Author: stef-guest
Date: 2007-05-17 10:32:14 +0000 (Thu, 17 May 2007)
New Revision: 5860

Modified:
   data/CVE/list
Log:
CVE-2007-2645 new libexif issue
CVE-2007-269[1-3] new mysql issues
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-05-17 09:43:04 UTC (rev 5859)
+++ data/CVE/list       2007-05-17 10:32:14 UTC (rev 5860)
@@ -27,27 +27,33 @@
 CVE-2007-2702 (Cross-site scripting (XSS) vulnerability in the GroupSpace 
application ...)
        TODO: check
 CVE-2007-2701 (The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 
and 8.1 ...)
-       TODO: check
+       NOT-FOR-US: BEA WebLogic 
 CVE-2007-2700 (The WLST script generated by the configToScript command in BEA 
...)
-       TODO: check
+       NOT-FOR-US: BEA WebLogic 
 CVE-2007-2699 (The Administration Console in BEA WebLogic Express and WebLogic 
Server ...)
-       TODO: check
+       NOT-FOR-US: BEA WebLogic 
 CVE-2007-2698 (The Administration Console in BEA WebLogic Server 9.0 may show 
...)
-       TODO: check
+       NOT-FOR-US: BEA WebLogic 
 CVE-2007-2697 (The embedded LDAP server in BEA WebLogic Express and WebLogic 
Server ...)
-       TODO: check
+       NOT-FOR-US: BEA WebLogic 
 CVE-2007-2696 (The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 
through ...)
-       TODO: check
+       NOT-FOR-US: BEA WebLogic 
 CVE-2007-2695 (The HttpClusterServlet and HttpProxyServlet in BEA WebLogic 
Express ...)
-       TODO: check
+       NOT-FOR-US: BEA WebLogic 
 CVE-2007-2694 (Multiple cross-site scripting (XSS) vulnerabilities in BEA 
WebLogic ...)
-       TODO: check
+       NOT-FOR-US: BEA WebLogic 
 CVE-2007-2693 (MySQL before 5.1.18 allows remote authenticated users without 
SELECT ...)
-       TODO: check
+       - mysql-dfsg-5.0 <unfixed> (bug #424778)
+       [sarge] - mysql-dfsg-4.1 <unfixed> (bug #424830)
+       [sarge] - mysql-dfsg <unfixed>
 CVE-2007-2692 (The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 
5.1.x ...)
-       TODO: check
+       - mysql-dfsg-5.0 5.0.41-1 (bug #424778)
+       [sarge] - mysql-dfsg-4.1 <unfixed> (bug #424830)
+       [sarge] - mysql-dfsg <unfixed>
 CVE-2007-2691 (MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 
5.1.18 does ...)
-       TODO: check
+       - mysql-dfsg-5.0 <unfixed> (bug #424778)
+       [sarge] - mysql-dfsg-4.1 <unfixed> (bug #424830)
+       [sarge] - mysql-dfsg <unfixed>
 CVE-2007-2690 (Multiple IBM ISS Proventia Series products, including the A, G, 
and M ...)
        TODO: check
 CVE-2007-2689 (Check Point Web Intelligence does not properly handle certain 
...)
@@ -139,7 +145,7 @@
 CVE-2007-2646 (Heap-based buffer overflow in yEnc32 1.0.7.207 allows 
user-assisted ...)
        TODO: check
 CVE-2007-2645 (Integer overflow in the exif_data_load_data_entry function in 
...)
-       TODO: check
+       - libexif <unfixed> (bug #424775)
 CVE-2007-2644 (A certain ActiveX control in Morovia Barcode ActiveX 
Professional ...)
        TODO: check
 CVE-2007-2643 (Directory traversal vulnerability in phpThumb.php in PinkCrow 
Designs ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to