Author: nion
Date: 2008-03-06 12:35:12 +0000 (Thu, 06 Mar 2008)
New Revision: 8279
Modified:
data/CVE/list
Log:
NFUs
CVE-2008-0304 unfixed in icedove, fixed in iceape 1.1.8-1
new issue: s9y (CVE-2008-0124)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-03-06 12:10:25 UTC (rev 8278)
+++ data/CVE/list 2008-03-06 12:35:12 UTC (rev 8279)
@@ -160,7 +160,7 @@
CVE-2008-1056 (Multiple stack-based buffer overflows in Symark PowerBroker 2.8
...)
NOT-FOR-US: Symark PowerBroker
CVE-2003-1545 (Absolute path traversal vulnerability in nukestyles.com
viewpage.php ...)
- TODO: check
+ NOT-FOR-US: nukestyles.com addon for PHP-Nuke
CVE-2008-1111 [lighttpd sends cgi source if it fails to fork the cgi handler]
RESERVED
- lighttpd <unfixed> (low; bug #469307)
@@ -1672,7 +1672,7 @@
- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable
code and uses sed secure)
NOTE: xdg-open-generic replaces the vulnerable code and runs view-mailcap or
sensible-browser
CVE-2008-0385 (SQL injection vulnerability in server/widgetallocator.php in
Urulu 2.1 ...)
- TODO: check
+ NOT-FOR-US: Urulu
CVE-2008-0384 (OpenBSD 4.2 allows local users to cause a denial of service
(kernel ...)
NOT-FOR-US: OpenBSD
CVE-2008-0383 (Multiple SQL injection vulnerabilities in MyBB 1.2.10 and
earlier ...)
@@ -1830,9 +1830,9 @@
CVE-2008-0310
RESERVED
CVE-2008-0309 (Stack-based buffer overflow in Symantec Decomposer, as used in
certain ...)
- TODO: check
+ NOT-FOR-US: Symantec Decomposer
CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus
products ...)
- TODO: check
+ NOT-FOR-US: Symantec Decomposer
CVE-2008-0307
RESERVED
CVE-2008-0306
@@ -1840,9 +1840,10 @@
CVE-2008-0305
RESERVED
CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before
2.0.0.12 and ...)
- TODO: check
+ - icedove <unfixed> (medium)
+ - iceape 1.1.8-1 (medium)
CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...)
- TODO: check
+ NOT-FOR-US: Canon printer firmware
CVE-2008-0301
RESERVED
CVE-2008-0300
@@ -2292,7 +2293,7 @@
CVE-2008-0125
RESERVED
CVE-2008-0124 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y)
before ...)
- TODO: check
+ - serendipity <unfixed> (low; bug #469667)
CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for
Moodle ...)
- moodle <unfixed> (unimportant)
NOTE: the issue itself has a quite small attack vector
@@ -3532,7 +3533,7 @@
CVE-2007-6253
RESERVED
CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation
...)
- TODO: check
+ NOT-FOR-US: Street Technologies
CVE-2007-6251
RESERVED
CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl ...)
@@ -4124,9 +4125,9 @@
- horde3 3.1.6-1 (bug #461131; low)
- imp4 <not-affected> (xss.php is only present in horde3 package)
CVE-2007-6017 (A Symantec ActiveX control related to the scheduler component in
the ...)
- TODO: check
+ NOT-FOR-US: Symantec Backup Exec
CVE-2007-6016 (Multiple stack-based buffer overflows in a Symantec ActiveX
control ...)
- TODO: check
+ NOT-FOR-US: Symantec Backup Exec
CVE-2007-6015 (Stack-based buffer overflow in the send_mailslot function in
nmbd in ...)
{DSA-1427-1 DTSA-100-1}
- samba 3.0.28-1 (high)
@@ -6294,7 +6295,7 @@
{DSA-1409-3 DSA-1409-2 DSA-1409-1}
- samba 3.0.27-1 (high)
CVE-2007-5397 (Heap-based buffer overflow in the activePDF Server service (aka
...)
- TODO: check
+ NOT-FOR-US: activePDF Server
CVE-2007-5396 (Format string vulnerability in the ext_yahoo_contact_added
function in ...)
NOT-FOR-US: Miranda
CVE-2007-5395 (Stack-based buffer overflow in the separate_word function in
...)