Author: nion Date: 2008-04-09 12:48:57 +0000 (Wed, 09 Apr 2008) New Revision: 8493 Modified: data/CVE/list Log: NFUs new issue: libfishsound (CVE-2008-1686), fixed in speex 1.2~beta2-1 new issue: eterm (CVE-2008-1692) CVE-2008-1685 a dup of CVE-2006-1902? new issue: gnome-screensaver (CVE-2008-1683) CVE-2008-1657 fixed in openssh 1:4.7p1-8 Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-04-09 12:05:59 UTC (rev 8492) +++ data/CVE/list 2008-04-09 12:48:57 UTC (rev 8493) @@ -3,19 +3,19 @@ CVE-2008-1703 RESERVED CVE-2008-1702 (Absolute path traversal vulnerability in dload.php in the my_gallery ...) - TODO: check + NOT-FOR-US: my_gallery plugin for e107 CVE-2008-1701 (Novell NetWare 6.5 allows attackers to cause a denial of service ...) - TODO: check + NOT-FOR-US: Novell NetWare CVE-2008-1700 (The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite ...) - TODO: check + NOT-FOR-US: WorkSite Web CVE-2008-1699 (SQL injection vulnerability in permalink.php in Desi Quintans Writer''s ...) - TODO: check + NOT-FOR-US: Desi Quintans Writer''s Block CMS CVE-2008-1698 (Cross-site scripting (XSS) vulnerability in gallery.php in Simple ...) - TODO: check + NOT-FOR-US: Simple Gallery CVE-2008-1697 (Stack-based buffer overflow in ovwparser.dll in HP OpenView Network ...) - TODO: check + NOT-FOR-US: HP OpenView Network Node Manager CVE-2008-1696 (Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, ...) - TODO: check + NOT-FOR-US: DaZPHPNews CVE-2008-1695 RESERVED CVE-2008-1694 @@ -23,31 +23,35 @@ CVE-2008-1693 RESERVED CVE-2008-1692 (Eterm 0.9.4 opens an xterm on :0 if -display is not specified and the ...) - TODO: check + - eterm <unfixed> (bug #473127) CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and ...) - TODO: check + NOT-FOR-US: SLMail Pro CVE-2008-1690 (WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and ...) - TODO: check + NOT-FOR-US: SLMail Pro CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and ...) - TODO: check + NOT-FOR-US: SLMail Pro CVE-2008-1688 RESERVED CVE-2008-1687 RESERVED CVE-2008-1686 (Uncontrolled array index in Speex 1.1.12 and earlier, as used in ...) - TODO: check + - speex 1.2~beta2-1 (medium) + - libfishsound <unfixed> (medium; bug #475152) CVE-2008-1685 (gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not ...) TODO: check + NOTE: dup of CVE-2006-1902 which is fixed in Debian? CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows local ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2008-1683 (xscreensaver on Fedora 8, when an NIS authentication server is ...) - TODO: check + - gnome-screensaver <unfixed> (low; bug #475154) + NOTE: the description seems wrong, this does not affect xscreensaver + NOTE: contacted mitre to update description CVE-2008-1682 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: com_onlineflashquiz component for Joomla! CVE-2008-1681 (Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 ...) - TODO: check + NOT-FOR-US: IBM DB2IBM DB2 CVE-2008-1680 (PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain ...) - TODO: check + NOT-FOR-US: PHP-Nuke Platinum CVE-2008-1679 RESERVED CVE-2008-1678 @@ -93,7 +97,7 @@ CVE-2008-1658 RESERVED CVE-2008-1657 (OpenSSH before 4.9 allows remote authenticated users to bypass the ...) - TODO: check + - openssh 1:4.7p1-8 (low; bug #475156) CVE-2008-1656 RESERVED CVE-2008-1655