thomasbl-guest at alioth.debian.org
2008-Jun-14 03:11 UTC
[Secure-testing-commits] r9065 - data/CVE
Author: thomasbl-guest Date: 2008-06-14 03:11:20 +0000 (Sat, 14 Jun 2008) New Revision: 9065 Modified: data/CVE/list Log: sorting all vmware-package issues and opened bug #486177 for the unsolved Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-06-13 18:02:33 UTC (rev 9064) +++ data/CVE/list 2008-06-14 03:11:20 UTC (rev 9065) @@ -1256,11 +1256,14 @@ RESERVED CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...) - vmware-package <unfixed> (low; bug #485919) - NOTE: it''s not a real bug for vmware-package itself, see #484491 + NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself + NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 ...) - vmware-package <not-affected> (Windows issue according to CVE) CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (HGFS) ...) - - vmware-package <unfixed> (bug #484491) + - vmware-package <unfixed> (low; bug #484491) + NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself + NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware ESXi 3.5 ...) NOT-FOR-US: Vmware ESX/i CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote attackers ...) @@ -2860,7 +2863,9 @@ CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 ...) - plone3 <unfixed> (bug #473571) CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...) - NOT-FOR-US: Vmware + - vmware-package <unfixed> (low; bug #486177) + NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself + NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2007-6711 (Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, ...) NOT-FOR-US: FreeWebShop.org CVE-2005-4873 (Multiple stack-based buffer overflows in the phpcups PHP module for ...) @@ -2961,13 +2966,15 @@ CVE-2008-1365 (Stack-based buffer overflow in Trend Micro OfficeScan Corporate ...) NOT-FOR-US: Trend Micro OfficeScan Corporate Edition CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware Workstation ...) - NOT-FOR-US: VMware + - vmware-package <unfixed> (low; bug #486177) + NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself + NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-1363 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...) - NOT-FOR-US: VMware + - vmware-package <not-affected> (Only vulnerable on windows hosted systems) CVE-2008-1362 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...) - NOT-FOR-US: VMware + - vmware-package <not-affected> (Only vulnerable on windows hosted systems) CVE-2008-1361 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...) - NOT-FOR-US: VMware + - vmware-package <not-affected> (Only vulnerable on windows hosted systems) CVE-2008-1359 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...) NOT-FOR-US: Invision Power Board CVE-2008-1358 (Stack-based buffer overflow in the IMAP server in Alt-N Technologies ...) @@ -3008,7 +3015,9 @@ CVE-2008-1341 (SQL injection vulnerability in SearchResults.aspx in LaGarde ...) NOT-FOR-US: LaGarde StoreFront CVE-2008-1340 (Virtual Machine Communication Interface (VMCI) in VMware Workstation ...) - NOT-FOR-US: VMware + - vmware-package <unfixed> (low; bug #486177) + NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself + NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2008-1339 RESERVED CVE-2008-1338 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...) @@ -8992,7 +9001,7 @@ CVE-2007-5672 RESERVED CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x before ...) - TODO: check + - vmware-package <not-affected> (Only vulnerable on windows hosted systems) CVE-2007-5670 REJECTED CVE-2007-5669 @@ -9232,11 +9241,15 @@ CVE-2007-5620 (Directory traversal vulnerability in admin/inc/help.php in ...) NOT-FOR-US: ZZ:FlashChat CVE-2007-5619 (Unspecified vulnerability in VMware Server before 1.0.4 causes user ...) - NOT-FOR-US: VMware Server + - vmware-package <unfixed> (low; bug #486177) + NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself + NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2007-5618 (Unquoted Windows search path in the Authorization and other services ...) - NOT-FOR-US: VMware Player + - vmware-package <not-affected> (Only vulnerable on windows hosted systems) CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 ...) - NOT-FOR-US: VMware Player + - vmware-package <unfixed> (low; bug #486177) + NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself + NOTE: does not download them, however it needs to update its hashes for upstream tarballs CVE-2007-5616 (ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x ...) NOT-FOR-US: SSH Tectia Client and Server CVE-2007-5615 (CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows ...) @@ -12177,11 +12190,11 @@ CVE-2007-4594 (Entrust Entelligence Security Provider (ESP) 8 does not properly ...) NOT-FOR-US: Entrust Entelligence Security Provider CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 ...) - NOT-FOR-US: VMWare Workstation + - vmware-package <not-affected> (Only vulnerable on windows hosted systems) CVE-2007-4592 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...) NOT-FOR-US: Rational CVE-2007-4591 (vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a ...) - NOT-FOR-US: VMWare Workstation + - vmware-package <not-affected> (Only vulnerable on windows hosted systems) CVE-2007-4590 (The get_system_info command in Ignite-UX C.7.0 through C.7.3, and ...) NOT-FOR-US: Ignite-UX CVE-2007-4589 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx ...)