[Secure-testing-commits] r6293 - data/CVE

jmm-guest Mon, 13 Aug 2007 10:18:17 -0700

Author: jmm-guest
Date: 2007-08-13 17:18:12 +0000 (Mon, 13 Aug 2007)
New Revision: 6293


Modified:
   data/CVE/list
Log:
openoffice non-issue
NFUs
sisiphos: three closed, two new
zziplib no-dsa
 -- Diese und die folgenden Zeilen werden ignoriert --

M    data/CVE/list


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-08-13 12:30:11 UTC (rev 6292)
+++ data/CVE/list       2007-08-13 17:18:12 UTC (rev 6293)
@@ -31,7 +31,8 @@
 CVE-2007-4252 (Absolute path traversal vulnerability in a certain ActiveX 
control in ...)
        TODO: check
 CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with 
multiple ...)
-       TODO: check
+       - openoffice.org (unimportant)
+       NOTE: Only a crasher with malformed documents
 CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar 
allows ...)
        TODO: check
 CVE-2007-4249 (The isChecked function in Toolbar.DLL in the ExportNation 
toolbar for ...)
@@ -153,17 +154,17 @@
 CVE-2007-4191 (Panda Antivirus 2008 stores service executables under the 
product's ...)
        TODO: check
 CVE-2007-4190 (CRLF injection vulnerability in Joomla! before 1.0.13 (aka 
Sunglow) ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2007-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 
before ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2007-4188 (Session fixation vulnerability in Joomla! before 1.0.13 (aka 
Sunglow) ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2007-4187 (Multiple eval injection vulnerabilities in the com_search 
component in ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2007-4186 (PHP remote file inclusion vulnerability in admin.tour_toto.php 
in the ...)
-       TODO: check
+       NOT-FOR-US: Joomla! addon
 CVE-2007-4185 (Joomla! 1.0.12 allows remote attackers to obtain sensitive 
information ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2007-4184 (SQL injection vulnerability in 
administrator/popups/pollwindow.php in ...)
        TODO: check
 CVE-2007-4183 (SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 
and ...)
@@ -223,9 +224,9 @@
 CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX 
control in ...)
        TODO: check
 CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1 
allows ...)
-       TODO: check
+       - wordpress <unfixed>
 CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in 
WordPress 2.2.1 ...)
-       TODO: check
+       - wordpress <unfixed>
 CVE-2007-4152 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft 
Audit ...)
        TODO: check
 CVE-2007-4151 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft 
Audit ...)
@@ -2524,6 +2525,7 @@
        NOT-FOR-US: phpWebThings
 CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2 
allows ...)
        - wordpress 2.2.1-1 (bug #428073)
+       [etch] - wordpress <not-affected> (Doesn't affect 2.0.x branch)
 CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default 
...)
        NOT-FOR-US: Quick.Cart
 CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution 
...)
@@ -3327,7 +3329,7 @@
        NOT-FOR-US: eTicket
 CVE-2007-2799 (Integer overflow in the &quot;file&quot; program 4.20, when 
running on 32-bit ...)
        {DSA-1343-1}
-       - file 4.21-1 (medium)
+       - file 4.21-1 (medium; bug #428293)
 CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc 
function in ...)
        {DSA-1323-1}
        - krb5 1.6.dfsg.1-5 (high; bug #430785)
@@ -6054,6 +6056,7 @@
        NOT-FOR-US: ScriptMagix
 CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function 
in ...)
        - zziplib <unfixed> (bug #436701; low)
+       [etch] - zziplib <no-dsa> (Minor issue)
        NOTE: 
http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
        NOTE: If an attacker can supply arbitrary file names, we likely suffer 
from
        NOTE: an information disclosure issue anyway.
@@ -7105,6 +7108,7 @@
        NOT-FOR-US: IrfanView
 CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the 
AdminPanel in ...)
        - wordpress 2.1.2-1 (medium)
+       [etch] - wordpress 2.0.10
 CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass 
authentication ...)
        NOT-FOR-US: Audins Audiens
 CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins 
Audiens 3.3 ...)
@@ -7133,6 +7137,7 @@
        NOT-FOR-US: SQLiteManager
 CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
        - wordpress 2.1.2-1 (medium)
+       [etch] - wordpress 2.0.10
 CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ...)
        NOT-FOR-US: Nullsoft ShoutcastServer
 CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 
before Fix ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r6293 - data/CVE

Reply via email to