Author: nion
Date: 2008-06-11 16:58:57 +0000 (Wed, 11 Jun 2008)
New Revision: 9034
Modified:
data/CVE/list
Log:
reverting to r9032
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-06-11 16:32:12 UTC (rev 9033)
+++ data/CVE/list 2008-06-11 16:58:57 UTC (rev 9034)
@@ -347,8 +347,10 @@
CVE-2008-2393 (SQL injection vulnerability in play.php in EntertainmentScript
1.4.0 ...)
NOT-FOR-US: EntertainmentScript
CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and
earlier ...)
- - wordpress 2.5.1-3 (low; bug #485807)
- NOTE: seems to be fixed within wordpress-bug #7113
+ - wordpress <unfixed>
+ NOTE: could not reproduce this. Anyway, wordpress security policy
+ NOTE: checks files only by extension so this should only affect misconfigured
+ NOTE: webservers. Poked wordpress upstream to get a confirmation of this
vulnerability
CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and
cause a ...)
NOT-FOR-US: SubSonic
CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe
(1) ...)
@@ -1331,10 +1333,10 @@
CVE-2008-1945
RESERVED
CVE-2008-1944 (Buffer overflow in the backend framebuffer of XenSource Xen ...)
- NOT-FOR-US: ?
+ TODO: check
NOTE: sent email to XEN team
CVE-2008-1943 (Buffer overflow in the backend of XenSource Xen Para Virtualized
Frame ...)
- NOT-FOR-US: help
+ TODO: check
NOTE: sent email to XEN team
CVE-2008-1942 (Foxit Reader 2.2 allows remote attackers to cause a denial of
service ...)
NOT-FOR-US: Foxit Reader
@@ -2077,7 +2079,7 @@
CVE-2008-1620 (Directory traversal vulnerability in 2X TFTP service (TFTPd.exe)
...)
NOT-FOR-US: ThinClientServer
CVE-2008-1619 (The ssm_i emulation in Xen 5.1 on IA64 architectures allows
attackers ...)
- NOT-FOR-US: 1
+ TODO: check
CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when
performing ...)
NOT-FOR-US: Watchguard Firebox
CVE-2008-1617 (Double free vulnerability in Web TransferCtrl Class 8,2,1,4 ...)
@@ -2329,7 +2331,7 @@
[sarge] - otrs <not-affected> (Vulnerable code not present)
NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
CVE-2008-1514 (ptrace in Linux kernel 2.6.9 on Fedora 7 and 8 allows local
users to ...)
- NOT-FOR-US: wapiti
+ TODO: check
NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24
here
CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and
...)
NOT-FOR-US: Danneo CMS
@@ -3639,7 +3641,7 @@
CVE-2008-0968
RESERVED
CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware
...)
- NOT-FOR-US: help
+ TODO: check
CVE-2008-0966
RESERVED
CVE-2008-0965
@@ -8695,7 +8697,7 @@
CVE-2007-5672
RESERVED
CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x
before ...)
- NOT-FOR-US: wordpress
+ TODO: check
CVE-2007-5670
REJECTED
CVE-2007-5669
@@ -9407,7 +9409,7 @@
CVE-2007-5499
REJECTED
CVE-2007-5498 (The Xen hypervisor block backend driver for Linux kernel 2.6.18,
when ...)
- NOT-FOR-US: ?
+ TODO: check
CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs before
1.40.3 ...)
{DSA-1422-1 DTSA-95-1}
- e2fsprogs 1.40.3-1 (bug #454760)