thr3ads.net - Secure testing commits - [Secure-testing-commits] r10734

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Dec-19 21:14 UTC
[Secure-testing-commits] r10734 - data/CVE

Author: joeyh
Date: 2008-12-19 21:14:10 +0000 (Fri, 19 Dec 2008)
New Revision: 10734

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-12-19 13:48:17 UTC (rev 10733)
+++ data/CVE/list	2008-12-19 21:14:10 UTC (rev 10734)
@@ -1,3 +1,183 @@
+CVE-2008-5678 (Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows
remote ...)
+	TODO: check
+CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2,
and ...)
+	TODO: check
+CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka
...)
+	TODO: check
+CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before
6.0.1.5 ...)
+	TODO: check
+CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet
Network ...)
+	TODO: check
+CVE-2008-5673 (PHParanoid before 0.4 does not properly restrict access to the
members ...)
+	TODO: check
+CVE-2008-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+	TODO: check
+CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla!
1.0.11 ...)
+	TODO: check
+CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old
password ...)
+	TODO: check
+CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka
Txp CMS) ...)
+	TODO: check
+CVE-2008-5668 (Multiple cross-site scripting (XSS) vulnerabilities in
Textpattern ...)
+	TODO: check
+CVE-2008-5667 (The scanning engine in VirusBlokAda VBA32 Personal Antivirus
3.12.8.x ...)
+	TODO: check
+CVE-2008-5666 (WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used,
allows ...)
+	TODO: check
+CVE-2008-5665 (SQL injection vulnerability in index.php in the xhresim module
in ...)
+	TODO: check
+CVE-2008-5664 (Stack-based buffer overflow in Realtek Media Player (aka Realtek
Sound ...)
+	TODO: check
+CVE-2008-5663 (Multiple unrestricted file upload vulnerabilities in Kusaba
1.0.4 and ...)
+	TODO: check
+CVE-2008-5662 (Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for
CLDC ...)
+	TODO: check
+CVE-2008-5661 (The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris
snv_47 ...)
+	TODO: check
+CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error
function ...)
+	TODO: check
+CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2
and ...)
+	TODO: check
+CVE-2008-5658 (Directory traversal vulnerability in the ZipArchive::extractTo
...)
+	TODO: check
+CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3
allows ...)
+	TODO: check
+CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin
for ...)
+	TODO: check
+CVE-2008-5655 (Multiple SQL injection vulnerabilities in MyioSoft
EasyBookMarker 4.0 ...)
+	TODO: check
+CVE-2008-5654 (SQL injection vulnerability in the loginADP function in
ajaxp.php in ...)
+	TODO: check
+CVE-2008-5653 (SQL injection vulnerability in the loginADP function in
ajaxp.php in ...)
+	TODO: check
+CVE-2008-5652 (SQL injection vulnerability in the loginADP function in
ajaxp.php in ...)
+	TODO: check
+CVE-2008-5651 (SQL injection vulnerability in ...)
+	TODO: check
+CVE-2008-5650 (SQL injection vulnerability in the login directory in AlstraSoft
Web ...)
+	TODO: check
+CVE-2008-5649 (SQL injection vulnerability in admin/admin.php in AlstraSoft
Article ...)
+	TODO: check
+CVE-2008-5648 (SQL injection vulnerability in admin/login.php in DeltaScripts
PHP ...)
+	TODO: check
+CVE-2008-5647 (Unspecified vulnerability in the HTML sanitizer filter in Trac
before ...)
+	TODO: check
+CVE-2008-5646 (Unspecified vulnerability in Trac before 0.11.2 allows attackers
to ...)
+	TODO: check
+CVE-2008-5645 (Directory traversal vulnerability in the media server in Orb
Networks ...)
+	TODO: check
+CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend
module in ...)
+	TODO: check
+CVE-2008-5643 (SQL injection vulnerability in the Books (com_books) component
for ...)
+	TODO: check
+CVE-2008-5642 (Directory traversal vulnerability in admin/login.php in CMS Made
...)
+	TODO: check
+CVE-2008-5641 (SQL injection vulnerability in account.asp in Active Photo
Gallery 6.2 ...)
+	TODO: check
+CVE-2008-5640 (SQL injection vulnerability in bidhistory.asp in Active Bids 3.5
...)
+	TODO: check
+CVE-2008-5639 (Directory traversal vulnerability in index.php in TxtBlog 1.0
Alpha ...)
+	TODO: check
+CVE-2008-5638 (Multiple SQL injection vulnerabilities in Active Price
Comparison 4 ...)
+	TODO: check
+CVE-2008-5637 (SQL injection vulnerability in blog.asp in ParsBlogger (Pb)
allows ...)
+	TODO: check
+CVE-2008-5636 (SQL injection vulnerability in cate.php in Lito Lite CMS, when
...)
+	TODO: check
+CVE-2008-5635 (SQL injection vulnerability in account.asp in Active Membership
2.0 ...)
+	TODO: check
+CVE-2008-5634 (SQL injection vulnerability in account.asp in Active Force
Matrix 2.0 ...)
+	TODO: check
+CVE-2008-5633 (SQL injection vulnerability in register.asp in ActiveVotes 2.2
allows ...)
+	TODO: check
+CVE-2008-5632 (SQL injection vulnerability in Account.asp in Active Time
Billing 3.2 ...)
+	TODO: check
+CVE-2008-5631 (SQL injection vulnerability in start.asp in Active eWebquiz 8.0
allows ...)
+	TODO: check
+CVE-2008-5630 (SQL injection vulnerability in merchants/index.php in Post
Affiliate ...)
+	TODO: check
+CVE-2008-5629 (SQL injection vulnerability in index.php in Turnkey Arcade
Script ...)
+	TODO: check
+CVE-2008-5628 (SQL injection vulnerability in index.php in CMS little 0.0.1
allows ...)
+	TODO: check
+CVE-2008-5627 (SQL injection vulnerability in account.asp in Active Trade 2
allows ...)
+	TODO: check
+CVE-2008-5626 (XM Easy Personal FTP Server 5.6.0 allows remote authenticated
users to ...)
+	TODO: check
+CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...)
+	TODO: check
+CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and
...)
+	TODO: check
+CVE-2008-5623
+	RESERVED
+CVE-2008-5620 (RoundCube Webmail (roundcubemail) before 0.2-beta allows remote
...)
+	TODO: check
+CVE-2008-5618 (imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and
3.20 ...)
+	TODO: check
+CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1
does ...)
+	TODO: check
+CVE-2008-5615
+	RESERVED
+CVE-2008-5614
+	RESERVED
+CVE-2008-5613
+	RESERVED
+CVE-2008-5612
+	RESERVED
+CVE-2008-5611
+	RESERVED
+CVE-2008-5610
+	RESERVED
+CVE-2008-5609 (SQL injection vulnerability in the Commerce extension 0.9.6 and
...)
+	TODO: check
+CVE-2008-5608 (ASP AutoDealer stores sensitive information under the web root
with ...)
+	TODO: check
+CVE-2008-5607 (SQL injection vulnerability in the JMovies (aka JM or
com_jmovies) ...)
+	TODO: check
+CVE-2008-5606 (Gazatem QMail Mailing List Manager 1.2 stores sensitive
information ...)
+	TODO: check
+CVE-2008-5605 (Multiple SQL injection vulnerabilities in ASP Portal allow
remote ...)
+	TODO: check
+CVE-2008-5604 (Directory traversal vulnerability in index.php in My Simple
Forum 3.0 ...)
+	TODO: check
+CVE-2008-5603 (ASPTicker 1.0 stores sensitive information under the web root
with ...)
+	TODO: check
+CVE-2008-5602 (Natterchat 1.12 stores sensitive information under the web root
with ...)
+	TODO: check
+CVE-2008-5601 (User Engine Lite ASP stores sensitive information under the web
root ...)
+	TODO: check
+CVE-2008-5600 (Merlix Teamworx Server stores sensitive information under the
web root ...)
+	TODO: check
+CVE-2008-5599 (SQL injection vulnerability in default.asp in Merlix Teamworx
Server ...)
+	TODO: check
+CVE-2008-5598 (Directory traversal vulnerability in index.php in PHPmyGallery
1.51 ...)
+	TODO: check
+CVE-2008-5597 (Cold BBS stores sensitive information under the web root with
...)
+	TODO: check
+CVE-2008-5596 (Ikon AdManager 2.1 and earlier stores sensitive information
under the ...)
+	TODO: check
+CVE-2008-5595 (SQL injection vulnerability in detail.asp in ASP AutoDealer
allows ...)
+	TODO: check
+CVE-2008-5594 (Multiple directory traversal vulnerabilities in index.php in
Mini Blog ...)
+	TODO: check
+CVE-2008-5593 (Multiple directory traversal vulnerabilities in index.php in
Mini CMS ...)
+	TODO: check
+CVE-2008-5592 (Nightfall Personal Diary 1.0 stores sensitive information under
the ...)
+	TODO: check
+CVE-2008-5591 (Cross-site scripting (XSS) vulnerability in login.asp in
Nightfall ...)
+	TODO: check
+CVE-2008-5590 (SQL injection vulnerability in customer.forumtopic.php in
Kalptaru ...)
+	TODO: check
+CVE-2008-5589 (SQL injection vulnerability in processlogin.asp in Katy Whitton
RankEm ...)
+	TODO: check
+CVE-2008-5588 (SQL injection vulnerability in rankup.asp in Katy Whitton RankEm
...)
+	TODO: check
+CVE-2008-5587 (Directory traversal vulnerability in libraries/lib.inc.php in
...)
+	TODO: check
+CVE-2008-5586 (SQL injection vulnerability in findoffice.php in Check Up New
...)
+	TODO: check
+CVE-2008-5585 (Multiple PHP remote file inclusion vulnerabilities in
lcxBBportal 0.1 ...)
+	TODO: check
 CVE-2008-XXXX [wireshark WLCCP infinite loop]
 	- wireshark 1.0.5-1 (low; bug #506741)
 CVE-2007-XXXX [tdiary XSS]
@@ -85,9 +265,9 @@
 	RESERVED
 CVE-2009-0001
 	RESERVED
-CVE-2008-5622 [phpMyAdmin PMASA-2008-10 csrf milw0rm]
+CVE-2008-5622 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
 	- phpmyadmin 4:2.11.8.1-5
-CVE-2008-5621 [phpMyAdmin PMASA-2008-10 csrf]
+CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin
2.11.x ...)
 	- phpmyadmin 4:2.11.8.1-5
 CVE-2008-5584 (Multiple cross-site scripting (XSS) vulnerabilities in
ProjectPier 0.8 ...)
 	TODO: check
@@ -141,8 +321,8 @@
 	TODO: check
 CVE-2008-5559 (SQL injection vulnerability in sendcard.cfm in PostEcards allows
...)
 	TODO: check
-CVE-2008-5558
-	RESERVED
+CVE-2008-5558 (Asterisk Open Source 1.2.26 through 1.2.30.3 and Business
Edition ...)
+	TODO: check
 CVE-2008-5557
 	RESERVED
 CVE-2008-XXXX [phpBB3 Account Re-activation Security Bypass]
@@ -234,76 +414,65 @@
 	RESERVED
 CVE-2008-5514
 	RESERVED
-CVE-2008-5513 [XSS vulnerabilities in SessionStore]
-	RESERVED
+CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in
Mozilla ...)
 	- iceweasel <unfixed>
-CVE-2008-5512 [XBL bindings issue]
-	RESERVED
+CVE-2008-5512 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x
before ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	- xulrunner <unfixed>
-CVE-2008-5511 [XPCNativeWrappers issue]
-	RESERVED
+CVE-2008-5511 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19,
Thunderbird ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	- xulrunner <unfixed>
-CVE-2008-5510 [Escaped null characters ignored by CSS parser]
-	RESERVED
+CVE-2008-5510 (The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x
before ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	- xulrunner <unfixed>
 CVE-2008-5509
 	RESERVED
-CVE-2008-5508 [Errors parsing URLs with leading whitespace and control
characters]
-	RESERVED
+CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19,
Thunderbird ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	- xulrunner <unfixed>
-CVE-2008-5507 [Cross-domain data theft via script redirect error message]
-	RESERVED
+CVE-2008-5507 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19,
Thunderbird ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	- xulrunner <unfixed>
-CVE-2008-5506 [XMLHttpRequest 302 response disclosure]
-	RESERVED
+CVE-2008-5506 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19,
Thunderbird ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	- xulrunner <unfixed>
-CVE-2008-5505 [User tracking via XUL persist attribute]
-	RESERVED
+CVE-2008-5505 (Mozilla Firefox 3.x before 3.0.5 allows remote attackers to
bypass ...)
 	- iceweasel <unfixed>
-CVE-2008-5504
-	RESERVED
-CVE-2008-5503
-	RESERVED
-CVE-2008-5502
-	RESERVED
+CVE-2008-5504 (Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to
run ...)
+	TODO: check
+CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before
...)
+	TODO: check
+CVE-2008-5502 (The layout engine in Mozilla Firefox 3.x before 3.0.5,
Thunderbird 2.x ...)
 	- iceweasel 3.0
 	NOTE: Firefox 3 not affected
 	- iceape 1.1.10-1
 	- xulrunner 1.9.0.1-1
 	- icedove 2.0.0.16-1
-CVE-2008-5501
-	RESERVED
+CVE-2008-5501 (The layout engine in Mozilla Firefox 3.x before 3.0.5,
Thunderbird 2.x ...)
 	- iceweasel 3.0
 	NOTE: Firefox 3 not affected
 	- iceape 1.1.10-1
 	- xulrunner 1.9.0.1-1
 	- icedove 2.0.0.16-1
-CVE-2008-5500
-	RESERVED
+CVE-2008-5500 (The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x
before ...)
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
 	- xulrunner <unfixed>
-CVE-2008-5499
-	RESERVED
+CVE-2008-5499 (Unspecified vulnerability in Adobe Flash Player for Linux
10.0.12.36, ...)
+	TODO: check
 CVE-2008-5498 [segfault and potential security issue in php5''s bundled
libgd''s imagerotate]
 	RESERVED
 	- php5 <not-affected> (php5 links to the shared lib)
@@ -333,13 +502,13 @@
 	NOT-FOR-US: TurnkeyForms Text Link Sales
 CVE-2008-5486 (SQL injection vulnerability in admin.php in TurnkeyForms Text
Link ...)
 	NOT-FOR-US: TurnkeyForms Text Link Sales
-CVE-2008-5616 [mplayer buffer overflow in twinvq parsing]
+CVE-2008-5616 (Stack-based buffer overflow in the demux_open_vqf function in
...)
 	- mplayer 1.0~rc2-19 (low; bug #508803)
 CVE-2008-XXXX [axel URL parser buffer overflow]
 	- axel <unfixed> (low)
 	[etch] - axel <no-dsa> (Minor issue)
 	NOTE: http://alioth.debian.org/forum/forum.php?forum_id=2846
-CVE-2008-5619 [roundcube remote code execution via preg_replace in
html2text.php]
+CVE-2008-5619 (html2text.php in RoundCube Webmail (roundcubemail) 0.2-1.alpha
and ...)
 	- roundcube 0.1.1-9 (high; bug #508628)
 	NOTE: According to the bug report, this is being exploited.
 	- moodle 1.8.2.dfsg-2 (bug #508909)
@@ -1256,8 +1425,7 @@
 	RESERVED
 CVE-2008-5082
 	RESERVED
-CVE-2008-5081 [avahi daemon DoS through zero source port]
-	RESERVED
+CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function ...)
 	- avahi 0.6.23-3 (bug #508700; low)
 CVE-2008-5080 (awstats.pl in AWStats 6.8 and earlier does not properly remove
quote ...)
 	{DSA-1679-1}
@@ -1785,7 +1953,7 @@
 	RESERVED
 CVE-2008-4838
 	RESERVED
-CVE-2008-4837 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007
Gold and ...)
+CVE-2008-4837 (Stack-based buffer overflow in Microsoft Office Word 2000 SP3,
2002 ...)
 	NOT-FOR-US: Microsoft Office Word
 CVE-2008-4836
 	RESERVED
@@ -3048,7 +3216,7 @@
 	RESERVED
 CVE-2008-4311 (The default configuration of system.conf in D-Bus (aka DBus)
before ...)
 	- dbus 1.2.8-1 (bug #508032)
-CVE-2008-4310 (httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5 allows remote
...)
+CVE-2008-4310 (httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red
Hat ...)
 	- ruby <not-affected> (bug #508030)
 	NOTE: Red Hat-specific
 CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function in
...)
@@ -3141,7 +3309,7 @@
 	NOT-FOR-US: Microsoft Office Excel
 CVE-2008-4267
 	RESERVED
-CVE-2008-4266 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3; Excel
Viewer ...)
+CVE-2008-4266 (Arracy index vulnerability in Microsoft Office Excel 2000 SP3,
2002 ...)
 	NOT-FOR-US: Microsoft Office Excel
 CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to
execute ...)
 	NOT-FOR-US: Microsoft Office Excel
@@ -3151,7 +3319,7 @@
 	RESERVED
 CVE-2008-4262
 	RESERVED
-CVE-2008-4261 (Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and
6 on ...)
+CVE-2008-4261 (Stack-based buffer overflow in Microsoft Internet Explorer 5.01
SP4, 6 ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a
deleted ...)
 	NOT-FOR-US: Microsoft Internet Explorer
@@ -3163,9 +3331,9 @@
 	RESERVED
 CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual
...)
 	NOT-FOR-US: Microsoft Visual Basic
-CVE-2008-4255 (The Windows Common ActiveX control in Microsoft Visual Basic
6.0, ...)
+CVE-2008-4255 (The Windows Common ActiveX control (mscomct2.ocx) in Microsoft
Visual ...)
 	NOT-FOR-US: Microsoft Visual Basic
-CVE-2008-4254 (The Hierarchical FlexGrid ActiveX control in Microsoft Visual
Basic ...)
+CVE-2008-4254 (Multiple integer overflows in the Hierarchical FlexGrid ActiveX
...)
 	NOT-FOR-US: Microsoft Visual Basic
 CVE-2008-4253 (The FlexGrid ActiveX control in Microsoft Visual Basic 6.0,
Visual ...)
 	NOT-FOR-US: Microsoft Visual Basic
@@ -3197,14 +3365,14 @@
 	RESERVED
 CVE-2008-4238
 	RESERVED
-CVE-2008-4237
-	RESERVED
-CVE-2008-4236
-	RESERVED
+CVE-2008-4237 (Managed Client in Apple Mac OS X before 10.5.6 sometimes
misidentifies ...)
+	TODO: check
+CVE-2008-4236 (Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6
allows ...)
+	TODO: check
 CVE-2008-4235
 	RESERVED
-CVE-2008-4234
-	RESERVED
+CVE-2008-4234 (Incomplete blacklist vulnerability in the Quarantine feature in
...)
+	TODO: check
 CVE-2008-4233 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod
touch ...)
 	NOT-FOR-US: Apple
 CVE-2008-4232 (Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod
touch ...)
@@ -3225,22 +3393,22 @@
 CVE-2008-4225 (Integer overflow in the xmlBufferResize function in libxml2
2.7.2 ...)
 	{DSA-1666-1}
 	- libxml2 2.6.32.dfsg-5
-CVE-2008-4224
-	RESERVED
-CVE-2008-4223
-	RESERVED
-CVE-2008-4222
-	RESERVED
-CVE-2008-4221
-	RESERVED
-CVE-2008-4220
-	RESERVED
-CVE-2008-4219
-	RESERVED
-CVE-2008-4218
-	RESERVED
-CVE-2008-4217
-	RESERVED
+CVE-2008-4224 (UDF in Apple Mac OS X before 10.5.6 allows user-assisted
attackers to ...)
+	TODO: check
+CVE-2008-4223 (Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows
remote ...)
+	TODO: check
+CVE-2008-4222 (natd in network_cmds in Apple Mac OS X before 10.5.6, when
Internet ...)
+	TODO: check
+CVE-2008-4221 (The strptime API in Libsystem in Apple Mac OS X before 10.5.6
allows ...)
+	TODO: check
+CVE-2008-4220 (Integer overflow in the inet_net_pton API in Libsystem in Apple
Mac OS ...)
+	TODO: check
+CVE-2008-4219 (The kernel in Apple Mac OS X before 10.5.6 allows local users to
cause ...)
+	TODO: check
+CVE-2008-4218 (Multiple integer overflows in the kernel in Apple Mac OS X
before ...)
+	TODO: check
+CVE-2008-4217 (Integer signedness error in BOM in Apple Mac OS X before 10.5.6
allows ...)
+	TODO: check
 CVE-2008-4216 (The plug-in interface in WebKit in Apple Safari before 3.2 does
not ...)
 	TODO: check
 CVE-2008-4215 (Weblog in Mac OS X Server 10.4.11 does not properly check an
error ...)
@@ -3721,11 +3889,11 @@
 	NOT-FOR-US: Microsoft XML Core
 CVE-2008-4028 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007
Gold and ...)
 	NOT-FOR-US: Microsoft Office Word
-CVE-2008-4027 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007
Gold and ...)
+CVE-2008-4027 (Double free vulnerability in Microsoft Office Word 2000 SP3,
2002 SP3, ...)
 	NOT-FOR-US: Microsoft Office Word
 CVE-2008-4026 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007
Gold and ...)
 	NOT-FOR-US: Microsoft Office Word
-CVE-2008-4025 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007
Gold and ...)
+CVE-2008-4025 (Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3,
2003 ...)
 	NOT-FOR-US: Microsoft Office Word
 CVE-2008-4024 (Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for
Mac ...)
 	NOT-FOR-US: Microsoft Office Word
@@ -4816,7 +4984,7 @@
 	NOT-FOR-US: Mac OSX
 CVE-2008-3637 (The Hash-based Message Authentication Code (HMAC) provider in
Java on ...)
 	NOT-FOR-US: Mac OSX
-CVE-2008-3636 (Integer overflow in the Microsoft Windows Kernel
IopfCompleteRequest ...)
+CVE-2008-3636 (Integer overflow in the IopfCompleteRequest API in the kernel in
...)
 	NOT-FOR-US: Apple iTunes
 CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an
...)
 	NOT-FOR-US: Apple Quick Times
Secure testing commits - Dec 2008 - r10734 - data/CVE

[Secure-testing-commits] r10734 - data/CVE
