thr3ads.net - Secure testing commits - [Secure-testing-commits] r8628

If this information is useful, please help other people find it:
Share via:
nion at alioth.debian.org
2008-Apr-27 13:27 UTC
[Secure-testing-commits] r8628 - data/CVE

Author: nion
Date: 2008-04-27 13:27:16 +0000 (Sun, 27 Apr 2008)
New Revision: 8628

Modified:
   data/CVE/list
Log:
NFUs
new grsecurity issue (CVE-2008-1940)
CVE-2008-1937 fixed in moin 1.6.3-1
CVE-2008-1923,CVE-2008-1390 fixed in asterisk 1:1.4.19.1~dfsg-1
new util-linux issue (CVE-2008-1926)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-04-27 12:19:28 UTC (rev 8627)
+++ data/CVE/list	2008-04-27 13:27:16 UTC (rev 8628)
@@ -1,11 +1,11 @@
 CVE-2008-1956 (Cross-site scripting (XSS) vulnerability in index.php in
Wikepage Opus ...)
-	TODO: check
+	NOT-FOR-US: Wikepage Opus
 CVE-2008-1955 (Cross-site scripting (XSS) vulnerability in rep.php in Martin
BOUCHER ...)
-	TODO: check
+	NOT-FOR-US: Martin BOUCHER MyBoard
 CVE-2008-1954 (SQL injection vulnerability in one_day.php in Web Calendar Pro
4.1 and ...)
-	TODO: check
+	NOT-FOR-US: Web Calendar Pro
 CVE-2008-1953 (Cross-site scripting (XSS) vulnerability in the Sitedesigner
before ...)
-	TODO: check
+	NOT-FOR-US: Sitedesigner
 CVE-2008-1952
 	RESERVED
 CVE-2008-1951
@@ -27,45 +27,45 @@
 CVE-2008-1943
 	RESERVED
 CVE-2008-1942 (Foxit Reader 2.2 allows remote attackers to cause a denial of
service ...)
-	TODO: check
+	NOT-FOR-US: Foxit Reader
 CVE-2008-1941 (Cross-site scripting (XSS) vulnerability in the profile update
feature ...)
-	TODO: check
+	NOT-FOR-US: Akiva WebBoard
 CVE-2008-1940 (The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and
...)
-	TODO: check
+	- linux-patch-grsecurity2 <unfixed> (bug #478133)
 CVE-2008-1939 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0
allow ...)
-	TODO: check
+	NOT-FOR-US: W1L3D4 Philboard
 CVE-2008-1938 (Sony Mylo COM-2 Japanese model firmware before 1.002 does not
properly ...)
-	TODO: check
+	NOT-FOR-US: Sony firmware
 CVE-2008-1937 (The user form processing (userform.py) in MoinMoin before 1.6.3,
when ...)
-	TODO: check
+	- moin 1.6.3-1
 CVE-2008-1936 (SQL injection vulnerability in index.php in Classifieds Caffe
allows ...)
-	TODO: check
+	NOT-FOR-US: Classifieds Caffe
 CVE-2008-1935 (SQL injection vulnerability in the Filiale 1.0.4 component for
Joomla! ...)
-	TODO: check
+	NOT-FOR-US: Filiale
 CVE-2008-1934 (SQL injection vulnerability in commentaires.php in Crazy Goomba
1.2.1 ...)
-	TODO: check
+	NOT-FOR-US: Crazy Goomba
 CVE-2008-1933 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
-	TODO: check
+	NOT-FOR-US: Zune
 CVE-2008-1932 (Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys
and ...)
-	TODO: check
+	NOT-FOR-US: Realtek HD Audio Codec
 CVE-2008-1931 (Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys
before ...)
-	TODO: check
+	NOT-FOR-US: Realtek HD Audio Codec
 CVE-2008-1929
 	RESERVED
 CVE-2008-1928 (Buffer overflow in Imager 0.42 through 0.63 allows attackers to
cause ...)
-	TODO: check
+	NOT-FOR-US: Imager
 CVE-2008-1926 (Argument injection vulnerability in login (login-utils/login.c)
in ...)
-	TODO: check
+	- util-linux <unfixed> (low; bug #478135)
 CVE-2008-1923 (The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before
revision ...)
-	TODO: check
+	- asterisk 1:1.4.19.1~dfsg-1 (medium)
 CVE-2008-1922
 	RESERVED
 CVE-2008-1921 (SQL injection vulnerability in store_pages/category_list.php in
5th ...)
-	TODO: check
+	NOT-FOR-US: 5th Avenue Shopping Cart
 CVE-2008-1920 (Heap-based buffer overflow in the boxelyRenderer module in the
...)
-	TODO: check
+	NOT-FOR-US: ICQ
 CVE-2008-1919 (SQL injection vulnerability in listtest.php in YourFreeWorld
Apartment ...)
-	TODO: check
+	NOT-FOR-US: YourFreeWorld Apartment Search Script
 CVE-2008-1918 (SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14
and ...)
 	TODO: check
 CVE-2008-1917 (Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP
1.2 ...)
@@ -125,7 +125,7 @@
 CVE-2008-1898 (WkImgSrv.dll 7.03.0616 in Microsoft Works 7 allows remote
attackers to ...)
 	NOT-FOR-US: Microsoft Works
 CVE-2008-1897 (The IAX2 channel driver (chan_iax2) in Asterisk Open Source
1.0.x, ...)
-	TODO: check
+	- asterisk 1:1.4.19.1~dfsg-1 (medium)
 CVE-2008-1896 (Multiple cross-site scripting (XSS) vulnerabilities in Carbon
...)
 	NOT-FOR-US: Carbon Communities
 CVE-2008-1895 (Multiple SQL injection vulnerabilities in Carbon Communities 2.4
and ...)
@@ -1240,7 +1240,7 @@
 	- kfreebsd-6 <unfixed>
 	- kfreebsd-7 <unfixed>
 CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before
...)
-	- asterisk <unfixed> (low)
+	- asterisk 1:1.4.19.1~dfsg-1 (low)
 	[etch] - asterisk <not-affected> (Only 1.4.x affected)
 	[sarge] - asterisk <not-affected> (Only 1.4.x affected)
 CVE-2008-1389
Secure testing commits - Apr 2008 - r8628 - data/CVE

[Secure-testing-commits] r8628 - data/CVE
