joeyh at alioth.debian.org
2008-Jul-09 09:14 UTC
[Secure-testing-commits] r9268 - data/CVE
Author: joeyh
Date: 2008-07-09 09:14:09 +0000 (Wed, 09 Jul 2008)
New Revision: 9268
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-07-09 08:55:33 UTC (rev 9267)
+++ data/CVE/list 2008-07-09 09:14:09 UTC (rev 9268)
@@ -1,7 +1,37 @@
+CVE-2008-3083 (SQL injection vulnerability in Brightcode Weblinks ...)
+ TODO: check
+CVE-2008-3082 (Cross-site scripting (XSS) vulnerability in ...)
+ TODO: check
+CVE-2008-3081 (Multiple unspecified "input validation"
vulnerabilities in the Web ...)
+ TODO: check
+CVE-2008-3080 (Cross-site request forgery (CSRF) vulnerability in admin.php in
...)
+ TODO: check
+CVE-2008-3079 (Unspecified vulnerability in Opera before 9.51 on Windows allows
...)
+ TODO: check
+CVE-2008-3078 (Opera before 9.51 does not properly manage memory within
functions ...)
+ TODO: check
+CVE-2008-3077 (arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on
the ...)
+ TODO: check
+CVE-2008-3076
+ RESERVED
+CVE-2008-3075
+ RESERVED
+CVE-2008-3074
+ RESERVED
+CVE-2008-3073 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x
before ...)
+ TODO: check
+CVE-2008-3072 (Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before
...)
+ TODO: check
+CVE-2008-3071 (Directory traversal vulnerability in inc/class_language.php in
MyBB ...)
+ TODO: check
+CVE-2008-3070 (Unspecified vulnerability in inc/datahandler/user.php in MyBB
before ...)
+ TODO: check
+CVE-2008-3069 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB
before ...)
+ TODO: check
CVE-2008-XXXX [ffmpeg STR demuxer buffer overflow]
- ffmpeg-free <unfixed> (bug filed)
- NOTE: http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993
- TODO: Check the various embedders in Etch, horray for librification in
Lenny
+ NOTE: http://svn.mplayerhq.hu/ffmpeg?view=rev&revision=13993
+ TODO: Check the various embedders in Etch, horray for librification in Lenny
CVE-2008-3068 (Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in
Outlook, ...)
NOT-FOR-US: Microsoft Crypto API
CVE-2008-3067 (sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when
...)
@@ -532,8 +562,8 @@
NOT-FOR-US: WallCity-Server
CVE-2008-2813 (Directory traversal vulnerability in index.php in
WallCity-Server ...)
NOT-FOR-US: WallCity-Server
-CVE-2008-2812
- RESERVED
+CVE-2008-2812 (The Linux kernel before 2.6.25.10 does not properly perform tty
...)
+ TODO: check
CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before
2.0.0.15, ...)
- iceweasel 3.0
NOTE: Firefox 3 not affected
@@ -543,8 +573,7 @@
CVE-2008-2810 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do
not ...)
- iceweasel <not-affected> (Windows-specific)
- iceape <not-affected> (Windows-specific)
-CVE-2008-2809 [MFSA 2008-31]
- RESERVED
+CVE-2008-2809 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15,
...)
- iceweasel 3.0
NOTE: Firefox 3 not affected
- iceape 1.1.10-1
@@ -1495,13 +1524,11 @@
CVE-2008-2377 [GNUTLS-SA-2008-2]
RESERVED
- gnutls26 2.4.1-1 (medium)
-CVE-2008-2376
- RESERVED
+CVE-2008-2376 (Integer overflow in the rb_ary_fill function in array.c in Ruby
before ...)
- ruby1.9 <unfixed>
- ruby1.8 <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2008/07/02/3
-CVE-2008-2375
- RESERVED
+CVE-2008-2375 (Memory leak in a certain Red Hat deployment of vsftpd before
2.0.5 on ...)
- vsftpd <not-affected> (debian versions all include the fix)
CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs
before ...)
- bluez-libs <unfixed> (low)
@@ -1773,10 +1800,10 @@
RESERVED
CVE-2008-2249
RESERVED
-CVE-2008-2248
- RESERVED
-CVE-2008-2247
- RESERVED
+CVE-2008-2248 (Cross-site scripting (XSS) vulnerability in Outlook Web Access
(OWA) ...)
+ TODO: check
+CVE-2008-2247 (Cross-site scripting (XSS) vulnerability in Outlook Web Access
(OWA) ...)
+ TODO: check
CVE-2008-2246
RESERVED
CVE-2008-2245
@@ -3140,8 +3167,8 @@
RESERVED
CVE-2008-1664
RESERVED
-CVE-2008-1663
- RESERVED
+CVE-2008-1663 (Cross-site scripting (XSS) vulnerability in HP System Management
...)
+ TODO: check
CVE-2008-1662
RESERVED
CVE-2008-1661 (Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks
...)
@@ -3614,8 +3641,8 @@
RESERVED
CVE-2008-1455
RESERVED
-CVE-2008-1454
- RESERVED
+CVE-2008-1454 (Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4,
XP SP2 ...)
+ TODO: check
CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and
Vista ...)
NOT-FOR-US: Windows Xp
CVE-2008-1452
@@ -3628,8 +3655,7 @@
RESERVED
CVE-2008-1448
RESERVED
-CVE-2008-1447 [lack of source port randomization in DNS resolvers]
- RESERVED
+CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before
9.5.0-P1, ...)
{DSA-1603-1}
- bind9 1:9.5.0.dfsg-5 (high)
- glibc <unfixed> (medium)
@@ -3659,8 +3685,8 @@
NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2008-1436 (Microsoft Windows XP Professional SP2, Vista, and Server 2003
and 2008 ...)
NOT-FOR-US: Windows
-CVE-2008-1435
- RESERVED
+CVE-2008-1435 (Windows Explorer in Microsoft Windows Vista up to SP1, and
Server ...)
+ TODO: check
CVE-2008-1434 (Use-after-free vulnerability in Microsoft Word in Office 2000
and XP ...)
NOT-FOR-US: Microsoft Word
CVE-2008-1433
@@ -6863,10 +6889,10 @@
NOT-FOR-US: Microsoft Office
CVE-2008-0108 (Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6
File ...)
NOT-FOR-US: Microsoft Office
-CVE-2008-0107
- RESERVED
-CVE-2008-0106
- RESERVED
+CVE-2008-0107 (Integer underflow in Microsoft SQL Server 7.0 SP4, 2000 SP4,
2005 SP2, ...)
+ TODO: check
+CVE-2008-0106 (Buffer overflow in Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005
SP2, ...)
+ TODO: check
CVE-2008-0105 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and
SP3, ...)
NOT-FOR-US: Microsoft Office
CVE-2008-0104 (Unspecified vulnerability in Microsoft Office Publisher 2000,
2002, ...)
@@ -6925,10 +6951,10 @@
NOT-FOR-US: Windows
CVE-2008-0087 (The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server
2003 SP1 ...)
NOT-FOR-US: Microsoft Windows
-CVE-2008-0086
- RESERVED
-CVE-2008-0085
- RESERVED
+CVE-2008-0086 (Buffer overflow in the convert function in Microsoft SQL Server
7.0 ...)
+ TODO: check
+CVE-2008-0085 (Microsoft SQL Server 7.0 SP4, 2000 SP4, 2005 SP2, Microsoft Data
...)
+ TODO: check
CVE-2008-0084 (Unspecified vulnerability in the TCP/IP support in Microsoft
Windows ...)
NOT-FOR-US: Windows
CVE-2008-0083 (The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll)
...)
@@ -7217,7 +7243,8 @@
- kdebase <unfixed> (low; bug #458968)
[etch] - kdebase <no-dsa> (Minor issue)
NOTE: filed http://bugs.kde.org/show_bug.cgi?id=154921
-CVE-2007-6590 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2, SeaMonkey 1.1.5,
...)
+CVE-2007-6590
+ REJECTED
- iceape <unfixed> (low)
[etch] - iceape <no-dsa> (Minor issue, new certificate manager in
Firefox 3 et al will address this)
- iceweasel <unfixed> (low)
@@ -15349,14 +15376,14 @@
- sun-java6 6-02-1
CVE-2007-3654 (The display driver allocattr functions in NetBSD 3.0 through
...)
NOT-FOR-US: NetBSD
-CVE-2007-3653
- RESERVED
-CVE-2007-3652
- RESERVED
-CVE-2007-3651
- RESERVED
-CVE-2007-3650
- RESERVED
+CVE-2007-3653 (Multiple cross-site scripting (XSS) vulnerabilities in Farsi
Script ...)
+ TODO: check
+CVE-2007-3652 (SQL injection vulnerability in class/page.php in Farsi Script
(aka ...)
+ TODO: check
+CVE-2007-3651 (class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows
remote ...)
+ TODO: check
+CVE-2007-3650 (myWebland myBloggie 2.1.6 allow remote attackers to obtain
sensitive ...)
+ TODO: check
CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX
control in ...)
NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control
CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and
possibly ...)
@@ -19526,8 +19553,8 @@
CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter
in ...)
{DSA-1283-1 DTSA-39-1}
- php5 5.2.0-11 (low)
-CVE-2007-1899
- RESERVED
+CVE-2007-1899 (Multiple SQL injection vulnerabilities in myWebland myBloggie
2.1.6 ...)
+ TODO: check
CVE-2007-1898 (formmail.php in Jetbox CMS 2.1 allows remote attackers to send
...)
NOT-FOR-US: Jetbox CMS
CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress
2.1.2, ...)