Author: sf Date: 2009-01-03 12:47:25 +0000 (Sat, 03 Jan 2009) New Revision: 10843 Modified: data/CVE/list Log: new: linux (several), konquer (unimportant), netatalk more NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-01-03 12:25:25 UTC (rev 10842) +++ data/CVE/list 2009-01-03 12:47:25 UTC (rev 10843) @@ -128,11 +128,11 @@ - audiofile <unfixed> (medium; bug #510205) TODO: request CVE id CVE-2008-5744 (Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) ...) - - zaptel <unfixed> (bug filed) + - zaptel <unfixed> (bug #510583) CVE-2008-5743 (pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a ...) - - pdfjam <unfixed> (low; bug filed) + - pdfjam <unfixed> (low; bug #510584) CVE-2008-5742 (Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier ...) - TODO: check + NOT-FOR-US: AIST NetCat CVE-2008-5741 RESERVED CVE-2008-5740 @@ -150,39 +150,39 @@ CVE-2008-5734 (Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp ...) NOT-FOR-US: IceWarp Software Merak Mail Server CVE-2008-5733 (SQL injection vulnerability in blog.php in the Team Impact TI Blog ...) - TODO: check + NOT-FOR-US: Team Impact TI Blog System mod for PHP-Fusion CVE-2008-5732 (Unrestricted file upload vulnerability in lib/image_upload.php in ...) - TODO: check + NOT-FOR-US: KafooeyBlog CVE-2008-5731 (The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP ...) - TODO: check + NOT-FOR-US: PGP Desktop CVE-2008-5730 (Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and ...) - TODO: check + NOT-FOR-US: AIST NetCat CVE-2008-5729 (Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat ...) - TODO: check + NOT-FOR-US: AIST NetCat CVE-2008-5728 (Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and ...) - TODO: check + NOT-FOR-US: AIST NetCat CVE-2008-5727 (SQL injection vulnerability in modules/auth/password_recovery.php in ...) - TODO: check + NOT-FOR-US: AIST NetCat CVE-2008-5726 (SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows ...) - TODO: check + NOT-FOR-US: stormBoards CVE-2008-5725 (The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in ...) - TODO: check + NOT-FOR-US: EnTech Taiwan PowerStrip CVE-2008-5724 (The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ...) - TODO: check + NOT-FOR-US: ESET Smart Security CVE-2008-5723 (Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka ...) - TODO: check + NOT-FOR-US: CGI RESCUE KanniBBS2000 CVE-2008-5722 (Buffer overflow in SAWStudio 3.9i allows user-assisted remote ...) - TODO: check + NOT-FOR-US: SAWStudio CVE-2008-5721 (SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers ...) - TODO: check + NOT-FOR-US: BlackJumboDog CVE-2008-5720 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows ...) - TODO: check + NOT-FOR-US: Mayaa CVE-2008-5719 (Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2 allows remote attackers ...) - TODO: check + - netatalk <unfixed> (bug #510585) CVE-2008-5717 (Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated ...) - TODO: check + NOT-FOR-US: Hitachi CVE-2008-5716 (xend in Xen 3.3.0 does not properly restrict a guest VM''s write access ...) - xen-3 <not-affected> (Vulnerable code never entered Debian) - xen-unstable <not-affected> (Vulnerable code never entered Debian) @@ -196,7 +196,8 @@ [etch] - qemu <not-affected> (Vulnerable code not present) - kvm 82-1 (low; bug #509997) CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux ...) - TODO: check + - linux-2.6 2.6.25-1 + - linux-2.6.24 <removed> CVE-2008-5712 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...) - kdebase <unfixed> (unimportant) NOTE: Browser crashes not treated as security issues @@ -217,15 +218,19 @@ - gpsdrive <unfixed> (low; bug #508597) [etch] - gpsdrive <no-dsa> (Minor issue) CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in ...) - TODO: check + - linux-2.6 <unfixed> + - linux-2.6.24 <removed> CVE-2008-5701 (Array index error in arch/mips/kernel/scall64-o32.S in the Linux ...) - TODO: check + - linux-2.6 <unfixed> + - linux-2.6.24 <removed> CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum ...) - TODO: check + - linux-2.6 <unfixed> + - linux-2.6.24 <removed> CVE-2008-5699 (The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris ...) - TODO: check + NOT-FOR-US: Solaris CVE-2008-5698 (HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 ...) - TODO: check + - konqueror <unfixed> (unimportant) + NOTE: browser crashes not treated as security issues CVE-2008-5697 (The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 ...) NOT-FOR-US: Skype extension CVE-2008-5696 (Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is ...)