[Secure-testing-commits] r9046 - data/CVE
Author: joeyh Date: 2008-06-12 09:14:16 + (Thu, 12 Jun 2008) New Revision: 9046 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2008-06-11 22:17:13 UTC (rev 9045) +++ data/CVE/list 2008-06-12 09:14:16 UTC (rev 9046) @@ -1,6 +1,254 @@ +CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...) + TODO: check +CVE-2008-2684 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...) + TODO: check +CVE-2008-2683 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...) + TODO: check +CVE-2008-2682 (_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote ...) + TODO: check +CVE-2008-2681 (Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive ...) + TODO: check +CVE-2008-2680 (Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp ...) + TODO: check +CVE-2008-2679 (SQL injection vulnerability in the KeyWordsList function in ...) + TODO: check +CVE-2008-2678 (Multiple SQL injection vulnerabilities in Telephone Directory 2008, ...) + TODO: check +CVE-2008-2677 (Cross-site scripting (XSS) vulnerability in edit1.php in Telephone ...) + TODO: check +CVE-2008-2676 (SQL injection vulnerability in the iJoomla News Portal ...) + TODO: check +CVE-2008-2675 (Cross-site scripting (XSS) vulnerability in index.php in PHP Image ...) + TODO: check +CVE-2008-2674 (Unspecified vulnerability in the Interstage Management Console, as ...) + TODO: check +CVE-2008-2673 (SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, ...) + TODO: check +CVE-2008-2672 (Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and ...) + TODO: check +CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows ...) + TODO: check +CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...) + TODO: check +CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote ...) + TODO: check +CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 ...) + TODO: check +CVE-2008-2666 + RESERVED +CVE-2008-2665 + RESERVED +CVE-2008-2664 + RESERVED +CVE-2008-2663 + RESERVED +CVE-2008-2662 + RESERVED +CVE-2008-2661 + RESERVED +CVE-2008-2660 + RESERVED +CVE-2008-2659 + RESERVED +CVE-2008-2658 + RESERVED +CVE-2008-2657 + RESERVED +CVE-2008-2656 + RESERVED +CVE-2008-2655 + RESERVED +CVE-2008-2653 + RESERVED +CVE-2008-2652 (Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b ...) + TODO: check +CVE-2008-2651 (SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB ...) + TODO: check +CVE-2008-2650 (Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, ...) + TODO: check +CVE-2008-2649 (Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 ...) + TODO: check +CVE-2008-2648 (Unrestricted file upload vulnerability in upload/uploader.html in ...) + TODO: check +CVE-2008-2647 (SQL injection vulnerability in admin/journal_change_mask.inc.php in ...) + TODO: check +CVE-2008-2646 (Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 ...) + TODO: check +CVE-2008-2645 (Multiple PHP remote file inclusion vulnerabilities in Brim (formerly ...) + TODO: check +CVE-2008-2644 (Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and ...) + TODO: check +CVE-2008-2643 (SQL injection vulnerability in the Bible Study (com_biblestudy) ...) + TODO: check +CVE-2008-2642 (SQL injection vulnerability in login.php in OtomiGenX 2.2 allows ...) + TODO: check +CVE-2008-2641 + RESERVED +CVE-2008-2640 + RESERVED +CVE-2008-2639 + RESERVED +CVE-2008-2638 (Static code injection vulnerability in guestbook.php in 1Book 1.0.1 ...) + TODO: check +CVE-2008-2637 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...) + TODO: check +CVE-2008-2636 (The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 ...) + TODO: check +CVE-2008-2635 (Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow ...) + TODO: check +CVE-2008-2634 (SQL injection vulnerability in index.asp in I-Pos Internet Pay Online ...) + TODO: check +CVE-2008-2633 (Multiple SQL injection vulnerabilities in the EXP JoomRadio ...) + TODO: check +CVE-2008-2632 (SQL injection vulnerability in the acctexp (com_acctexp) component ...) + TODO: check +CVE-2008-2631 (The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows ...) + TODO: check +CVE-2008-2630 (SQL injection vulnerability in the JooBlog
[Secure-testing-commits] r9047 - data/CVE
Author: thomasbl-guest Date: 2008-06-12 09:33:21 + (Thu, 12 Jun 2008) New Revision: 9047 Modified: data/CVE/list Log: opened bug #485919 for vmware-package Modified: data/CVE/list === --- data/CVE/list 2008-06-12 09:14:16 UTC (rev 9046) +++ data/CVE/list 2008-06-12 09:33:21 UTC (rev 9047) @@ -1240,7 +1240,8 @@ CVE-2008-2101 RESERVED CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...) - - vmware-package unfixed + - vmware-package 0.22 (low; bug #485919) + NOTE: it's not a real bug for vmware-package itself, see #484491 CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 ...) - vmware-package not-affected (Windows issue according to CVE) CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (HGFS) ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9048 - data/CVE
Author: nion Date: 2008-06-12 09:48:46 + (Thu, 12 Jun 2008) New Revision: 9048 Modified: data/CVE/list Log: Thomas, again, the version marked in the tracker is the fixed version, not the affected version Modified: data/CVE/list === --- data/CVE/list 2008-06-12 09:33:21 UTC (rev 9047) +++ data/CVE/list 2008-06-12 09:48:46 UTC (rev 9048) @@ -1240,7 +1240,7 @@ CVE-2008-2101 RESERVED CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...) - - vmware-package 0.22 (low; bug #485919) + - vmware-package unfixed (low; bug #485919) NOTE: it's not a real bug for vmware-package itself, see #484491 CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 ...) - vmware-package not-affected (Windows issue according to CVE) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9049 - data/CVE
Author: nion Date: 2008-06-12 10:01:05 + (Thu, 12 Jun 2008) New Revision: 9049 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2008-06-12 09:48:46 UTC (rev 9048) +++ data/CVE/list 2008-06-12 10:01:05 UTC (rev 9049) @@ -1,39 +1,39 @@ CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...) - TODO: check + NOT-FOR-US: Battle Blog CVE-2008-2684 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...) - TODO: check + NOT-FOR-US: Black Ice Barcode CVE-2008-2683 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...) - TODO: check + NOT-FOR-US: Black Ice Barcode CVE-2008-2682 (_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Realm CMS CVE-2008-2681 (Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: Realm CMS CVE-2008-2680 (Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp ...) - TODO: check + NOT-FOR-US: Realm CMS CVE-2008-2679 (SQL injection vulnerability in the KeyWordsList function in ...) - TODO: check + NOT-FOR-US: Realm CMS CVE-2008-2678 (Multiple SQL injection vulnerabilities in Telephone Directory 2008, ...) - TODO: check + NOT-FOR-US: Telephone Directory 2008 CVE-2008-2677 (Cross-site scripting (XSS) vulnerability in edit1.php in Telephone ...) - TODO: check + NOT-FOR-US: Telephone Directory 2008 CVE-2008-2676 (SQL injection vulnerability in the iJoomla News Portal ...) - TODO: check + NOT-FOR-US: com_news_portal component for Joomla! CVE-2008-2675 (Cross-site scripting (XSS) vulnerability in index.php in PHP Image ...) - TODO: check + NOT-FOR-US: PHP Image Gallery CVE-2008-2674 (Unspecified vulnerability in the Interstage Management Console, as ...) - TODO: check + NOT-FOR-US: Interstage Management Console CVE-2008-2673 (SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, ...) - TODO: check + NOT-FOR-US: pNews CVE-2008-2672 (Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and ...) - TODO: check + NOT-FOR-US: ErfurtWiki CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows ...) - TODO: check + NOT-FOR-US: DCFM Blog CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...) - TODO: check + NOT-FOR-US: Insanely Simple Blog CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote ...) - TODO: check + NOT-FOR-US: yBlog CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 ...) - TODO: check + NOT-FOR-US: yBlog CVE-2008-2666 RESERVED CVE-2008-2665 @@ -61,11 +61,11 @@ CVE-2008-2653 RESERVED CVE-2008-2652 (Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b ...) - TODO: check + NOT-FOR-US: SMEWeb CVE-2008-2651 (SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB ...) - TODO: check + NOT-FOR-US: com_joobb component for Joomla! CVE-2008-2650 (Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, ...) - TODO: check + NOT-FOR-US: CMSimple CVE-2008-2649 (Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 ...) TODO: check CVE-2008-2648 (Unrestricted file upload vulnerability in upload/uploader.html in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9050 - data/CVE
Author: nion Date: 2008-06-12 10:18:29 + (Thu, 12 Jun 2008) New Revision: 9050 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2008-06-12 10:01:05 UTC (rev 9049) +++ data/CVE/list 2008-06-12 10:18:29 UTC (rev 9050) @@ -67,21 +67,21 @@ CVE-2008-2650 (Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, ...) NOT-FOR-US: CMSimple CVE-2008-2649 (Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 ...) - TODO: check + NOT-FOR-US: DesktopOnNet CVE-2008-2648 (Unrestricted file upload vulnerability in upload/uploader.html in ...) - TODO: check + NOT-FOR-US: meBiblio CVE-2008-2647 (SQL injection vulnerability in admin/journal_change_mask.inc.php in ...) - TODO: check + NOT-FOR-US: meBiblio CVE-2008-2646 (Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 ...) - TODO: check + NOT-FOR-US: meBiblio CVE-2008-2645 (Multiple PHP remote file inclusion vulnerabilities in Brim (formerly ...) - TODO: check + NOT-FOR-US: Brim CVE-2008-2644 (Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and ...) - TODO: check + NOT-FOR-US: SMEWeb CVE-2008-2643 (SQL injection vulnerability in the Bible Study (com_biblestudy) ...) - TODO: check + NOT-FOR-US: com_biblestudy component for Joomla! CVE-2008-2642 (SQL injection vulnerability in login.php in OtomiGenX 2.2 allows ...) - TODO: check + NOT-FOR-US: OtomiGenX CVE-2008-2641 RESERVED CVE-2008-2640 @@ -89,31 +89,31 @@ CVE-2008-2639 RESERVED CVE-2008-2638 (Static code injection vulnerability in guestbook.php in 1Book 1.0.1 ...) - TODO: check + NOT-FOR-US: 1Book CVE-2008-2637 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...) - TODO: check + NOT-FOR-US: F5 FirePass SSL VPN CVE-2008-2636 (The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 ...) - TODO: check + NOT-FOR-US: Cisco firmware CVE-2008-2635 (Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow ...) - TODO: check + NOT-FOR-US: BitKinex CVE-2008-2634 (SQL injection vulnerability in index.asp in I-Pos Internet Pay Online ...) - TODO: check + NOT-FOR-US: I-Pos Internet Pay Online Store CVE-2008-2633 (Multiple SQL injection vulnerabilities in the EXP JoomRadio ...) - TODO: check + NOT-FOR-US: com_joomradio component for Joomla! CVE-2008-2632 (SQL injection vulnerability in the acctexp (com_acctexp) component ...) - TODO: check + NOT-FOR-US: com_acctexp component for Joomla! CVE-2008-2631 (The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2008-2630 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 ...) - TODO: check + NOT-FOR-US: com_jb2 component for Joomla! CVE-2008-2629 (SQL injection vulnerability in the LifeType (formerly pLog) module for ...) - TODO: check + NOT-FOR-US: LifeType module for Drupal CVE-2008-2628 (SQL injection vulnerability in the eQuotes (com_equotes) component ...) - TODO: check + NOT-FOR-US: com_equotes component for Joomla! CVE-2008-2627 (SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 ...) - TODO: check + NOT-FOR-US: com_idoblog for Joomla! CVE-2008-2626 (SQL injection vulnerability in comment.asp in Battle Blog 1.25 and ...) - TODO: check + NOT-FOR-US: Battle Blog CVE-2008-2625 RESERVED CVE-2008-2624 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r9050 failed
The error message was: Traceback (most recent call last): File bin/update-db, line 73, in ? warnings = db.calculateVulnerabilities(cursor) File /home/secure-testing/production/lib/python/security_db.py, line 1083, in calculateVulnerabilities cursor.execute(DELETE FROM binary_package_status) apsw.IOError: IOError: disk I/O error Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x401c ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9052 - data/CVE
Author: nion Date: 2008-06-12 13:12:08 + (Thu, 12 Jun 2008) New Revision: 9052 Modified: data/CVE/list Log: NFUs CVE-2008-2358 fixed in linux-2.6 2.6.25-4 Modified: data/CVE/list === --- data/CVE/list 2008-06-12 11:00:44 UTC (rev 9051) +++ data/CVE/list 2008-06-12 13:12:08 UTC (rev 9052) @@ -218,35 +218,35 @@ CVE-2008-2576 RESERVED CVE-2008-2574 (Unrestricted file upload vulnerability in admin/Editor/imgupload.php ...) - TODO: check + NOT-FOR-US: FlashBlog CVE-2008-2573 (Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote ...) - TODO: check + NOT-FOR-US: freeSSHd CVE-2008-2572 (SQL injection vulnerability in php/leer_comentarios.php in FlashBlog ...) - TODO: check + NOT-FOR-US: FlashBlog CVE-2008-2571 (Cross-site request forgery (CSRF) vulnerability in LimeSurvey ...) - TODO: check + NOT-FOR-US: LimeSurvey CVE-2008-2570 (Multiple unspecified vulnerabilities in LimeSurvey (formerly ...) - TODO: check + NOT-FOR-US: LimeSurvey CVE-2008-2569 (SQL injection vulnerability in the EasyBook (com_easybook) component ...) - TODO: check + NOT-FOR-US: com_easybook component for Joomla! CVE-2008-2568 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...) - TODO: check + NOT-FOR-US: com_simpleshop component for Joomla! CVE-2008-2567 (Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 ...) - TODO: check + NOT-FOR-US: Fenriru Sleipnir CVE-2008-2566 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Address ...) - TODO: check + NOT-FOR-US: PHP Address Book CVE-2008-2565 (Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and ...) - TODO: check + NOT-FOR-US: PHP Address Book CVE-2008-2564 (SQL injection vulnerability in the JotLoader (com_jotloader) component ...) - TODO: check + NOT-FOR-US: com_jotloader component for Joomla! CVE-2008-2563 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...) - TODO: check + NOT-FOR-US: SamTodo CVE-2008-2562 (SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and ...) - TODO: check + NOT-FOR-US: PowerPhlogger CVE-2008-2561 (Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 ...) - TODO: check + NOT-FOR-US: 427BB CVE-2008-2560 (SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows ...) - TODO: check + NOT-FOR-US: 427BB CVE-2008-2654 [off-by-one in webhttpd.c] RESERVED - motion 3.2.9-3 (low; bug #484572) @@ -286,7 +286,7 @@ CVE-2008-2546 REJECTED CVE-2008-2545 (Skype 3.6.0.248, and other versions before 3.8.0.139, uses a ...) - TODO: check + NOT-FOR-US: Skype CVE-2008-2544 RESERVED CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and ...) @@ -608,9 +608,9 @@ CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ...) NOT-FOR-US: HP Software Update CVE-2008-2389 (opensuse-updater in openSUSE 10.2 allows local users to access ...) - TODO: check + NOT-FOR-US: opensuse-updater CVE-2008-2388 (Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have ...) - TODO: check + NOT-FOR-US: opensuse-updater CVE-2008-2387 RESERVED CVE-2008-2386 @@ -681,7 +681,8 @@ NOT-FOR-US: system-config-network Fedora CVE-2008-2358 (The Datagram Congestion Control Protocol (DCCP) subsystem in the Linux ...) {DSA-1592-1} - TODO: check + - linux-2.6 2.6.25-4 + NOTE: this version casts sizeof to int. This is a module, not a compiled in feature in Debian CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in split.c in ...) {DSA-1587-1} - mtr 0.73-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9053 - data/CVE
Author: nion Date: 2008-06-12 13:36:02 + (Thu, 12 Jun 2008) New Revision: 9053 Modified: data/CVE/list Log: NFUs new linux-2.6 issue (CVE-2008-1673) new net-snmp issue (CVE-2008-0960) Modified: data/CVE/list === --- data/CVE/list 2008-06-12 13:12:08 UTC (rev 9052) +++ data/CVE/list 2008-06-12 13:36:02 UTC (rev 9053) @@ -1902,7 +1902,7 @@ RESERVED - freetype unfixed (medium; bug #485841) CVE-2008-1805 (Incomplete blacklist vulnerability in Skype 3.6.0.248, and other ...) - TODO: check + NOT-FOR-US: Skype CVE-2008-1804 (preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not ...) - snort unfixed (low; bug #483160) [etch] - snort not-affected (Only 2.6 and 2.8 are affected) @@ -2225,7 +2225,7 @@ RESERVED CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 ...) {DSA-1592-1} - TODO: check + - linux-2.6 unfixed (bug #485944) CVE-2008-1672 (OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of ...) {DTSA-136-1} - openssl 0.9.8g-10.1 (bug #483379) @@ -2418,15 +2418,15 @@ CVE-2008-1586 RESERVED CVE-2008-1585 (Apple QuickTime before 7.5 allows remote attackers to execute ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2008-1584 (Stack-based buffer overflow in Apple QuickTime before 7.5 allows ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2008-1583 (Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2008-1582 (Unspecified vulnerability in Apple QuickTime before 7.5 allows remote ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2008-1581 (Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2008-1580 (CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically ...) NOT-FOR-US: CFNetwork Safari Apple Mac OS CVE-2008-1579 (Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote ...) @@ -2724,11 +2724,11 @@ CVE-2008-1454 RESERVED CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista ...) - TODO: check + NOT-FOR-US: Windows Xp CVE-2008-1452 RESERVED CVE-2008-1451 (The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2008-1450 RESERVED CVE-2008-1449 @@ -2740,17 +2740,17 @@ CVE-2008-1446 RESERVED CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Professional ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2008-1444 (Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2008-1443 RESERVED CVE-2008-1442 (Heap-based buffer overflow in the substringData method in Microsoft ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2008-1441 (Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2008-1440 (Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2008-1439 RESERVED CVE-2008-1438 (Unspecified vulnerability in Microsoft Malware Protection Engine ...) @@ -3597,7 +3597,7 @@ CVE-2008-1107 RESERVED CVE-2008-1106 (The management interface in Akamai Client (formerly Red Swoosh) 3322 ...) - TODO: check + NOT-FOR-US: Akamai Client CVE-2008-1105 (Heap-based buffer overflow in the receive_smb_raw function in ...) {DSA-1590-1} - samba 1:3.0.30-1 (medium; bug #483410) @@ -3922,7 +3922,7 @@ CVE-2008-0961 (EMV DiskXtender 6.20.060 has a hard-coded login and password, which ...) NOT-FOR-US: EMC DiskXtender CVE-2008-0960 (SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x ...) - TODO: check + - net-snmp unfixed (medium; bug #485944) CVE-2008-0959 (Multiple stack-based buffer overflows in the Online Media Technologies ...) NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2 CVE-2008-0958 (Multiple stack-based buffer overflows in the Online Media Technologies ...) @@ -3930,7 +3930,7 @@ CVE-2008-0957 (Multiple stack-based buffer overflows in the PhotoStockPlus Uploader ...) NOT-FOR-US: PhotoStockPlus Uploader Tool ActiveX control CVE-2008-0956 (Multiple stack-based buffer overflows in the BackWeb Lite Install ...) - TODO: check + NOT-FOR-US: BackWeb Lite Install CVE-2008-0955 (Stack-based buffer overflow in the Creative Software AutoUpdate Engine ...) NOT-FOR-US: CTSUEng.ocx CVE-2008-0954
[Secure-testing-commits] Processing r9053 failed
The error message was: Traceback (most recent call last): File bin/update-db, line 73, in ? warnings = db.calculateVulnerabilities(cursor) File /home/secure-testing/production/lib/python/security_db.py, line 1083, in calculateVulnerabilities cursor.execute(DELETE FROM binary_package_status) apsw.IOError: IOError: disk I/O error Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x401c ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9055 - data/CVE
Author: nion Date: 2008-06-12 14:44:16 + (Thu, 12 Jun 2008) New Revision: 9055 Modified: data/CVE/list Log: CVE-2008-1673 fixed in linux-2.6 2.6.25-5 Modified: data/CVE/list === --- data/CVE/list 2008-06-12 14:24:01 UTC (rev 9054) +++ data/CVE/list 2008-06-12 14:44:16 UTC (rev 9055) @@ -2229,7 +2229,7 @@ RESERVED CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 ...) {DSA-1592-1} - - linux-2.6 unfixed (bug #485944) + - linux-2.6 2.6.25-5 (bug #485944) CVE-2008-1672 (OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of ...) {DTSA-136-1} - openssl 0.9.8g-10.1 (bug #483379) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9056 - data/CVE
Author: nion Date: 2008-06-12 14:55:02 + (Thu, 12 Jun 2008) New Revision: 9056 Modified: data/CVE/list Log: gallery not affected by recent gallery2 security issues Modified: data/CVE/list === --- data/CVE/list 2008-06-12 14:44:16 UTC (rev 9055) +++ data/CVE/list 2008-06-12 14:55:02 UTC (rev 9056) @@ -1,7 +1,7 @@ CVE-2008- [gallery multiple security issues] - gallery2 unfixed (low; bug #485947) + - gallery not-affected (Vulnerable code not present, different codebase) NOTE: CVE id request was already on oss-security - TODO: check gallery CVE-2008- [typo3 code execution xss] - typo3 unfixed (bug #485814) NOTE: CVE id requested ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9057 - data/CVE
Author: nion Date: 2008-06-12 15:08:14 + (Thu, 12 Jun 2008) New Revision: 9057 Modified: data/CVE/list Log: typo3 issues fixed in typo3-src 4.1.7-1 Modified: data/CVE/list === --- data/CVE/list 2008-06-12 14:55:02 UTC (rev 9056) +++ data/CVE/list 2008-06-12 15:08:14 UTC (rev 9057) @@ -3,7 +3,7 @@ - gallery not-affected (Vulnerable code not present, different codebase) NOTE: CVE id request was already on oss-security CVE-2008- [typo3 code execution xss] - - typo3 unfixed (bug #485814) + - typo3-src 4.1.7-1 (bug #485814) NOTE: CVE id requested CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...) NOT-FOR-US: Battle Blog ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9058 - in data: CVE DSA
Author: thijs Date: 2008-06-12 17:15:28 + (Thu, 12 Jun 2008) New Revision: 9058 Modified: data/CVE/list data/DSA/list Log: DSA-1596-1 typo3 DSA-1597-1 mt-daapd Modified: data/CVE/list === --- data/CVE/list 2008-06-12 15:08:14 UTC (rev 9057) +++ data/CVE/list 2008-06-12 17:15:28 UTC (rev 9058) @@ -5,6 +5,7 @@ CVE-2008- [typo3 code execution xss] - typo3-src 4.1.7-1 (bug #485814) NOTE: CVE id requested + NOTE: fixed in DSA 1596-1, but no CVE yet CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...) NOT-FOR-US: Battle Blog CVE-2008-2684 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...) Modified: data/DSA/list === --- data/DSA/list 2008-06-12 15:08:14 UTC (rev 9057) +++ data/DSA/list 2008-06-12 17:15:28 UTC (rev 9058) @@ -1,3 +1,8 @@ +[12 Jun 2008] DSA-1597-1 mt-daapd - several vulnerabilities + {CVE-2007-5824 CVE-2007-5825 CVE-2008-1771} + [etch] - mt-daapd 0.2.4+r1376-1.1+etch1 +[12 Jun 2008] DSA-1596-1 typo3-src - several vulnerabilities + [etch] - typo3-src 4.0.2+debian-5 [11 Jun 2008] DSA-1595-1 xorg-server - several vulnerabilities {CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362} [etch] - xorg-server 2:1.1.1-21etch5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9059 - in data: CVE NMU
Author: nion Date: 2008-06-12 20:44:57 + (Thu, 12 Jun 2008) New Revision: 9059 Modified: data/CVE/list data/NMU/list Log: CVE-2008-0960 fixed in net-snmp 5.4.1~dfsg-8.1 Modified: data/CVE/list === --- data/CVE/list 2008-06-12 17:15:28 UTC (rev 9058) +++ data/CVE/list 2008-06-12 20:44:57 UTC (rev 9059) @@ -3927,7 +3927,7 @@ CVE-2008-0961 (EMV DiskXtender 6.20.060 has a hard-coded login and password, which ...) NOT-FOR-US: EMC DiskXtender CVE-2008-0960 (SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x ...) - - net-snmp unfixed (medium; bug #485944) + - net-snmp 5.4.1~dfsg-8.1 (medium; bug #485944) CVE-2008-0959 (Multiple stack-based buffer overflows in the Online Media Technologies ...) NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2 CVE-2008-0958 (Multiple stack-based buffer overflows in the Online Media Technologies ...) Modified: data/NMU/list === --- data/NMU/list 2008-06-12 17:15:28 UTC (rev 9058) +++ data/NMU/list 2008-06-12 20:44:57 UTC (rev 9059) @@ -107,3 +107,4 @@ 2008-06-07 evolution 2.22.2-1.1 2008-06-08 roundup 1.4.4-1.1 2008-06-10 courier-authlib 0.60.1-2.1 +2008-06-12 net-snmp 5.4.1~dfsg-8.1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits