thr3ads.net - Secure testing commits - [Secure-testing-commits] r9618

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Aug-21 21:14 UTC
[Secure-testing-commits] r9618 - data/CVE

Author: joeyh
Date: 2008-08-21 21:14:08 +0000 (Thu, 21 Aug 2008)
New Revision: 9618

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-08-21 16:40:53 UTC (rev 9617)
+++ data/CVE/list	2008-08-21 21:14:08 UTC (rev 9618)
@@ -1,25 +1,187 @@
-CVE-2008-3699 [insecure tmp file usage in amarok]
+CVE-2008-3747
+	RESERVED
+CVE-2008-3746
+	RESERVED
+CVE-2008-3739
+	RESERVED
+CVE-2008-3738
+	RESERVED
+CVE-2008-3737
+	RESERVED
+CVE-2008-3736
+	RESERVED
+CVE-2008-3735 (Cross-site scripting (XSS) vulnerability in index.php in
PHPizabi ...)
+	TODO: check
+CVE-2008-3734 (Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2
and ...)
+	TODO: check
+CVE-2008-3733 (Stack-based buffer overflow in EO Video (eo-video) 1.36 allows
remote ...)
+	TODO: check
+CVE-2008-3732 (Integer overflow in the Open function in modules/demux/tta.c in
VLC ...)
+	TODO: check
+CVE-2008-3731 (Unspecified vulnerability in Serv-U File Server 7.x before
7.2.0.1 ...)
+	TODO: check
+CVE-2008-3730 (Cross-site scripting (XSS) vulnerability in Nordicwind Document
...)
+	TODO: check
+CVE-2008-3729 (Web Based Administration in MicroWorld Technologies MailScan
5.6.a ...)
+	TODO: check
+CVE-2008-3728 (Web Based Administration in MicroWorld Technologies MailScan
5.6.a ...)
+	TODO: check
+CVE-2008-3727 (Directory traversal vulnerability in Web Based Administration in
...)
+	TODO: check
+CVE-2008-3726 (Cross-site scripting (XSS) vulnerability in Web Based
Administration ...)
+	TODO: check
+CVE-2008-3725 (SQL injection vulnerability in trr.php in YourFreeWorld Ad Board
...)
+	TODO: check
+CVE-2008-3724 (SQL injection vulnerability in index.php in Papoo before 3.7.2
allows ...)
+	TODO: check
+CVE-2008-3723 (Directory traversal vulnerability in index.php in PHPizabi
0.848b C1 ...)
+	TODO: check
+CVE-2008-3722 (SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1
allows ...)
+	TODO: check
+CVE-2008-3721 (PHP remote file inclusion vulnerability in user_language.php in
DeeEmm ...)
+	TODO: check
+CVE-2008-3720 (SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS)
0.7.4 ...)
+	TODO: check
+CVE-2008-3719 (SQL injection vulnerability in directory.php in SFS Affiliate
...)
+	TODO: check
+CVE-2008-3718 (Multiple SQL injection vulnerabilities in cyberBB 0.6 allow
remote ...)
+	TODO: check
+CVE-2008-3717 (Harmoni before 1.6.0 does not require administrative privileges
to ...)
+	TODO: check
+CVE-2008-3716 (Cross-site request forgery (CSRF) vulnerability in Harmoni
before ...)
+	TODO: check
+CVE-2008-3715 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2008-3714 (Cross-site scripting (XSS) vulnerability in awstats.pl in
AWStats 6.8 ...)
+	TODO: check
+CVE-2008-3713 (SQL injection vulnerability in product.php in PHPBasket allows
remote ...)
+	TODO: check
+CVE-2008-3712 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo
4.6.2 and ...)
+	TODO: check
+CVE-2008-3711 (SQL injection vulnerability in index.php in PHPArcadeScript (PHP
...)
+	TODO: check
+CVE-2008-3710 (Multiple directory traversal vulnerabilities in CyBoards PHP
Lite 1.21 ...)
+	TODO: check
+CVE-2008-3709 (Multiple cross-site scripting (XSS) vulnerabilities in CyBoards
PHP ...)
+	TODO: check
+CVE-2008-3708 (Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9
allow ...)
+	TODO: check
+CVE-2008-3707 (Multiple PHP remote file inclusion vulnerabilities in CyBoards
PHP ...)
+	TODO: check
+CVE-2008-3706 (SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0
...)
+	TODO: check
+CVE-2008-3705 (Stack-based buffer overflow in the CLogger::WriteFormated
function in ...)
+	TODO: check
+CVE-2008-3704 (Stack-based buffer overflow in the MaskedEdit ActiveX control in
...)
+	TODO: check
+CVE-2008-3703 (The management console in the Volume Manager Scheduler Service
(aka ...)
+	TODO: check
+CVE-2008-3702 (Multiple stack-based buffer overflows in the Animation GIF
ActiveX ...)
+	TODO: check
+CVE-2008-3701 (SQL injection vulnerability in staff/index.php in Kayako
SupportSuite ...)
+	TODO: check
+CVE-2008-3700 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako
...)
+	TODO: check
+CVE-2008-3698
+	RESERVED
+CVE-2008-3697
+	RESERVED
+CVE-2008-3696
+	RESERVED
+CVE-2008-3695
+	RESERVED
+CVE-2008-3694
+	RESERVED
+CVE-2008-3693
+	RESERVED
+CVE-2008-3692
+	RESERVED
+CVE-2008-3691
+	RESERVED
+CVE-2008-3690
+	RESERVED
+CVE-2008-3689
+	RESERVED
+CVE-2008-3688 (sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows
remote ...)
+	TODO: check
+CVE-2008-3687 (Heap-based buffer overflow in the flask_security_label function
in Xen ...)
+	TODO: check
+CVE-2008-3686 (The rt6_fill_node function in Linux kernel 2.6.26-rc4, 2.6.26.2,
and ...)
+	TODO: check
+CVE-2008-3685
+	RESERVED
+CVE-2008-3684
+	RESERVED
+CVE-2008-3683 (Unspecified vulnerability in the FTP subsystem in Sun Java
System Web ...)
+	TODO: check
+CVE-2008-3682 (SQL injection vulnerability in dpage.php in YPN PHP Realty
allows ...)
+	TODO: check
+CVE-2008-3681 (components/com_user/models/reset.php in Joomla! 1.5 through
1.5.5 does ...)
+	TODO: check
+CVE-2008-3680 (The decryption function in Flagship Industries Ventrilo 3.0.2
and ...)
+	TODO: check
+CVE-2008-3679 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2008-3678 (Cross-site scripting (XSS) vulnerability in
admin/search_links.php in ...)
+	TODO: check
+CVE-2008-3677 (Directory traversal vulnerability in ...)
+	TODO: check
+CVE-2008-3676 (Unspecified vulnerability in the IMAP server in hMailServer
4.4.1 ...)
+	TODO: check
+CVE-2008-3675 (Directory traversal vulnerability in classes/imgsize.php in
Gelato ...)
+	TODO: check
+CVE-2008-3674 (SQL injection vulnerability in ugroups.php in PozScripts
TubeGuru ...)
+	TODO: check
+CVE-2008-3673 (SQL injection vulnerability in browsecats.php in PozScripts
Classified ...)
+	TODO: check
+CVE-2008-3672 (SQL injection vulnerability in showcategory.php in PozScripts
...)
+	TODO: check
+CVE-2008-3671 (Acronis True Image Echo Server 9.x build 8072 on Linux does not
...)
+	TODO: check
+CVE-2008-3670 (SQL injection vulnerability in authordetail.php in Article
Friendly ...)
+	TODO: check
+CVE-2008-3669 (SQL injection vulnerability in comments.php in ZeeScripts
Reviews ...)
+	TODO: check
+CVE-2008-3668 (Multiple cross-site scripting (XSS) vulnerabilities in the
Yogurt ...)
+	TODO: check
+CVE-2008-3667 (Stack-based buffer overflow in Maxthon Browser 2.0 and earlier
allows ...)
+	TODO: check
+CVE-2006-7233 (Cross-site scripting (XSS) vulnerability in the login form
(login.jsp) ...)
+	TODO: check
+CVE-2005-4877 (Cross-site scripting (XSS) vulnerability in the login form
(login.jsp) ...)
+	TODO: check
+CVE-2005-4876 (Cross-site scripting (XSS) vulnerability in the login form
(login.jsp) ...)
+	TODO: check
+CVE-2003-1563 (Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real
...)
+	TODO: check
+CVE-2008-3699 (The MagnatuneBrowser::listDownloadComplete function in ...)
 	- amarok 1.4.10-1 (low; bug #494765)
 CVE-2008-3740 [drupal XSS]
+	RESERVED
 	{DTSA-156-1}
 	- drupal5 5.10-1 (low; bug #495122)
 	TODO: check drupal4.7
 CVE-2008-3741 [drupal XSS]
+	RESERVED
 	{DTSA-156-1}
 	- drupal5 5.10-1 (low; bug #495122)
 	TODO: check drupal4.7
 CVE-2008-3742 [drupal file uploads via blogApi]
+	RESERVED
 	{DTSA-156-1}
 	- drupal5 5.10-1 (medium; bug #495122)
 	TODO: check drupal4.7
 CVE-2008-3743 [drupal CSRF]
+	RESERVED
 	{DTSA-156-1}
 	- drupal5 <not-affected> (Vulnerable code not present)
 CVE-2008-3744 [drupal CSRF]
+	RESERVED
 	{DTSA-156-1}
 	- drupal5 5.10-1 (low; bug #495122)
 	TODO: check drupal4.7
 CVE-2008-3745 [drupal upload module privilege escalation]
+	RESERVED
 	{DTSA-156-1}
 	- drupal5 <not-affected> (Vulnerable code only present in 6.x)
 CVE-2008-3666 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris
before ...)
@@ -34,13 +196,13 @@
 	RESERVED
 CVE-2008-3661
 	RESERVED
-CVE-2008-3660
-	RESERVED
-CVE-2008-3659
-	RESERVED
-CVE-2008-3658
-	RESERVED
-CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.5 through
1.8.6-p286, ...)
+CVE-2008-3660 (PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a
...)
+	TODO: check
+CVE-2008-3659 (Buffer overflow in the memnstr function in PHP 4.4.x before
4.4.9 and ...)
+	TODO: check
+CVE-2008-3658 (Buffer overflow in the imageloadfont function in ext/gd/gd.c in
PHP ...)
+	TODO: check
+CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.6 through
1.8.6-p286, ...)
 	- ruby1.8 <unfixed> (bug #494401)
 	- ruby1.9 <unfixed> (bug #494402)
 	NOTE:
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
@@ -48,7 +210,7 @@
 	- ruby1.8 <unfixed> (bug #494401)
 	- ruby1.9 <unfixed> (bug #494402)
 	NOTE:
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
-CVE-2008-3655 (Ruby 1.8.5 and earlier, 1.8.5 through 1.8.6-p286, 1.8.7 through
...)
+CVE-2008-3655 (Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through
...)
 	- ruby1.8 <unfixed> (bug #494401)
 	- ruby1.9 <unfixed> (bug #494402)
 	NOTE:
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
@@ -300,8 +462,7 @@
 	- linux-2.6 2.6.26-2
 CVE-2008-3534 (The shmem_delete_inode function in mm/shmem.c in the tmpfs ...)
 	- linux-2.6 2.6.26-2
-CVE-2008-3533 [yelp format string]
-	RESERVED
+CVE-2008-3533 (Format string vulnerability in the window_error function in ...)
 	{DTSA-154-1}
 	- yelp 2.22.1-4 (low)
 CVE-2008-3531
@@ -338,7 +499,7 @@
 	NOT-FOR-US: Adobe Presenter
 CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files
generated ...)
 	NOT-FOR-US: Adobe Presenter
-CVE-2008-3514 (Unspecified vulnerability in VMware VirtualCenter 2.5 before
Update 2 ...)
+CVE-2008-3514 (VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update
5 ...)
 	NOT-FOR-US: VMware VirtualCenter
 CVE-2008-3513 (SQL injection vulnerability in the Book Catalog module 1.0 for
...)
 	NOT-FOR-US: PHP-Nuke
@@ -456,7 +617,7 @@
 	RESERVED
 CVE-2008-3461
 	RESERVED
-CVE-2008-3460 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office
Converter ...)
+CVE-2008-3460 (WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2;
...)
 	NOT-FOR-US: Microsoft Office 2000
 CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8,
when ...)
 	- openvpn 2.1~rc9-1 (low; bug #493488)
@@ -492,13 +653,13 @@
 CVE-2008-3444 (The content layout component in Mozilla Firefox 3.0 and 3.0.1
allows ...)
 	- iceweasel <unfixed> (unimportant)
 	NOTE: browser dos not treated as security issues
-CVE-2008-3443
-	RESERVED
+CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and
earlier, ...)
+	TODO: check
 CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of
...)
 	NOT-FOR-US: WinZip
 CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the
authenticity ...)
 	NOT-FOR-US: Nullsoft Winamp
-CVE-2008-3440 (Sun Java before 1.6.0_03 does not properly verify the
authenticity of ...)
+CVE-2008-3440 (Sun Java 1.6.0_03 and earlier versions, and possibly later
versions, ...)
 	TODO: check
 CVE-2008-3439 (SpeedBit Video Acceleration before 2.2.1.8 does not properly
verify ...)
 	NOT-FOR-US: SpeedBit Video Acceleration
@@ -520,7 +681,8 @@
 	NOT-FOR-US: Eyeball MessengerSDK
 CVE-2008-3428 (Session fixation vulnerability in phpFreeChat 1.1 allows remote
...)
 	NOT-FOR-US: phpFreeChat
-CVE-2008-3427 (Multiple SQL injection vulnerabilities in M&#246;bius for
Mimsy XG 1.4.4.1 ...)
+CVE-2008-3427
+	REJECTED
 	NOT-FOR-US: Moebius for Mimsy XG
 CVE-2008-3426 (Unspecified vulnerability in the Solaris Platform Information
and ...)
 	NOT-FOR-US: Solaris
@@ -550,7 +712,7 @@
 	- openttd 0.6.2-1 (medium; bug #493714)
 CVE-2008-3421 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
 	NOT-FOR-US: Blackboard Academic Suite
-CVE-2008-3420 (Multiple SQL injection vulnerabilities in Mobius Web Publishing
...)
+CVE-2008-3420 (Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1
...)
 	NOT-FOR-US: Mobius Web Publishing Software
 CVE-2008-3419 (SQL injection vulnerability in ugroups.php in Youtuber Clone
allows ...)
 	NOT-FOR-US: Youtuber Clone
@@ -721,8 +883,8 @@
 CVE-2008-3429 (Buffer overflow in URI processing in HTTrack and WinHTTrack
before ...)
 	{DSA-1626-1}
 	- httrack 3.42.3-1 (low)
-CVE-2008-3338
-	RESERVED
+CVE-2008-3338 (Multiple buffer overflows in TIBCO Hawk (1) AMI C library ...)
+	TODO: check
 CVE-2008-3337 (PowerDNS Authoritative Server before 2.9.21.1 drops malformed
queries, ...)
 	{DSA-1628-1}
 	- pdns 2.9.21.1-1 (low)
@@ -744,8 +906,8 @@
 	- links2 2.1pre37-1.1 (low; bug #492744)
 CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in
Trac ...)
 	- trac 0.11-1
-CVE-2008-3324
-	RESERVED
+CVE-2008-3324 (The PartyGaming PartyPoker client program 121/120 does not
properly ...)
+	TODO: check
 CVE-2008-3323 (setup.exe before 2.573.2.3 in Cygwin does not properly verify
the ...)
 	NOT-FOR-US: Cygwin
 CVE-2008-3322 (admin/index.php in Maian Recipe 1.2 and earlier allows remote
...)
@@ -843,9 +1005,10 @@
 	RESERVED
 CVE-2008-3277
 	RESERVED
-CVE-2008-3276
-	RESERVED
+CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in ...)
+	TODO: check
 CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in
fs/namei.c in ...)
+	{DSA-1630-1}
 	- linux-2.6.24 <unfixed>
 	- linux-2.6 <unfixed>
 	NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77        
@@ -854,13 +1017,14 @@
 CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP)
before ...)
 	TODO: check
 CVE-2008-3272 (The snd_seq_oss_synth_make_info function in ...)
+	{DSA-1630-1}
 	- linux-2.6.24 <unfixed>
 	- linux-2.6 <unfixed>
 	NOTE: 82e68f7ffec3800425f2391c8c86277606860442
 CVE-2008-3271
 	RESERVED
-CVE-2008-3270
-	RESERVED
+CVE-2008-3270 (yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not
verify ...)
+	TODO: check
 CVE-2008-3269 (WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and
Full ...)
 	NOT-FOR-US: WinRemotePC
 CVE-2008-3268 (Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9,
when ...)
@@ -1480,11 +1644,11 @@
 	RESERVED
 CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and
2007 ...)
 	NOT-FOR-US: Microsoft Office Excel
-CVE-2008-3005 (Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004
and 2008 ...)
+CVE-2008-3005 (Array index vulnerability in Microsoft Office Excel 2000 SP3 and
2002 ...)
 	NOT-FOR-US: Microsoft Office Excel
 CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3;
...)
 	NOT-FOR-US: Microsoft Office Excel
-CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1, does not properly
delete the ...)
+CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1 does not properly
delete the ...)
 	NOT-FOR-US: Microsoft Office Excel
 CVE-2008-3002
 	RESERVED
@@ -1589,22 +1753,20 @@
 	- linux-2.6.24 <unfixed>
 CVE-2008-2943 (Double free vulnerability in IBM Tivoli Directory Server (TDS)
6.1.0.0 ...)
 	NOT-FOR-US: IBM Tivoli Directory Server
-CVE-2008-2941
-	RESERVED
-CVE-2008-2940
-	RESERVED
+CVE-2008-2941 (The hpssd message parser in hpssd.py in HP Linux Imaging and
Printing ...)
+	TODO: check
+CVE-2008-2940 (The alert-mailing implementation in HP Linux Imaging and
Printing ...)
+	TODO: check
 CVE-2008-2939 (Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the
...)
 	- apache2 2.2.9-7 (low)
 	[etch] - apache2 <no-dsa> (minor issue)
 	- apache <not-affected> (vulnerable code not present)
-CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 6.0.0 through
...)
+CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 4.1.0 through
...)
 	TODO: check
-CVE-2008-2937 [postfix delivers to mailbox that is not owned by the recipient]
-	RESERVED
+CVE-2008-2937 (Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to
a ...)
 	- postfix 2.5.4-1 (low)
 	[etch] - postfix <no-dsa> (minor issue)
-CVE-2008-2936 [postfix hardlink to symlink priv esc]
-	RESERVED
+CVE-2008-2936 (Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and
2.6 ...)
 	{DSA-1629-2 DSA-1629-1 DTSA-155-1}
 	- postfix 2.5.4-1
 CVE-2008-2935 (Multiple heap-based buffer overflows in the rc4 (1) encryption
(aka ...)
@@ -1619,6 +1781,7 @@
 CVE-2008-2932
 	RESERVED
 CVE-2008-2931 (The do_change_type function in fs/namespace.c in the Linux
kernel ...)
+	{DSA-1630-1}
 	- linux-2.6 2.6.22
 	NOTE: ee6f958291e2a768fd727e7a67badfff0b67711a
 CVE-2008-2930
@@ -1889,6 +2052,7 @@
 	NOTE: the fix sent to t-s and unstable does not seem possible in etch due to
 	NOTE: missing api features from the version of libc-client in etch.
 CVE-2008-2826 (Integer overflow in the sctp_getsockopt_local_addrs_old function
in ...)
+	{DSA-1630-1}
 	- linux-2.6 2.6.25-6 (low)
 	- linux-2.6.24 2.6.24-6~etchnhalf.4 (low)
 	NOTE: 735ce972fbc8a65fb17788debd7bbe7b4383cc62, present in 2.6.25.9
@@ -1919,6 +2083,7 @@
 CVE-2008-2813 (Directory traversal vulnerability in index.php in
WallCity-Server ...)
 	NOT-FOR-US: WallCity-Server
 CVE-2008-2812 (The Linux kernel before 2.6.25.10 does not properly perform tty
...)
+	{DSA-1630-1}
 	- linux-2.6 2.6.25-7
 	- linux-2.6.24 2.6.24-6~etchnhalf.4
 CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before
2.0.0.15, ...)
@@ -2138,7 +2303,7 @@
 CVE-2008-2738
 	RESERVED
 CVE-2008-2737
-	RESERVED
+	REJECTED
 CVE-2008-2736
 	RESERVED
 CVE-2008-2735
@@ -2154,6 +2319,7 @@
 CVE-2008-2730 (The Real-Time Information Server (RIS) Data Collector service in
Cisco ...)
 	NOT-FOR-US: cisco
 CVE-2008-2729 (arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on
some ...)
+	{DSA-1630-1}
 	- linux-2.6 2.6.19-1
 	NOTE: 3022d734a54cbd2b65eea9a024564821101b4a9a
 CVE-2008-2728
@@ -2929,8 +3095,8 @@
 	- pcre3 7.6-2.1 (medium; bug #488919)
 CVE-2008-2370 (Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and
6.0.0 ...)
 	- tomcat5.5 <unfixed> (bug #494504)
-CVE-2008-2369
-	RESERVED
+CVE-2008-2369 (manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has
a ...)
+	TODO: check
 CVE-2008-2368
 	RESERVED
 CVE-2008-2367
@@ -3175,7 +3341,7 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-2255 (Microsoft Internet Explorer 5.01, 6, and 7 accesses
uninitialized ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2008-2254 (Microsoft Internet Explorer 5.01, 6, and 7 accesses
uninitialized ...)
+CVE-2008-2254 (Microsoft Internet Explorer 6 and 7 accesses uninitialized
memory, ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-2253
 	RESERVED
@@ -3193,7 +3359,7 @@
 	NOT-FOR-US: Exchange Server
 CVE-2008-2246 (Microsoft Windows Vista through SP1 and Server 2008 do not
properly ...)
 	NOT-FOR-US: Microsoft Windows Vista
-CVE-2008-2245 (Heap-based buffer overflow in Microsoft Windows Image Color
Management ...)
+CVE-2008-2245 (Heap-based buffer overflow in the InternalOpenColorProfile
function in ...)
 	NOT-FOR-US: Microsoft Windows Image Color Management System (MSCMS)
 CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to
execute ...)
 	NOT-FOR-US: Microsoft Office Word 
@@ -3217,10 +3383,10 @@
 	{DSA-1627-1}
 	- opensc 0.11.4-4
 	NOTE: http://www.opensc-project.org/security.html
-CVE-2008-2234
-	RESERVED
-CVE-2008-2233
-	RESERVED
+CVE-2008-2234 (Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow
remote ...)
+	TODO: check
+CVE-2008-2233 (The client in Openwsman 1.2.0 and 2.0.0, in unknown
configurations, ...)
+	TODO: check
 CVE-2008-2232 (The expand_template function in afuse.c in afuse 0.2 allows
local ...)
 	{DSA-1611-1 DTSA-149-1}
 	- afuse 0.2-3 (bug #490921; medium)
@@ -4550,8 +4716,8 @@
 	- linux-2.6 2.6.25-2 (low)
 	- linux-2.6.24 2.6.24-6~etchnhalf.2
 	NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2
-CVE-2008-1668
-	RESERVED
+CVE-2008-1668 (Unspecified vulnerability in ftpd (aka wu-ftpd 2.4.x) in HP-UX
B.11.11 ...)
+	TODO: check
 CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European
...)
 	NOT-FOR-US: Probe Builder 2.2
 CVE-2008-1666 (Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7,
...)
@@ -6257,9 +6423,9 @@
 	NOTE: does not download them, however it needs to update its hashes for
upstream tarballs
 CVE-2008-0966
 	RESERVED
-CVE-2008-0965 (Unspecified vulnerability in snoop on Sun Solaris 8 through 10
and ...)
+CVE-2008-0965 (Multiple format string vulnerabilities in snoop on Sun Solaris 8
...)
 	NOT-FOR-US: Sun Solaris and OpenSolaris
-CVE-2008-0964 (Unspecified vulnerability in snoop on Sun Solaris 8 through 10
and ...)
+CVE-2008-0964 (Multiple stack-based buffer overflows in snoop on Sun Solaris 8
...)
 	NOT-FOR-US: Sun Solaris and OpenSolaris
 CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor
6.20.060 ...)
 	NOT-FOR-US: EMC DiskXtender
@@ -7064,6 +7230,7 @@
 	[etch] - php5 <not-affected> (Vulnerable code not yet present)
 	[etch] - php4 <not-affected> (Vulnerable code not yet present)
 CVE-2008-0598 (Unspecified vulnerability in the 32-bit and 64-bit emulation in
the ...)
+	{DSA-1630-1}
 	- linux-2.6 <unfixed> (bug #490910)
 	- linux-2.6.24 2.6.24-6~etchnhalf.4
 CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly
other ...)
@@ -8272,7 +8439,7 @@
 	NOTE: libbind9 is distinct code, not related to the old libbind.
 CVE-2008-0121 (A &quot;memory calculation error&quot; in Microsoft
PowerPoint Viewer 2003 ...)
 	NOT-FOR-US: Microsoft PowerPoint Viewer
-CVE-2008-0120 (A &quot;memory allocation error&quot; in Microsoft
PowerPoint Viewer 2003 allows ...)
+CVE-2008-0120 (Integer overflow in Microsoft PowerPoint Viewer 2003 allows
remote ...)
 	NOT-FOR-US: Microsoft PowerPoint Viewer
 CVE-2008-0119 (Unspecified vulnerability in Microsoft Publisher in Office 2000
and XP ...)
 	NOT-FOR-US: Microsoft Publisher
@@ -9438,6 +9605,7 @@
 CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind
/etc/rndc.key ...)
 	- bind9 <not-affected> (On Debian this file is rw for user bind and just
readable for group bind)
 CVE-2007-6282 (The IPsec implementation in Linux kernel before 2.6.25 allows
remote ...)
+	{DSA-1630-1}
 	- linux-2.6 2.6.25-1
 	- linux-2.6.24 2.6.24-6~etchnhalf.4
 	NOTE: Upstream commit 920fc941a9617f95ccb283037fe6f8a38d95bb69 
@@ -18441,7 +18609,7 @@
 	NOT-FOR-US: DOMjudge
 CVE-2007-2976 (Centrinity FirstClass 8.3 and earlier, and Server and Internet
...)
 	NOT-FOR-US: Centrinity
-CVE-2007-2975 (Unspecified vulnerability in the built-in admin console in
Ignite ...)
+CVE-2007-2975 (The admin console in Ignite Realtime Openfire 3.3.0 and earlier
...)
 	NOT-FOR-US: Ignite Realtime
 CVE-2007-2974 (Buffer overflow in the file parsing engine in Avira Antivir
Antivirus ...)
 	NOT-FOR-US: Avira Antivirus
Secure testing commits - Aug 2008 - r9618 - data/CVE

[Secure-testing-commits] r9618 - data/CVE
