-free vulnerability in the authentication and
authentication ...)
+CVE-2006-0056 (Double free vulnerability in the authentication and
authentication ...)
 	- pam-mysql 0.6.2-1 (bug #353589; medium)
 	[sarge] - pam-mysql <not-affected> (Vulnerable code not present)
 CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses
predictable ...)
@@ -37598,7 +37948,7 @@
 	NOT-FOR-US: Exponent CMS
 CVE-2005-3761 (Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3
and ...)
 	NOT-FOR-US: Exponent CMS
-CVE-2005-3760 (Double-free vulnerability in the BBOORB module in IBM WebSphere
...)
+CVE-2005-3760 (Double free vulnerability in the BBOORB module in IBM WebSphere
...)
 	NOT-FOR-US: WebSphere
 CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search
...)
 	NOT-FOR-US: Google search appliance
@@ -45314,7 +45664,7 @@
 	NOT-FOR-US: SAP
 CVE-2005-1690
 	REJECTED
-CVE-2005-1689 (Double-free vulnerability in the krb5_recvauth function in MIT
...)
+CVE-2005-1689 (Double free vulnerability in the krb5_recvauth function in MIT
...)
 	{DSA-757-1}
 	- krb5 1.3.6-4 (medium)
 CVE-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain
sensitive ...)
@@ -46651,7 +47001,7 @@
 	- ethereal 0.10.10-2sarge2
 CVE-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2)
ANSI A ...)
 	- ethereal 0.10.10-2sarge2
-CVE-2005-1462 (Double-free vulnerability in the ICEP dissector in Ethereal
before ...)
+CVE-2005-1462 (Double free vulnerability in the ICEP dissector in Ethereal
before ...)
 	- ethereal 0.10.10-2sarge2
 CVE-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4)
CMS, ...)
 	- ethereal 0.10.10-2sarge2
@@ -48077,7 +48427,7 @@
 CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or
local ...)
 	{DSA-722-1}
 	- smail 3.2.0.115-7 (bug #301428; high)
-CVE-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows
remote ...)
+CVE-2005-0891 (Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows
remote ...)
 	NOTE: The description is wrong; 2.6 is affected as well
 	- gtk+2.0 2.6.4-1
 	- gdk-pixbuf 0.22.0-7.1
@@ -52818,7 +53168,7 @@
 	NOT-FOR-US: Real Helix server
 CVE-2004-0773
 	RESERVED
-CVE-2004-0772 (Double-free vulnerabilities in error handling code in krb524d
for MIT ...)
+CVE-2004-0772 (Double free vulnerabilities in error handling code in krb524d
for MIT ...)
 	{DSA-543-1}
 	- krb5 1.3.4-3
 CVE-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA
may ...)
@@ -53138,10 +53488,10 @@
 CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for
MIT ...)
 	{DSA-543-1}
 	- krb5 1.3.4-3
-CVE-2004-0643 (Double-free vulnerability in the krb5_rd_cred function for MIT
...)
+CVE-2004-0643 (Double free vulnerability in the krb5_rd_cred function for MIT
...)
 	{DSA-543-1}
 	- krb5 1.3.4-3
-CVE-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1
...)
+CVE-2004-0642 (Double free vulnerabilities in the error handling code for ASN.1
...)
 	{DSA-543-1}
 	- krb5 1.3.4-3
 CVE-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270,
and ...)
@@ -53676,7 +54026,7 @@
 CVE-2004-0417 (Integer overflow in the &quot;Max-dotdot&quot; CVS
protocol command ...)
 	{DSA-519}
 	- cvs 1:1.12.9-1
-CVE-2004-0416 (Double-free vulnerability for the error_prog_name string in CVS
1.12.x ...)
+CVE-2004-0416 (Double free vulnerability for the error_prog_name string in CVS
1.12.x ...)
 	{DSA-519}
 	- cvs 1:1.12.9-1
 CVE-2004-0415 (Linux kernel does not properly convert 64-bit file offset
pointers to ...)
@@ -53799,7 +54149,7 @@
 	NOT-FOR-US: KAME
 CVE-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by
Symantec ...)
 	NOT-FOR-US: Entrust LibKmp ISAKMP library
-CVE-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX,
and ...)
+CVE-2004-0368 (Double free vulnerability in dtlogin in CDE on Solaris, HP-UX,
and ...)
 	NOT-FOR-US: CDE
 CVE-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a
denial of ...)
 	- ethereal 0.10.3 (bug #239576)
@@ -54257,7 +54607,7 @@
 	NOT-FOR-US: FreeBSD jail
 CVE-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP,
and ...)
 	NOT-FOR-US: Windows bug
-CVE-2004-0123 (Double-free vulnerability in the ASN.1 library as used in
Windows NT ...)
+CVE-2004-0123 (Double free vulnerability in the ASN.1 library as used in
Windows NT ...)
 	NOT-FOR-US: Windows bug
 CVE-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in
Windows ...)
 	NOT-FOR-US: Windows bug
@@ -54467,7 +54817,7 @@
 	NOT-FOR-US: IBM DB2
 CVE-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain
DMS ...)
 	NOT-FOR-US: IBM DB2
-CVE-2003-1048 (Double-free vulnerability in mshtml.dll for certain versions of
...)
+CVE-2003-1048 (Double free vulnerability in mshtml.dll for certain versions of
...)
 	NOT-FOR-US: microsoft
 CVE-2003-1047
 	REJECTED
@@ -55557,7 +55907,7 @@
 	- gdm 2.4.1.5
 CVE-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG
signatures, ...)
 	NOT-FOR-US: up2date
-CVE-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote
attackers to ...)
+CVE-2003-0545 (Double free vulnerability in OpenSSL 0.9.7 allows remote
attackers to ...)
 	{DSA-394 DSA-393}
 	- openssl 0.9.7c
 	- openssl096 0.9.6k
Secure testing commits - Feb 2008 - r8219 - data/CVE

[Secure-testing-commits] r8219 - data/CVE
