joeyh at alioth.debian.org
2008-Nov-03 21:14 UTC
[Secure-testing-commits] r10265 - data/CVE
Author: joeyh
Date: 2008-11-03 21:14:09 +0000 (Mon, 03 Nov 2008)
New Revision: 10265
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-11-03 17:36:59 UTC (rev 10264)
+++ data/CVE/list 2008-11-03 21:14:09 UTC (rev 10265)
@@ -1,3 +1,160 @@
+CVE-2008-6432
+ REJECTED
+ TODO: check
+CVE-2008-4878 (Unrestricted file upload vulnerability in the "Add
Image Macro" ...)
+ TODO: check
+CVE-2008-4877 (SQL injection vulnerability in admin.php in WebCards 1.3, when
...)
+ TODO: check
+CVE-2008-4876 (Cross-site scripting (XSS) vulnerability in the web server
component ...)
+ TODO: check
+CVE-2008-4875 (Directory traversal vulnerability in the web server in Philips
...)
+ TODO: check
+CVE-2008-4874 (The web component in Philips Electronics VOIP841 DECT Phone with
...)
+ TODO: check
+CVE-2008-4873 (board.cgi in Sepal SPBOARD 4.5 allows remote attackers to
execute ...)
+ TODO: check
+CVE-2008-4872 (Cross-site scripting (XSS) vulnerability in bidhistory.php in
...)
+ TODO: check
+CVE-2008-4871 (Cross-site scripting (XSS) vulnerability in My Little Forum 1.75
and ...)
+ TODO: check
+CVE-2008-4870 (dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly
...)
+ TODO: check
+CVE-2008-4869 (FFmpeg 0.4.9, as used by MPlayer, allows context-dependent
attackers ...)
+ TODO: check
+CVE-2008-4868 (Unspecified vulnerability in the avcodec_close function in ...)
+ TODO: check
+CVE-2008-4867 (Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before
r14917, as ...)
+ TODO: check
+CVE-2008-4866 (Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9
...)
+ TODO: check
+CVE-2008-4865 (Untrusted search path vulnerability in valgrind allows local
users to ...)
+ TODO: check
+CVE-2008-4864 (Multiple integer overflows in imageop.c in the imageop module in
...)
+ TODO: check
+CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender
2.46 ...)
+ TODO: check
+CVE-2008-4862
+ RESERVED
+CVE-2008-4861
+ RESERVED
+CVE-2008-4860
+ RESERVED
+CVE-2008-4859
+ RESERVED
+CVE-2008-4858
+ RESERVED
+CVE-2008-4857
+ RESERVED
+CVE-2008-4856
+ RESERVED
+CVE-2008-4855
+ RESERVED
+CVE-2008-4854
+ RESERVED
+CVE-2008-4853
+ RESERVED
+CVE-2008-4852
+ RESERVED
+CVE-2008-4851
+ RESERVED
+CVE-2008-4850
+ RESERVED
+CVE-2008-4849
+ RESERVED
+CVE-2008-4848
+ RESERVED
+CVE-2008-4847
+ RESERVED
+CVE-2008-4846
+ RESERVED
+CVE-2008-4845
+ RESERVED
+CVE-2008-4844
+ RESERVED
+CVE-2008-4843
+ RESERVED
+CVE-2008-4842
+ RESERVED
+CVE-2008-4841
+ RESERVED
+CVE-2008-4840
+ RESERVED
+CVE-2008-4839
+ RESERVED
+CVE-2008-4838
+ RESERVED
+CVE-2008-4837
+ RESERVED
+CVE-2008-4836
+ RESERVED
+CVE-2008-4835
+ RESERVED
+CVE-2008-4834
+ RESERVED
+CVE-2008-4833
+ RESERVED
+CVE-2008-4832
+ RESERVED
+CVE-2008-4831
+ RESERVED
+CVE-2008-4830
+ RESERVED
+CVE-2008-4829
+ RESERVED
+CVE-2008-4828
+ RESERVED
+CVE-2008-4827
+ RESERVED
+CVE-2008-4826
+ RESERVED
+CVE-2008-4825
+ RESERVED
+CVE-2008-4824
+ RESERVED
+CVE-2008-4823
+ RESERVED
+CVE-2008-4822
+ RESERVED
+CVE-2008-4821
+ RESERVED
+CVE-2008-4820
+ RESERVED
+CVE-2008-4819
+ RESERVED
+CVE-2008-4818
+ RESERVED
+CVE-2008-4817
+ RESERVED
+CVE-2008-4816
+ RESERVED
+CVE-2008-4815
+ RESERVED
+CVE-2008-4814
+ RESERVED
+CVE-2008-4813
+ RESERVED
+CVE-2008-4812
+ RESERVED
+CVE-2008-4811 (The _expand_quoted_text function in
libs/Smarty_Compiler.class.php in ...)
+ TODO: check
+CVE-2008-4810 (The _expand_quoted_text function in
libs/Smarty_Compiler.class.php in ...)
+ TODO: check
+CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search
pages in ...)
+ TODO: check
+CVE-2008-4808 (IBM Lotus Connections 2.x before 2.0.1 allows attackers to
discover ...)
+ TODO: check
+CVE-2008-4807 (IBM Lotus Connections 2.x before 2.0.1 stores the password for
the ...)
+ TODO: check
+CVE-2008-4806 (Multiple SQL injection vulnerabilities in IBM Lotus Connections
2.x ...)
+ TODO: check
+CVE-2008-4805 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus
...)
+ TODO: check
+CVE-2008-4804 (SQL injection vulnerability in the Gallery module 1.3 for
PHP-Nuke ...)
+ TODO: check
+CVE-2008-4803 (Cross-site scripting (XSS) vulnerability in index.php in Simple
PHP ...)
+ TODO: check
+CVE-2008-4802 (Cross-site scripting (XSS) vulnerability in complete.php in
Simple PHP ...)
+ TODO: check
CVE-2008-XXXX [buffer overflow via large mailbox in dmail/tmail of uw-imap]
- uw-imap 7:2007d~dfsg-1
NOTE: CVE id requested on oss-sec
@@ -1165,8 +1322,7 @@
RESERVED
CVE-2008-4310
RESERVED
-CVE-2008-4309 [DoS in getbulk handling code in net-snmp]
- RESERVED
+CVE-2008-4309 (The getbulk code in net-snmp 5.4 before 5.4.2.1, 5.3 before
5.3.2.3, ...)
- net-snmp <unfixed> (bug #504150)
CVE-2008-4308
RESERVED
@@ -3176,7 +3332,7 @@
RESERVED
CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in ...)
- jasper 1.900.1-5.1 (medium; bug #501021)
-CVE-2008-3521 (The jas_stream_tmpfile function in libjasper/base/jas_stream.c
in ...)
+CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in ...)
- jasper 1.900.1-5.1 (unimportant; bug #501021)
NOTE: file is opened with O_EXCL even if tmpnam is used in this case
CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...)
@@ -7108,6 +7264,7 @@
CVE-2008-1805 (Incomplete blacklist vulnerability in Skype 3.6.0.248, and other
...)
NOT-FOR-US: Skype
CVE-2008-1804 (preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does
not ...)
+ {DTSA-173-1}
- snort 2.7.0-20 (low; bug #483160)
[lenny] - snort 2.7.0-20.2 (low; bug #483160)
[etch] - snort <not-affected> (Only 2.6 and 2.8 are affected)
@@ -11973,8 +12130,8 @@
[etch] - linux-2.6 <not-affected> (Only Linux 2.6.23 and above affected)
CVE-2007-6433 (The getRenderedEjbql method in the
org.jboss.seam.framework.Query ...)
- jbosseam <itp> (bug #451956)
-CVE-2007-6432
- RESERVED
+CVE-2007-6432 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker
7.0.1 ...)
+ TODO: check
CVE-2007-6431 (Unspecified vulnerability in Adobe Flash Media Server 2 before
2.0.5, ...)
NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before
1.4.16, and ...)
@@ -13031,7 +13188,7 @@
RESERVED
CVE-2007-6022
RESERVED
-CVE-2007-6021 (Heap-based buffer overflow in Adobe PageMaker 7.0.1 allows ...)
+CVE-2007-6021 (Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2
allows ...)
NOT-FOR-US: Adobe PageMaker
CVE-2007-6020 (Multiple stack-based buffer overflows in foliosr.dll in the
Folio Flat ...)
NOT-FOR-US: KeyView
@@ -15240,7 +15397,7 @@
CVE-2007-5395 (Stack-based buffer overflow in the separate_word function in
...)
{DSA-1432-1}
- link-grammar 4.2.5-1 (medium; bug #450695)
-CVE-2007-5394 (Stack-based buffer overflow in Adobe PageMaker 7.0.1 allows ...)
+CVE-2007-5394 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker
7.0.1 ...)
NOT-FOR-US: Adobe PageMaker
CVE-2007-5393 (Heap-based buffer overflow in the CCITTFaxStream::lookChar
method in ...)
{DSA-1537-1 DSA-1509-1 DSA-1480-1 DSA-1408-1 DTSA-85-1 DTSA-86-1}