thr3ads.net - Secure testing commits - [Secure-testing-commits] r8543

If this information is useful, please help other people find it:
Share via:
keescook-guest at alioth.debian.org
2008-Apr-16 21:02 UTC
[Secure-testing-commits] r8543 - data/CVE

Author: keescook-guest
Date: 2008-04-16 21:02:35 +0000 (Wed, 16 Apr 2008)
New Revision: 8543

Modified:
   data/CVE/list
Log:
NFUs: 48
unfixed: libpng linux-2.6 m4 phpbb2 policykit


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-04-16 20:23:08 UTC (rev 8542)
+++ data/CVE/list	2008-04-16 21:02:35 UTC (rev 8543)
@@ -37,39 +37,39 @@
 CVE-2008-1767
 	RESERVED
 CVE-2008-1766 (Multiple unspecified vulnerabilities in phpBB before 3.0.1 have
...)
-	TODO: check
+	- phpbb2 <unfixed> (low)
 CVE-2008-1765
 	RESERVED
 CVE-2008-1764 (Unspecified vulnerability in Opera for Windows before 9.27 has
unknown ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2008-1763 (SQL injection vulnerability in
_blogadata/include/sond_result.php in ...)
-	TODO: check
+	NOT-FOR-US: Blogator-script
 CVE-2008-1762 (Opera before 9.27 allows remote attackers to cause a denial of
service ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2008-1761 (Opera before 9.27 allows remote attackers to cause a denial of
service ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2008-1760 (Multiple PHP remote file inclusion vulnerabilities in
Blogator-script ...)
-	TODO: check
+	NOT-FOR-US: Blogator-script
 CVE-2008-1759 (SQL injection vulnerability in the jeuxflash module for KwsPHP
allows ...)
-	TODO: check
+	NOT-FOR-US: KwsPHP
 CVE-2008-1758 (SQL injection vulnerability in the ConcoursPhoto module for
KwsPHP ...)
-	TODO: check
+	NOT-FOR-US: KwsPHP
 CVE-2008-1757 (Cross-site scripting (XSS) vulnerability in index.php in the
...)
-	TODO: check
+	NOT-FOR-US: KwsPHP
 CVE-2008-1756 (Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid
Engine ...)
-	TODO: check
+	NOT-FOR-US: Sun
 CVE-2008-1755 (Directory traversal vulnerability in the showSource function in
...)
-	TODO: check
+	NOT-FOR-US: World of Phaos
 CVE-2008-1754 (Symantec Altiris Deployment Solution before 6.9.164 stores the
...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2008-1753 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Alkacon OpenCMS
 CVE-2008-1752 (ezRADIUS 0.1 stores sensitive information under the web root
with ...)
-	TODO: check
+	NOT-FOR-US: ezRADIUS
 CVE-2008-1751 (Multiple directory traversal vulnerabilities in index.php in
Ksemail ...)
-	TODO: check
+	NOT-FOR-US: Ksemail
 CVE-2008-1750 (SQL injection vulnerability in Integry Systems LiveCart 1.1.1
and ...)
-	TODO: check
+	NOT-FOR-US: LiveCart
 CVE-2008-1749
 	RESERVED
 CVE-2008-1748
@@ -103,25 +103,25 @@
 CVE-2008-1734
 	RESERVED
 CVE-2008-1733 (SQL injection vulnerability in puarcade.class.php 2.2 and
earlier in ...)
-	TODO: check
+	NOT-FOR-US: Joomla component Pragmatic Utopia PU Arcade
 CVE-2008-1732 (SQL injection vulnerability in showpredictionsformatch.php in
...)
-	TODO: check
+	NOT-FOR-US: Prediction Football
 CVE-2008-1731 (The Simple Access module for Drupal 5.x through 5.x-1.2-2 does
not ...)
-	TODO: check
+	NOT-FOR-US: Drupal module Simple Access
 CVE-2008-1730 (Directory traversal vulnerability in download.html in ARWScripts
...)
-	TODO: check
+	NOT-FOR-US: ARWScripts Gallery Script Lite
 CVE-2008-1729 (The menu system in Drupal 6 before 6.2 has incorrect menu
settings, ...)
-	TODO: check
+	NOT-FOR-US: Drupal 6 (not packaged yet)
 CVE-2008-1728 (ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5
allows ...)
-	TODO: check
+	NOT-FOR-US: Ignite Realtime Openfire
 CVE-2008-1727 (KnowledgeQuest 2.5 and 2.6 does not require authentication for
access ...)
-	TODO: check
+	NOT-FOR-US: KnowledgeQuest
 CVE-2008-1726 (Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6,
when ...)
-	TODO: check
+	NOT-FOR-US: KnowledgeQuest
 CVE-2008-1725 (The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in
IBiz ...)
-	TODO: check
+	NOT-FOR-US: ActiveX
 CVE-2008-1724 (Stack-based buffer overflow in the IActiveXTransfer.FileTransfer
...)
-	TODO: check
+	NOT-FOR-US: ActiveX
 CVE-2008-1723
 	RESERVED
 CVE-2008-1722 (Multiple integer overflows in (1) filter/image-png.c and (2)
...)
@@ -130,37 +130,37 @@
 	- python2.4 <unfixed>
 	- python2.5 <unfixed>
 CVE-2008-1719 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Nuke ET ...)
-	TODO: check
+	NOT-FOR-US: Nuke ET
 CVE-2008-1718 (Buffer overflow in mimesr.dll in Autonomy (formerly Verity)
KeyView, ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus Notes
 CVE-2008-1717 (WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board
3.0.5 ...)
-	TODO: check
+	NOT-FOR-US: WoltLab Community Framework
 CVE-2008-1716 (Cross-site scripting (XSS) vulnerability in WoltLab Community
...)
-	TODO: check
+	NOT-FOR-US: WoltLab Community Framework
 CVE-2008-1715 (SQL injection vulnerability in content/user.php in AuraCMS 2.2.1
and ...)
-	TODO: check
+	NOT-FOR-US: AuraCMS
 CVE-2008-1714 (SQL injection vulnerability in show.php in FaScript FaPhoto 1.0,
when ...)
-	TODO: check
+	NOT-FOR-US: FaScript FaPhoto
 CVE-2008-1713 (MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote
...)
-	TODO: check
+	NOT-FOR-US: NoticeWare Email Server
 CVE-2008-1712 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: mx_blogs
 CVE-2008-1711 (Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0
stores ...)
-	TODO: check
+	NOT-FOR-US: Terong PHP Photo Gallery
 CVE-2008-1710 (Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1
allows ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX
 CVE-2008-1709 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Visual InterDev
 CVE-2008-1708 (IBM solidDB 06.00.1018 and earlier does not validate a certain
field ...)
-	TODO: check
+	NOT-FOR-US: IBM solidDB
 CVE-2008-1707 (IBM solidDB 06.00.1018 and earlier allows remote attackers to
cause a ...)
-	TODO: check
+	NOT-FOR-US: IBM solidDB
 CVE-2008-1706 (Uncontrolled array index in IBM solidDB 06.00.1018 and earlier
allows ...)
-	TODO: check
+	NOT-FOR-US: IBM solidDB
 CVE-2008-1705 (Format string vulnerability in the logging function in IBM
solidDB ...)
-	TODO: check
+	NOT-FOR-US: IBM solidDB
 CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in
Linux ...)
-	TODO: check
+	- linux-2.6 <unfixed> (medium)
 CVE-2008-XXXX [Incorrect input validation in PyString_FromStringAndSize()]
 	- python2.5 <unfixed>
 	TODO: python2.4 needs to be checked
@@ -173,9 +173,9 @@
 	NOTE: Etch is affected (it enables the acl upstream patch)
 	NOTE: http://samba.anu.edu.au/rsync/security.html#s3_0_2
 CVE-2008-1704 (Multiple buffer overflows in TIBCO Software Enterprise Message
Service ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2008-1703 (Multiple buffer overflows in TIBCO Software Rendezvous before
8.1.0, ...)
-	TODO: check
+	NOT-FOR-US: TIBCO
 CVE-2008-1702 (Absolute path traversal vulnerability in dload.php in the
my_gallery ...)
 	NOT-FOR-US: my_gallery plugin for e107
 CVE-2008-1701 (Novell NetWare 6.5 allows attackers to cause a denial of service
...)
@@ -205,9 +205,9 @@
 CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336
and ...)
 	NOT-FOR-US: SLMail Pro
 CVE-2008-1688 (Unspecified vulnerability in GNU m4 before 1.4.11 might allow
...)
-	TODO: check
+	- m4 <unfixed> (low)
 CVE-2008-1687 (The (1) maketemp and (2) mkstemp builtin functions in GNU m4
before ...)
-	TODO: check
+	- m4 <unfixed> (low)
 CVE-2008-1686 (Uncontrolled array index in Speex 1.1.12 and earlier, as used in
...)
 	- speex 1.2~beta2-1 (medium)
 	- libfishsound 0.7.0-2.2 (medium; bug #475152)
@@ -271,11 +271,11 @@
 CVE-2008-1659
 	RESERVED
 CVE-2008-1658 (Format string vulnerability in the grant helper ...)
-	TODO: check
+	- policykit <unfixed> (medium)
 CVE-2008-1657 (OpenSSH before 4.9 allows remote authenticated users to bypass
the ...)
 	- openssh 1:4.7p1-8 (low; bug #475156)
 CVE-2008-1656 (Adobe ColdFusion 8 and 8.0.1 does not properly implement the
public ...)
-	TODO: check
+	NOT-FOR-US: Adobe ColdFusion
 CVE-2008-1655 (Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and
earlier, ...)
 	TODO: check
 CVE-2008-1654 (Interaction error between Adobe Flash and multiple Universal
Plug and ...)
@@ -879,7 +879,7 @@
 CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile
or ...)
 	NOT-FOR-US: Gentoo Linux Ebuilds
 CVE-2008-1382 (libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and
1.4.0beta01 ...)
-	TODO: check
+	- libpng <unfixed> (low)
 CVE-2008-1381
 	RESERVED
 CVE-2008-1380
@@ -1576,7 +1576,7 @@
 CVE-2008-1102
 	RESERVED
 CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing
engine ...)
-	TODO: check
+	NOT-FOR-US: KeyView
 CVE-2008-1100 (Buffer overflow in the cli_scanpe function in libclamav ...)
         - clamav <unfixed>
 CVE-2008-1099 (_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does
not ...)
@@ -1881,11 +1881,11 @@
 CVE-2008-0964
 	RESERVED
 CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor
6.20.060 ...)
-	TODO: check
+	NOT-FOR-US: EMC DiskXtender
 CVE-2008-0962 (Stack-based buffer overflow in the File System Manager for EMC
...)
-	TODO: check
+	NOT-FOR-US: EMC DiskXtender
 CVE-2008-0961 (EMV DiskXtender 6.20.060 has a hard-coded login and password,
which ...)
-	TODO: check
+	NOT-FOR-US: EMC DiskXtender
 CVE-2008-0960
 	RESERVED
 CVE-2008-0959
@@ -1959,7 +1959,7 @@
 	- xen-3.0 <removed>
 	- kvm 63+dfsg-1 (bug #469666)
 CVE-2008-0927 (dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2
allows ...)
-	TODO: check
+	NOT-FOR-US: Novell eDirectory
 CVE-2008-0926 (Unspecified vulnerability in the eMBox utility in Novell
eDirectory ...)
 	NOT-FOR-US: Novell eDirectory
 CVE-2008-0925
Secure testing commits - Apr 2008 - r8543 - data/CVE

[Secure-testing-commits] r8543 - data/CVE
