thr3ads.net - Secure testing commits - [Secure-testing-commits] r8611

If this information is useful, please help other people find it:
Share via:
nion at alioth.debian.org
2008-Apr-25 12:23 UTC
[Secure-testing-commits] r8611 - data/CVE

Author: nion
Date: 2008-04-25 12:23:12 +0000 (Fri, 25 Apr 2008)
New Revision: 8611

Modified:
   data/CVE/list
Log:
NFUs
new/old vlc issue (CVE-2008-1881)
CVE-2007-6715 potential non-issue
new blender issue (CVE-2008-1102)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-04-25 11:37:13 UTC (rev 8610)
+++ data/CVE/list	2008-04-25 12:23:12 UTC (rev 8611)
@@ -77,13 +77,15 @@
 CVE-2008-1882
 	RESERVED
 CVE-2008-1881 (Stack-based buffer overflow in the ParseSSA function ...)
-	TODO: check
+	- vlc <unfixed> (medium; bug #477805)
 CVE-2008-1880
 	RESERVED
 CVE-2008-1879
 	RESERVED
 CVE-2007-6715 (Mozilla Firefox allows remote attackers to cause a denial of
service ...)
-	TODO: check
+	- iceweasel <unfixed> (unimportant)
+	NOTE: browser dos not treated as security issues
+	NOTE: cant reproduce on 2.0.0.12-1 and 2.0.0.14-2, already fixed?
 CVE-2008-XXXX [unspecified egroupware issue]
 	- egroupware <unfixed> (bug #476977)
 	TODO: request CVE id
@@ -382,7 +384,7 @@
 CVE-2008-1735
 	RESERVED
 CVE-2008-1734 (Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo
Linux ...)
-	TODO: check
+	NOT-FOR-US: PHP Toolkit (Gentoo specific)
 CVE-2008-1733 (SQL injection vulnerability in puarcade.class.php 2.2 and
earlier in ...)
 	NOT-FOR-US: Joomla component Pragmatic Utopia PU Arcade
 CVE-2008-1732 (SQL injection vulnerability in showpredictionsformatch.php in
...)
@@ -658,7 +660,7 @@
 	{DSA-1550-1 DTSA-124-1}
 	- suphp <unfixed> (low; bug #475431)
 CVE-2008-1613 (SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build
...)
-	TODO: check
+	NOT-FOR-US: RedDot CMS
 CVE-2008-1612 (The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17
allows ...)
 	- squid 2.6.18-1 (medium)
 CVE-2008-1611 (Stack-based buffer overflow in TFTP Server SP 1.4 for Windows
allows ...)
@@ -1053,7 +1055,7 @@
 CVE-2008-1437
 	RESERVED
 CVE-2008-1436 (Microsoft Windows XP Professional SP2, Vista, and Server 2003
and 2008 ...)
-	TODO: check
+	NOT-FOR-US: Windows
 CVE-2008-1435
 	RESERVED
 CVE-2008-1434
@@ -1882,7 +1884,7 @@
 CVE-2008-1103
 	RESERVED
 CVE-2008-1102 (Stack-based buffer overflow in the imb_loadhdr function in
Blender ...)
-	TODO: check
+	- blender <unfixed> (medium; bug #477808)
 CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing
engine ...)
 	NOT-FOR-US: KeyView
 CVE-2008-1100 (Buffer overflow in the cli_scanpe function in libclamav ...)
@@ -4296,11 +4298,11 @@
 CVE-2008-0069 (Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows
...)
 	NOT-FOR-US: XnView
 CVE-2008-0068 (Directory traversal vulnerability in OpenView5.exe in HP
OpenView ...)
-	TODO: check
+	NOT-FOR-US: HP OpenView
 CVE-2008-0067
 	RESERVED
 CVE-2008-0066 (Multiple buffer overflows in htmsr.dll in the HTML speed reader
in ...)
-	TODO: check
+	NOT-FOR-US: KeyView
 CVE-2008-0065 (Multiple stack-based buffer overflows in in_mp3.dll in Winamp
5.21, ...)
 	NOT-FOR-US: Winamp
 CVE-2008-0064 (Stack-based buffer overflow in Pierre-emmanuel Gougelet (1)
XnView ...)
@@ -5990,7 +5992,7 @@
 CVE-2007-6021
 	RESERVED
 CVE-2007-6020 (Multiple stack-based buffer overflows in foliosr.dll in the
Folio Flat ...)
-	TODO: check
+	NOT-FOR-US: KeyView
 CVE-2007-6019 (Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and
earlier, ...)
 	TODO: check
 CVE-2007-6018 (IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and
Horde ...)
@@ -6688,7 +6690,7 @@
 CVE-2007-5759
 	REJECTED
 CVE-2007-5758 (Stack-based buffer overflow in db2dasrrm in the DB2
Administration ...)
-	TODO: check
+	NOT-FOR-US: IBM DB2
 CVE-2007-5757 (Untrusted search path vulnerability in db2pd in IBM DB2
Universal ...)
 	NOT-FOR-US: IBM DB2
 CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in
NPF.SYS ...)
@@ -7225,7 +7227,7 @@
 CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security
Management ...)
 	NOT-FOR-US: Novell ZENworks Endpoint Security Management
 CVE-2007-5664 (db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2
Universal ...)
-	TODO: check
+	NOT-FOR-US: IBM DB2
 CVE-2007-5663 (Adobe Reader and Acrobat 8.1.1 and earlier allows remote
attackers to ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2007-5662
@@ -8152,9 +8154,9 @@
 CVE-2007-5407 (Multiple PHP remote file inclusion vulnerabilities in the ...)
 	NOT-FOR-US: Joomla! extension
 CVE-2007-5406 (kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader
in ...)
-	TODO: check
+	NOT-FOR-US: KeyView
 CVE-2007-5405 (Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in
the ...)
-	TODO: check
+	NOT-FOR-US: KeyView
 CVE-2007-5404 (Layton HelpBox 3.7.1 generates different responses depending on
...)
 	NOT-FOR-US: Layton HelpBox
 CVE-2007-5403 (Multiple cross-site scripting (XSS) vulnerabilities in Layton
HelpBox ...)
@@ -8166,7 +8168,7 @@
 CVE-2007-5400
 	RESERVED
 CVE-2007-5399 (Multiple heap-based buffer overflows in emlsr.dll in the EML
reader in ...)
-	TODO: check
+	NOT-FOR-US: KeyView
 CVE-2007-5398 (Stack-based buffer overflow in the reply_netbios_packet function
in ...)
 	{DSA-1409-3 DSA-1409-2 DSA-1409-1}
 	- samba 3.0.27-1 (high)
Secure testing commits - Apr 2008 - r8611 - data/CVE

[Secure-testing-commits] r8611 - data/CVE
