Author: nion
Date: 2008-03-12 13:23:53 +0000 (Wed, 12 Mar 2008)
New Revision: 8321
Modified:
data/CVE/list
Log:
NFUs
CVE-2008-1149 fixed in phpmyadmin 4:2.11.5-1
maxdb was removed
CVE-2008-1097 fixed in graphicsmagick 1.1.7-13 and imagemagick 7:6.2.4.5.dfsg1-1
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-03-12 12:59:32 UTC (rev 8320)
+++ data/CVE/list 2008-03-12 13:23:53 UTC (rev 8321)
@@ -35,7 +35,7 @@
CVE-2008-1271
REJECTED
CVE-2004-2759 (Shared Sun StorEdge QFS and SAM-QFS file systems, as used in
...)
- TODO: check
+ NOT-FOR-US: Shared Sun StorEdge QFS and SAM-QFS
CVE-2008-1270 (mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is
not ...)
- lighttpd <unfixed> (unimportant)
NOTE: user configuration error, default documented in moduserdir documentation
@@ -246,13 +246,13 @@
CVE-2008-1165 (Multiple cross-site scripting (XSS) vulnerabilities in Flyspray
0.9.9 ...)
- flyspray <removed>
CVE-2008-1164 (SQL injection vulnerability in index.php in phpComasy 0.8 allows
...)
- TODO: check
+ NOT-FOR-US: phpComasy CMS
CVE-2008-1163 (SQL injection vulnerability in index.php in phpArcadeScript 1.0
...)
- TODO: check
+ NOT-FOR-US: phpArcadeScript
CVE-2008-1162 (SQL injection vulnerability in album.php in PHP WEB SCRIPT
Dynamic ...)
- TODO: check
+ NOT-FOR-US: phpwebscript
CVE-2008-1161 (Buffer overflow in the Matroska demuxer
(demuxers/demux_matroska.c) in ...)
- TODO: check
+ - xine-lib 1.1.10.1-1 (medium)
CVE-2008-1160
RESERVED
CVE-2008-1159
@@ -276,7 +276,7 @@
CVE-2008-1150
RESERVED
CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some
parameters ...)
- TODO: check
+ - phpmyadmin 4:2.11.5-1 (low)
CVE-2008-1148 (A certain pseudo-random number generator (PRNG) algorithm that
uses ...)
TODO: check
CVE-2008-1147 (A certain pseudo-random number generator (PRNG) algorithm that
uses ...)
@@ -421,7 +421,8 @@
{DSA-1514-1}
- moin 1.5.8-5.1
CVE-2008-1097 (Heap-based buffer overflow in the ReadPCXImage function in the
PCX ...)
- TODO: check
+ - graphicsmagick 1.1.7-13
+ - imagemagick 7:6.2.4.5.dfsg1-1
CVE-2008-1096 (The load_tile function in the XCF coder in coders/xcf.c in (1)
...)
TODO: check
CVE-2008-1095 (Unspecified vulnerability in the Internet Protocol (IP)
implementation ...)
@@ -457,7 +458,7 @@
CVE-2008-1080 (Opera before 9.26 allows user-assisted remote attackers to read
...)
NOT-FOR-US: Opera
CVE-2008-1079 (The outboxWriteUnsent function in FTPThread.class in
SendFile.jar for ...)
- TODO: check
+ NOT-FOR-US: Beehive Software SendFile.NET
CVE-2008-1078 (expn in the am-utils and net-fs packages for Gentoo, rPath
Linux, and ...)
- am-utils <not-affected> (Affected code not present in the binary
package)
NOTE: sendmail includes a copy of the script, which has been fixed since
@@ -661,9 +662,9 @@
CVE-2008-0987
RESERVED
CVE-2008-0986 (Integer overflow in the BMP::readFromStream method in the
libsgl.so ...)
- TODO: check
+ NOT-FOR-US: Google Android
CVE-2008-0985 (Heap-based buffer overflow in the GIF library in the WebKit
framework ...)
- TODO: check
+ NOT-FOR-US: Google Android
CVE-2006-7232 (sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before
5.1.14 ...)
- mysql-dfsg-4.1 <removed>
- mysql-dfsg-5.0 5.0.32-1
@@ -859,7 +860,7 @@
CVE-2008-0891
RESERVED
CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure
permissions for ...)
- TODO: check
+ NOT-FOR-US: Red Hat Directory Server
CVE-2008-0889
RESERVED
CVE-2008-0888
@@ -1386,9 +1387,9 @@
CVE-2008-0645 (Multiple PHP remote file inclusion vulnerabilities in Portail
Web Php ...)
NOT-FOR-US: Portail Web Php
CVE-2008-0644 (Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2008-0643 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX
7 and ...)
- TODO: check
+ NOT-FOR-US: Adobe ColdFusion
CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by
Adobe ...)
NOT-FOR-US: Adobe
CVE-2008-0808 (Cross-site scripting (XSS) vulnerability in the meta plugin in
Ikiwiki ...)
@@ -2187,9 +2188,9 @@
CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus
products ...)
NOT-FOR-US: Symantec Decomposer
CVE-2008-0307 (Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and
...)
- TODO: check
+ - maxdb-7.5.00 <removed>
CVE-2008-0306 (sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions,
allows ...)
- TODO: check
+ - maxdb-7.5.00 <removed>
CVE-2008-0305
RESERVED
CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before
2.0.0.12 and ...)
@@ -2198,9 +2199,9 @@
CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...)
NOT-FOR-US: Canon printer firmware
CVE-2008-0301 (Multiple SQL injection vulnerabilities in Mapbender 2.4 through
2.4.4 ...)
- TODO: check
+ NOT-FOR-US: Mapbender
CVE-2008-0300 (mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Mapbender
CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers
to ...)
- webkit <unfixed> (unimportant)
NOTE: khtml originates from konqueror. browser crashes are considered
unimportant
@@ -2668,23 +2669,23 @@
CVE-2008-0119
RESERVED
CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3,
2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2008-0117 (Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002
SP2, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Excel
CVE-2008-0116 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Excel
CVE-2008-0115 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2007, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Excel
CVE-2008-0114 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Excel
CVE-2008-0113 (Unspecified vulnerability in Microsoft Office Excel Viewer 2003
up to ...)
- TODO: check
+ NOT-FOR-US: Microsoft Excel
CVE-2008-0112 (Unspecified vulnerability in Microsoft Excel 2000 SP3, and
Office for ...)
- TODO: check
+ NOT-FOR-US: Microsoft Excel
CVE-2008-0111 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through
2007, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Excel
CVE-2008-0110 (Unspecified vulnerability in Microsoft Outlook in Office 2000
SP3, XP ...)
- TODO: check
+ NOT-FOR-US: Microsoft Outlook
CVE-2008-0109 (Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and
Office ...)
NOT-FOR-US: Microsoft Office
CVE-2008-0108 (Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6
File ...)
@@ -3885,7 +3886,7 @@
CVE-2007-6254
RESERVED
CVE-2007-6253 (Multiple unspecified vulnerabilities in Adobe Form Designer 5.0
and ...)
- TODO: check
+ NOT-FOR-US: Adobe Form Designer
CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation
...)
NOT-FOR-US: Street Technologies
CVE-2007-6251
@@ -17117,7 +17118,7 @@
CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003
SP2, ...)
NOT-FOR-US: Microsoft Word
CVE-2007-1201 (Unspecified vulnerability in certain COM objects in Microsoft
Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2007-1200
RESERVED
CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read
...)
@@ -25317,7 +25318,7 @@
CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft
Windows ...)
NOT-FOR-US: Microsoft
CVE-2006-4695 (Unspecified vulnerability in certain COM objects in Microsoft
Office ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office
2000, ...)
NOT-FOR-US: Microsoft
CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X
for ...)