jmm-guest at alioth.debian.org
2008-Apr-09 17:58 UTC
[Secure-testing-commits] r8497 - data/CVE
Author: jmm-guest Date: 2008-04-09 17:58:54 +0000 (Wed, 09 Apr 2008) New Revision: 8497 Modified: data/CVE/list Log: latest round of wireshark issues doesn''t affect Etch openssl fixed in spu upload NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-04-09 17:50:34 UTC (rev 8496) +++ data/CVE/list 2008-04-09 17:58:54 UTC (rev 8497) @@ -283,10 +283,12 @@ NOT-FOR-US: Dan Costin File Transfer CVE-2008-1563 (The "decode as" feature in packet-bssap.c in the SCCP dissector in ...) - wireshark 1.0.0-1 (low) + [etch] - wireshark <not-affected> (Only 0.99.6 to 0.99.8 are affected) CVE-2008-1562 (The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through ...) - - wireshark 1.0.0-1 (low) + - wireshark <not-affected> (Only Windows builds are affected according to #1613) CVE-2008-1561 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) ...) - wireshark 1.0.0-1 (low) + [etch] - wireshark <not-affected> (Only 0.99.5 to 0.99.8 are affected) CVE-2008-1560 (Multiple cross-site scripting (XSS) vulnerabilities in Digiappz ...) NOT-FOR-US: Digiappz DigiDomain CVE-2008-1559 (SQL injection vulnerability in the Bernard Gilly AlphaContent ...) @@ -813,9 +815,9 @@ CVE-2008-1330 (Unspecified vulnerability in the Windows client API in Novell ...) NOT-FOR-US: Novell Groupwise CVE-2008-1329 (Unspecified vulnerability in the NetBackup service in CA ARCserve ...) - TODO: check + NOT-FOR-US: CA ARCserve CVE-2008-1328 (Buffer overflow in the LGServer service in CA ARCserve Backup for ...) - TODO: check + NOT-FOR-US: CA ARCserve CVE-2008-1327 (Gallarific does not require authentication for (1) users.php and (2) ...) NOT-FOR-US: Gallarific CVE-2008-1326 (Cross-site scripting (XSS) vulnerability in search.php in Gallarific ...) @@ -1228,15 +1230,15 @@ CVE-2008-1155 RESERVED CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2008-1152 (The data-link switching (DLSw) component in Cisco IOS 12.0 through ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2008-1151 (Memory leak in the virtual private dial-up network (VPDN) component in ...) TODO: check CVE-2008-1150 (The virtual private dial-up network (VPDN) component in Cisco IOS ...) - TODO: check + NOT-FOR-US: Cisco IOS CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters ...) - phpmyadmin 4:2.11.5-1 (low) [etch] - phpmyadmin <no-dsa> (Minor issue) @@ -1418,21 +1420,21 @@ CVE-2008-1091 RESERVED CVE-2008-1090 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-1089 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-1088 (Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-1087 (Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-1086 (The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-1085 (Use after free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-1084 (Unspecified vulnerability in the kernel in Microsoft Windows 200 SP4, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-1083 (Heap-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2008-1082 (Opera before 9.26 allows remote attackers to "bypass sanitization ...) NOT-FOR-US: Opera CVE-2008-1081 (Opera before 9.26 allows user-assisted remote attackers to execute ...) @@ -1778,7 +1780,7 @@ CVE-2008-0927 RESERVED CVE-2008-0926 (Unspecified vulnerability in the eMBox utility in Novell eDirectory ...) - TODO: check + NOT-FOR-US: Novell eDirectory CVE-2008-0925 RESERVED CVE-2008-0924 (Stack-based buffer overflow in the DoLBURPRequest function in libnldap ...) @@ -8911,6 +8913,8 @@ NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0 CVE-2007-4995 (Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before ...) - openssl 0.9.8f-1 (low) + [etch] - openssl <no-dsa> (Will be fixed in a point update) + TODO: [etch] - openssl 0.9.8c-4etch2 - openssl097 <not-affected> (DTLS support was introduced in 0.9.8) - openssl096 <not-affected> (DTLS support was introduced in 0.9.8) [sarge] - openssl <not-affected> (DTLS support was introduced in 0.9.8) @@ -13473,6 +13477,7 @@ NOT-FOR-US: Microsoft FrontPage CVE-2007-3108 (The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL ...) - openssl 0.9.8e-6 (bug #438142; low) + TODO: [etch] - openssl 0.9.8c-4etch2 - openssl097 <removed> (bug #438180) [sarge] - openssl <no-dsa> (Not exploitable in a real-world scenario) [etch] - openssl <no-dsa> (Not exploitable in a real-world scenario)