Secure testing commits - Mar 2008 - r8382 - data/CVE

Author: nion
Date: 2008-03-21 13:21:57 +0000 (Fri, 21 Mar 2008)
New Revision: 8382

Modified:
   data/CVE/list
Log:
NFUs
anyone knows more for wordpress (CVE-2008-1304)?
CVE-2008-0888 fixed in unzip 5.52-11


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-03-21 09:14:12 UTC (rev 8381)
+++ data/CVE/list	2008-03-21 13:21:57 UTC (rev 8382)
@@ -185,24 +185,25 @@
 	NOT-FOR-US: Filebase mod for phpBb
 CVE-2008-1304 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress
2.3.2 ...)
 	TODO: check
+	NOTE: grepping the source for invite does not return any results, anyone knows
more?
 CVE-2008-1303 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793
and ...)
-	TODO: check
+	NOT-FOR-US: Perforce Server
 CVE-2008-1302 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793
and ...)
-	TODO: check
+	NOT-FOR-US: Perforce Server
 CVE-2008-1301 (Absolute path traversal vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Alkacon OpenCms
 CVE-2008-1300 (Cross-site scripting (XSS) vulnerability in the Logfile Viewer
...)
-	TODO: check
+	NOT-FOR-US: Alkacon OpenCms
 CVE-2008-1299 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in
...)
-	TODO: check
+	NOT-FOR-US: ManageEngine ServiceDesk Plus
 CVE-2008-1298 (SQL injection vulnerability in Hadith module for PHP-Nuke allows
...)
-	TODO: check
+	NOT-FOR-US: Hadith module for PHP-Nuke
 CVE-2008-1297 (SQL injection vulnerability in index.php in the eWriting ...)
-	TODO: check
+	NOT-FOR-US: com_ewriting module for Mambo and Joomla!
 CVE-2008-1296 (Multiple cross-site scripting (XSS) vulnerabilities in
EncapsGallery ...)
-	TODO: check
+	NOT-FOR-US: EncapsGallery
 CVE-2008-1295 (SQL injection vulnerability in archives.php in Gregory Kokanosky
(aka ...)
-	TODO: check
+	NOT-FOR-US: phpMyNewsletter
 CVE-2008-1292
 	RESERVED
 CVE-2008-1291
@@ -217,11 +218,11 @@
 CVE-2007-6710
 	RESERVED
 CVE-2007-6709 (The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03
and ...)
-	TODO: check
+	NOT-FOR-US: Cisco Linksys
 CVE-2007-6708 (Multiple cross-site request forgery (CSRF) vulnerabilities on
the ...)
-	TODO: check
+	NOT-FOR-US: Cisco Linksys
 CVE-2007-6707 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco
...)
-	TODO: check
+	NOT-FOR-US: Cisco Linksys
 CVE-2008-1360 (Cross-site scripting (XSS) vulnerability in Nagios before 2.11
allows ...)
 	- nagios2 2.11-1 (low)
 CVE-2008-1417 [tmp race in axyl leading to symlink attack]
@@ -521,7 +522,7 @@
 CVE-2008-1158
 	RESERVED
 CVE-2008-1157 (Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6
creates a ...)
-	TODO: check
+	NOT-FOR-US: Cisco IPM
 CVE-2008-1156
 	RESERVED
 CVE-2008-1155
@@ -657,9 +658,9 @@
 CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php
in ...)
 	NOT-FOR-US: Centreon
 CVE-2008-1118 (Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X,
does ...)
-	TODO: check
+	NOT-FOR-US: Timbuktu Pro
 CVE-2008-1117 (Directory traversal vulnerability in the Notes (aka Flash Notes
or ...)
-	TODO: check
+	NOT-FOR-US: Timbuktu Pro
 CVE-2008-1116 (Insecure method vulnerability in the Web Scan Object ActiveX
control ...)
 	NOT-FOR-US: Rising Antivirus
 CVE-2008-1115 (Unspecified vulnerability in Sun Solaris 8 directory functions
allows ...)
@@ -896,55 +897,55 @@
 CVE-2008-1012
 	RESERVED
 CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in
Apple ...)
-	TODO: check
+	NOT-FOR-US: Safari (Mac OS X)
 CVE-2008-1010 (Buffer overflow in WebKit, as used in Apple Safari before 3.1,
allows ...)
-	TODO: check
+	NOT-FOR-US: Safari (Mac OS X)
 CVE-2008-1009 (Cross-site scripting (XSS) vulnerability in WebCore, as used in
Apple ...)
-	TODO: check
+	NOT-FOR-US: WebCore (Apple Safari)
 CVE-2008-1008 (Cross-site scripting (XSS) vulnerability in WebCore, as used in
Apple ...)
-	TODO: check
+	NOT-FOR-US: WebCore (Apple Safari)
 CVE-2008-1007 (WebCore, as used in Apple Safari before 3.1, does not enforce
the ...)
-	TODO: check
+	NOT-FOR-US: WebCore (Apple Safari)
 CVE-2008-1006 (Cross-site scripting (XSS) vulnerability in WebCore, as used in
Apple ...)
-	TODO: check
+	NOT-FOR-US: WebCore (Apple Safari)
 CVE-2008-1005 (WebCore, as used in Apple Safari before 3.1, does not properly
mask ...)
-	TODO: check
+	NOT-FOR-US: WebCore (Apple Safari)
 CVE-2008-1004 (Cross-site scripting (XSS) vulnerability in WebCore, as used in
Apple ...)
-	TODO: check
+	NOT-FOR-US: WebCore (Apple Safari)
 CVE-2008-1003 (Cross-site scripting (XSS) vulnerability in WebCore, as used in
Apple ...)
-	TODO: check
+	NOT-FOR-US: WebCore (Apple Safari)
 CVE-2008-1002 (Cross-site scripting (XSS) vulnerability in Apple Safari before
3.1 ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2008-1001 (Cross-site scripting (XSS) vulnerability in Apple Safari before
3.1, ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2008-1000 (Directory traversal vulnerability in ContentServer.py in the
Wiki ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0999 (Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a
denial ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0998 (Unspecified vulnerability in NetCfgTool in the System
Configuration ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0997 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11
allows ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0996 (The Printing component in Apple Mac OS X 10.5.2 might save ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0995 (The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4
when ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0994 (Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a
PDF ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0993 (Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2
invokes ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0992 (Array index error in pax in Apple Mac OS X 10.5.2 allows ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0991
 	RESERVED
 CVE-2008-0990 (notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port
death ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0989 (Format string vulnerability in mDNSResponderHelper in Apple Mac
OS X ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0988 (Off-by-one error in the Libsystem strnstr API in libc on Apple
Mac OS ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0987 (Stack-based buffer overflow in Image Raw in Apple Mac OS X
10.5.2 ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0986 (Integer overflow in the BMP::readFromStream method in the
libsgl.so ...)
 	NOT-FOR-US: Google Android
 CVE-2008-0985 (Heap-based buffer overflow in the GIF library in the WebKit
framework ...)
@@ -1024,7 +1025,7 @@
 CVE-2008-0950
 	RESERVED
 CVE-2008-0949 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS)
7.x ...)
-	TODO: check
+	NOT-FOR-US: IBM Informix Dynamic Server
 CVE-2008-0948 (Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c)
used by ...)
 	- krb5 1.3-1 (unimportant)
 	NOTE: glibc properly defines FD_SETSIZE
@@ -1153,7 +1154,7 @@
 	RESERVED
 CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c
for ...)
 	{DSA-1522-1}
-	TODO: check
+	- unzip 5.52-11
 CVE-2008-0887
 	RESERVED
 CVE-2008-0886
@@ -1506,7 +1507,7 @@
 CVE-2008-0728 (The unmew11 function in libclamav/mew.c in libclamav in ClamAV
before ...)
 	- clamav 0.92.1~dfsg-1
 CVE-2008-0727 (Multiple buffer overflows in oninit.exe in IBM Informix Dynamic
Server ...)
-	TODO: check
+	NOT-FOR-US: IBM Informix Dynamic Server
 CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier
allows ...)
 	NOT-FOR-US: Adobe Acrobat Reader
 CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and
(2) ...)
@@ -1915,9 +1916,9 @@
 CVE-2008-0534
 	RESERVED
 CVE-2008-0533 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	TODO: check
+	NOT-FOR-US: Cisco ACS
 CVE-2008-0532 (Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in ...)
-	TODO: check
+	NOT-FOR-US: Cisco ACS
 CVE-2008-0531 (Heap-based buffer overflow in Cisco Unified IP Phone 7940,
7940G, ...)
 	NOT-FOR-US: Cisco
 CVE-2008-0530 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and
7960G ...)
@@ -3104,39 +3105,39 @@
 	{DSA-1524-1}
 	- krb5 1.6.dfsg.3~beta1-4 (high)
 CVE-2008-0060 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote
...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0059 (Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11
...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0058 (Race condition in the NSURLConnection cache management
functionality ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0057 (Multiple integer overflows in a "legacy serialization
format" parser ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0056 (Stack-based buffer overflow in Foundation in Apple Mac OS X
10.4.11 ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0055 (Foundation in Apple Mac OS X 10.4.11 creates world-writable ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0054 (Foundation in Apple Mac OS X 10.4.11 might allow
context-dependent ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0053 (Unspecified vulnerability in CUPS before 1.3.6 in Apple Mac OS X
...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0052 (CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe
file ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0051 (Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11
might ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0050 (CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy
servers ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0049 (AppKit in Apple Mac OS X 10.4.11 inadvertently makes an
NSApplication ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0048 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11
allows ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0047 (Heap-based buffer overflow in CUPS in Apple Mac OS X 10.5.2,
when ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0046 (The Application Firewall in Apple Mac OS X 10.5.2 has an
incorrect ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0045 (Unspecified vulnerability in AFP Server in Apple Mac OS X
10.4.11 ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0044 (Multiple buffer overflows in AFP Client in Apple Mac OS X
10.4.11 and ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2008-0043 (Format string vulnerability in Apple iPhoto before 7.1.2 allows
remote ...)
 	NOT-FOR-US: Apple iPhoto
 CVE-2008-0042 (Argument injection vulnerability in Terminal.app in Terminal in
Apple ...)