[Secure-testing-commits] r9046 - data/CVE
Author: joeyh Date: 2008-06-12 09:14:16 + (Thu, 12 Jun 2008) New Revision: 9046 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2008-06-11 22:17:13 UTC (rev 9045) +++ data/CVE/list 2008-06-12 09:14:16 UTC (rev 9046) @@ -1,6 +1,254 @@ +CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...) + TODO: check +CVE-2008-2684 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...) + TODO: check +CVE-2008-2683 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...) + TODO: check +CVE-2008-2682 (_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote ...) + TODO: check +CVE-2008-2681 (Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive ...) + TODO: check +CVE-2008-2680 (Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp ...) + TODO: check +CVE-2008-2679 (SQL injection vulnerability in the KeyWordsList function in ...) + TODO: check +CVE-2008-2678 (Multiple SQL injection vulnerabilities in Telephone Directory 2008, ...) + TODO: check +CVE-2008-2677 (Cross-site scripting (XSS) vulnerability in edit1.php in Telephone ...) + TODO: check +CVE-2008-2676 (SQL injection vulnerability in the iJoomla News Portal ...) + TODO: check +CVE-2008-2675 (Cross-site scripting (XSS) vulnerability in index.php in PHP Image ...) + TODO: check +CVE-2008-2674 (Unspecified vulnerability in the Interstage Management Console, as ...) + TODO: check +CVE-2008-2673 (SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, ...) + TODO: check +CVE-2008-2672 (Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and ...) + TODO: check +CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows ...) + TODO: check +CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...) + TODO: check +CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote ...) + TODO: check +CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 ...) + TODO: check +CVE-2008-2666 + RESERVED +CVE-2008-2665 + RESERVED +CVE-2008-2664 + RESERVED +CVE-2008-2663 + RESERVED +CVE-2008-2662 + RESERVED +CVE-2008-2661 + RESERVED +CVE-2008-2660 + RESERVED +CVE-2008-2659 + RESERVED +CVE-2008-2658 + RESERVED +CVE-2008-2657 + RESERVED +CVE-2008-2656 + RESERVED +CVE-2008-2655 + RESERVED +CVE-2008-2653 + RESERVED +CVE-2008-2652 (Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b ...) + TODO: check +CVE-2008-2651 (SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB ...) + TODO: check +CVE-2008-2650 (Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, ...) + TODO: check +CVE-2008-2649 (Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 ...) + TODO: check +CVE-2008-2648 (Unrestricted file upload vulnerability in upload/uploader.html in ...) + TODO: check +CVE-2008-2647 (SQL injection vulnerability in admin/journal_change_mask.inc.php in ...) + TODO: check +CVE-2008-2646 (Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 ...) + TODO: check +CVE-2008-2645 (Multiple PHP remote file inclusion vulnerabilities in Brim (formerly ...) + TODO: check +CVE-2008-2644 (Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and ...) + TODO: check +CVE-2008-2643 (SQL injection vulnerability in the Bible Study (com_biblestudy) ...) + TODO: check +CVE-2008-2642 (SQL injection vulnerability in login.php in OtomiGenX 2.2 allows ...) + TODO: check +CVE-2008-2641 + RESERVED +CVE-2008-2640 + RESERVED +CVE-2008-2639 + RESERVED +CVE-2008-2638 (Static code injection vulnerability in guestbook.php in 1Book 1.0.1 ...) + TODO: check +CVE-2008-2637 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...) + TODO: check +CVE-2008-2636 (The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 ...) + TODO: check +CVE-2008-2635 (Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow ...) + TODO: check +CVE-2008-2634 (SQL injection vulnerability in index.asp in I-Pos Internet Pay Online ...) + TODO: check +CVE-2008-2633 (Multiple SQL injection vulnerabilities in the EXP JoomRadio ...) + TODO: check +CVE-2008-2632 (SQL injection vulnerability in the acctexp (com_acctexp) component ...) + TODO: check +CVE-2008-2631 (The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows ...) + TODO: check +CVE-2008-2630 (SQL injection vulnerability in the JooBlog
[Secure-testing-commits] r9047 - data/CVE
Author: thomasbl-guest Date: 2008-06-12 09:33:21 + (Thu, 12 Jun 2008) New Revision: 9047 Modified: data/CVE/list Log: opened bug #485919 for vmware-package Modified: data/CVE/list === --- data/CVE/list 2008-06-12 09:14:16 UTC (rev 9046) +++ data/CVE/list 2008-06-12 09:33:21 UTC (rev 9047) @@ -1240,7 +1240,8 @@ CVE-2008-2101 RESERVED CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...) - - vmware-package unfixed + - vmware-package 0.22 (low; bug #485919) + NOTE: it's not a real bug for vmware-package itself, see #484491 CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 ...) - vmware-package not-affected (Windows issue according to CVE) CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (HGFS) ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9048 - data/CVE
Author: nion Date: 2008-06-12 09:48:46 + (Thu, 12 Jun 2008) New Revision: 9048 Modified: data/CVE/list Log: Thomas, again, the version marked in the tracker is the fixed version, not the affected version Modified: data/CVE/list === --- data/CVE/list 2008-06-12 09:33:21 UTC (rev 9047) +++ data/CVE/list 2008-06-12 09:48:46 UTC (rev 9048) @@ -1240,7 +1240,7 @@ CVE-2008-2101 RESERVED CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...) - - vmware-package 0.22 (low; bug #485919) + - vmware-package unfixed (low; bug #485919) NOTE: it's not a real bug for vmware-package itself, see #484491 CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 ...) - vmware-package not-affected (Windows issue according to CVE) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9049 - data/CVE
Author: nion Date: 2008-06-12 10:01:05 + (Thu, 12 Jun 2008) New Revision: 9049 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2008-06-12 09:48:46 UTC (rev 9048) +++ data/CVE/list 2008-06-12 10:01:05 UTC (rev 9049) @@ -1,39 +1,39 @@ CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...) - TODO: check + NOT-FOR-US: Battle Blog CVE-2008-2684 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...) - TODO: check + NOT-FOR-US: Black Ice Barcode CVE-2008-2683 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...) - TODO: check + NOT-FOR-US: Black Ice Barcode CVE-2008-2682 (_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote ...) - TODO: check + NOT-FOR-US: Realm CMS CVE-2008-2681 (Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive ...) - TODO: check + NOT-FOR-US: Realm CMS CVE-2008-2680 (Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp ...) - TODO: check + NOT-FOR-US: Realm CMS CVE-2008-2679 (SQL injection vulnerability in the KeyWordsList function in ...) - TODO: check + NOT-FOR-US: Realm CMS CVE-2008-2678 (Multiple SQL injection vulnerabilities in Telephone Directory 2008, ...) - TODO: check + NOT-FOR-US: Telephone Directory 2008 CVE-2008-2677 (Cross-site scripting (XSS) vulnerability in edit1.php in Telephone ...) - TODO: check + NOT-FOR-US: Telephone Directory 2008 CVE-2008-2676 (SQL injection vulnerability in the iJoomla News Portal ...) - TODO: check + NOT-FOR-US: com_news_portal component for Joomla! CVE-2008-2675 (Cross-site scripting (XSS) vulnerability in index.php in PHP Image ...) - TODO: check + NOT-FOR-US: PHP Image Gallery CVE-2008-2674 (Unspecified vulnerability in the Interstage Management Console, as ...) - TODO: check + NOT-FOR-US: Interstage Management Console CVE-2008-2673 (SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, ...) - TODO: check + NOT-FOR-US: pNews CVE-2008-2672 (Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and ...) - TODO: check + NOT-FOR-US: ErfurtWiki CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows ...) - TODO: check + NOT-FOR-US: DCFM Blog CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...) - TODO: check + NOT-FOR-US: Insanely Simple Blog CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote ...) - TODO: check + NOT-FOR-US: yBlog CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 ...) - TODO: check + NOT-FOR-US: yBlog CVE-2008-2666 RESERVED CVE-2008-2665 @@ -61,11 +61,11 @@ CVE-2008-2653 RESERVED CVE-2008-2652 (Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b ...) - TODO: check + NOT-FOR-US: SMEWeb CVE-2008-2651 (SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB ...) - TODO: check + NOT-FOR-US: com_joobb component for Joomla! CVE-2008-2650 (Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, ...) - TODO: check + NOT-FOR-US: CMSimple CVE-2008-2649 (Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 ...) TODO: check CVE-2008-2648 (Unrestricted file upload vulnerability in upload/uploader.html in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9050 - data/CVE
Author: nion Date: 2008-06-12 10:18:29 + (Thu, 12 Jun 2008) New Revision: 9050 Modified: data/CVE/list Log: NFUs Modified: data/CVE/list === --- data/CVE/list 2008-06-12 10:01:05 UTC (rev 9049) +++ data/CVE/list 2008-06-12 10:18:29 UTC (rev 9050) @@ -67,21 +67,21 @@ CVE-2008-2650 (Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, ...) NOT-FOR-US: CMSimple CVE-2008-2649 (Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 ...) - TODO: check + NOT-FOR-US: DesktopOnNet CVE-2008-2648 (Unrestricted file upload vulnerability in upload/uploader.html in ...) - TODO: check + NOT-FOR-US: meBiblio CVE-2008-2647 (SQL injection vulnerability in admin/journal_change_mask.inc.php in ...) - TODO: check + NOT-FOR-US: meBiblio CVE-2008-2646 (Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 ...) - TODO: check + NOT-FOR-US: meBiblio CVE-2008-2645 (Multiple PHP remote file inclusion vulnerabilities in Brim (formerly ...) - TODO: check + NOT-FOR-US: Brim CVE-2008-2644 (Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and ...) - TODO: check + NOT-FOR-US: SMEWeb CVE-2008-2643 (SQL injection vulnerability in the Bible Study (com_biblestudy) ...) - TODO: check + NOT-FOR-US: com_biblestudy component for Joomla! CVE-2008-2642 (SQL injection vulnerability in login.php in OtomiGenX 2.2 allows ...) - TODO: check + NOT-FOR-US: OtomiGenX CVE-2008-2641 RESERVED CVE-2008-2640 @@ -89,31 +89,31 @@ CVE-2008-2639 RESERVED CVE-2008-2638 (Static code injection vulnerability in guestbook.php in 1Book 1.0.1 ...) - TODO: check + NOT-FOR-US: 1Book CVE-2008-2637 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...) - TODO: check + NOT-FOR-US: F5 FirePass SSL VPN CVE-2008-2636 (The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 ...) - TODO: check + NOT-FOR-US: Cisco firmware CVE-2008-2635 (Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow ...) - TODO: check + NOT-FOR-US: BitKinex CVE-2008-2634 (SQL injection vulnerability in index.asp in I-Pos Internet Pay Online ...) - TODO: check + NOT-FOR-US: I-Pos Internet Pay Online Store CVE-2008-2633 (Multiple SQL injection vulnerabilities in the EXP JoomRadio ...) - TODO: check + NOT-FOR-US: com_joomradio component for Joomla! CVE-2008-2632 (SQL injection vulnerability in the acctexp (com_acctexp) component ...) - TODO: check + NOT-FOR-US: com_acctexp component for Joomla! CVE-2008-2631 (The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows ...) - TODO: check + NOT-FOR-US: MDaemon CVE-2008-2630 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 ...) - TODO: check + NOT-FOR-US: com_jb2 component for Joomla! CVE-2008-2629 (SQL injection vulnerability in the LifeType (formerly pLog) module for ...) - TODO: check + NOT-FOR-US: LifeType module for Drupal CVE-2008-2628 (SQL injection vulnerability in the eQuotes (com_equotes) component ...) - TODO: check + NOT-FOR-US: com_equotes component for Joomla! CVE-2008-2627 (SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 ...) - TODO: check + NOT-FOR-US: com_idoblog for Joomla! CVE-2008-2626 (SQL injection vulnerability in comment.asp in Battle Blog 1.25 and ...) - TODO: check + NOT-FOR-US: Battle Blog CVE-2008-2625 RESERVED CVE-2008-2624 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r9050 failed
The error message was: Traceback (most recent call last): File bin/update-db, line 73, in ? warnings = db.calculateVulnerabilities(cursor) File /home/secure-testing/production/lib/python/security_db.py, line 1083, in calculateVulnerabilities cursor.execute(DELETE FROM binary_package_status) apsw.IOError: IOError: disk I/O error Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x401c ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9052 - data/CVE
Author: nion
Date: 2008-06-12 13:12:08 + (Thu, 12 Jun 2008)
New Revision: 9052
Modified:
data/CVE/list
Log:
NFUs
CVE-2008-2358 fixed in linux-2.6 2.6.25-4
Modified: data/CVE/list
===
--- data/CVE/list 2008-06-12 11:00:44 UTC (rev 9051)
+++ data/CVE/list 2008-06-12 13:12:08 UTC (rev 9052)
@@ -218,35 +218,35 @@
CVE-2008-2576
RESERVED
CVE-2008-2574 (Unrestricted file upload vulnerability in
admin/Editor/imgupload.php ...)
- TODO: check
+ NOT-FOR-US: FlashBlog
CVE-2008-2573 (Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows
remote ...)
- TODO: check
+ NOT-FOR-US: freeSSHd
CVE-2008-2572 (SQL injection vulnerability in php/leer_comentarios.php in
FlashBlog ...)
- TODO: check
+ NOT-FOR-US: FlashBlog
CVE-2008-2571 (Cross-site request forgery (CSRF) vulnerability in LimeSurvey
...)
- TODO: check
+ NOT-FOR-US: LimeSurvey
CVE-2008-2570 (Multiple unspecified vulnerabilities in LimeSurvey (formerly
...)
- TODO: check
+ NOT-FOR-US: LimeSurvey
CVE-2008-2569 (SQL injection vulnerability in the EasyBook (com_easybook)
component ...)
- TODO: check
+ NOT-FOR-US: com_easybook component for Joomla!
CVE-2008-2568 (SQL injection vulnerability in the Simple Shop Galore
(com_simpleshop) ...)
- TODO: check
+ NOT-FOR-US: com_simpleshop component for Joomla!
CVE-2008-2567 (Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir
2.7.1 ...)
- TODO: check
+ NOT-FOR-US: Fenriru Sleipnir
CVE-2008-2566 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
Address ...)
- TODO: check
+ NOT-FOR-US: PHP Address Book
CVE-2008-2565 (Multiple SQL injection vulnerabilities in PHP Address Book
3.1.5 and ...)
- TODO: check
+ NOT-FOR-US: PHP Address Book
CVE-2008-2564 (SQL injection vulnerability in the JotLoader (com_jotloader)
component ...)
- TODO: check
+ NOT-FOR-US: com_jotloader component for Joomla!
CVE-2008-2563 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- TODO: check
+ NOT-FOR-US: SamTodo
CVE-2008-2562 (SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5
and ...)
- TODO: check
+ NOT-FOR-US: PowerPhlogger
CVE-2008-2561 (Multiple cross-site scripting (XSS) vulnerabilities in 427BB
2.3.1 ...)
- TODO: check
+ NOT-FOR-US: 427BB
CVE-2008-2560 (SQL injection vulnerability in showpost.php in 427BB 2.3.1
allows ...)
- TODO: check
+ NOT-FOR-US: 427BB
CVE-2008-2654 [off-by-one in webhttpd.c]
RESERVED
- motion 3.2.9-3 (low; bug #484572)
@@ -286,7 +286,7 @@
CVE-2008-2546
REJECTED
CVE-2008-2545 (Skype 3.6.0.248, and other versions before 3.8.0.139, uses a
...)
- TODO: check
+ NOT-FOR-US: Skype
CVE-2008-2544
RESERVED
CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9
and ...)
@@ -608,9 +608,9 @@
CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the
unsafe (1) ...)
NOT-FOR-US: HP Software Update
CVE-2008-2389 (opensuse-updater in openSUSE 10.2 allows local users to access
...)
- TODO: check
+ NOT-FOR-US: opensuse-updater
CVE-2008-2388 (Multiple off-by-one errors in opensuse-updater in openSUSE 10.2
have ...)
- TODO: check
+ NOT-FOR-US: opensuse-updater
CVE-2008-2387
RESERVED
CVE-2008-2386
@@ -681,7 +681,8 @@
NOT-FOR-US: system-config-network Fedora
CVE-2008-2358 (The Datagram Congestion Control Protocol (DCCP) subsystem in
the Linux ...)
{DSA-1592-1}
- TODO: check
+ - linux-2.6 2.6.25-4
+ NOTE: this version casts sizeof to int. This is a module, not a
compiled in feature in Debian
CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in
split.c in ...)
{DSA-1587-1}
- mtr 0.73-1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9053 - data/CVE
Author: nion
Date: 2008-06-12 13:36:02 + (Thu, 12 Jun 2008)
New Revision: 9053
Modified:
data/CVE/list
Log:
NFUs
new linux-2.6 issue (CVE-2008-1673)
new net-snmp issue (CVE-2008-0960)
Modified: data/CVE/list
===
--- data/CVE/list 2008-06-12 13:12:08 UTC (rev 9052)
+++ data/CVE/list 2008-06-12 13:36:02 UTC (rev 9053)
@@ -1902,7 +1902,7 @@
RESERVED
- freetype unfixed (medium; bug #485841)
CVE-2008-1805 (Incomplete blacklist vulnerability in Skype 3.6.0.248, and
other ...)
- TODO: check
+ NOT-FOR-US: Skype
CVE-2008-1804 (preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does
not ...)
- snort unfixed (low; bug #483160)
[etch] - snort not-affected (Only 2.6 and 2.8 are affected)
@@ -2225,7 +2225,7 @@
RESERVED
CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before
2.4.36.6 ...)
{DSA-1592-1}
- TODO: check
+ - linux-2.6 unfixed (bug #485944)
CVE-2008-1672 (OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a
denial of ...)
{DTSA-136-1}
- openssl 0.9.8g-10.1 (bug #483379)
@@ -2418,15 +2418,15 @@
CVE-2008-1586
RESERVED
CVE-2008-1585 (Apple QuickTime before 7.5 allows remote attackers to execute
...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1584 (Stack-based buffer overflow in Apple QuickTime before 7.5
allows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1583 (Heap-based buffer overflow in Apple QuickTime before 7.5 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1582 (Unspecified vulnerability in Apple QuickTime before 7.5 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1581 (Heap-based buffer overflow in Apple QuickTime before 7.5 on
Windows ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2008-1580 (CFNetwork in Safari in Apple Mac OS X before 10.5.3
automatically ...)
NOT-FOR-US: CFNetwork Safari Apple Mac OS
CVE-2008-1579 (Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote
...)
@@ -2724,11 +2724,11 @@
CVE-2008-1454
RESERVED
CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and
Vista ...)
- TODO: check
+ NOT-FOR-US: Windows Xp
CVE-2008-1452
RESERVED
CVE-2008-1451 (The WINS service on Microsoft Windows 2000 SP4, and Server 2003
SP1 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2008-1450
RESERVED
CVE-2008-1449
@@ -2740,17 +2740,17 @@
CVE-2008-1446
RESERVED
CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP
Professional ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2008-1444 (Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on
...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2008-1443
RESERVED
CVE-2008-1442 (Heap-based buffer overflow in the substringData method in
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2008-1441 (Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2,
Vista Gold ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2008-1440 (Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2,
does ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2008-1439
RESERVED
CVE-2008-1438 (Unspecified vulnerability in Microsoft Malware Protection
Engine ...)
@@ -3597,7 +3597,7 @@
CVE-2008-1107
RESERVED
CVE-2008-1106 (The management interface in Akamai Client (formerly Red Swoosh)
3322 ...)
- TODO: check
+ NOT-FOR-US: Akamai Client
CVE-2008-1105 (Heap-based buffer overflow in the receive_smb_raw function in
...)
{DSA-1590-1}
- samba 1:3.0.30-1 (medium; bug #483410)
@@ -3922,7 +3922,7 @@
CVE-2008-0961 (EMV DiskXtender 6.20.060 has a hard-coded login and password,
which ...)
NOT-FOR-US: EMC DiskXtender
CVE-2008-0960 (SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1,
5.3.x ...)
- TODO: check
+ - net-snmp unfixed (medium; bug #485944)
CVE-2008-0959 (Multiple stack-based buffer overflows in the Online Media
Technologies ...)
NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2
CVE-2008-0958 (Multiple stack-based buffer overflows in the Online Media
Technologies ...)
@@ -3930,7 +3930,7 @@
CVE-2008-0957 (Multiple stack-based buffer overflows in the PhotoStockPlus
Uploader ...)
NOT-FOR-US: PhotoStockPlus Uploader Tool ActiveX control
CVE-2008-0956 (Multiple stack-based buffer overflows in the BackWeb Lite
Install ...)
- TODO: check
+ NOT-FOR-US: BackWeb Lite Install
CVE-2008-0955 (Stack-based buffer overflow in the Creative Software AutoUpdate
Engine ...)
NOT-FOR-US: CTSUEng.ocx
CVE-2008-0954
[Secure-testing-commits] Processing r9053 failed
The error message was: Traceback (most recent call last): File bin/update-db, line 73, in ? warnings = db.calculateVulnerabilities(cursor) File /home/secure-testing/production/lib/python/security_db.py, line 1083, in calculateVulnerabilities cursor.execute(DELETE FROM binary_package_status) apsw.IOError: IOError: disk I/O error Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x401c ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9055 - data/CVE
Author: nion
Date: 2008-06-12 14:44:16 + (Thu, 12 Jun 2008)
New Revision: 9055
Modified:
data/CVE/list
Log:
CVE-2008-1673 fixed in linux-2.6 2.6.25-5
Modified: data/CVE/list
===
--- data/CVE/list 2008-06-12 14:24:01 UTC (rev 9054)
+++ data/CVE/list 2008-06-12 14:44:16 UTC (rev 9055)
@@ -2229,7 +2229,7 @@
RESERVED
CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before
2.4.36.6 ...)
{DSA-1592-1}
- - linux-2.6 unfixed (bug #485944)
+ - linux-2.6 2.6.25-5 (bug #485944)
CVE-2008-1672 (OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a
denial of ...)
{DTSA-136-1}
- openssl 0.9.8g-10.1 (bug #483379)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9056 - data/CVE
Author: nion Date: 2008-06-12 14:55:02 + (Thu, 12 Jun 2008) New Revision: 9056 Modified: data/CVE/list Log: gallery not affected by recent gallery2 security issues Modified: data/CVE/list === --- data/CVE/list 2008-06-12 14:44:16 UTC (rev 9055) +++ data/CVE/list 2008-06-12 14:55:02 UTC (rev 9056) @@ -1,7 +1,7 @@ CVE-2008- [gallery multiple security issues] - gallery2 unfixed (low; bug #485947) + - gallery not-affected (Vulnerable code not present, different codebase) NOTE: CVE id request was already on oss-security - TODO: check gallery CVE-2008- [typo3 code execution xss] - typo3 unfixed (bug #485814) NOTE: CVE id requested ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9057 - data/CVE
Author: nion Date: 2008-06-12 15:08:14 + (Thu, 12 Jun 2008) New Revision: 9057 Modified: data/CVE/list Log: typo3 issues fixed in typo3-src 4.1.7-1 Modified: data/CVE/list === --- data/CVE/list 2008-06-12 14:55:02 UTC (rev 9056) +++ data/CVE/list 2008-06-12 15:08:14 UTC (rev 9057) @@ -3,7 +3,7 @@ - gallery not-affected (Vulnerable code not present, different codebase) NOTE: CVE id request was already on oss-security CVE-2008- [typo3 code execution xss] - - typo3 unfixed (bug #485814) + - typo3-src 4.1.7-1 (bug #485814) NOTE: CVE id requested CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...) NOT-FOR-US: Battle Blog ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9058 - in data: CVE DSA
Author: thijs
Date: 2008-06-12 17:15:28 + (Thu, 12 Jun 2008)
New Revision: 9058
Modified:
data/CVE/list
data/DSA/list
Log:
DSA-1596-1 typo3 DSA-1597-1 mt-daapd
Modified: data/CVE/list
===
--- data/CVE/list 2008-06-12 15:08:14 UTC (rev 9057)
+++ data/CVE/list 2008-06-12 17:15:28 UTC (rev 9058)
@@ -5,6 +5,7 @@
CVE-2008- [typo3 code execution xss]
- typo3-src 4.1.7-1 (bug #485814)
NOTE: CVE id requested
+ NOTE: fixed in DSA 1596-1, but no CVE yet
CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25
Build 4 ...)
NOT-FOR-US: Battle Blog
CVE-2008-2684 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in
Black ...)
Modified: data/DSA/list
===
--- data/DSA/list 2008-06-12 15:08:14 UTC (rev 9057)
+++ data/DSA/list 2008-06-12 17:15:28 UTC (rev 9058)
@@ -1,3 +1,8 @@
+[12 Jun 2008] DSA-1597-1 mt-daapd - several vulnerabilities
+ {CVE-2007-5824 CVE-2007-5825 CVE-2008-1771}
+ [etch] - mt-daapd 0.2.4+r1376-1.1+etch1
+[12 Jun 2008] DSA-1596-1 typo3-src - several vulnerabilities
+ [etch] - typo3-src 4.0.2+debian-5
[11 Jun 2008] DSA-1595-1 xorg-server - several vulnerabilities
{CVE-2008-1377 CVE-2008-1379 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362}
[etch] - xorg-server 2:1.1.1-21etch5
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r9059 - in data: CVE NMU
Author: nion Date: 2008-06-12 20:44:57 + (Thu, 12 Jun 2008) New Revision: 9059 Modified: data/CVE/list data/NMU/list Log: CVE-2008-0960 fixed in net-snmp 5.4.1~dfsg-8.1 Modified: data/CVE/list === --- data/CVE/list 2008-06-12 17:15:28 UTC (rev 9058) +++ data/CVE/list 2008-06-12 20:44:57 UTC (rev 9059) @@ -3927,7 +3927,7 @@ CVE-2008-0961 (EMV DiskXtender 6.20.060 has a hard-coded login and password, which ...) NOT-FOR-US: EMC DiskXtender CVE-2008-0960 (SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x ...) - - net-snmp unfixed (medium; bug #485944) + - net-snmp 5.4.1~dfsg-8.1 (medium; bug #485944) CVE-2008-0959 (Multiple stack-based buffer overflows in the Online Media Technologies ...) NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2 CVE-2008-0958 (Multiple stack-based buffer overflows in the Online Media Technologies ...) Modified: data/NMU/list === --- data/NMU/list 2008-06-12 17:15:28 UTC (rev 9058) +++ data/NMU/list 2008-06-12 20:44:57 UTC (rev 9059) @@ -107,3 +107,4 @@ 2008-06-07 evolution 2.22.2-1.1 2008-06-08 roundup 1.4.4-1.1 2008-06-10 courier-authlib 0.60.1-2.1 +2008-06-12 net-snmp 5.4.1~dfsg-8.1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
