Author: fw
Date: 2007-06-16 10:38:52 +0000 (Sat, 16 Jun 2007)
New Revision: 6007
Modified:
data/CVE/list
Log:
CVE-2007-3163: FCKEditor (several packages)
CVE-2007-3155: egroupware
CVE-2007-3154: wz_tooltip (several packages)
CVE-2007-3145: galeon
CVE-2007-3144: Mozilla packages
CVE-2007-3143: konqueror
CVE-2007-3140: wordpress assigned
CVE-2007-3126: gimp
CVE-2007-3125: w3m
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-06-16 09:51:35 UTC (rev 6006)
+++ data/CVE/list 2007-06-16 10:38:52 UTC (rev 6007)
@@ -173,7 +173,10 @@
CVE-2007-3164 (Microsoft Internet Explorer 7, when prompting for HTTP Basic
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in
Frederico ...)
- TODO: check
+ - moin <unfixed> (bug #429205)
+ - knowledgeroot <unfixed> (bug #429204)
+ - karrigell <unfixed> (bug #429207)
+ - jspwiki <unfixed> (bug #429206)
CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX
...)
TODO: check
CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted,
remote ...)
@@ -187,11 +190,14 @@
CVE-2007-3157 (IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0
Build ...)
TODO: check
CVE-2007-3156 (Multiple cross-site scripting (XSS) vulnerabilities in
pam_login.cgi ...)
- TODO: check
+ - webmin <removed>
CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has
unknown ...)
- TODO: check
+ - egroupware <unfixed> (bug #429208)
CVE-2007-3154 (Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka ...)
- TODO: check
+ - ktorrent <unfixed> (bug #429209)
+ - dtc-common <unfixed> (bug #429214)
+ - egroupware-core <unfixed> (bug #429215)
+ - gallery <unfixed> (bug #429213)
CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms
other ...)
TODO: check
CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random
number ...)
@@ -209,17 +215,21 @@
CVE-2007-3146 (Zen Help Desk 2.1 stores sensitive information under the web
root with ...)
TODO: check
CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote
...)
- TODO: check
+ - galeon <unfixed> (low; bug #429216)
CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote
...)
- TODO: check
+ - iceweasel <unfixed> (low)
+ - iceape <unfixed> (low)
+ - firefox <removed> (low)
+ - mozilla <removed> (low)
+ - xulrunner <unfixed> (low)
CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows
remote ...)
- TODO: check
+ - kdebase <unfixed> (low)
CVE-2007-3142 (Visual truncation vulnerability in Opera 9.21 allows remote
attackers ...)
TODO: check
CVE-2007-3141 (PHP remote file inclusion vulnerability in core/editor.php in
...)
TODO: check
CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2
allows ...)
- TODO: check
+ - wordpress <unfixed> (bug #428073)
CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default
...)
TODO: check
CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution
...)
@@ -259,9 +269,9 @@
CVE-2007-3127
RESERVED
CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a
denial of ...)
- TODO: check
+ - gimp <unfixed> (unimportant)
CVE-2007-3125 (Format string vulnerability in the inputAnswer function in
file.c in ...)
- TODO: check
+ - w3m <unfixed> (medium)
CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup
utility) in ...)
TODO: check
CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before
0.91rc1 ...)
@@ -578,8 +588,6 @@
TODO: check
CVE-2000-1243 (Privacy leak in Dansie Shopping Cart 3.04, and probably earlier
...)
TODO: check
-CVE-2007-XXXX [wordpress SQL injection]
- - wordpress <unfixed> (bug #428073)
CVE-2007-XXXX [webpy HTTP response splitting vulnerability]
- webpy 0.210-1 (bug #427715)
CVE-2007-XXXX [dar choosing weak IV when encrypting]
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
