Author: keescook-guest
Date: 2007-03-08 20:11:21 +0000 (Thu, 08 Mar 2007)
New Revision: 5525
Modified:
data/CVE/list
data/embedded-code-copies
Log:
NFUs: 6
unfixed: mplayer viewcvs xine-lib
fixed: iceweasel libapache2-mod-python xulrunner
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-03-08 09:14:17 UTC (rev 5524)
+++ data/CVE/list 2007-03-08 20:11:21 UTC (rev 5525)
@@ -137,7 +137,8 @@
CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs
...)
NOT-FOR-US: aWebNews
CVE-2007-1246 (The DMO_VideoDecoder_Open function in
loader/dmo/DMO_VideoDecoder.c in ...)
- TODO: check
+ - mplayer <unfixed> (medium)
+ - xine-lib <unfixed> (medium)
CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of
service ...)
NOT-FOR-US: IrfanView
CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the
AdminPanel in ...)
@@ -151,9 +152,9 @@
CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo
CMS ...)
NOT-FOR-US: Docebo CMS
CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office
CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive
...)
NOT-FOR-US: sitex
CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information
via a ...)
@@ -187,9 +188,9 @@
CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and
Drop by ...)
NOT-FOR-US: Parallels Desktop
CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does
not ...)
- TODO: check
+ NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in
Admin ...)
NOT-FOR-US: Phorum
CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in
libcapi, as ...)
@@ -304,7 +305,7 @@
CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL
4.01.02 and ...)
NOT-FOR-US: webSPELL
CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement
Project ...)
- TODO: check
+ NOT-FOR-US: Common Controls ActiveX control
CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in
Call ...)
NOT-FOR-US: Call Center Software
CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok
when ...)
@@ -340,11 +341,11 @@
CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g
allows ...)
NOT-FOR-US: Oracle Database Server
CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the ...)
- TODO: check
+ - viewcvs <unfixed> (low)
CVE-2005-4830 (CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows
remote ...)
- viewcvs <unfixed> (low)
CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not
properly ...)
- TODO: check
+ - libapache2-mod-python 3.2.8-1 (low)
CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in
the ...)
- tcpdump 3.9.5-2 (bug #413430; medium)
CVE-2007-XXXX [puttygen can create world-readable private keys]
@@ -759,7 +760,7 @@
CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0
SP6 ...)
NOT-FOR-US: PGPFreeware
CVE-2002-2223 (Buffer overflow in NetScreen-Remote 8.0 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: NetScreen-Remote
CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before
isakmpd-20020403_1, and ...)
NOT-FOR-US: FreeBSD
CVE-2007-XXXX [vserver patch allows renice of processes in different context]
@@ -867,7 +868,9 @@
CVE-2007-0997
RESERVED
CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x
before ...)
- TODO: check
+ NOTE: MFSA-2007-02
+ - iceweasel 2.0.0.2+dfsg-1 (low)
+ - xulrunner 1.8.0.10-1 (low)
CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and
SeaMonkey ...)
NOTE: MFSA-2007-02
- iceweasel 2.0.0.2+dfsg-1 (low)
@@ -1322,7 +1325,7 @@
NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-",
NOTE: which probably turns this into remote code execution
NOTE: clamav can also call unrar -p-, but AFAICS not in default
configuration
- TODO: unrar-free and clamav (which embeds unrar-free code) need to be
checked
+ NOTE: unrar-free and clamav (which embeds unrar-free code) not affected
CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in
cPanel ...)
NOT-FOR-US: cPanel WebHost Manager
CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote
attackers ...)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2007-03-08 09:14:17 UTC (rev 5524)
+++ data/embedded-code-copies 2007-03-08 20:11:21 UTC (rev 5525)
@@ -252,3 +252,5 @@
unrar-free: (maybe this code is derived from the original rar, too?)
clamav (seems to be disabled in default config)
+mplayer:
+xine-lib (libw32dll)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
