path: root/data/CVE/2007.list

CVE-2007-6761
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: Fixed by: https://git.kernel.org/linus/0b29669c065f60501e7289e1950fa2a618962358 (v2.6.24-rc6)
CVE-2007-6760
	NOT-FOR-US: Dataprobe iBootBar
CVE-2007-6759
	NOT-FOR-US: Dataprobe iBootBar
CVE-2007-6758
	RESERVED
CVE-2007-6757
	NOT-FOR-US: GE Healthcare Centricity DMS
CVE-2007-6756
	NOT-FOR-US: ZOLL Defibrillator / Monitor M Series, E Series, and R Series
CVE-2007-6755
	- openssl <unfixed> (unimportant)
	NOTE: Unused/broken in OpenSSL, see http://marc.info/?l=openssl-announce&m=138747119822324&w=2
CVE-2007-6754
	NOT-FOR-US: NetBSD/FreeBSD libc
CVE-2007-6753
	NOT-FOR-US: Microsoft Windows
CVE-2007-6752
	- drupal7 <removed> (unimportant)
CVE-2007-6751
	NOT-FOR-US: MailForm plugin for Movable Type
CVE-2007-6750
	- apache2 2.2.15-3 (medium; bug #533661)
	- apache <removed> (medium; bug #533662)
	[lenny] - apache2 <no-dsa> (Minor issue)
CVE-2007-6749
	RESERVED
CVE-2007-6748
	RESERVED
CVE-2007-6747
	RESERVED
CVE-2007-6746
	- telepathy-idle 0.1.15-1 (low; bug #706094)
	[wheezy] - telepathy-idle <no-dsa> (Minor issue)
	[squeeze] - telepathy-idle <no-dsa> (Minor issue)
CVE-2007-6745 [clamav floating point exception in OLE2 scanner DoS]
	RESERVED
	- clamav 0.91.2-1~volatile1
	[etch] - clamav <not-affected> (Vulnerable code not present)
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6744
	NOT-FOR-US: Flexera Macrovision InstallShield
CVE-2007-6743
	NOT-FOR-US: Tivoli
CVE-2007-6742
	NOT-FOR-US: Tivoli
CVE-2007-6741
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6740
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6739
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6738
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6737
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6736
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6735
	NOT-FOR-US: Novell NetWare
CVE-2007-6734
	NOT-FOR-US: Novell NetWare
CVE-2007-6733
	- linux-2.6 2.6.10-1
CVE-2007-6732
	- xmp 2.6.1-1 (low; bug #546730)
	[etch] - xmp <no-dsa> (Minor issue, fringe app/formats)
	[lenny] - xmp <no-dsa> (Minor issue, fringe app/formats)
CVE-2007-6731
	- xmp 2.6.1-1 (low; bug #546730)
	[etch] - xmp <no-dsa> (Minor issue, fringe app/formats)
	[lenny] - xmp <no-dsa> (Minor issue, fringe app/formats)
CVE-2007-6730
	NOT-FOR-US: ZyXEL P-330W
CVE-2007-6729
	NOT-FOR-US: ZyXEL P-330W
CVE-2007-6728
	NOT-FOR-US: XMB
CVE-2007-6727
	NOT-FOR-US: KerviNet Forum
CVE-2007-6726
	NOT-FOR-US: Dojo
CVE-2007-6725
	{DSA-2080-1}
	- ghostscript 8.63.dfsg.1-1 (medium; bug #524803)
	- gs-gpl <removed> (medium; bug #561717)
CVE-2007-6724
	NOT-FOR-US: Vidalia
CVE-2007-6723
	- tork <not-affected> (Affects only Windows and MacOS)
CVE-2007-6722
	NOT-FOR-US: Vidalia
CVE-2007-6721
	- bouncycastle 1.38-1
CVE-2007-6720
	- libmikmod 3.1.11-6.1 (low; bug #461519)
	[etch] - libmikmod <no-dsa> (Minor issue)
	[lenny] - libmikmod <no-dsa> (Minor issue)
	- sdl-mixer1.2 1.2.8-1 (low; bug #422021)
	[etch] - sdl-mixer1.2 <no-dsa> (Minor issue)
CVE-2007-XXXX [tdiary XSS]
	- tdiary 2.2.0-1 (bug #464778)
	[etch] - tdiary 2.0.2+20060303-5
	NOTE: fixed in r6 point update
	NOTE: http://www.tdiary.org/20071215.html
CVE-2007-6719
	NOT-FOR-US: Wiz-Ad
CVE-2007-6718
	- mplayer 1.0~rc3+svn20100502-1 (low; bug #407010)
	[lenny] - mplayer <no-dsa> (Some have been fixed in Lenny/libavcodec, some crashers left)
	NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
CVE-2007-6717
	NOT-FOR-US: IBM AIX
CVE-2007-6716
	{DSA-1653-1}
	- linux-2.6 2.6.23-1
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
	NOTE: 848c4dd5153c7a0de55470ce99a8e13a63b4703f
CVE-2007-6715
	- iceweasel <removed> (unimportant)
	NOTE: browser dos not treated as security issues
	NOTE: cant reproduce on 2.0.0.12-1 and 2.0.0.14-2, already fixed?
CVE-2007-6713
	NOT-FOR-US: Flip4Mac
CVE-2007-6714
	- dbmail 2.2.9
CVE-2007-6712
	{DSA-1588-1}
	- linux-2.6 2.6.26-1
	- linux-2.6.24 <not-affected>
	NOTE: upstream commit 13788ccc41ceea5893f9c747c59bc0b28f2416c2, not present in 2.6.25.x,
	NOTE: but fixed in git, so marking as fixed in 2.6.26-1
CVE-2007-6711
	NOT-FOR-US: FreeWebShop.org
CVE-2007-6710
	RESERVED
CVE-2007-6709
	NOT-FOR-US: Cisco Linksys
CVE-2007-6708
	NOT-FOR-US: Cisco Linksys
CVE-2007-6707
	NOT-FOR-US: Cisco Linksys
CVE-2007-6706
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-6705
	NOT-FOR-US: WebSphere
CVE-2007-6704
	NOT-FOR-US: F5 FirePass
CVE-2007-6703
	- vdccm <removed>
CVE-2007-6702
	NOT-FOR-US: FS4104-AW firmware
CVE-2007-6701
	NOT-FOR-US: Novell Client
CVE-2007-6700
	NOT-FOR-US: openbsd
CVE-2007-6699
	NOT-FOR-US: AIM PicEditor
CVE-2007-6698
	{DSA-1541-1}
	- openldap2.3 2.3.38-1
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built)
CVE-2007-6696
	- webcalendar 1.1.6-7 (bug #466935)
	[lenny] - webcalendar <not-affected> (See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466935#37)
CVE-2007-6695
	NOT-FOR-US: Drake CMS
CVE-2007-6694
	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
	NOTE: Upstream commit 9ac71d00398674aaec664f30559f0a21d963862f, part of 2.6.24
CVE-2007-6697
	{DSA-1493-2 DSA-1493-1}
	- sdl-image1.2 1.2.6-2 (medium)
CVE-2007-6693
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6692
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6691
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6690
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6689
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6688
	- gallery <not-affected> (Vulnerable code not present)
	- gallery2 2.2.4-1 (bug #457644)
CVE-2007-6687
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6686
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6685
	- gallery <not-affected> (Vulnerable code not present)
	- gallery2 2.2.4-1 (bug #457644)
CVE-2007-6680
	NOT-FOR-US: IBM AIX
CVE-2007-6679
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-6678
	REJECTED
CVE-2007-6677
	NOT-FOR-US: Peter's Random Anti-Spam Image
CVE-2007-6676
	NOT-FOR-US: Uber Uploader
CVE-2007-6675
	NOT-FOR-US: XOOPS
CVE-2007-6674
	NOT-FOR-US: RapidShare Database
CVE-2007-6673
	NOT-FOR-US: Makale Scripti
CVE-2007-6672
	- jetty 6.1.18-1 (medium; bug #462793; bug #559765)
CVE-2007-6671
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2007-6670
	NOT-FOR-US: PHCDownload
CVE-2007-6669
	NOT-FOR-US: PHCDownload
CVE-2007-6668
	NOT-FOR-US: MySpace Content Zone
CVE-2007-6667
	NOT-FOR-US: MyPHP Forum
CVE-2007-6666
	NOT-FOR-US: Zenphoto
CVE-2007-6665
	NOT-FOR-US: Netchemia
CVE-2007-6664
	NOT-FOR-US: WebPortal
CVE-2007-6663
	NOT-FOR-US: Pragmatic Utopia PU Arcade
CVE-2007-6662
	NOT-FOR-US: CuteNews
CVE-2007-6661
	NOT-FOR-US: 2z project
CVE-2007-6660
	NOT-FOR-US: 2z project
CVE-2007-6659
	NOT-FOR-US: 2z project
CVE-2007-6658
	NOT-FOR-US: CCMS
CVE-2007-6657
	NOT-FOR-US: Mihalism
CVE-2007-6656
	NOT-FOR-US: CMS Made Simple
CVE-2007-6655
	NOT-FOR-US: Kontakt Formular
CVE-2007-6654
	NOT-FOR-US: Macrovision InstallShield Update Service Web Agent
CVE-2007-6653
	NOT-FOR-US: Mihalism
CVE-2007-6652
	NOT-FOR-US: XCMS
CVE-2007-6651
	NOT-FOR-US: Bitweaver
CVE-2007-6650
	NOT-FOR-US: Bitweaver
CVE-2007-6649
	NOT-FOR-US: MatPo Bilder Gallery
CVE-2007-6648
	NOT-FOR-US: SanyBee Gallery
CVE-2007-6647
	NOT-FOR-US: w-Agora
CVE-2007-6646
	NOT-FOR-US: LiveCart
CVE-2007-6645
	NOT-FOR-US: Joomla!
CVE-2007-6644
	NOT-FOR-US: Joomla!
CVE-2007-6643
	NOT-FOR-US: Joomla!
CVE-2007-6642
	NOT-FOR-US: Joomla!
CVE-2007-6641
	NOT-FOR-US: milliscripts
CVE-2007-6640
	NOT-FOR-US: Creammonkey and GreaseKit
CVE-2007-6639
	NOT-FOR-US: IPTBB
CVE-2007-6638
	NOT-FOR-US: March Networks
CVE-2007-6637
	- flashplugin-nonfree 1:1.4 (bug #459071)
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	NOTE: http://www.adobe.com/support/security/advisories/apsa07-06.html
CVE-2007-6636
	NOT-FOR-US: Bitflu
CVE-2007-6635
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6634
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6633
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6632
	NOT-FOR-US: xml2owl
CVE-2007-6631
	NOT-FOR-US: LScube libnemesi
CVE-2007-6630
	NOT-FOR-US: Netembryo
CVE-2007-6629
	NOT-FOR-US: LScube Feng
CVE-2007-6628
	NOT-FOR-US: LScube Feng
CVE-2007-6627
	NOT-FOR-US: LScube Feng
CVE-2007-6626
	NOT-FOR-US: LScube Feng
CVE-2007-6625
	NOT-FOR-US: Platform Service Process (asampsp)
CVE-2007-6624
	NOT-FOR-US: PNphpBB2
CVE-2007-6623
	NOT-FOR-US: ZeusCMS
CVE-2007-6622
	NOT-FOR-US: ZeusCMS
CVE-2007-6621
	NOT-FOR-US: Joovili
CVE-2007-6620
	NOT-FOR-US: Joovili
CVE-2007-6619
	NOT-FOR-US: Setup Wizard in Atlassian JIRA Enterprise Edition
CVE-2007-6618
	NOT-FOR-US: JIRA Enterprise Edition
CVE-2007-6617
	NOT-FOR-US: JIRA Enterprise Edition
CVE-2007-6616
	NOT-FOR-US: SimpleForum
CVE-2007-6615
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2007-6614
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2007-6613
	- libcdio 0.78.2+dfsg1-2 (low; bug #459129)
	[sarge] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
	[etch] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
	NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool
CVE-2007-6610
	- unp 1.0.13 (bug #448437; low)
	[etch] - unp <no-dsa> (Only used as archiver in third-party software)
CVE-2007-6609
	NOT-FOR-US: CoolPlayer
CVE-2007-6608
	NOT-FOR-US: OpenBiblio
CVE-2007-6607
	NOT-FOR-US: OpenBiblio
CVE-2007-6606
	NOT-FOR-US: OpenBiblio
CVE-2007-6605
	NOT-FOR-US: SkyFex Client
CVE-2007-6604
	NOT-FOR-US: XCMS
CVE-2007-6603
	NOT-FOR-US: Hot or Not Clone
CVE-2007-6602
	NOT-FOR-US: NoseRub
CVE-2007-6601
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
CVE-2007-6600
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	[sarge] - postgresql <unfixed>
CVE-2007-6597
	NOT-FOR-US: IPortalX
CVE-2007-6599
	{DSA-1458-1}
	- openafs 1.4.6.dfsg1-1 (medium)
	NOTE: http://www.openafs.org/security/OPENAFS-SA-2007-003.txt
CVE-2007-6595
	{DSA-1497-1}
	- clamav 0.92.1~dfsg-1 (low; bug #458532)
	[etch] - clamav <not-affected> (Minor issue, first issue doesn't apply)
	[sarge] - clamav <no-dsa> (Security Support has stopped)
CVE-2007-6596
	- clamav 0.92.1~dfsg-1 (unimportant; bug #458532)
	[etch] - clamav <no-dsa> (Minor issue)
	[sarge] - clamav <no-dsa> (Security Support has stopped)
	NOTE: this is more a feature request than a bug
CVE-2007-6594
	NOT-FOR-US: Lotus Notes
CVE-2007-6593
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-6592
	NOT-FOR-US: Safari
CVE-2007-6591
	- kdebase 4:4.0.3-1 (low; bug #458968)
	[etch] - kdebase <no-dsa> (Minor issue)
	[lenny] - kdebase <no-dsa> (Minor issue)
	NOTE: filed http://bugs.kde.org/show_bug.cgi?id=154921
	NOTE: No longer occurs in KDE 4.0.3 according to upstream bug
CVE-2007-6590
	REJECTED
CVE-2007-6589
	{DSA-1534-1}
	- iceape 1.1.7-1 (medium)
	- iceweasel 2.0.0.10-1 (medium)
CVE-2007-6588
	NOT-FOR-US: PHCDownload
CVE-2007-6587
	NOT-FOR-US: Plogger
CVE-2007-6586
	NOT-FOR-US: nicLOR-CMS
CVE-2007-6585
	NOT-FOR-US: NmnNewsletter
CVE-2007-6584
	NOT-FOR-US: 1024 CMS
CVE-2007-6583
	NOT-FOR-US: 1024 CMS
CVE-2007-6582
	NOT-FOR-US: mBlog
CVE-2007-6581
	NOT-FOR-US: Social Engine
CVE-2007-6580
	NOT-FOR-US: Wallpaper Site
CVE-2007-6579
	NOT-FOR-US: Ip Reg
CVE-2007-6578
	NOT-FOR-US: PHP ZLink
CVE-2007-6577
	NOT-FOR-US: zBlog
CVE-2007-6576
	NOT-FOR-US: Adult Script
CVE-2007-6575
	NOT-FOR-US: MMSLamp
CVE-2007-6574
	NOT-FOR-US: Dokeos
CVE-2007-6573
	NOT-FOR-US: QK SMTP
CVE-2007-6572
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-6571
	NOT-FOR-US: Sun Java System Web Proxy
CVE-2007-6570
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2007-6569
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2007-6568
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6567
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6566
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6565
	NOT-FOR-US: Blakord Portal
CVE-2007-6611
	{DSA-1467-1}
	- mantis 1.0.8-4 (low; bug #458377)
CVE-2007-6683
	{DSA-1543-1 DTSA-132-1}
	- vlc 0.8.6.c-4.1 (medium; bug #458318)
	- mozilla-browser-plugin 0.8.6.e-2.2 (bug #480370)
	NOTE: the plugin is in the same srcpkg but has its own implementation for VLCOPT
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see https://trac.videolan.org/vlc/ticket/1371
CVE-2007-6682
	{DSA-1543-1}
	- vlc 0.8.6.c-4.1 (medium; bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
CVE-2007-6681
	{DSA-1543-1}
	- vlc 0.8.6.c-4.1 (low; bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
CVE-2007-6684
	- vlc 0.8.6.c-4.1 (bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: That's hardly a security problem, just a bug
CVE-2007-6598
	{DSA-1457-1}
	- dovecot 1:1.0.10-1 (low; bug #458315)
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
	[etch] - dovecot <no-dsa> (very minor issue)
	NOTE: http://dovecot.org/list/dovecot-news/2007-December/000057.html
	NOTE: low, because issue is only with quite rare configurations
CVE-2007-6612
	- mongrel 1.1.3-1 (medium)
CVE-2007-6564
	NOT-FOR-US: Limbo CMS
CVE-2007-6563
	NOT-FOR-US: WinAce
CVE-2007-6562
	{DSA-1443-1}
	- tcpreen 1.4.3-0.3 (medium; bug #457781)
CVE-2007-6561
	NOT-FOR-US: PDFLib
CVE-2007-6560
	NOT-FOR-US: Logaholic
CVE-2007-6559
	NOT-FOR-US: Logaholic
CVE-2007-6558
	NOT-FOR-US: TotalPlayer
CVE-2007-6557
	NOT-FOR-US: MeGaCheatZ
CVE-2007-6556
	NOT-FOR-US: websihirbazi
CVE-2007-6555
	NOT-FOR-US: Joomla! extension
CVE-2007-6554
	NOT-FOR-US: TeamCal
CVE-2007-6553
	NOT-FOR-US: TeamCal
CVE-2007-6552
	NOT-FOR-US: AuraCMS
CVE-2007-6551
	NOT-FOR-US: MailMachine
CVE-2007-6550
	NOT-FOR-US: PMOS Help Desk
CVE-2007-6549
	NOT-FOR-US: RunCMS
CVE-2007-6548
	NOT-FOR-US: RunCMS
CVE-2007-6547
	NOT-FOR-US: RunCMS
CVE-2007-6546
	NOT-FOR-US: RunCMS
CVE-2007-6545
	NOT-FOR-US: RunCMS
CVE-2007-6544
	NOT-FOR-US: RunCMS
CVE-2007-6543
	NOT-FOR-US: eSyndiCat Link Exchange Script
CVE-2007-6542
	NOT-FOR-US: Arcadem LEArcadem LE
CVE-2007-6541
	NOT-FOR-US: neuron news
CVE-2007-6540
	NOT-FOR-US: neuron news
CVE-2007-6539
	NOT-FOR-US: IDevspot iSupport
CVE-2007-6538
	- moodle <not-affected> (Vulnerable code not present, third party module)
CVE-2007-6537
	NOT-FOR-US: WinUAE
CVE-2007-6536
	NOT-FOR-US: Google Toolbar
CVE-2007-6535
	NOT-FOR-US: YShortcut ActiveX control
CVE-2007-6534
	NOT-FOR-US: Microsoft Office Publisher
CVE-2007-6533
	NOT-FOR-US: Zoom Player
CVE-2007-6532
	- libxfcegui4 4.4.2 (low)
	[sarge] - libxfcegui4 <no-dsa> (Minor issue)
	[etch] - libxfcegui4 <no-dsa> (Minor issue)
CVE-2007-6531
	- xfce4-panel 4.4.2 (low)
	[sarge] - xfce4-panel <no-dsa> (Minor issue)
	[etch] - xfce4-panel <no-dsa> (Minor issue)
CVE-2007-6530
	NOT-FOR-US: XUpload
CVE-2007-6529
	- tikiwiki <removed>
CVE-2007-6528
	- tikiwiki <removed>
CVE-2007-6527
	NOT-FOR-US: PunBB
CVE-2007-6526
	- tikiwiki <removed>
CVE-2007-6525
	NOT-FOR-US: IBM DB2 Content Manager
CVE-2007-6524
	NOT-FOR-US: Opera
CVE-2007-6523
	NOT-FOR-US: Opera
CVE-2007-6522
	NOT-FOR-US: Opera
CVE-2007-6521
	NOT-FOR-US: Opera
CVE-2007-6520
	NOT-FOR-US: Opera
CVE-2007-6519
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-6518
	NOT-FOR-US: WoltLab Burning Board
CVE-2007-6517
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2007-6516
	NOT-FOR-US: RavWare Software MAS Flic ActiveX Control
CVE-2007-6515
	NOT-FOR-US: SiteScape
CVE-2007-6513
	NOT-FOR-US: HP eSupportDiagnostics ActiveX control
CVE-2007-6512
	NOT-FOR-US: PHP MySQL Banner Exchange
CVE-2007-6511
	NOT-FOR-US: Websense Enterprise
CVE-2007-6510
	NOT-FOR-US: ProWizard
CVE-2007-6509
	NOT-FOR-US: Appian Enterprise Business Process Management Suite
CVE-2007-6508
	NOT-FOR-US: xeCMS
CVE-2007-6514
	- linux-2.6 2.6.17-1 (low; bug #529318)
	- linux-2.6.24 <not-affected> (Fixed before initial upload, 2.6.17)
	NOTE: While labeled as an Apache flaw, fix required in smbfs
CVE-2007-XXXX [venkman preinst symlink dos]
	- venkman 0.9.87.2-1 (bug #456520)
	[lenny] - venkman <not-affected> (Vulnerable code not present)
	[sarge] - venkman <not-affected> (Vulnerable code not present)
	[etch] - venkman <not-affected> (Vulnerable code not present)
CVE-2007-XXXX [unace unspecified security issue related to uninitialized variable]
	- unace-nonfree 2.5-3
	[etch] - unace-nonfree 2.5-1etch1
CVE-2007-6507
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-6506
	NOT-FOR-US: HP Software Update
CVE-2007-6505
	NOT-FOR-US: Solaris
CVE-2007-6504
	NOT-FOR-US: Hosting Controller
CVE-2007-6503
	NOT-FOR-US: Hosting Controller
CVE-2007-6502
	NOT-FOR-US: Hosting Controller
CVE-2007-6501
	NOT-FOR-US: Hosting Controller
CVE-2007-6500
	NOT-FOR-US: Hosting Controller
CVE-2007-6499
	NOT-FOR-US: Hosting Controller
CVE-2007-6498
	NOT-FOR-US: Hosting Controller
CVE-2007-6497
	NOT-FOR-US: Hosting Controller
CVE-2007-6496
	NOT-FOR-US: Hosting Controller
CVE-2007-6495
	NOT-FOR-US: Hosting Controller
CVE-2007-6494
	NOT-FOR-US: Hosting Controller
CVE-2007-6493
	NOT-FOR-US: iMesh
CVE-2007-6492
	NOT-FOR-US: iMesh
CVE-2007-6491
	NOT-FOR-US: Kvaliitti WebDoc CMS
CVE-2007-6490
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6489
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6488
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6487
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-6486
	NOT-FOR-US: LineShout
CVE-2007-6485
	NOT-FOR-US: Centreon
CVE-2007-6484
	NOT-FOR-US: phpRPG
CVE-2007-6483
	NOT-FOR-US: SafeNet Sentinel Protection and Keys Server
CVE-2007-6482
	NOT-FOR-US: utdevmgrd in Sun Ray Server Software
CVE-2007-6481
	NOT-FOR-US: utdevmgrd in Sun Ray Server Software
CVE-2007-6480
	NOT-FOR-US: Oracle database component in Sun Management Center
CVE-2007-6479
	NOT-FOR-US: Dokeos
CVE-2007-6478
	NOT-FOR-US: Rosoft Media Player
CVE-2007-6477
	NOT-FOR-US: Citrix Web Interface and NFuse
CVE-2007-6476
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6475
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6474
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6473
	NOT-FOR-US: WFTPD Explorer Pro
CVE-2007-6472
	NOT-FOR-US: phpMyRealty
CVE-2007-6471
	NOT-FOR-US: phPay
CVE-2007-6470
	NOT-FOR-US: phpRPG
CVE-2007-6469
	NOT-FOR-US: phpRPG
CVE-2007-6468
	NOT-FOR-US: Hammer of Thyrion
CVE-2007-6467
	NOT-FOR-US: MKPortal
CVE-2007-6466
	NOT-FOR-US: FreeWebshop
CVE-2007-6465
	- ganglia-monitor-core <not-affected> (ganglia web-frontend not included)
CVE-2007-6464
	NOT-FOR-US: Form tools
CVE-2007-6463
	NOT-FOR-US: PHP Real Estate Classifieds
CVE-2007-6462
	NOT-FOR-US: PHP Real Estate Classifieds
CVE-2007-6461
	- flyspray <removed>
CVE-2007-6460
	NOT-FOR-US: Anon Proxy Server
CVE-2007-6459
	NOT-FOR-US: Anon Proxy Server
CVE-2007-6458
	NOT-FOR-US: 123tkShop
CVE-2007-6457
	NOT-FOR-US: NetWin SurgeMail 38k4
CVE-2007-6456
	NOT-FOR-US: Planamesa NeoOffice
	NOTE: referring to OpenOffice security team this is what is described in CVE-2007-4575 for OO
CVE-2007-6455
	NOT-FOR-US: Mambo
	NOTE: Mambo is in experimental
CVE-2007-6454
	{DSA-1583-1 DSA-1441-1}
	- peercast 0.1218+svn20071220+2 (medium; bug #457300)
	- gnome-peercast 0.5.4-1.2 (medium; bug #466539)
CVE-2007-6453
	NOT-FOR-US: RaidenHTTPD
CVE-2007-6452
	- gwt 1.6.4-1 (low; bug #563542)
CVE-2007-6451
	{DSA-1446-1 DTSA-104-1}
	- wireshark 0.99.7-1
	- ethereal <removed>
CVE-2007-6450
	{DSA-1446-1 DTSA-104-1}
	- wireshark 0.99.7-1
	- ethereal <removed>
CVE-2007-6449
	REJECTED
CVE-2007-6448
	REJECTED
CVE-2007-6447
	REJECTED
CVE-2007-6446
	REJECTED
CVE-2007-6445
	REJECTED
CVE-2007-6444
	REJECTED
CVE-2007-6443
	REJECTED
CVE-2007-6442
	REJECTED
CVE-2007-6441
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6440
	REJECTED
CVE-2007-6439
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6438
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6437
	{DSA-1464-1 DTSA-105-1}
	- syslog-ng 2.0.6-1 (low; bug #457334)
	[sarge] - syslog-ng <not-affected> (Vulnerable code not present)
CVE-2007-6436
	NOT-FOR-US: JustSystems
CVE-2007-6435
	NOT-FOR-US: Novell GroupWise
CVE-2007-6434
	- linux-2.6 2.6.23-2
	[etch] - linux-2.6 <not-affected> (Only Linux 2.6.23 and above affected)
CVE-2007-6433
	- jbosseam <itp> (bug #451956)
CVE-2007-6432
	NOT-FOR-US: Adobe PageMaker
CVE-2007-6431
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6430
	{DSA-1525-1}
	- asterisk 1:1.4.16.2~dfsg-1 (low; bug #457063)
	[etch] - asterisk <no-dsa> (Minor issue, eventually fix in a later DSA)
	[sarge] - asterisk <not-affected> (Vulnerable code not present)
CVE-2007-6429
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6428
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6427
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6426
	NOT-FOR-US: EMC RepliStor
CVE-2007-6425
	NOT-FOR-US: HP-UX
CVE-2007-6424
	NOT-FOR-US: Fonality Trixbox
CVE-2007-6423
	- apache2 <not-affected> (disputed / only for Windows)
CVE-2007-6422
	- apache2 2.2.8-1 (low)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2007-6421
	- apache2 2.2.8-1 (low)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2007-6420
	- apache2 2.2.9-1 (low)
	[etch] - apache2 <no-dsa> (minor issue)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	NOTE: Won't be fixed in etch.
CVE-2007-6419
	NOT-FOR-US: HP-UX
CVE-2007-6417
	{DSA-1436-1}
	- linux-2.6 2.6.23-2
CVE-2007-6416
	- xen-unstable <not-affected> (We only have xen for i386 and amd64)
	- xen-3 <not-affected> (We only have xen for i386 and amd64)
	- xen-3.0 <not-affected> (We only have xen for i386 and amd64)
CVE-2007-6415
	{DSA-1473-1}
	- scponly 4.6-1.2 (high)
CVE-2007-6414
	NOT-FOR-US: Adult ScriptAdult Script
CVE-2007-6413
	NOT-FOR-US: Sun Solaris
CVE-2007-6412
	NOT-FOR-US: Bitweaver
CVE-2007-6411
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6410
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6409
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6408
	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2007-6407
	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2007-6406
	NOT-FOR-US: CA eTrust Threat Management Console
CVE-2007-6405
	NOT-FOR-US: Simple HTTPD
CVE-2007-6404
	NOT-FOR-US: Simple HTTPD
CVE-2007-6403
	NOT-FOR-US: Winamp
CVE-2007-6402
	NOT-FOR-US: Media Player Classic
CVE-2007-6401
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2007-6400
	NOT-FOR-US: PolDoc CMS
CVE-2007-6399
	NOT-FOR-US: Flat PHP Board
CVE-2007-6398
	NOT-FOR-US: Flat PHP Board
CVE-2007-6397
	NOT-FOR-US: Flat PHP Board
CVE-2007-6396
	NOT-FOR-US: Flat PHP Board
CVE-2007-6395
	NOT-FOR-US: Flat PHP Board
CVE-2007-6394
	NOT-FOR-US: Content Injector
CVE-2007-6393
	NOT-FOR-US: Ace Image Hosting Script
CVE-2007-6392
	NOT-FOR-US: DWdirectory
CVE-2007-6391
	NOT-FOR-US: SH-News
CVE-2007-6390
	- serendipity <not-affected> (This is an external plugin not included in our packages)
CVE-2007-6389
	- gnome-screensaver 2.22.0-1 (low; bug #455484)
	[etch] - gnome-screensaver <no-dsa> (Minor issue)
CVE-2007-6388
	- apache <removed> (low)
	- apache2 2.2.8-1 (low)
	[etch] - apache2 2.2.3-4+etch6
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-6358
	{DSA-1437-1}
	- cups 1.3.5-1 (low; bug #456960)
	- cupsys 1.3.5-1 (low; bug #456960)
	[sarge] - cupsys <no-dsa> (Minor issue)
	NOTE: the debian package is a bit confusing here as it also ships a pdftops
	NOTE: wrapper script as an example but the original script is installed
	NOTE: under /usr/lib/cups/filters
CVE-2007-6356
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (low; bug #457062)
CVE-2007-6355
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (bug #457062)
CVE-2007-6354
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (bug #457062)
CVE-2007-6352
	{DSA-1487-1}
	- libexif 0.6.16-2.1 (medium; bug #457330)
CVE-2007-6351
	{DSA-1487-1}
	- libexif 0.6.16-2.1 (low; bug #457330)
CVE-2007-6349
	NOT-FOR-US: P4Web
CVE-2007-6418
	{DSA-1501-1}
	- dspam 3.6.8-5.1 (low; bug #448519)
CVE-2007-6387
	NOT-FOR-US: Vantage Linguistics AnswerWorks ActiveX
CVE-2007-6386
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-6385
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2007-6384
	NOT-FOR-US: BEA WebLogic Mobility Server
CVE-2007-6383
	NOT-FOR-US: Chandler
CVE-2007-6382
	NOT-FOR-US: Robocode
CVE-2007-6381
	{DSA-1439-1}
	- typo3-src 4.1.5-1 (low; bug #457446)
	NOTE: you need to be a logged in backend user to exploit this
CVE-2007-6380
	NOT-FOR-US: e-Xoops
CVE-2007-6379
	NOT-FOR-US: BadBlue
CVE-2007-6378
	NOT-FOR-US: BadBlue
CVE-2007-6377
	NOT-FOR-US: BadBlue
CVE-2007-6376
	NOT-FOR-US: PHP-Nuke
CVE-2007-6375
	NOT-FOR-US: Bitweaver
CVE-2007-6374
	NOT-FOR-US: Bitweaver
CVE-2007-6373
	NOT-FOR-US: GestDown
CVE-2007-6372
	NOT-FOR-US: JUNOS
CVE-2007-6371
	NOT-FOR-US: Nokia N95
CVE-2007-6370
	REJECTED
CVE-2007-6369
	NOT-FOR-US: PictPress
CVE-2007-6368
	NOT-FOR-US: ezContents
CVE-2007-6367
	NOT-FOR-US: SineCMS
CVE-2007-6366
	NOT-FOR-US: SineCMS
CVE-2007-6365
	NOT-FOR-US: bcoos
CVE-2007-6364
	NOT-FOR-US: JLMForo System
CVE-2007-6363
	NOT-FOR-US: IBM Tivoli Netcool Security Manager
CVE-2007-6362
	NOT-FOR-US: RSGallery
CVE-2007-6361
	NOT-FOR-US: Gekko
CVE-2007-6360
	NOT-FOR-US: Sun eXtended System Control Facility
CVE-2007-6359
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6357
	NOT-FOR-US: Microsoft Office Access
CVE-2007-6353
	{DSA-1474-1}
	- exiv2 0.15-2 (medium; bug #456760)
CVE-2007-6350
	{DSA-1473-1}
	- scponly 4.6-1.1 (high; bug #437148)
CVE-2007-6348
	- squirrelmail <not-affected> (Compromised packages were never in Debian)
CVE-2007-6347
	NOT-FOR-US: ViArt, CMS, HelpDesk, Shop Evaluation, Shop Free
CVE-2007-6346
	NOT-FOR-US: Rainboard
CVE-2007-6345
	NOT-FOR-US: aurora
CVE-2007-6344
	NOT-FOR-US: Mcms Easy Web Make
CVE-2007-6343
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2007-6342
	NOT-FOR-US: Apache AuthCAS module
CVE-2007-6341
	{DSA-1515-1}
	- libnet-dns-perl 0.63-1 (low; bug #457445)
	NOTE: maybe this should be unimportant as applications using net-dns should handle this croak
CVE-2007-6340
	NOT-FOR-US: Geert Moernaut LSrunasE and Supercrypt
CVE-2007-6339
	NOT-FOR-US: Akamai Download Manager
CVE-2007-6338
	NOT-FOR-US: Trivantis CourseMill Enterprise Learning Management System
CVE-2007-6337
	{DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6336
	{DSA-1435-1 DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6335
	{DSA-1435-1 DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6334
	NOT-FOR-US: Ingres on Windows
CVE-2007-6333
	NOT-FOR-US: HP Info Center / HP Quick Launch Buttons
CVE-2007-6332
	NOT-FOR-US: HP Info Center HP Quick Launch Buttons
CVE-2007-6331
	NOT-FOR-US: HP Info Center / HP Quick Launch Buttons
CVE-2007-6330
	NOT-FOR-US: Meridian Prolog Manager
CVE-2007-6329
	NOT-FOR-US: Microsoft Office
CVE-2007-6328
	- dosbox 0.72-1 (unimportant; bug #458950)
	NOTE: this is not a security issue, its a feature of dosbox and the first
	NOTE: thing documented in the manpage
CVE-2007-6327
	NOT-FOR-US: Online Media Technologies
CVE-2007-6326
	NOT-FOR-US: Simple HTTPD
CVE-2007-6325
	NOT-FOR-US: Fastpublish
CVE-2007-6324
	NOT-FOR-US: CityWriter
CVE-2007-6323
	NOT-FOR-US: MMS Gallery PHP
CVE-2007-6322
	NOT-FOR-US: xml2owl
CVE-2007-6320
	NOT-FOR-US: Feature (third party drupal module)
CVE-2007-6319
	NOT-FOR-US: Lyris ListManager
CVE-2007-6318
	- wordpress 2.3.2-1 (low; bug #459305)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: Patch: https://bugs.edge.launchpad.net/ubuntu/+source/wordpress/+bug/181416
CVE-2007-6317
	NOT-FOR-US: BarracudaDrive
CVE-2007-6316
	NOT-FOR-US: BarracudaDrive
CVE-2007-6315
	NOT-FOR-US: BarracudaDrive
CVE-2007-6314
	NOT-FOR-US: BarracudaDrive
CVE-2007-6313
	- mysql-dfsg-5.0 <not-affected> (this only affects >= 5.1.x, update for experimental is on its way)
	- mysql-dfsg-4.1 <removed>
CVE-2007-6312
	NOT-FOR-US: Web Security Suite
CVE-2007-6311
	NOT-FOR-US: Falt4Extreme
CVE-2007-6310
	NOT-FOR-US: Falt4Extreme
CVE-2007-6309
	NOT-FOR-US: webSPELL
CVE-2007-6308
	NOT-FOR-US: HttpLogger
CVE-2007-6307
	NOT-FOR-US: wwwstats
CVE-2007-6306
	- libjfreechart-java 1.0.9-1 (low; bug #456148)
	[sarge] - libjfreechart-java <no-dsa> (Contrib not supported)
CVE-2007-6305
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6302
	NOT-FOR-US: Novell NetMail
CVE-2007-6301
	NOT-FOR-US: OpenNewsletter
CVE-2007-6300
	NOT-FOR-US: Fusion News
CVE-2007-6298
	NOT-FOR-US: shoutbox (third party module for Drupal)
CVE-2007-6297
	NOT-FOR-US: PHPMyChat
CVE-2007-6296
	NOT-FOR-US: PHPMyChat
CVE-2007-6295
	NOT-FOR-US: IBM Lotus Sametime
CVE-2007-6294
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6293
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6292
	NOT-FOR-US: MWOpen
CVE-2007-6291
	NOT-FOR-US: Xigla Absolute Banner Manager .NET
CVE-2007-6290
	NOT-FOR-US: SERWeb
CVE-2007-6289
	NOT-FOR-US: SERWeb
CVE-2007-6288
	NOT-FOR-US: TCExam
CVE-2007-6287
	NOT-FOR-US: HyperVM
CVE-2007-6286
	- tomcat5.5 <not-affected> (Does not use apr connector)
	- tomcat5 <removed>
CVE-2007-6285
	- autofs <not-affected> (-hosts feature not present, auto.net has nosuid,nodev)
	- autofs5 5.0.3-1
	NOTE: for autofs5 see 12disable_default_auto_master.dpatch
CVE-2007-6284
	{DSA-1461-1}
	- libxml2 2.6.30.dfsg-3.1 (medium; bug #460292)
	- libxml 1.8.17-14.1 (medium)
CVE-2007-6283
	- bind9 <not-affected> (On Debian this file is rw for user bind and just readable for group bind)
CVE-2007-6282
	{DSA-1630-1}
	- linux-2.6 2.6.25-1
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: Upstream commit 920fc941a9617f95ccb283037fe6f8a38d95bb69
CVE-2007-6281
	NOT-FOR-US: St. Bernard Open File Manager
CVE-2007-6304
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
	- mysql-dfsg-4.1 <removed>
CVE-2007-6303
	- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
	- mysql-dfsg-4.1 <removed>
	[etch] - mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced after 5.0.32)
CVE-2007-6299
	- drupal5 5.5-1
	- drupal 4.7.10-1
CVE-2007-6321
	- roundcube 0.1~rc2-6 (low; bug #455840)
	NOTE: http://seclists.org/bugtraq/2007/Dec/0107.html
CVE-2007-6280
	RESERVED
CVE-2007-6279
	- flac 1.2.1-1 (unimportant)
	NOTE: According to upstream this issue is not exploitable for code injection
	NOTE: due to the layout of the seektable memory
CVE-2007-6278
	- flac 1.2.1-1 (unimportant)
	NOTE: Such validations are within the responsibility of the respective applications
CVE-2007-6277
	{DSA-1469-1}
	- flac 1.2.1-1
CVE-2007-6276
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6275
	NOT-FOR-US: bcoos
CVE-2007-6274
	NOT-FOR-US: bcoos
CVE-2007-6273
	NOT-FOR-US: SonicWALL GLobal VPN Client
CVE-2007-6272
	NOT-FOR-US: Joomla!
CVE-2007-6271
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6270
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6269
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6268
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6267
	NOT-FOR-US: Citrix EdgeSight
CVE-2007-6266
	NOT-FOR-US: bcoos
CVE-2007-6265
	NOT-FOR-US: avast!
CVE-2007-6264
	RESERVED
CVE-2007-6263
	- linux-ftpd-ssl 0.17.18+0.3-9.1 (low; bug #454733)
	[sarge] - linux-ftpd-ssl <no-dsa> (Minor issue)
	[etch] - linux-ftpd-ssl <no-dsa> (Minor issue)
CVE-2007-6262
	- vlc <not-affected> (Windows only issue)
CVE-2007-6261
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6260
	NOT-FOR-US: Oracle
CVE-2007-6259
	RESERVED
CVE-2007-6258
	- libapache2-mod-jk2 2.0.4-1
CVE-2007-6257
	RESERVED
CVE-2007-6256
	REJECTED
CVE-2007-6255
	NOT-FOR-US: Microsoft HRTBEAT.OCX
CVE-2007-6254
	NOT-FOR-US: SAP
CVE-2007-6253
	NOT-FOR-US: Adobe Form Designer
CVE-2007-6252
	NOT-FOR-US: Street Technologies
CVE-2007-6251
	RESERVED
CVE-2007-6250
	NOT-FOR-US: AmpX ActiveX control
CVE-2007-6249
	NOT-FOR-US: Gentoo portage
CVE-2007-6248
	RESERVED
CVE-2007-6247
	REJECTED
CVE-2007-6246
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6245
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6244
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6243
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6242
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6241
	NOT-FOR-US: Beehive Forum
CVE-2007-6240
	NOT-FOR-US: Snitz Forums
CVE-2007-6239
	{DSA-1646-2 DSA-1482-1}
	- squid 2.6.17-1 (medium; bug #455910)
CVE-2007-6238
	NOT-FOR-US: Apple QuickTime
CVE-2007-6237
	NOT-FOR-US: DeluxeBB
CVE-2007-6236
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2007-6235
	NOT-FOR-US: RealNetworks RealPlayer 11
CVE-2007-6234
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6233
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6232
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6231
	NOT-FOR-US: tellmatic
CVE-2007-6230
	NOT-FOR-US: Rayzz
CVE-2007-6229
	NOT-FOR-US: Rayzz
CVE-2007-6228
	NOT-FOR-US: Yahoo! Toolbar
CVE-2007-6227
	- qemu <not-affected> (Windows issue)
CVE-2007-6226
	NOT-FOR-US: American Power Conversion (APC)
CVE-2007-6225
	NOT-FOR-US: Sun Solaris 10
CVE-2007-6224
	NOT-FOR-US: RealAudioObjects.RealAudio ActiveX
CVE-2007-6223
	NOT-FOR-US: phpBB Garage
CVE-2007-6222
	NOT-FOR-US: Interleave
CVE-2007-6221
	NOT-FOR-US: TuMusika
CVE-2007-6220
	- typespeed 0.6.4-1 (unimportant; bug #454527)
CVE-2007-6219
	NOT-FOR-US: IBM Tivoli Netcool Security Manager
CVE-2007-6218
	NOT-FOR-US: Ossigeno CMS
CVE-2007-6217
	NOT-FOR-US: Irola My-Time
CVE-2007-6216
	NOT-FOR-US: Sun Solaris
CVE-2007-6215
	NOT-FOR-US: Web-MeetMe
CVE-2007-6214
	NOT-FOR-US: LearnLoop
CVE-2007-6213
	NOT-FOR-US: WebED
CVE-2007-6212
	NOT-FOR-US: KML share
CVE-2007-6207
	- xen-3 3.1.2-1
CVE-2007-6206
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
CVE-2007-6205
	{DSA-1528-1}
	- serendipity 1.2.1-1 (low)
CVE-2007-6204
	NOT-FOR-US: HP OpenView
CVE-2007-6203
	- apache2 2.2.6-3 (low)
	[sarge] - apache2 <no-dsa> (minor issue)
	- apache <not-affected> (vulnerable code not present)
	NOTE: Might be exploitable with older flash plugins via HTTP Request Splitting
	[etch] - apache2 2.2.3-4+etch4
CVE-2007-6208
	- claws-mail 3.1.0-2 (low; bug #454089)
CVE-2007-6210
	{DSA-1420-1 DTSA-93-1}
	- zabbix 1:1.4.2-4 (bug #452682)
CVE-2007-6202
	NOT-FOR-US: Neocrome Seditio CMS
CVE-2007-6211
	- sing 1.1-16 (low; bug #454167)
	[etch] - sing 1.1-13etch1
	[sarge] - sing 1.1-9sarge1
CVE-2007-6209
	- zsh 4.3.4-dev-3-2 (low; bug #454073)
	[etch] - zsh <no-dsa> (Minor issue)
	[sarge] - zsh <no-dsa> (Minor issue)
CVE-2007-6201
	- wesnoth 1:1.2.8-1 (low)
	[etch] - wesnoth 1.2-4
	[sarge] - wesnoth 0.9.0-8
CVE-2007-6200
	- rsync 2.6.9-6 (low; bug #453652)
	[etch] - rsync <no-dsa> (Minor issue)
CVE-2007-6199
	- rsync 2.6.9-6 (unimportant; bug #453652)
	NOTE: Security feature enhancement, not really a security problem
CVE-2007-6198
	NOT-FOR-US: Plumtree
CVE-2007-6197
	NOT-FOR-US: Plumtree
CVE-2007-6196
	NOT-FOR-US: Calacode
CVE-2007-6195
	NOT-FOR-US: HP-UX
CVE-2007-6194
	NOT-FOR-US: HP Select Identity
CVE-2007-6193
	NOT-FOR-US: Citrix
CVE-2007-6192
	NOT-FOR-US: Citrix
CVE-2007-6191
	NOT-FOR-US: Armin Burger p.mapper
CVE-2007-6190
	NOT-FOR-US: Cisco Unified IP Phone
CVE-2007-6189
	NOT-FOR-US: BitDefender Online Anti-Virus Scanner
CVE-2007-6188
	NOT-FOR-US: TuMusika Evolution
CVE-2007-6187
	NOT-FOR-US: PHP Content Architect
CVE-2007-6186
	NOT-FOR-US: PHPDevShell
CVE-2007-6185
	NOT-FOR-US: Eurologon CMS
CVE-2007-6184
	NOT-FOR-US: Project Alumni
CVE-2007-6182
	NOT-FOR-US: ISPmanager
CVE-2007-6181
	NOT-FOR-US: Cygwin
CVE-2007-6180
	NOT-FOR-US: Solaris
CVE-2007-6179
	NOT-FOR-US: Charray's CMS
CVE-2007-6178
	NOT-FOR-US: Easy Hosting Control Panel for Ubuntu
CVE-2007-6177
	NOT-FOR-US: PHP-CON
CVE-2007-6176
	NOT-FOR-US: KB-Bestellsystem
CVE-2007-6175
	NOT-FOR-US: Lhaplus
CVE-2007-6174
	NOT-FOR-US: PHPDevShell
CVE-2007-6173
	- liferay-portal <itp> (bug #569819)
CVE-2007-6172
	NOT-FOR-US: wpQuiz
CVE-2007-6169
	NOT-FOR-US: GOUAE DWD Realty
CVE-2007-6168
	NOT-FOR-US: VU Case Manager
CVE-2007-6167
	NOT-FOR-US: Yast2
CVE-2007-6166
	NOT-FOR-US: Apple QuickTime
CVE-2007-6165
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6164
	NOT-FOR-US: Eurologon CMS
CVE-2007-6163
	NOT-FOR-US: GOUAE DWD Realty
CVE-2007-6162
	NOT-FOR-US: FMDeluxe
CVE-2007-6161
	NOT-FOR-US: Tilde CMS
CVE-2007-6160
	NOT-FOR-US: Tilde CMS
CVE-2007-6159
	NOT-FOR-US: Tilde CMS
CVE-2007-6158
	NOT-FOR-US: Proverbs Web Calendar
CVE-2007-6157
	NOT-FOR-US: SimpleGallery
CVE-2007-6156
	- acidbase 1.3.9-1 (low; bug #453838)
	[etch] - acidbase <not-affected> (vulnerable code not present, in etch acidbase exits in this case)
CVE-2007-6155
	RESERVED
CVE-2007-6154
	RESERVED
CVE-2007-6153
	RESERVED
CVE-2007-6152
	RESERVED
CVE-2007-6151
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1479-1}
	- linux-2.6 2.6.23-2
CVE-2007-6149
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6148
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6147
	NOT-FOR-US: IAPR COMMENCE
CVE-2007-6146
	NOT-FOR-US: JP1/File Transmission Server/FTP on windows
CVE-2007-6145
	NOT-FOR-US: Hitachi JP1/File Transmission Server/FTP
CVE-2007-6144
	NOT-FOR-US: Xunlei Thunder
CVE-2007-6143
	NOT-FOR-US: VU Case Manager
CVE-2007-6142
	NOT-FOR-US: JAF CMS
CVE-2007-6141
	NOT-FOR-US: vBTube
CVE-2007-6140
	NOT-FOR-US: Dora Emlak
CVE-2007-6139
	NOT-FOR-US: Mp3 ToolBox
CVE-2007-6138
	NOT-FOR-US: VU Mass Mailer
CVE-2007-6137
	NOT-FOR-US: Content Injector
CVE-2007-6136
	NOT-FOR-US: M2Scripts MySpace Scripts
CVE-2007-6135
	NOT-FOR-US: PHPSlideShow
CVE-2007-6134
	NOT-FOR-US: PHPKIT
CVE-2007-6133
	NOT-FOR-US: DevMass Shopping Cart
CVE-2007-6183
	{DSA-1431-1 DTSA-102-1}
	- ruby-gnome2 0.16.0-10 (medium; bug #453689)
CVE-2007-6171
	- asterisk 1:1.4.15~dfsg-1 (medium)
	[sarge] - asterisk <not-affected> (Vulnerable code not present)
	[etch] - asterisk <not-affected> (Vulnerable code not present)
CVE-2007-6170
	{DSA-1417-1}
	- asterisk 1:1.4.15~dfsg-1 (medium)
CVE-2007-6150
	- kfreebsd-7 7.0~cvs20080107-1
	- kfreebsd-6 6.3~cvs20080107-1
	- kfreebsd-5 <removed> (medium; bug #453944)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-6132
	REJECTED
CVE-2007-6131
	- scanbuttond 0.2.3-6 (unimportant; bug #453239)
	NOTE: this is just an example script, maintainer adds a note about it
	NOTE: 0.2.3-6 adds a security note about this script
CVE-2007-6130
	- gnump3d 3.0-1 (medium)
	[sarge] - gnump3d <not-affected> (Vulnerable code not present)
	[etch] - gnump3d <not-affected> (Vulnerable code not present)
CVE-2007-6129
	NOT-FOR-US: Amber script
CVE-2007-6128
	NOT-FOR-US: WorkingOnWeb
CVE-2007-6127
	NOT-FOR-US: Alumni
CVE-2007-6126
	NOT-FOR-US: Alumni
CVE-2007-6125
	NOT-FOR-US: Softbiz Freelancers Script
CVE-2007-6124
	NOT-FOR-US: Softbiz Freelancers Script
CVE-2007-6123
	NOT-FOR-US: IRC Services
CVE-2007-6122
	NOT-FOR-US: IRC Services
CVE-2007-6110
	{DSA-1429-1}
	- htdig 1:3.2.0b6-4 (low; bug #453278)
	[sarge] - htdig <not-affected> (Vulnerable code not present)
CVE-2007-6109
	{DTSA-98-1 DTSA-99-1}
	- emacs22 22.1+1-2.2 (bug #455432)
	- emacs21 21.4a+1-5.2 (bug #455433)
	[etch] - emacs21 <no-dsa> (Minor issue, .el scripts opened need to be trusted)
	- xemacs21 21.4.21-4 (bug #457764)
	[etch] - xemacs21 <no-dsa> (Minor issue, .el scripts opened need to be trusted)
CVE-2007-6108
	RESERVED
CVE-2007-6107
	RESERVED
CVE-2007-6106
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2007-6105
	NOT-FOR-US: TalkBack
CVE-2007-6104
	NOT-FOR-US: FileMaker Pro
CVE-2007-6103
	- ihu 0.5.6-3.1 (unimportant; bug #453280)
	NOTE: Would only terminate normal phone call by hanging up, not a real security bug
CVE-2007-6102
	NOT-FOR-US: feed2js
CVE-2007-6101
	NOT-FOR-US: Ability Mail Server
CVE-2007-6100
	- phpmyadmin 4:2.11.2.2-1
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-6099
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6098
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6097
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6096
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6095
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6094
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6093
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6092
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6091
	NOT-FOR-US: JiRo's Banner System (JBS)
CVE-2007-6090
	NOT-FOR-US: Nuked-Klan
CVE-2007-6089
	NOT-FOR-US: meBiblio
CVE-2007-6088
	NOT-FOR-US: phpBBViet
CVE-2007-6087
	NOT-FOR-US: VigileCMS
CVE-2007-6086
	NOT-FOR-US: VigileCMS
CVE-2007-6085
	NOT-FOR-US: VigileCMS
CVE-2007-6084
	NOT-FOR-US: HotScripts Clone script
CVE-2007-6083
	NOT-FOR-US: IceBB
CVE-2007-6082
	NOT-FOR-US: Sciurus Hosting Panel
CVE-2007-6081
	NOT-FOR-US: Windows
CVE-2007-6080
	NOT-FOR-US: bcoos
CVE-2007-6079
	NOT-FOR-US: bcoos
CVE-2007-6078
	NOT-FOR-US: SkyPortal
CVE-2007-6076
	RESERVED
CVE-2007-6075
	RESERVED
CVE-2007-6074
	RESERVED
CVE-2007-6073
	RESERVED
CVE-2007-6072
	RESERVED
CVE-2007-6071
	RESERVED
CVE-2007-6070
	RESERVED
CVE-2007-6069
	RESERVED
CVE-2007-6068
	RESERVED
CVE-2007-6067
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 8.3.5-13
	[etch] - tcl8.3 <no-dsa> (Minor issue)
	- tcl8.4 8.4.17-1
	[etch] - tcl8.4 <no-dsa> (Minor issue)
	[sarge] - postgresql <unfixed>
CVE-2007-6066
	RESERVED
CVE-2007-6065
	RESERVED
CVE-2007-6064
	RESERVED
CVE-2007-6063
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
	- linux-2.6 2.6.23-2
CVE-2007-6062
	- ngircd 0.10.3-1 (bug #451875)
	[etch] - ngircd 0.10.0-2etch1
CVE-2007-6061
	- audacity 1.3.4-1.1 (bug #453283; low)
	[etch] - audacity <no-dsa> (Minor issue)
CVE-2007-6060
	NOT-FOR-US: AhnLab Antivirus 3 Internet Security 2008 Platinum
CVE-2007-6059
	NOT-FOR-US: Javamail
CVE-2007-6058
	NOT-FOR-US: ProfileCMS
CVE-2007-6057
	NOT-FOR-US: datecomm Social Networking Script
CVE-2007-6056
	NOT-FOR-US: Aida-Web
CVE-2007-6055
	- liferay-portal <itp> (bug #569819)
CVE-2007-6054
	NOT-FOR-US: Aruba 800 Mobility Controller
CVE-2007-6053
	NOT-FOR-US: IBM DB2
CVE-2007-6052
	NOT-FOR-US: IBM DB2
CVE-2007-6051
	NOT-FOR-US: IBM DB2
CVE-2007-6050
	NOT-FOR-US: IBM DB2
CVE-2007-6049
	NOT-FOR-US: IBM DB2
CVE-2007-6048
	NOT-FOR-US: IBM DB2
CVE-2007-6047
	NOT-FOR-US: IBM DB2
CVE-2007-6046
	NOT-FOR-US: IBM DB2
CVE-2007-6045
	NOT-FOR-US: IBM DB2
CVE-2007-6044
	NOT-FOR-US: IBM WebSphere
CVE-2007-6043
	NOT-FOR-US: Windows
CVE-2007-6042
	NOT-FOR-US: SWSoft Confixx Professional
CVE-2007-6041
	NOT-FOR-US: Rigs of Rods (RoR)
CVE-2007-6040
	NOT-FOR-US: Belkin F5D7230-4 Wireless G Router
CVE-2007-6039
	- php5 5.2.5-1 (unimportant; bug #453295)
	NOTE: Not a vulnerability per Debian PHP security policy, requires malicious
	NOTE: script to trigger this issue
CVE-2007-6077
	- rails 1.2.6-1 (low; bug #452748)
CVE-2007-6111
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6112
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6113
	{DTSA-92-1}
	- wireshark 0.99.6pre1-1 (low)
	[etch] - wireshark <no-dsa> (Minor issue, exotic dissector, very intrusive backport)
CVE-2007-6114
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6115
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6116
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6117
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6118
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
CVE-2007-6119
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6120
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6121
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
CVE-2007-6038
	NOT-FOR-US: Joomla! extension
CVE-2007-6037
	NOT-FOR-US: Citrix NetScaler
CVE-2007-6036
	NOT-FOR-US: LIVE555 Media Server
CVE-2007-6034
	REJECTED
CVE-2007-6033
	NOT-FOR-US: Invensys Wonderware InTouch
CVE-2007-6032
	NOT-FOR-US: Aleris Web Publishing Server
CVE-2007-6031
	NOT-FOR-US: VanDyke VShell
CVE-2007-6030
	NOT-FOR-US: Weird Solutions BOOTPTurbo
CVE-2007-6029
	NOTE: this information is based upon a vague advisory by a vulnerability
	NOTE: information sales organization that does not coordinate with vendors or
	NOTE: release actionable advisories. So maybe it is not fixed _but_ since it is
	NOTE: not disclosed it would be hard to fix and track it.
CVE-2007-6028
	NOT-FOR-US: ComponentOne FlexGrid
CVE-2007-6027
	NOT-FOR-US: Joomla! extension
CVE-2007-6026
	NOT-FOR-US: Microsoft Jet Engine
CVE-2007-6025
	- wpasupplicant 0.6.0-4
	[etch] - wpasupplicant <not-affected> (Vulnerable code not present)
	[sarge] - wpasupplicant <not-affected> (Vulnerable code not present)
CVE-2007-6024
	RESERVED
CVE-2007-6023
	RESERVED
CVE-2007-6022
	RESERVED
CVE-2007-6021
	NOT-FOR-US: Adobe PageMaker
CVE-2007-6020
	NOT-FOR-US: KeyView
CVE-2007-6019
	- flashplugin-nonfree 1:1.4
CVE-2007-6018
	{DSA-1470-1}
	- horde3 3.1.6-1 (bug #461131; low)
	- imp4 <not-affected> (xss.php is only present in horde3 package)
CVE-2007-6017
	NOT-FOR-US: Symantec Backup Exec
CVE-2007-6016
	NOT-FOR-US: Symantec Backup Exec
CVE-2007-6015
	{DSA-1427-1 DTSA-100-1}
	- samba 3.0.28-1 (high)
CVE-2007-6014
	NOT-FOR-US: Beehive Forum
CVE-2007-6013
	- wordpress 2.5.0-1 (low; bug #452251)
	[etch] - wordpress <no-dsa> (Minor issue)
	NOTE: if untrusted people are allowed to read the database they could still
	NOTE: crack the hash with more work, so maybe this is unimportant?
CVE-2007-6012
	NOT-FOR-US: DocuSafe
CVE-2007-6035
	{DSA-1418-1}
	- cacti 0.8.7a-1 (medium; bug #452085)
CVE-2007-6011
	NOT-FOR-US: BugHotel
CVE-2007-6010
	{DTSA-89-1}
	- pioneers 0.11.3-2 (low; bug #449541)
	[etch] - pioneers <no-dsa> (Minor issue)
CVE-2007-6009
	NOT-FOR-US: ACD products
CVE-2007-6008
	NOT-FOR-US: Autonomy
CVE-2007-6007
	NOT-FOR-US: Pro Photo Manager
CVE-2007-6006
	NOT-FOR-US: TestLink
CVE-2007-6005
	NOT-FOR-US: WebEx
CVE-2007-6004
	NOT-FOR-US: Toko Instan
CVE-2007-6003
	NOT-FOR-US: SpeedTouch
CVE-2007-6002
	NOT-FOR-US: Fenriru
CVE-2007-6001
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-6000
	- kdebase <unfixed> (unimportant; bug #451794)
	NOTE: not reproducible with 4:3.5.8.dfsg.1-1, poked maintainer
	NOTE: it seems konqueror only treats the cookie value until some special length
	NOTE: as cookie, after this length it will open the rest as site content. This eats alot
	NOTE: ram and cpu but depending on how much ram the system has, konqueror will die after
	NOTE: no memory is left, not treated as security problem.
CVE-2007-5999
	NOT-FOR-US: Softbiz
CVE-2007-5998
	NOT-FOR-US: Softbiz
CVE-2007-5997
	NOT-FOR-US: Softbiz Banner Exchange Network Script
CVE-2007-5996
	NOT-FOR-US: Softbiz Link Directory Script
CVE-2007-5995
	NOT-FOR-US: patBBcode
CVE-2007-5994
	NOT-FOR-US: php photo album
CVE-2007-5993
	NOT-FOR-US: vtls
CVE-2007-5992
	NOT-FOR-US: Social Networking Script
CVE-2007-5991
	NOT-FOR-US: ExoPHPdesk
CVE-2007-5990
	NOT-FOR-US: ExoPHPdesk
CVE-2007-5989
	NOT-FOR-US: Skype
CVE-2007-5988
	NOT-FOR-US: BtiTracker
CVE-2007-5987
	NOT-FOR-US: BtiTracker
CVE-2007-5986
	NOT-FOR-US: BtiTracker
CVE-2007-5985
	NOT-FOR-US: BtiTracker
CVE-2007-5984
	NOT-FOR-US: AutoIndex
CVE-2007-5983
	NOT-FOR-US: AutoIndex
CVE-2007-5982
	NOT-FOR-US: X7 Chat
CVE-2007-5981
	NOT-FOR-US: Lantronix
CVE-2007-5980
	NOT-FOR-US: eggblog
CVE-2007-5979
	NOT-FOR-US: F5 Firepass
CVE-2007-5978
	NOT-FOR-US: XOOPS
CVE-2007-5977
	- phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-5976
	- phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465)
CVE-2007-5975
	NOT-FOR-US: TBSource
CVE-2007-5974
	NOT-FOR-US: JPortal
CVE-2007-5973
	NOT-FOR-US: JPortal
CVE-2007-5972
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: potential attackers must have privileges to store the krb5kdc master key
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5971
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5970
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present referring to maintainer)
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg <removed>
	NOTE: version in experimental is affected by this
	NOTE: the debian maintainers do not yet have access to this issue: http://lists.mysql.com/packagers/377
CVE-2007-5969
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-4 (low; bug #455010)
	- mysql-dfsg-4.1 <removed>
CVE-2007-5968
	REJECTED
CVE-2007-5967
	RESERVED
CVE-2007-5966
	{DSA-1436-1}
	- linux-2.6 2.6.23-2
CVE-2007-5965
	- qt4-x11 4.3.3-1
	[etch] - qt4-x11 <not-affected> (Vulnerable code was introduced in 4.3)
	- qt-x11-free <not-affected> (Vulnerable code was introduced in 4.3)
CVE-2007-5964
	- autofs 3.1.4-8 (medium)
	- autofs5 5.0.3-1
CVE-2007-5963
	- kdebase <unfixed> (unimportant)
	NOTE: This has only theoretical security impact
CVE-2007-5962
	- vsftpd <not-affected> (Vulnerability in Red Hat-specific patch)
CVE-2007-5961
	NOT-FOR-US: Red Hat Network channel search feature
CVE-2007-5960
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-39
CVE-2007-5959
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-38
CVE-2007-5958
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-5957
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2007-5956
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2007-5955
	NOT-FOR-US: UPDIR.NET
CVE-2007-5954
	NOT-FOR-US: JLMForo System
CVE-2007-5953
	NOT-FOR-US: Really Simple CalDAV Store
CVE-2007-5952
	NOT-FOR-US: Helios Calendar
CVE-2007-5951
	NOT-FOR-US: E-Vendejo
CVE-2007-5950
	NOT-FOR-US: NetCommons
CVE-2007-5949
	NOT-FOR-US: IBM Tivoli Service Desk
CVE-2007-5948
	NOT-FOR-US: SF-Shoutbox
CVE-2007-5947
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1 (low; bug #451624)
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-37
CVE-2007-5946
	NOT-FOR-US: HP-UX
CVE-2007-5945
	NOT-FOR-US: usvn
CVE-2007-5944
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-5943
	NOT-FOR-US: Simple Machines Forum
CVE-2007-5942
	- bandersnatch <removed> (unimportant; bug #451365)
	NOTE: Installation path disclosure not treated as a security issue
CVE-2007-5941
	NOT-FOR-US: Adobe Shockwave
CVE-2007-5940
	- texlive-bin 2005.dfsg.2-1
	- feynmf 1.08-1
CVE-2007-5939
	- heimdal <not-affected> (vulnerable code not present, ticketfile is just unlinked which is ok)
CVE-2007-5938
	- linux-2.6 2.6.23-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: we ship the iwl code in /debian/patches/features/all/v7-iwlwifi-add-iwlwifi-wireless-drivers.patch
CVE-2007-5937
	- texlive-bin 2007-13
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5936
	- texlive-bin 2007-13
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5935
	{DTSA-97-1}
	- texlive-bin 2007.dfsg.1-1
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5934
	- php-mdb2 2.5.0b2-1
CVE-2007-5933
	{DTSA-89-1}
	- pioneers 0.11.3-2 (low; bug #449541)
	[etch] - pioneers <no-dsa> (Minor issue)
CVE-2007-5932
	NOT-FOR-US: Fatwire Content Server
CVE-2007-5931
	NOT-FOR-US: OrangeHRM
CVE-2007-5930
	NOT-FOR-US: Cerberus Ftp Server
CVE-2007-5929
	NOT-FOR-US: OpenBase
CVE-2007-5928
	NOT-FOR-US: OpenBase
CVE-2007-5927
	NOT-FOR-US: OpenBase
CVE-2007-5926
	NOT-FOR-US: OpenBase
CVE-2007-5925
	{DSA-1413-1 DTSA-91-1}
	- mysql-dfsg-5.0 5.0.45-3 (medium; bug #451235)
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg <removed>
CVE-2007-5924
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5923
	NOT-FOR-US: eTrust SiteMinder Agent
CVE-2007-5922
	- ircii-pana <not-affected> (Does not ship this script)
CVE-2007-5921
	NOT-FOR-US: Solaris
CVE-2007-5920
	NOT-FOR-US: Domenico Mancini PicoFlat CMS
CVE-2007-5919
	NOT-FOR-US: MyWebFTP
CVE-2007-5918
	NOT-FOR-US: MS TopSites
CVE-2007-5917
	NOT-FOR-US: Skalinks
CVE-2007-5916
	NOT-FOR-US: phphelpdesk
CVE-2007-5915
	NOT-FOR-US: phphelpdesk
CVE-2007-5914
	NOT-FOR-US: JBC Explorer
CVE-2007-5913
	NOT-FOR-US: JBC Explorer
CVE-2007-5912
	NOT-FOR-US: jPORTAL
CVE-2007-5911
	NOT-FOR-US: Viewpoint Media Player
CVE-2007-5910
	NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others
CVE-2007-5909
	NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others
CVE-2007-5908
	REJECTED
CVE-2007-5907
	- xen-3 3.1.2-1 (unimportant; bug #451626)
	- xen-3.0 <removed> (unimportant)
	NOTE: CONFIG_SECCOMP isn't activated in Debian kernels
CVE-2007-5906
	- xen-3 3.1.2-1 (medium; bug #451626)
	- xen-3.0 <removed>
CVE-2007-5905
	NOT-FOR-US: Adobe ColdFusion
CVE-2007-5904
	{DSA-1428-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
	NOTE: Upstream commit 133672efbc1085f9af990bdc145e1822ea93bcf3
CVE-2007-5903
	RESERVED
CVE-2007-5902
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5901
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5900
	NOTE: Apparently a dupe of CVE-2007-4659 due to temporary revoke of the patch
	NOTE: from CVS and later re-introduction
	NOTE: http://bugs.php.net/bug.php?id=41561
CVE-2007-5899
	{DSA-1444-1}
	- php5 5.2.5-1 (bug #453295)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/url_scanner_ex.re?r1=1.76.2.2.2.1&r2=1.76.2.2.2.2&view=patch
	NOTE: fixed in php5/etch svn
CVE-2007-5898
	{DSA-1444-1}
	- php5 5.2.5-1 (bug #453295)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14&r2=1.111.2.2.2.15&view=patch
	NOTE: fixed in php5/etch svn
CVE-2007-5897
	NOT-FOR-US: Oracle
CVE-2007-5896
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-5895
	RESERVED
CVE-2007-5894
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5893
	NOT-FOR-US: Sockets Library
CVE-2007-5892
	NOT-FOR-US: SSReader
CVE-2007-5891
	NOT-FOR-US: ManageEngine OpManager and OpManager
CVE-2007-5890
	NOT-FOR-US: easyGB
CVE-2007-5889
	NOT-FOR-US: IDMOS
CVE-2007-5888
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-5887
	NOT-FOR-US: ASP Message Board
CVE-2007-5886
	RESERVED
CVE-2007-5885
	RESERVED
CVE-2007-5884
	RESERVED
CVE-2007-5883
	RESERVED
CVE-2007-5882
	RESERVED
CVE-2007-5881
	RESERVED
CVE-2007-5880
	RESERVED
CVE-2007-5879
	RESERVED
CVE-2007-5878
	RESERVED
CVE-2007-5877
	RESERVED
CVE-2007-5876
	RESERVED
CVE-2007-5875
	RESERVED
CVE-2007-5874
	RESERVED
CVE-2007-5873
	RESERVED
CVE-2007-5872
	RESERVED
CVE-2007-5871
	RESERVED
CVE-2007-5870
	RESERVED
CVE-2007-5869
	RESERVED
CVE-2007-5868
	RESERVED
CVE-2007-5867
	RESERVED
CVE-2007-5866
	RESERVED
CVE-2007-5865
	RESERVED
CVE-2007-5864
	RESERVED
CVE-2007-5863
	NOT-FOR-US: Apple Mac OS X
CVE-2007-5862
	NOT-FOR-US: Cisco IP Phone 7940
CVE-2007-5861
	NOT-FOR-US: Apple Mac OS X
CVE-2007-5860
	NOT-FOR-US: Spin Tracer (Apple Mac OS X)
CVE-2007-5859
	NOT-FOR-US: Safari RSS (Apple Mac OS X)
CVE-2007-5858
	NOT-FOR-US: Safari (Apple Mac OS X)
CVE-2007-5857
	NOT-FOR-US: Quick Look (Apple Mac OS X)
CVE-2007-5856
	NOT-FOR-US: Quick Look (Apple Mac OS X)
CVE-2007-5855
	NOT-FOR-US: Mail (Apple Mac OS X)
CVE-2007-5854
	NOT-FOR-US: Launch Services (Apple Mac OS X)
CVE-2007-5853
	NOT-FOR-US: IO Storage Family (Apple Mac OS X)
CVE-2007-5852
	RESERVED
CVE-2007-5851
	NOT-FOR-US: iChat (Apple Mac OS X)
CVE-2007-5850
	NOT-FOR-US: Desktop Services (Apple Mac OS X)
CVE-2007-5849
	{DSA-1437-1}
	- cupsys 1.3.5-1 (medium; bug #457453)
	- cups 1.3.5-1 (medium; bug #457453)
	[sarge] - cupsys <not-affected> (Vulnerable code not present)
CVE-2007-5848
	- cupsys 1.2.0
	- cups 1.2.0
	NOTE: This only affects the Cups 1.1 series
	[sarge] - cupsys <no-dsa> (Minor issue, may only lead to an infinite loop)
CVE-2007-5847
	NOT-FOR-US: Core Foundation (Apple Mac OS X)
CVE-2007-5846
	{DSA-1483-1 DTSA-88-1}
	- net-snmp 5.4.1~dfsg-1
	NOTE: 5.4.1 already includes a fix by the upstream author
CVE-2007-5845
	NOT-FOR-US: GuppY
CVE-2007-5844
	NOT-FOR-US: GuppY
CVE-2007-5843
	NOT-FOR-US: scWiki
CVE-2007-5842
	NOT-FOR-US: Vortex Portal
CVE-2007-5841
	NOT-FOR-US: nuBoard
CVE-2007-5840
	NOT-FOR-US: SyndeoCMS
CVE-2007-5838
	NOT-FOR-US: Symantec
CVE-2007-5837
	{DSA-1477-1}
	- yarssr 0.2.2-3 (bug #448721)
CVE-2007-5836
	NOT-FOR-US: Amazing Flash AFCommerce
CVE-2007-5835
	NOT-FOR-US: BosDev BosNews
CVE-2007-5834
	NOT-FOR-US: BosDev BosNews
CVE-2007-5833
	NOT-FOR-US: BosDev BosMarket Business Directory System
CVE-2007-5832
	NOT-FOR-US: SSL-Explorer
CVE-2007-5831
	NOT-FOR-US: SSL-Explorer
CVE-2007-5830
	NOT-FOR-US: Avaya Messaging Storage Server
CVE-2007-5829
	NOT-FOR-US: Symantec AntiVirus
CVE-2007-5828
	- python-django 1.2.1 (unimportant)
	NOTE: this is documented in docs/csrf.txt included in the python-django package and
	NOTE: there is a plugin enabling this feature. This is intended behaviour pre-1.2.
	NOTE: https://docs.djangoproject.com/en/1.10/ref/csrf/#using-csrf
CVE-2007-5827
	{DTSA-106-1}
	- iscsitarget 0.4.15-5 (bug #448873)
	NOTE: init script has "dump" function, which marks conffile correctly
CVE-2007-5826
	NOT-FOR-US: EDraw Flowchart
CVE-2007-5825
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1 (bug #459961)
CVE-2007-5824
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1.1 (bug #459961)
CVE-2007-5823
	NOT-FOR-US: Ben Ng Scribe
CVE-2007-5822
	NOT-FOR-US: Ben Ng Scribe
CVE-2007-5821
	NOT-FOR-US: DM Guestbook
CVE-2007-5820
	NOT-FOR-US: Ax Developer CMS
CVE-2007-5819
	NOT-FOR-US: IBM Tivoli
CVE-2007-5818
	NOT-FOR-US: sBlog
CVE-2007-5817
	NOT-FOR-US: CONTENTCustomizer
CVE-2007-5816
	NOT-FOR-US: CONTENTCustomizer
CVE-2007-5815
	NOT-FOR-US: WebCacheCleaner
CVE-2007-5814
	NOT-FOR-US: SonicWall SSL-VPN NetExtender
CVE-2007-5813
	NOT-FOR-US: ISPworker
CVE-2007-5812
	NOT-FOR-US: ModuleBuilder
CVE-2007-5811
	NOT-FOR-US: phpMyConferences
CVE-2007-5810
	NOT-FOR-US: Hitachi Web Server
CVE-2007-5809
	NOT-FOR-US: Hitachi Web Server
CVE-2007-5808
	NOT-FOR-US: Hitachi Groupmax Collaboration Portal
CVE-2007-5807
	NOT-FOR-US: SSReader
CVE-2007-5806
	NOT-FOR-US: ILIAS
CVE-2007-5805
	NOT-FOR-US: IBM AIX
CVE-2007-5804
	NOT-FOR-US: IBM AIX
CVE-2007-5803
	{DSA-1883-2 DSA-1883-1}
	- nagios2 <removed> (low; bug #482445)
	- nagios3 3.0.2-1 (low; bug #485439)
CVE-2007-5802
	NOT-FOR-US: Firewolf Technologies Synergiser
CVE-2007-5801
	NOT-FOR-US: WORK system e-commerce
CVE-2007-5800
	NOT-FOR-US: BackUpWordPress
CVE-2007-5799
	NOT-FOR-US: IBM WebSphere
CVE-2007-5798
	NOT-FOR-US: IBM WebSphere
CVE-2007-5797
	- geronimo <itp> (bug #481869)
CVE-2007-5796
	NOT-FOR-US: Blue Coat ProxySG
CVE-2007-5794
	{DSA-1430-1}
	- libnss-ldap 256-1 (bug #453868)
CVE-2007-5839
	- ircii-pana <removed> (low; bug #449149)
	[etch] - ircii-pana <no-dsa> (Minor issue)
	[sarge] - ircii-pana <no-dsa> (Minor issue)
CVE-2007-5795
	{DTSA-79-1}
	- emacs22 22.1+1-2.1 (medium; bug #449008)
	NOTE: Emacs 21 is not affected
CVE-2007-5793
	NOT-FOR-US: Stonesoft StoneGate IPS
CVE-2007-5792
	NOT-FOR-US: Vonage Motorola Phone Adapter
CVE-2007-5791
	NOT-FOR-US: Vonage Motorola Phone Adapter
CVE-2007-5790
	NOT-FOR-US: Globe7 soft phone client
CVE-2007-5789
	NOT-FOR-US: Grandstream HT-488
CVE-2007-5788
	NOT-FOR-US: Grandstream HT-488
CVE-2007-5787
	NOT-FOR-US: Micro Login System
CVE-2007-5786
	NOT-FOR-US: GoSamba
CVE-2007-5785
	NOT-FOR-US: JobSite
CVE-2007-5784
	NOT-FOR-US: CaupoShop Pro
CVE-2007-5783
	NOT-FOR-US: emagiC cms
CVE-2007-5782
	NOT-FOR-US: FireConfig
CVE-2007-5781
	NOT-FOR-US: Sige
CVE-2007-5780
	NOT-FOR-US: teatro
CVE-2007-5779
	NOT-FOR-US: Gretech Online Movie Player
CVE-2007-5778
	NOT-FOR-US: Mobile Spy
CVE-2007-5777
	NOT-FOR-US: Blue-Collar Productions i-Gallery
CVE-2007-5776
	NOT-FOR-US: Blue-Collar Productions i-Gallery
CVE-2007-5775
	NOT-FOR-US: BitDefender
CVE-2007-5774
	NOT-FOR-US: Flatnuke
CVE-2007-5773
	NOT-FOR-US: Flatnuke
CVE-2007-5772
	NOT-FOR-US: Flatnuke
CVE-2007-5771
	NOT-FOR-US: Flatnuke
CVE-2007-5770
	{DSA-1412-1 DSA-1411-1 DSA-1410-1}
	- ruby1.9 1.9.0+20071016-1
	- ruby1.8 1.8.6.111-1 (low; bug #451374)
CVE-2007-5769
	- netkit-ftp <not-affected> (Vulnerable code not present)
CVE-2007-5768
	NOT-FOR-US: Globe7 soft phone client
CVE-2007-5767
	NOT-FOR-US: Geronimo Apache
CVE-2007-5766
	NOT-FOR-US: Oracle
CVE-2007-5765
	RESERVED
CVE-2007-5764
	NOT-FOR-US: IBM AIX
CVE-2007-5763
	REJECTED
CVE-2007-5762
	NOT-FOR-US: Novell NetWare Client
CVE-2007-5761
	NOT-FOR-US: Motorola netOctopus
CVE-2007-5760
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-5759
	REJECTED
CVE-2007-5758
	NOT-FOR-US: IBM DB2
CVE-2007-5757
	NOT-FOR-US: IBM DB2
CVE-2007-5756
	NOT-FOR-US: WinPcap
CVE-2007-5755
	NOT-FOR-US: AOL Radio
CVE-2007-5754
	NOT-FOR-US: phpFaber
CVE-2007-5753
	NOT-FOR-US: Light FMan PHP
CVE-2007-5752
	NOT-FOR-US: PHP-AGTC Membership
CVE-2007-5750
	RESERVED
CVE-2007-5749
	RESERVED
CVE-2007-5748
	RESERVED
CVE-2007-5747
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5746
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5745
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5744
	RESERVED
CVE-2007-5743
	RESERVED
	- viewvc 1.0.3-2.1 (bug #416696)
CVE-2007-5742
	{DSA-1421-1 DTSA-90-1}
	- wesnoth 1:1.2.8-1 (medium; bug #453500)
CVE-2007-5741
	{DSA-1405-2 DSA-1405-1}
	- zope-cmfplone 2.5.2-2 (bug #449523)
	[sarge] - zope-cmfplone <not-affected> (Upstream confirms that 2.0 branch is not vulnerable)
	NOTE: Fix available:
	NOTE: http://plone.org/about/security/advisories/cve-2007-5741
CVE-2007-5740
	{DSA-1398-1 DTSA-84-1}
	- perdition 1.17.1-1 (medium; bug #448853)
CVE-2007-5751
	{DTSA-107-1}
	- liferea 1.4.6-1 (low; bug #448850)
	[etch] - liferea <not-affected> (backup feedlist introduced in 1.2.7)
	[sarge] - liferea <not-affected> (backup feedlist introduced in 1.2.7)
	NOTE: this file can contain credentials for rss feeds
CVE-2007-5739
	NOT-FOR-US: Korean GHBoard
CVE-2007-5738
	NOT-FOR-US: Korean GHBoard
CVE-2007-5737
	NOT-FOR-US: Korean GHBoard
CVE-2007-5736
	NOT-FOR-US: SeeBlick
CVE-2007-5735
	NOT-FOR-US: eFileMan
CVE-2007-5734
	NOT-FOR-US: eFileMan
CVE-2007-5733
	NOT-FOR-US: Japanese PHP Gallery Hosting
CVE-2007-5732
	NOT-FOR-US: eLouai's Force Download
CVE-2007-5731
	- slide-webdavclient <not-affected> (Vulnerable code is only in the server part, but debian only has the client part)
CVE-2007-5730
	{DSA-1284-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 72+dfsg-1
	- linux-2.6 <not-affected> (vulnerability does not affected kernel module)
	- linux-2.6.24 <not-affected> (vulnerability does not affected kernel module)
CVE-2007-5729
	{DSA-1284-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 72+dfsg-1
	- linux-2.6 <not-affected> (vulnerability does not affected kernel module)
	- linux-2.6.24 <not-affected> (vulnerability does not affected kernel module)
CVE-2007-5728
	{DSA-1693-1}
	- phppgadmin 4.1.3-0.1 (bug #449103; low)
CVE-2007-5727
	NOT-FOR-US: OneOrZero Helpdesk
CVE-2007-5726
	NOT-FOR-US: Sun Solaris
CVE-2007-5725
	NOT-FOR-US: Smart-Shop
CVE-2007-5724
	NOT-FOR-US: Omnistar Live
CVE-2007-5723
	{DTSA-82-1}
	- nufw 2.2.7-1 (low)
	[etch] - nufw <not-affected> (Vulnerable code not present)
CVE-2007-5722
	NOT-FOR-US: GlobalLink
CVE-2007-5721
	NOT-FOR-US: MySpacePros MySpace Resource Script
CVE-2007-5720
	NOT-FOR-US: ProfileCMS
CVE-2007-5719
	NOT-FOR-US: miniBB
CVE-2007-5717
	NOT-FOR-US: Sun Fire
CVE-2007-5716
	NOT-FOR-US: Sun Solaris 10
CVE-2007-5715
	- denyhosts 2.6-2 (low)
	[etch] - denyhosts <no-dsa> (Minor issue)
	NOTE: bug was fixed with 06_permit_rootlogin_no.dpatch
CVE-2007-5714
	- mldonkey <not-affected> (Gentoo-specific packaging flaw)
CVE-2007-5713
	NOT-FOR-US: Half-Life Server
CVE-2007-5712
	{DSA-1640-1}
	- python-django 0.96-1.1 (low; bug #448838)
CVE-2007-5711
	NOT-FOR-US: Conflict
CVE-2007-5710
	- wordpress 2.3.1-1 (unimportant)
	NOTE: requires register_globals On, which we don't support
CVE-2007-5709
	NOT-FOR-US: Sony SonicStage CONNECT Player
CVE-2007-5718
	- vobcopy 1.0.2-1 (low; bug #448319)
	[etch] - vobcopy <no-dsa> (Minor issue)
	[sarge] - vobcopy <no-dsa> (Minor issue)
CVE-2007-5706
	NOT-FOR-US: Jeebles
CVE-2007-5705
	NOT-FOR-US: Jeebles
CVE-2007-5704
	NOT-FOR-US: CodeWidgets
CVE-2007-5703
	NOT-FOR-US: RSA KEON
CVE-2007-5702
	NOT-FOR-US: SWAMP OpenSUSE
CVE-2007-5701
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5700
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5699
	NOT-FOR-US: eIQNetworks
CVE-2007-5698
	NOT-FOR-US: CREApark GOLD KOY PORTALI
CVE-2007-5697
	NOT-FOR-US: phpImage
CVE-2007-5696
	NOT-FOR-US: phpBasic
CVE-2007-5695
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #448690)
	NOTE: there is no real exploit scenario
CVE-2007-5694
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #447135)
CVE-2007-5693
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #447135)
CVE-2007-5692
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #448689)
CVE-2007-5691
	- iceweasel 2.0.0.8-1 (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-5690
	- zaptel 1:1.4.8~dfsg-1 (unimportant; bug #448763)
	NOTE: zaptel does copy argv[1] into ifr_name but zaptel is not suid root or something
	NOTE: similar so this is no security issue in Debian even if sethdl-new will segfault
CVE-2007-5689
	- sun-java6 6-03-1 (medium)
	- sun-java5 1.5.0-13-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5688
	NOT-FOR-US: Multi Host Forum Pro
CVE-2007-5687
	NOT-FOR-US: JustSystems Ichitaro
CVE-2007-5686
	- shadow <unfixed> (unimportant)
	NOTE: See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so
	NOTE: unknown usernames are not recorded on login failures
CVE-2007-5685
	NOT-FOR-US: shttp
CVE-2007-5684
	- tikiwiki <removed>
CVE-2007-5683
	- tikiwiki <removed>
CVE-2007-5682
	- tikiwiki <removed>
CVE-2007-5681
	RESERVED
CVE-2007-5680
	RESERVED
CVE-2007-5707
	{DSA-1541-1}
	- openldap2.3 2.3.38-1 (medium; bug #440632)
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built)
CVE-2007-5708
	{DSA-1541-1 DTSA-87-1}
	- openldap2.3 2.3.39-1 (medium; bug #448644)
CVE-2007-2983
	NOT-FOR-US: British Telecommunications Consumer webhelper
CVE-2007-5679
	NOT-FOR-US: DM CMS
CVE-2007-5678
	NOT-FOR-US: phpBasic
CVE-2007-5677
	NOT-FOR-US: Hackish
CVE-2007-5676
	NOT-FOR-US: PHP-Nuke
CVE-2007-5675
	NOT-FOR-US: MultiXTpm Application Server
CVE-2007-5674
	NOT-FOR-US: InstaGuide Weather
CVE-2007-5673
	NOT-FOR-US: ifnet WebIf
CVE-2007-5672
	RESERVED
CVE-2007-5671
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-5670
	REJECTED
CVE-2007-5669
	RESERVED
CVE-2007-5668
	RESERVED
CVE-2007-5667
	NOT-FOR-US: Novell Client
CVE-2007-5666
	NOT-FOR-US: Adobe Reader
CVE-2007-5665
	NOT-FOR-US: Novell ZENworks Endpoint Security Management
CVE-2007-5664
	NOT-FOR-US: IBM DB2
CVE-2007-5663
	NOT-FOR-US: Adobe Reader
CVE-2007-5662
	RESERVED
CVE-2007-5661
	NOT-FOR-US: Macrovision InstallShield
CVE-2007-5660
	NOT-FOR-US: MacroVision FLEXnet Connect and InstallShield 2008
CVE-2007-5659
	NOT-FOR-US: Adobe Reader
CVE-2007-5658
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5657
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5656
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5655
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5654
	NOT-FOR-US: LiteSpeed
CVE-2007-5653
	- php5 <not-affected> (windows only)
CVE-2007-5652
	NOT-FOR-US: IBM DB2
CVE-2007-5651
	NOT-FOR-US: Cisco IOS
CVE-2007-5650
	NOT-FOR-US: ReloadCMS
CVE-2007-5649
	NOT-FOR-US: Creative Digital Resources SocketMail
CVE-2007-5648
	NOT-FOR-US: rnote
CVE-2007-5647
	NOT-FOR-US: SocketKB
CVE-2007-5646
	NOT-FOR-US: Simple Machines Forum
CVE-2007-5644
	NOT-FOR-US: Lussumo Vanilla
CVE-2007-5643
	NOT-FOR-US: Lussumo Vanilla
CVE-2007-5642
	NOT-FOR-US: PHP Project Management
CVE-2007-5641
	NOT-FOR-US: PHP Project Management
CVE-2007-5640
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5639
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5638
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5637
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5636
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5635
	NOT-FOR-US: Salford Software Support Incident Tracke
CVE-2007-5634
	NOT-FOR-US: SpeedFan
CVE-2007-5633
	NOT-FOR-US: SpeedFan
CVE-2007-5632
	NOT-FOR-US: Solaris
CVE-2007-5631
	NOT-FOR-US: PeopleAggregator
CVE-2007-5630
	NOT-FOR-US: BBsProcesS BBPortalS
CVE-2007-5629
	NOT-FOR-US: ShoppingTree CandyPress Store #
CVE-2007-5628
	NOT-FOR-US: TOWeLS
CVE-2007-5627
	NOT-FOR-US: Socketmail
CVE-2007-5626
	- bacula 5.0.0-1 (unimportant; bug #446809)
	NOTE: this script needs the default database password and name needs to be set which
	NOTE: would be a bigger problem in a non-trusted environment. Apart from
	NOTE: this is documented in the bacula documentation
	NOTE: Since bacula 5.0.0 "make_catalog_backup.pl" is used by default, which is not affected
CVE-2007-5625
	NOT-FOR-US: Site Search SearchSimon Lite
CVE-2007-5624
	{DSA-1883-2 DSA-1883-1}
	- nagios2 2.9-1.1 (low; bug #448371)
CVE-2007-5623
	{DSA-1495-1}
	- nagios-plugins 1.4.8-2.2 (medium; bug #448372)
	[sarge] - nagios-plugins <not-affected> (Vulnerable code not present)
CVE-2007-5622
	NOT-FOR-US: 3proxy
CVE-2007-5621
	NOT-FOR-US: Token Drupal
	NOTE: Token is not included in the drupal packages
CVE-2007-5620
	NOT-FOR-US: ZZ:FlashChat
CVE-2007-5619
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2007-5618
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
CVE-2007-5617
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2007-5616
	NOT-FOR-US: SSH Tectia Client and Server
CVE-2007-5615
	- jetty 6.1.19-1 (low; bug #454529)
CVE-2007-5614
	- jetty 6.1.19-1 (low; bug #454529)
CVE-2007-5613
	- jetty 6.1.19-1 (low; bug #454529)
CVE-2007-5612
	NOT-FOR-US: IBM Director
CVE-2007-5611
	RESERVED
CVE-2007-5610
	NOT-FOR-US: ActiveX control
CVE-2007-5609
	RESERVED
CVE-2007-5608
	NOT-FOR-US: ActiveX control
CVE-2007-5607
	NOT-FOR-US: ActiveX control
CVE-2007-5606
	NOT-FOR-US: ActiveX control
CVE-2007-5605
	NOT-FOR-US: ActiveX control
CVE-2007-5604
	NOT-FOR-US: ActiveX control
CVE-2007-5603
	NOT-FOR-US: SonicWall SSL-VPN NetExtender
CVE-2007-5602
	NOT-FOR-US: SwiftView Viewer
CVE-2007-5601
	NOT-FOR-US: RealPlayer (windows only issue)
CVE-2007-5600
	NOT-FOR-US: Artmedic CMS
CVE-2007-5599
	NOT-FOR-US: awrate
CVE-2007-5598
	- drupal5 <not-affected> (bug #447748)
	- drupal <not-affected> (bug #447746)
	NOTE: drupal weblinks is not included in the drupal package in debian
CVE-2007-5597
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5596
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5595
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5594
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5593
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5592
	NOT-FOR-US: awzMB
CVE-2007-5591
	NOT-FOR-US: Nortel Enterprise VoIP-Core-CS
CVE-2007-5590
	NOT-FOR-US: Miranda
CVE-2007-5588
	{DTSA-103-1}
	- mnogosearch 3.3.4-4.1 (low; bug #447753)
	[sarge] - mnogosearch <no-dsa> (Minor issue)
	[etch] - mnogosearch <no-dsa> (Minor issue)
CVE-2007-5587
	NOT-FOR-US: Microsoft Windows
CVE-2007-5586
	REJECTED
CVE-2007-5585
	{DTSA-83-1}
	- xscreensaver 5.03-3.1 (medium; bug #448157)
	[etch] - xscreensaver <not-affected> (Vulnerable code not present)
	[sarge] - xscreensaver <not-affected> (Vulnerable code not present)
CVE-2007-5584
	NOT-FOR-US: Cisco
CVE-2007-5583
	NOT-FOR-US: Cisco IP Phone
CVE-2007-5582
	NOT-FOR-US: Cisco
CVE-2007-5581
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2007-5580
	NOT-FOR-US: Cisco
CVE-2007-5589
	{DSA-1403-1}
	- phpmyadmin 4:2.11.1.2-1
CVE-2007-5579
	NOT-FOR-US: Pligg CMS
CVE-2007-5578
	- acidbase 1.3.8 (low)
	[etch] - acidbase <no-dsa> (Minor issue)
CVE-2007-5577
	NOT-FOR-US: Joomla!
CVE-2007-5576
	NOT-FOR-US: BEA Tuxedo
CVE-2007-5575
	NOT-FOR-US: 1024 CMS
CVE-2007-5574
	NOT-FOR-US: PHPDJPHPDJ
CVE-2007-5573
	- limesurvey <itp> (bug #472802)
CVE-2007-5572
	NOT-FOR-US: SPHPBlog
CVE-2007-5571
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2007-5570
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2007-5569
	NOT-FOR-US: Cisco
CVE-2007-5568
	NOT-FOR-US: Cisco
CVE-2007-5567
	- moin <not-affected> (Does not contain the vulnerable code)
	- karrigell <not-affected> (Does not contain the vulnerable code)
	- knowledgeroot <not-affected> (Does not contain the vulnerable code)
CVE-2007-5566
	NOT-FOR-US: PHPBlog
CVE-2007-5565
	NOT-FOR-US: phpSCMS
CVE-2007-5564
	NOT-FOR-US: NSSboard
CVE-2007-5563
	NOT-FOR-US: VirtueMart
CVE-2007-5562
	NOT-FOR-US: Netgear firmware
CVE-2007-5561
	NOT-FOR-US: Oracle
CVE-2007-5560
	NOT-FOR-US: Juniper HTTP Service
CVE-2007-5559
	NOT-FOR-US: IBM ThinkVantage TPM Service
CVE-2007-5558
	NOT-FOR-US: LG Mobile handset
CVE-2007-5557
	NOT-FOR-US: NEC mobile handset
CVE-2007-5556
	NOT-FOR-US: Avaya VoIP Handset
CVE-2007-5555
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2007-5554
	NOT-FOR-US: Oracle
CVE-2007-5553
	REJECTED
CVE-2007-5552
	NOT-FOR-US: Cisco
CVE-2007-5551
	NOT-FOR-US: Cisco
CVE-2007-5550
	NOT-FOR-US: Cisco
CVE-2007-5549
	NOT-FOR-US: Cisco
CVE-2007-5548
	NOT-FOR-US: Cisco
CVE-2007-5547
	NOT-FOR-US: Cisco
CVE-2007-5546
	NOT-FOR-US: TIBCO SmartPGM FX
CVE-2007-5545
	NOT-FOR-US: TIBCO SmartPGM FX
CVE-2007-5544
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-5543
	NOT-FOR-US: Miranda
CVE-2007-5542
	NOT-FOR-US: Miranda
CVE-2007-5541
	NOT-FOR-US: Opera
CVE-2007-5540
	NOT-FOR-US: Opera
CVE-2007-5539
	NOT-FOR-US: Cisco
CVE-2007-5538
	NOT-FOR-US: Cisco
CVE-2007-5537
	NOT-FOR-US: Cisco
CVE-2007-5536
	NOT-FOR-US: HP-UX
CVE-2007-5535
	NOT-FOR-US: RunCms
CVE-2007-5534
	NOT-FOR-US: Oracle
CVE-2007-5533
	NOT-FOR-US: Oracle
CVE-2007-5532
	NOT-FOR-US: Oracle
CVE-2007-5531
	NOT-FOR-US: Oracle
CVE-2007-5530
	NOT-FOR-US: Oracle
CVE-2007-5529
	NOT-FOR-US: Oracle
CVE-2007-5528
	NOT-FOR-US: Oracle
CVE-2007-5527
	NOT-FOR-US: Oracle
CVE-2007-5526
	NOT-FOR-US: Oracle
CVE-2007-5525
	NOT-FOR-US: Oracle
CVE-2007-5524
	NOT-FOR-US: Oracle
CVE-2007-5523
	NOT-FOR-US: Oracle
CVE-2007-5522
	NOT-FOR-US: Oracle
CVE-2007-5521
	NOT-FOR-US: Oracle
CVE-2007-5520
	NOT-FOR-US: Oracle
CVE-2007-5519
	NOT-FOR-US: Oracle
CVE-2007-5518
	NOT-FOR-US: Oracle
CVE-2007-5517
	NOT-FOR-US: Oracle
CVE-2007-5516
	NOT-FOR-US: Oracle
CVE-2007-5515
	NOT-FOR-US: Oracle
CVE-2007-5514
	NOT-FOR-US: Oracle
CVE-2007-5513
	NOT-FOR-US: Oracle
CVE-2007-5512
	NOT-FOR-US: Oracle
CVE-2007-5511
	NOT-FOR-US: Oracle
CVE-2007-5510
	NOT-FOR-US: Oracle
CVE-2007-5509
	NOT-FOR-US: Oracle
CVE-2007-5508
	NOT-FOR-US: Oracle
CVE-2007-5507
	NOT-FOR-US: Oracle
CVE-2007-5506
	NOT-FOR-US: Oracle
CVE-2007-5505
	NOT-FOR-US: Oracle
CVE-2007-5504
	NOT-FOR-US: Oracle
CVE-2007-5503
	{DSA-1542-1 DTSA-96-1}
	- libcairo 1.4.10-1.1 (medium; bug #453686)
CVE-2007-5502
	NOT-FOR-US: OpenSSL Fips object module
CVE-2007-5501
	- linux-2.6 2.6.23-1 (high)
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.21)
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96a2d41a3e495734b63bff4e5dd0112741b93b38
CVE-2007-5500
	{DSA-1428-1}
	- linux-2.6 2.6.23-2
CVE-2007-5499
	REJECTED
CVE-2007-5498
	- xen-unstable <not-affected> (Vulnerable code not present)
	- xen-3 <not-affected> (Vulnerable code not present)
CVE-2007-5497
	{DSA-1422-1 DTSA-95-1}
	- e2fsprogs 1.40.3-1 (bug #454760)
CVE-2007-5496
	NOT-FOR-US: setroubleshoot
CVE-2007-5495
	NOT-FOR-US: setroubleshoot
CVE-2007-5494
	- linux-2.6 <not-affected> (RedHat specific patch)
CVE-2007-5493
	NOT-FOR-US: Windows Mobile
CVE-2007-5492
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (bug #447135)
CVE-2007-5491
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (bug #447135)
CVE-2007-5490
	NOT-FOR-US: Okul Otomasyon Portal
CVE-2007-5489
	NOT-FOR-US: Artmedic CMS
CVE-2007-5487
	NOT-FOR-US: COWON America jetAudioc
CVE-2007-5486
	NOT-FOR-US: dotProject
CVE-2007-5485
	NOT-FOR-US: KwsPHP
CVE-2007-5484
	NOT-FOR-US: WWWISIS
CVE-2007-5483
	NOT-FOR-US: IBM WebSphere
CVE-2007-5482
	NOT-FOR-US: Sun firmware
CVE-2007-5481
	- dcc <not-affected> (vulnerable code introduced in 1.3.65)
CVE-2007-5480
	NOT-FOR-US: ZInnovaAge InnovaShop
CVE-2007-5479
	NOT-FOR-US: Xcomputer
CVE-2007-5478
	NOT-FOR-US: Sbportal
CVE-2007-5477
	NOT-FOR-US: djeyl.net WebMod
CVE-2007-5476
	NOT-FOR-US: Opera specific flash vulnerability
CVE-2007-5475
	NOT-FOR-US: Linksys WAP4400N Wi-Fi access point
CVE-2007-5474
	NOT-FOR-US: Linksys WRT350N Wi-Fi access point
CVE-2007-5473
	- mono <not-affected> (Windows-specific vulnerability)
CVE-2007-5472
	NOT-FOR-US: HIPS
CVE-2007-5488
	- asterisk-addons 1.4.4-1
CVE-2007-5471
	- libgssapi 0.8-1
CVE-2007-5470
	NOT-FOR-US: Microsoft Expression Media
CVE-2007-5469
	- openser 1.3.0-1 (unimportant; bug #446956)
	NOTE: should be only "exploitable" in local network with untrusted users
CVE-2007-5468
	NOT-FOR-US: Cisco
CVE-2007-5467
	NOT-FOR-US: eXtremail
CVE-2007-5466
	NOT-FOR-US: eXtremail
CVE-2007-5465
	NOT-FOR-US: doop CMS
CVE-2007-5464
	NOT-FOR-US: Live for Speed
CVE-2007-5463
	NOT-FOR-US: ViArt Shop
CVE-2007-5462
	NOT-FOR-US: Solaris
CVE-2007-5460
	NOT-FOR-US: Microsoft ActiveSync
CVE-2007-5459
	NOT-FOR-US: MouseoverDictionary
CVE-2007-5458
	NOT-FOR-US: KwsPHP
CVE-2007-5457
	NOT-FOR-US: Joomla! extension
CVE-2007-5456
	NOT-FOR-US: Internet Explorer
CVE-2007-5455
	NOT-FOR-US: WWWISIS
CVE-2007-5454
	NOT-FOR-US: PHP File Sharing
CVE-2007-5453
	NOT-FOR-US: Php-Stats
CVE-2007-5452
	NOT-FOR-US: Php-Stats
CVE-2007-5451
	NOT-FOR-US: Joomla! extension
CVE-2007-5450
	NOT-FOR-US: Apple firmware
CVE-2007-5449
	NOT-FOR-US: Softbiz Recipes Portal Script
CVE-2007-5448
	- madwifi 1:0.9.3.2-2 (medium; bug #446824)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch2
CVE-2007-5447
	NOT-FOR-US: ionCube
CVE-2007-5446
	NOT-FOR-US: PBEmail
CVE-2007-5445
	NOT-FOR-US: VImpX
CVE-2007-5444
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5443
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5442
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5441
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5440
	NOT-FOR-US: Crs Manager
CVE-2007-5439
	NOT-FOR-US: eTrust ITM
CVE-2007-5438
	- vmware-package <not-affected> (Windows only)
CVE-2007-5437
	NOT-FOR-US: eTrust ITM
CVE-2007-5436
	NOT-FOR-US: G DATA Antivirus
CVE-2007-5435
	NOT-FOR-US: CA ERwin Process Modeler
CVE-2007-5434
	NOT-FOR-US: PRO-search
CVE-2007-5433
	NOT-FOR-US: Site-Up
CVE-2007-5432
	NOT-FOR-US: Stride
CVE-2007-5431
	NOT-FOR-US: Stride module
CVE-2007-5430
	NOT-FOR-US: Stride
CVE-2007-5429
	NOT-FOR-US: Nucleus
CVE-2007-5428
	NOT-FOR-US: UMI CMS
CVE-2007-5427
	NOT-FOR-US: Joomla!
CVE-2007-5426
	NOT-FOR-US: ActiveKB NX
CVE-2007-5425
	NOT-FOR-US: ActiveKB NX
CVE-2007-5424
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: if the function is blacklisted but not its alias it is a configuration
	NOTE: issue of the site not a vulnerability in php
CVE-2007-5423
	- tikiwiki <removed>
CVE-2007-5422
	NOT-FOR-US: Solaris Auditing
CVE-2007-5421
	REJECTED
CVE-2007-5420
	NOT-FOR-US: 3Com 3CRWER100-75
CVE-2007-5419
	NOT-FOR-US: 3Com 3CRWER100-75
CVE-2007-5418
	NOT-FOR-US: CARE2X
CVE-2007-5417
	NOT-FOR-US: boastMachine
CVE-2007-5416
	- drupal5 <unfixed> (unimportant; bug #446887)
	- drupal <unfixed> (unimportant)
	NOTE: The underlying PHP issue has been fixed in DSA 1206.
	NOTE: Plus, register_globals is not supported in Debian
CVE-2007-5415
	- iceweasel <removed> (unimportant)
	NOTE: if you are on a site which allows UTF-7 sure you need to sanitize the
	NOTE: equivalent strings in UTF-7
	NOTE: referring to the mozilla security team this is a non-issue and a duplicate of
	NOTE: CVE-2007-5414, mailed mitre
CVE-2007-5414
	- iceweasel 2.0+dfsg-1
CVE-2007-5413
	NOT-FOR-US: HP OpenView
CVE-2007-5412
	NOT-FOR-US: Joomla! extension
CVE-2007-5411
	NOT-FOR-US: Linksys
CVE-2007-5410
	NOT-FOR-US: Joomla! extension
CVE-2007-5409
	NOT-FOR-US: NuSEO
CVE-2007-5408
	NOT-FOR-US: cpDynaLinks
CVE-2007-5407
	NOT-FOR-US: Joomla! extension
CVE-2007-5406
	NOT-FOR-US: KeyView
CVE-2007-5405
	NOT-FOR-US: KeyView
CVE-2007-5404
	NOT-FOR-US: Layton HelpBox
CVE-2007-5403
	NOT-FOR-US: Layton HelpBox
CVE-2007-5402
	NOT-FOR-US: Layton HelpBox
CVE-2007-5401
	NOT-FOR-US: Layton HelpBox
CVE-2007-5400
	NOT-FOR-US: RealPlayer
CVE-2007-5399
	NOT-FOR-US: KeyView
CVE-2007-5398
	{DSA-1409-3 DSA-1409-2 DSA-1409-1}
	- samba 3.0.27-1 (high)
CVE-2007-5397
	NOT-FOR-US: activePDF Server
CVE-2007-5396
	NOT-FOR-US: Miranda
CVE-2007-5395
	{DSA-1432-1}
	- link-grammar 4.2.5-1 (medium; bug #450695)
CVE-2007-5394
	NOT-FOR-US: Adobe PageMaker
CVE-2007-5393
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DSA-1408-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
	NOTE: cups uses xpdf-utils and poppler-utils
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- swftools 0.9.2+ds1-2
CVE-2007-5392
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	[etch] - kdegraphics <not-affected> (Vulnerable code not used)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
	NOTE: cups uses xpdf-utils and poppler-utils
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- swftools 0.9.2+ds1-2
CVE-2007-5461
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-2 (low; bug #448664)
	- tomcat5 <removed>
	NOTE: patch: http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
CVE-2007-5391
	NOT-FOR-US: HP Select Identity
CVE-2007-5390
	NOT-FOR-US: PicoFlat
CVE-2007-5389
	NOT-FOR-US: Joomla! extension
CVE-2007-5388
	NOT-FOR-US: WebDesktop
CVE-2007-5387
	NOT-FOR-US: Pindorama
CVE-2007-5386
	{DSA-1403-1}
	- phpmyadmin 4:2.11.1.2-1 (bug #446451)
	[sarge] - phpmyadmin <not-affected> (vulnerable script not present)
CVE-2007-5385
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5384
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5383
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5382
	NOT-FOR-US: CiscoWorks
CVE-2007-5381
	NOT-FOR-US: Line Printer Daemon (LPD) Cisco
CVE-2007-5380
	- rails 1.2.5-1
CVE-2007-5379
	- rails 1.2.5-1
	[etch] - rails <not-affected> (Vulnerable code not present)
CVE-2007-5378
	{DSA-1743-1 DSA-1416-1 DSA-1415-1}
	- tk8.3 8.3.5-10 (medium; bug #446465)
	- tk8.4 8.4.16-1 (medium)
	- libtk-img 1.3-release-8 (medium)
CVE-2007-5377
	- tramp <not-affected> (the version we ship still uses make-temp-file)
	- emacs22 <not-affected> (the version we ship still uses make-temp-file)
CVE-2007-5376
	RESERVED
CVE-2007-5375
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5374
	NOT-FOR-US: LightBlog
CVE-2007-5373
	{DSA-1517-1 DTSA-68-1}
	- ldapscripts 1.7.1-2 (bug #445582; medium)
CVE-2007-5372
	- sql-ledger <unfixed> (unimportant; bug #446366)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-5371
	NOT-FOR-US: MODx
CVE-2007-5370
	NOT-FOR-US: NetWin
CVE-2007-5369
	NOT-FOR-US: conflict
CVE-2007-5368
	NOT-FOR-US: Sun Solaris
CVE-2007-5367
	NOT-FOR-US: Sun Solaris
CVE-2007-5366
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2007-5365
	{DSA-1388-3 DSA-1388-1}
	- dhcp 2.0pl5dfsg1-20.2 (medium; bug #446354)
	- dhcp3 <not-affected> (dhcp3 does enforce a fixed minimum paket size if it is lower, see line 513 in options.c)
	NOTE: dhcp has a request for removal #446386
CVE-2007-5364
	NOT-FOR-US: ViArt Shopping Cart
CVE-2007-5363
	NOT-FOR-US: Joomla! extension
CVE-2007-5362
	NOT-FOR-US: Joomla! and mambo extension
CVE-2007-5361
	NOT-FOR-US: Alcatel-Lucent OmniPCX Enterprise
CVE-2007-5360
	NOT-FOR-US: OpenPegasus Management server
CVE-2007-5359
	RESERVED
CVE-2007-5358
	- asterisk 1:1.4.13~dfsg-1 (medium)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
CVE-2007-5357
	REJECTED
CVE-2007-5356
	REJECTED
CVE-2007-5355
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5354
	REJECTED
CVE-2007-5353
	REJECTED
CVE-2007-5352
	NOT-FOR-US: Microsoft Windows
CVE-2007-5351
	NOT-FOR-US: Microsoft Vista
CVE-2007-5350
	NOT-FOR-US: Microsoft Vista
CVE-2007-5349
	REJECTED
CVE-2007-5348
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5347
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5346
	REJECTED
CVE-2007-5345
	REJECTED
CVE-2007-5344
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5343
	REJECTED
CVE-2007-5342
	{DSA-1447-1}
	- tomcat5.5 5.5.25-4 (low; bug #458237)
	- tomcat5 <not-affected> (Vulnerable code not present)
CVE-2007-5341
	- iceweasel 2.0.0.8-1
CVE-2007-5340
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (high)
	- xulrunner 1.8.1.9-1 (high)
	- icedove 2.0.0.9-1 (low)
	- iceape 1.1.5 (high)
	NOTE: MFSA2007-29
CVE-2007-5339
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (high)
	- xulrunner 1.8.1.9-1 (bug #447734; high)
	- icedove 2.0.0.9-1 (low)
	- iceape 1.1.5
	NOTE: MFSA2007-29
CVE-2007-5338
	{DSA-1534-2 DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-35
CVE-2007-5337
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-34
CVE-2007-5336
	REJECTED
CVE-2007-5335
	{DSA-1396-1}
	- iceweasel 2.0.0.8-1 (low)
	NOTE: Firefox 2.0-specific issue, doesn't affect xulrunner, iceape or icedove
	NOTE: not mentioned in debian changelog, but mozilla #390983 confirms it went into 2.0.0.8
CVE-2007-5334
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-33
CVE-2007-5333
	- tomcat5.5 5.5.26-1 (low; bug #465645)
	- tomcat5 <removed>
CVE-2007-5332
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5331
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5330
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5329
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5328
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5327
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5326
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5325
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5324
	REJECTED
CVE-2007-5323
	NOT-FOR-US: RepliStor Server Service
CVE-2007-5322
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2007-5321
	NOT-FOR-US: Verlihub Control Panel
CVE-2007-5320
	NOT-FOR-US: Imaging ImagXpress
CVE-2007-5319
	NOT-FOR-US: Solaris
CVE-2007-5318
	NOT-FOR-US: Typolight webCMS
CVE-2007-5317
	REJECTED
CVE-2007-5316
	NOT-FOR-US: Softbiz Jobs
CVE-2007-5315
	NOT-FOR-US: LiveAlbum
CVE-2007-5314
	NOT-FOR-US: xKiosk WEB
CVE-2007-5313
	NOT-FOR-US: Picturesolution
CVE-2007-5312
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5311
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5310
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5309
	NOT-FOR-US: Joomla! extension
CVE-2007-5308
	NOT-FOR-US: phpHPm)
CVE-2007-5307
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5306
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5305
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5304
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5303
	NOT-FOR-US: SnewsCMS
CVE-2007-5302
	NOT-FOR-US: HP System Management Homepage
CVE-2007-5300
	{DSA-1452-1}
	- wzdftpd 0.8.2-2.1 (medium; bug #446192)
CVE-2007-5299
	NOT-FOR-US: SkaDate
CVE-2007-5298
	NOT-FOR-US: CMS Creamotion
CVE-2007-5297
	NOT-FOR-US: Minki
CVE-2007-5296
	NOT-FOR-US: dbList
CVE-2007-5295
	NOT-FOR-US: Wikepage Opus
CVE-2007-5294
	NOT-FOR-US: IDMOS
CVE-2007-5293
	NOT-FOR-US: IDMOS
CVE-2007-5292
	NOT-FOR-US: Directory Image Gallery
CVE-2007-5291
	NOT-FOR-US: DB Manager
CVE-2007-5290
	NOT-FOR-US: MailBee WebMail Pro
CVE-2007-5289
	NOT-FOR-US: HP Mercury Quality Center
CVE-2007-5301
	{DSA-1538-1 DTSA-66-1}
	- alsaplayer 0.99.80~rc4-1 (low; bug #446034)
CVE-2007-5288
	REJECTED
CVE-2007-5287
	REJECTED
CVE-2007-5286
	REJECTED
CVE-2007-5285
	REJECTED
CVE-2007-5284
	REJECTED
CVE-2007-5283
	NOT-FOR-US: Hitachi TPBroker
CVE-2007-5282
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-5281
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-5280
	NOT-FOR-US: Appfuse
CVE-2007-5279
	NOT-FOR-US: PowerArchiver
CVE-2007-5278
	NOT-FOR-US: Zomplog
CVE-2007-5277
	NOT-FOR-US: Internet Explorer
CVE-2007-5276
	NOT-FOR-US: Opera
CVE-2007-5275
	- flashplugin-nonfree 9.0.115.0.1 (bug #449110)
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-5274
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5273
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5272
	NOT-FOR-US: Furkan Tastan Blog
CVE-2007-5271
	NOT-FOR-US: Trionic Cite CMS
CVE-2007-5270
	- drupal <not-affected> (does not ship this module)
CVE-2007-5269
	- libpng 1.2.15~beta5-3 (low; bug #446308)
	[sarge] - libpng <no-dsa> (Minor issue)
	[etch] - libpng 1.2.15~beta5-1+etch2
CVE-2007-5268
	- libpng <not-affected> (Vulnerable code not present in Debian version, introduced in 1.2.19)
CVE-2007-5267
	- libpng <not-affected> (vulnerable code not present)
	NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
	NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
	NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
CVE-2007-5266
	- libpng <not-affected> (vulnerable code not present)
	NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
	NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
	NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
CVE-2007-5265
	NOT-FOR-US: Dawn of Time
CVE-2007-5264
	NOT-FOR-US: Battlefront
CVE-2007-5263
	NOT-FOR-US: Battlefront
CVE-2007-5262
	NOT-FOR-US: Battlefront
CVE-2007-5261
	NOT-FOR-US: MultiCart
CVE-2007-5260
	NOT-FOR-US: ASP-CMS
CVE-2007-5259
	NOT-FOR-US: SysAid
CVE-2007-5258
	NOT-FOR-US: FreeLog
CVE-2007-5257
	NOT-FOR-US: EDraw Office Viewer
CVE-2007-5256
	NOT-FOR-US: FSD
CVE-2007-5255
	NOT-FOR-US: Google Mini Search Appliance
CVE-2007-5254
	NOT-FOR-US: VirusBlokAda Vba32 AntiVirus
CVE-2007-5253
	NOT-FOR-US: Cart32
CVE-2007-5252
	NOT-FOR-US: NetSupport Manager/School Student
CVE-2007-5251
	NOT-FOR-US: Helm
CVE-2007-5250
	NOT-FOR-US: Americas Army
CVE-2007-5249
	NOT-FOR-US: Americas Army
CVE-2007-5248
	NOT-FOR-US: Doom 3 engine
CVE-2007-5247
	NOT-FOR-US: Monolith engine
CVE-2007-5246
	- firebird2.0 2.0.3.12981.ds1-1
	- firebird1.5 <removed> (medium; bug #446472)
CVE-2007-5245
	- firebird2.0 2.0.3.12981.ds1-1
	- firebird1.5 <removed> (medium; bug #446475)
CVE-2007-5244
	NOT-FOR-US: Borland InterBase
CVE-2007-5243
	NOT-FOR-US: Borland InterBase
CVE-2007-5242
	NOT-FOR-US: HP OpenVMS
CVE-2007-5241
	NOT-FOR-US: HP OpenVMS
CVE-2007-5240
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5239
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5238
	- sun-java6 6-03-1 (unimportant)
	- sun-java5 1.5.0-13-1 (unimportant)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
	NOTE: Leaked information hardly sensitive
CVE-2007-5237
	- sun-java6 6-03-1 (medium)
	- sun-java5 1.5.0-13-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5236
	- sun-java6 <not-affected> (Windows only)
	- sun-java5 <not-affected> (Windows only)
	- openjdk-6 <not-affected> (Windows only)
CVE-2007-5235
	NOT-FOR-US: Uebimiau
CVE-2007-5234
	NOT-FOR-US: Ossigeno CMS
CVE-2007-5233
	NOT-FOR-US: Web Template Management System
CVE-2007-5232
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5231
	NOT-FOR-US: Zomplog
CVE-2007-5230
	NOT-FOR-US: Zomplog
CVE-2007-5229
	NOT-FOR-US: FeedBurner FeedSmith wordpress plugin
CVE-2007-5228
	- drupal <not-affected> (does not shipt this module)
CVE-2007-5227
	NOT-FOR-US: BlackBoard Learning System
CVE-2007-5226
	- dircproxy 1.0.5-5.1 (low; bug #445883)
	[sarge] - dircproxy <no-dsa> (Minor issue)
	[etch] - dircproxy 1.0.5-5etch1
CVE-2007-5225
	NOT-FOR-US: Sun Solaris
CVE-2007-5224
	NOT-FOR-US: Original Photo Gallery
CVE-2007-5223
	NOT-FOR-US: AlstraSoft
CVE-2007-5222
	NOT-FOR-US: MAXdev
CVE-2007-5221
	NOT-FOR-US: Poppawid
CVE-2007-5220
	NOT-FOR-US: ASP Product Catalog
CVE-2007-5219
	NOT-FOR-US: CyberLink Power DVD
CVE-2007-5218
	NOT-FOR-US: Don Barnes DRBGuestbook
CVE-2007-5217
	NOT-FOR-US: Altnet Download Manager
CVE-2007-5216
	NOT-FOR-US: eArk
CVE-2007-5215
	NOT-FOR-US: GodSend
CVE-2007-5214
	NOT-FOR-US: Axis Network Camera
CVE-2007-5213
	NOT-FOR-US: Axis Network Camera
CVE-2007-5212
	NOT-FOR-US: Axis Network Camera
CVE-2007-5211
	NOT-FOR-US: Peakflow
CVE-2007-5210
	NOT-FOR-US: Peakflow
CVE-2007-5209
	NOT-FOR-US: CenterTools
CVE-2007-5208
	{DSA-1462-1 DTSA-72-1}
	- hplip 1.6.10-4.3 (medium; bug #447341)
	[sarge] - hplip <not-affected> (This code was using smtp directly)
CVE-2007-5206
	RESERVED
CVE-2007-5205
	RESERVED
CVE-2007-5204
	RESERVED
CVE-2007-5203
	RESERVED
CVE-2007-5202
	RESERVED
CVE-2007-5201
	- duplicity 0.4.3-2 (low; bug #442840)
	[etch] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3)
	[sarge] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3)
	NOTE: ftp is an inherently insecure protocol, any security-sensitive data would
	NOTE: be transferred through the scp, sftp or rsync backends.
	NOTE: http://lists.debian.org/debian-release/2008/01/msg00190.html
CVE-2007-5200
	{DTSA-74-1}
	- hugin 0.6.1-1.1 (low; bug #447344)
	[etch] - hugin <no-dsa> (Minor issue)
CVE-2007-5199
	- libxfont 1:1.3.2-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=327854
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef
CVE-2007-5198
	{DSA-1495-1 DTSA-67-1}
	- nagios-plugins 1.4.8-2.2 (low; bug #445475)
	NOTE: Requires the webserver, which has to be checked, to be compromised
CVE-2007-5197
	{DSA-1397-1 DTSA-76-1}
	- mono 1.2.5.1-2
CVE-2007-5196
	NOT-FOR-US: novell-groupwise-client
CVE-2007-5195
	NOT-FOR-US: novell-groupwise-client
CVE-2007-5194
	NOT-FOR-US: rMake
CVE-2007-5192
	RESERVED
CVE-2007-5191
	{DSA-1450-1 DSA-1449-1 DTSA-64-1 DTSA-70-1}
	- util-linux 2.13-8 (low)
	- loop-aes-utils 2.13-2 (low)
CVE-2007-5190
	NOT-FOR-US: Alcatel OmniVista
CVE-2007-5189
	NOT-FOR-US: X-Script
CVE-2007-5188
	NOT-FOR-US: Xoops
CVE-2007-5187
	NOT-FOR-US: Php-Fusion
CVE-2007-5186
	NOT-FOR-US: Segue CMS
CVE-2007-5185
	NOT-FOR-US: phpWCMS XT
CVE-2007-5184
	NOT-FOR-US: smbFtpd
CVE-2007-5183
	NOT-FOR-US: OdysseySuite
CVE-2007-5182
	NOT-FOR-US: Netkamp Emlak Scripti
CVE-2007-5181
	NOT-FOR-US: Netkamp Emlak Scripti
CVE-2007-5180
	NOT-FOR-US: Ohesa Emlak Portali
CVE-2007-5179
	NOT-FOR-US: Iletisim Formu
CVE-2007-5178
	NOT-FOR-US: mxBB
CVE-2007-5177
	NOT-FOR-US: Mambo extension
CVE-2007-5176
	NOT-FOR-US: eHelpDesk
CVE-2007-5175
	NOT-FOR-US: actSite
CVE-2007-5174
	NOT-FOR-US: actSite
CVE-2007-5173
	NOT-FOR-US: phpBB Openid
CVE-2007-5207
	- guilt 0.27-1.2 (medium; bug #445308)
CVE-2007-5193
	- twiki 1:4.1.2-3 (bug #444982; low)
	[etch] - twiki <no-dsa> (Minor packaging flaw, doesn't warrant an update)
CVE-2007-5172
	NOT-FOR-US: Quicksilver Forums
CVE-2007-5171
	NOT-FOR-US: Quicksilver Forums
CVE-2007-5170
	NOT-FOR-US: Sun Fire
CVE-2007-5169
	NOT-FOR-US: Adobe PageMaker
CVE-2007-5168
	NOT-FOR-US: Clan lite
CVE-2007-5167
	NOT-FOR-US: phpLister
CVE-2007-5166
	NOT-FOR-US: SiteSys
CVE-2007-5165
	NOT-FOR-US: myIpacNG-stats
CVE-2007-5164
	NOT-FOR-US: UniversiBO
CVE-2007-5163
	NOT-FOR-US: nexty
CVE-2007-5162
	{DSA-1412-1 DSA-1411-1 DSA-1410-1}
	- ruby1.9 1.9.0+20071016-1 (low)
	- ruby1.8 1.8.6.111-1 (low; bug #444929)
	NOTE: fix for 1.8 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504
CVE-2007-5161
	NOT-FOR-US: Feedreader 3
	NOTE: editor not included in native wordpress
CVE-2007-5160
	NOT-FOR-US: Thierry Leriche Restaurant Management System
CVE-2007-5159
	- ntfs-3g 1:1.913-2 (medium; bug #445315)
CVE-2007-5158
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5157
	NOT-FOR-US: PHP Fidonet Tosser
CVE-2007-5156
	- knowledgeroot 0.9.8.4-1.1 (unimportant; bug #444928)
	- moin 1.5.8-4.1 (unimportant)
	NOTE: This problem should rather be addressed by proper httpd config
	NOTE: The change only adds a workaround for insecure configs
	- karrigell <not-affected> (Does not include vulnerable php code)
	- gforge 4.6.99+svn6169-1 (low; bug #447590)
	[etch] - gforge <not-affected> (fckeditor is not shipped in these versions)
	[sarge] - gforge <not-affected> (fckeditor is not shipped in these versions)
CVE-2007-5155
	NOT-FOR-US: ICEOWS
CVE-2007-5154
	NOT-FOR-US: Aipo
CVE-2007-5153
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-5152
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-5151
	NOT-FOR-US: NukeSentinel
CVE-2007-5150
	NOT-FOR-US: NukeSentinel
CVE-2007-5149
	NOT-FOR-US: North Country Public Radio Public Media Manager
CVE-2007-5148
	NOT-FOR-US: FrontAccounting
CVE-2007-5147
	NOT-FOR-US: Puzzle Apps CMS
CVE-2007-5146
	NOT-FOR-US: Der Dirigent
CVE-2007-5145
	NOT-FOR-US: Windows XP
CVE-2007-5144
	NOT-FOR-US: Windows Live Messenger
CVE-2007-5143
	NOT-FOR-US: Anti-Virus for Windows Servers
CVE-2007-5142
	NOT-FOR-US: Solidweb Novus
CVE-2007-5141
	NOT-FOR-US: SiteX
CVE-2007-5140
	NOT-FOR-US: IntegraMOD Nederland
CVE-2007-5139
	NOT-FOR-US: Chupix
CVE-2007-5138
	NOT-FOR-US: lustig.cms
CVE-2007-5137
	{DSA-1743-1}
	- tk8.4 8.4.16-1
	[etch] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13)
	[sarge] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13)
	- tk8.3 <not-affected> (Vulnerability was introduced in 8.4.13)
	- libtk-img 1.3-release-8
CVE-2007-5136
	NOT-FOR-US: DFD Cart
CVE-2007-5134
	NOT-FOR-US: Cisco firmware
CVE-2007-5133
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2007-5132
	NOT-FOR-US: Solaris
CVE-2007-5131
	NOT-FOR-US: ActiveKB
CVE-2007-5130
	NOT-FOR-US: SimpGB
CVE-2007-5129
	NOT-FOR-US: SimpGB
CVE-2007-5128
	NOT-FOR-US: SimpNews
CVE-2007-5127
	NOT-FOR-US: SimpGB
CVE-2007-5126
	NOT-FOR-US: Symantec Veritas Backup Exec
CVE-2007-5125
	REJECTED
CVE-2007-5124
	NOT-FOR-US: AOL Messenger
CVE-2007-5123
	NOT-FOR-US: Solidweb Novus
CVE-2007-5122
	NOT-FOR-US: SoftBiz Classifieds PLUS
CVE-2007-5121
	- jspwiki <not-affected> (The version we ship does not process a redirect parameter in Login.jsp and other source files)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5120
	- jspwiki 2.5.139-1 (medium; bug #445477)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5119
	- jspwiki 2.5.139-1 (unimportant; bug #445477)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5118
	NOT-FOR-US: Solaris
CVE-2007-5117
	NOT-FOR-US: FrontAccounting
CVE-2007-5116
	{DSA-1400-1 DTSA-78-1}
	- perl 5.8.8-12 (medium; bug #450794)
	NOTE: http://public.activestate.com/cgi-bin/perlbrowse/30647
CVE-2007-5135
	{DSA-1379-1}
	- openssl 0.9.8e-9 (low; bug #444435)
	[sarge] - openssl 0.9.7e-3sarge5
CVE-2007-5115
	NOT-FOR-US: Ekke Doerre Contenido
CVE-2007-5114
	NOT-FOR-US: phpmyProfiler
CVE-2007-5113
	NOT-FOR-US: Google Urchin
CVE-2007-5112
	NOT-FOR-US: Google Urchin
CVE-2007-5111
	NOT-FOR-US: ebCrypt
CVE-2007-5110
	NOT-FOR-US: ebCrypt
CVE-2007-5109
	NOT-FOR-US: flatnuke
CVE-2007-5108
	NOT-FOR-US: IAC Search & Media ask.com toolbar
CVE-2007-5107
	NOT-FOR-US: AskJeevesToolBar
CVE-2007-5106
	- wordpress 2.0.2-1 (low)
CVE-2007-5105
	- wordpress 2.0.4-1 (low)
CVE-2007-5104
	NOT-FOR-US: bcoos
CVE-2007-5103
	NOT-FOR-US: Wordsmith
CVE-2007-5102
	NOT-FOR-US: Wordsmith
CVE-2007-5101
	NOT-FOR-US: ChironFS
CVE-2007-5100
	NOT-FOR-US: phpBB plus (phpbb2 does not include this module)
CVE-2007-5099
	NOT-FOR-US: helplink
CVE-2007-5098
	NOT-FOR-US: DFD Cart
CVE-2007-5097
	NOT-FOR-US: Online Fantasy Football League
CVE-2007-5096
	NOT-FOR-US: guanxiCRM Business Solution
CVE-2007-5095
	NOT-FOR-US: Windows Media Player
CVE-2007-5094
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-5093
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1381-2}
	- linux-2.6 2.6.23-1
CVE-2007-5092
	NOT-FOR-US: phpNuke module
CVE-2007-5091
	- egroupware 1.2.107-2.dfsg-2 (low; bug #444351)
CVE-2007-5090
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-5089
	NOT-FOR-US: Sklog
CVE-2007-5088
	NOT-FOR-US: freeside
CVE-2007-5087
	- linux-2.6 <not-affected> (2.6 code base handles ARP entries differently)
CVE-2007-5086
	NOT-FOR-US: Kaspersky Anti-Virus and Internet Security 7.0
CVE-2007-5085
	NOT-FOR-US: Geronimo Apache
CVE-2007-5084
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2007-5083
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2007-5082
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2007-5081
	NOT-FOR-US: RealPlayer
CVE-2007-5080
	NOT-FOR-US: RealPlayer
CVE-2007-5079
	- gdm <not-affected> (Red Hat-specific packaging flaw)
CVE-2007-5078
	NOT-FOR-US: eGov Manager
CVE-2007-5077
	RESERVED
CVE-2007-5076
	RESERVED
CVE-2007-5075
	RESERVED
CVE-2007-5074
	RESERVED
CVE-2007-5073
	RESERVED
CVE-2007-5072
	NOT-FOR-US: Simple PHP Blog
CVE-2007-5071
	NOT-FOR-US: Simple PHP Blog
CVE-2007-5070
	NOT-FOR-US: Easy Mail Message Printer
CVE-2007-5069
	NOT-FOR-US: PHP-Nuke
CVE-2007-5068
	NOT-FOR-US: phpFullAnnu
CVE-2007-5067
	NOT-FOR-US: iMatix Xitami Web Server
CVE-2007-5066
	- webmin <removed>
CVE-2007-5065
	NOT-FOR-US: Joomla! extension
CVE-2007-5064
	NOT-FOR-US: Xunlei Web Thunder
CVE-2007-5063
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2007-5062
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2007-5061
	NOT-FOR-US: Clansphere
CVE-2007-5060
	NOT-FOR-US: XCMS
CVE-2007-5059
	NOT-FOR-US: GreenSQL
CVE-2007-5058
	NOT-FOR-US: Barracuda
CVE-2007-5057
	NOT-FOR-US: NetSupport Manager Client
CVE-2007-5056
	NOT-FOR-US: ADOdb Lite
CVE-2007-5055
	NOT-FOR-US: iziContents
CVE-2007-5054
	NOT-FOR-US: iziContents
CVE-2007-5053
	NOT-FOR-US: iziContents
CVE-2007-5052
	NOT-FOR-US: Vigile CMS
CVE-2007-5051
	{DSA-1559-1}
	- phpgedview 4.1.e+4.1.1-2 (low; bug #443901)
CVE-2007-5050
	NOT-FOR-US: Neuron News
CVE-2007-5049
	REJECTED
CVE-2007-5048
	NOT-FOR-US: lhaplus
CVE-2007-5047
	NOT-FOR-US: Norton Internet Security
CVE-2007-5046
	NOT-FOR-US: IceWarp Merak Mail Server
CVE-2007-5045
	- iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
	- icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
CVE-2007-5044
	NOT-FOR-US: ZoneAlam Pro
CVE-2007-5043
	NOT-FOR-US: Kaspersky Internet Security
CVE-2007-5042
	NOT-FOR-US: Outpost Firewall PRO
CVE-2007-5041
	NOT-FOR-US: G DATA InternetSecurity
CVE-2007-5040
	NOT-FOR-US: Ghost Security Suite
CVE-2007-5039
	NOT-FOR-US: Ghost Security Suite
CVE-2007-5038
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-5037
	{DSA-1440-1}
	- inotify-tools 3.11-1 (medium; bug #443913)
CVE-2007-5036
	NOT-FOR-US: AirDefense firmware
CVE-2007-5035
	NOT-FOR-US: openEngine
CVE-2007-5034
	{DSA-1380-1}
	- elinks 0.11.1-1.5 (low; bug #443914)
CVE-2007-5033
	NOT-FOR-US: phpBB XS
CVE-2007-5032
	NOT-FOR-US: Php-Nuke
CVE-2007-5031
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5030
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5029
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5028
	- dibbler 0.6.1-1 (medium; bug #444002)
CVE-2007-5027
	NOT-FOR-US: WBR3404TX firmware
CVE-2007-5026
	NOT-FOR-US: dBlog CMS
CVE-2007-5025
	NOT-FOR-US: VMware
CVE-2007-5024
	NOT-FOR-US: VMware
CVE-2007-5023
	NOT-FOR-US: VMware
CVE-2007-5022
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2007-5021
	REJECTED
CVE-2007-5020
	NOT-FOR-US: Acrobat Reader
CVE-2007-XXXX [mimep insecure tempfile usage and insecure calls to LaTeX and dvips]
	- mp 3.7.1-8 (low)
	[sarge] - mp <no-dsa> (Minor issue)
	[etch] - mp <no-dsa> (Minor issue)
	NOTE: Can be fixed in a point update
CVE-2007-5019
	- sun-java6 <removed> (unimportant)
	- sun-java5 <removed> (unimportant)
	- openjdk-6 <removed> (unimportant)
	NOTE: exploiting this would not work under Linux
CVE-2007-5018
	NOT-FOR-US: Pegasus Mail Mercury
CVE-2007-5017
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-5016
	NOT-FOR-US: OneCMS
CVE-2007-5015
	NOT-FOR-US: Streamline
CVE-2007-5014
	NOT-FOR-US: pSlash
CVE-2007-5013
	NOT-FOR-US: Phormer
CVE-2007-5012
	NOT-FOR-US: PhpWebGallery
CVE-2007-5011
	NOT-FOR-US: WebBatch
CVE-2007-5010
	NOT-FOR-US: WebBatch
CVE-2007-5009
	NOT-FOR-US: Phpbb Plus
	NOTE: vulnerable code not included in phpbb2
CVE-2007-5008
	NOT-FOR-US: HP-UX
CVE-2007-5007
	- balsa 2.3.20-1 (low)
	[etch] - balsa 2.3.13-3
	NOTE: Minor issue fixed in 4.0r4 point release
	[sarge] - balsa <no-dsa> (Minor issue)
	NOTE: attacker needs to get the victim a prepared server to use
CVE-2007-5006
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5005
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5004
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5003
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5002
	RESERVED
CVE-2007-5001
	- linux-2.6 <not-affected> (RedHat/RHEL3 specific patch only)
CVE-2007-5000
	[sarge] - apache2 <no-dsa> (minor issue)
	[sarge] - apache <no-dsa> (minor issue)
	- apache2 2.2.8-1 (low)
	- apache <removed> (low)
	[etch] - apache2 2.2.3-4+etch4
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-4999
	- pidgin 2.2.2-1 (medium)
CVE-2007-4998
	- coreutils 4.1.2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=356471
CVE-2007-4997
	{DSA-1428-1}
	- linux-2.6 2.6.23-1
CVE-2007-4996
	- pidgin 2.2.1-1 (medium)
	NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0
CVE-2007-4995
	{DSA-1571-1}
	- openssl 0.9.8f-1 (low)
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
	- openssl096 <not-affected> (DTLS support was introduced in 0.9.8)
	[sarge] - openssl <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2007-4994
	NOT-FOR-US: Redhat Certificate Server
CVE-2007-4993
	{DSA-1384-1}
	- xen-3 3.1.1-1 (medium; bug #444430)
	- xen-3.0 <removed>
CVE-2007-4992
	- firebird1.5 <removed> (medium; bug #446373)
	- firebird2.0 2.0.3.12981.ds1-1 (medium)
CVE-2007-4991
	NOT-FOR-US: Microsoft Internet Security and Acceleration
CVE-2007-4990
	{DSA-1385-1}
	- xfs 1:1.0.5-1
CVE-2007-4989
	REJECTED
CVE-2007-4988
	{DSA-1903-1 DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4987
	{DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
CVE-2007-4986
	{DSA-1903-1 DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4985
	{DSA-1903-1 DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4984
	NOT-FOR-US: StylesDemo
CVE-2007-4983
	NOT-FOR-US: jetAudio
CVE-2007-4982
	NOT-FOR-US: QRCode
CVE-2007-4981
	NOT-FOR-US: Obedit
CVE-2007-4980
	NOT-FOR-US: GCALDaemon
CVE-2007-4979
	NOT-FOR-US: KwsPHP
CVE-2007-4978
	NOT-FOR-US: phpSyncML
CVE-2007-4977
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-4976
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-4975
	NOT-FOR-US: b1gMail
CVE-2007-4974
	{DSA-1442-1}
	- libsndfile 1.0.17-4 (bug #443386; medium)
	[sarge] - libsndfile <not-affected> (Vulnerable code not present)
	- ardour 1:2.1-1.1 (medium; bug #445889)
	[sarge] - ardour <not-affected> (Vulnerable code not present)
	[etch] - ardour <not-affected> (Vulnerable code not present)
CVE-2007-4973
	RESERVED
CVE-2007-4972
	NOT-FOR-US: NtRegmon
CVE-2007-4971
	NOT-FOR-US: ProSecurity
CVE-2007-4970
	NOT-FOR-US: ProcessGuard
CVE-2007-4969
	NOT-FOR-US: Process Monitor
CVE-2007-4968
	NOT-FOR-US: Privatefirewal
CVE-2007-4967
	NOT-FOR-US: Online Armor Personal Firewall
CVE-2007-4966
	NOTE: Duplicate of CVE-2007-3913
CVE-2007-4965
	{DSA-1620-1 DSA-1551-1}
	- python2.5 2.5.1-6 (low; bug #443333)
	[etch] - python2.5 <no-dsa> (Minor issue)
	[sarge] - python2.5 <no-dsa> (Minor issue)
	- python2.4 2.4.4-7 (low; bug #443335)
	[etch] - python2.4 <no-dsa> (Minor issue)
CVE-2007-4964
	NOT-FOR-US: WinImage
CVE-2007-4963
	NOT-FOR-US: WinImage
CVE-2007-4962
	NOT-FOR-US: WinImage
CVE-2007-4961
	- secondlife-client <itp> (low; bug #406335)
CVE-2007-4960
	- secondlife-client <itp> (low; bug #406335)
CVE-2007-4959
	NOT-FOR-US: osCMax
CVE-2007-4958
	NOT-FOR-US: TinyWebGallery
CVE-2007-4957
	NOT-FOR-US: ChupixCMS
CVE-2007-4956
	NOT-FOR-US: KwsPhp
CVE-2007-4955
	NOT-FOR-US: Joomla! extension
CVE-2007-4954
	NOT-FOR-US: Joomla! extension
CVE-2007-4953
	NOT-FOR-US: SimpCMS
CVE-2007-4952
	NOT-FOR-US: OmniStar Article Manager
CVE-2007-4951
	NOT-FOR-US: YaPiG
CVE-2007-4950
	NOT-FOR-US: Phportal
CVE-2007-4949
	NOT-FOR-US: phpreactor
CVE-2007-4948
	NOT-FOR-US: Webmedia Explorer
CVE-2007-4947
	NOT-FOR-US: myphpPagetool
CVE-2007-4946
	NOT-FOR-US: LetterGrade
CVE-2007-4945
	NOT-FOR-US: LetterGrade
CVE-2007-4944
	NOT-FOR-US: Opera
CVE-2007-4943
	NOT-FOR-US: Baofeng Storm
CVE-2007-4942
	NOT-FOR-US: Focus/SIS
CVE-2007-4941
	NOT-FOR-US: KMPlayer for windows
	NOTE: its not kmplayer we ship its a windows only media player
CVE-2007-4940
	NOT-FOR-US: Media Player Classic
CVE-2007-4939
	NOT-FOR-US: Media Player Classic
CVE-2007-4938
	{DTSA-65-1}
	- mplayer 1.0~rc1-16.1 (bug #443478)
CVE-2007-4937
	NOT-FOR-US: CS Guestbook
CVE-2007-4936
	NOT-FOR-US: SafeSquid
CVE-2007-4935
	NOT-FOR-US: phpFFL
CVE-2007-4934
	NOT-FOR-US: phpFFL
CVE-2007-4933
	NOT-FOR-US: Shop-Script FREE
CVE-2007-4932
	NOT-FOR-US: Shop-Script FREE
CVE-2007-4931
	NOT-FOR-US: HP System Management Homepage
CVE-2007-4930
	NOT-FOR-US: Axis firmware
CVE-2007-4929
	NOT-FOR-US: Axis firmware
CVE-2007-4928
	NOT-FOR-US: Axis firmware
CVE-2007-4927
	NOT-FOR-US: Axis firmware
CVE-2007-4926
	NOT-FOR-US: Axis firmware
CVE-2007-4925
	NOT-FOR-US: eWire Payment Client
CVE-2007-4924
	- opal 2.2.11~dfsg1-1 (low)
	[etch] - opal 2.2.3.dfsg-3+etch1 (bug #454141)
	NOTE: will be fixed by regular stable update
CVE-2007-4923
	NOT-FOR-US: Joomla extension
CVE-2007-4922
	NOT-FOR-US: KwsPhp
CVE-2007-4921
	NOT-FOR-US: Ajax File Browser
CVE-2007-4920
	NOT-FOR-US: Webquest
CVE-2007-4919
	NOT-FOR-US: Jblog
CVE-2007-4918
	NOT-FOR-US: Gelato
CVE-2007-4917
	NOT-FOR-US: Php-Stats
CVE-2007-4916
	NOT-FOR-US: MFC Library
CVE-2007-4915
	- boa <not-affected> (We don't ship this extension)
CVE-2007-4914
	NOT-FOR-US: Invision Power Board
CVE-2007-4913
	NOT-FOR-US: Invision Power Board
CVE-2007-4912
	NOT-FOR-US: Invision Power Board
CVE-2007-4911
	NOT-FOR-US: JetCast Server
CVE-2007-4910
	NOT-FOR-US: Netinvoicing
CVE-2007-4909
	NOT-FOR-US: WinSCP
CVE-2007-4908
	NOT-FOR-US: AuraCMS
CVE-2007-4907
	NOT-FOR-US: X-Cart
CVE-2007-4906
	NOT-FOR-US: NuclearBB
CVE-2007-4905
	NOT-FOR-US: AuraCMS
CVE-2007-4904
	- helix-player <unfixed> (unimportant; bug #443130)
	NOTE: Just a floating point exception by via a crafted .au file)
CVE-2007-4903
	NOT-FOR-US: Ultra Crypto Component
CVE-2007-4902
	NOT-FOR-US: Ultra Crypto Component
CVE-2007-4901
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-4900
	NOT-FOR-US: RSA EnVision
CVE-2007-4899
	NOT-FOR-US: Boinc Forum
CVE-2007-4898
	NOT-FOR-US: Xwiki
CVE-2007-4897
	{DTSA-94-1}
	- pwlib 1.10.10-1.1 (low; bug #454133)
	- pwlib-titan 1.11.2-1.1 (low; bug #454139)
	[etch] - pwlib 1.10.2-2+etch1
	[sarge] - pwlib 1.8.4-1+sarge1.1
CVE-2007-4896
	NOT-FOR-US: Toms Gaestebuch
CVE-2007-4895
	NOT-FOR-US: Sisfo Kampus
CVE-2007-4894
	- wordpress 2.2.3-1 (medium)
	[etch] - wordpress <not-affected> (Vulnerable code not yet introduced)
CVE-2007-4893
	- wordpress 2.2.3-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not yet introduced)
CVE-2007-4892
	NOT-FOR-US: Plesk (Windows)
CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer]
	- libwmf <unfixed>  (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	- libgd2 2.0.35.dfsg-3
	[etch] - libgd2 2.0.33-5.2etch1
CVE-2007-4891
	NOT-FOR-US: PDWizard
CVE-2007-4890
	NOT-FOR-US: Microsoft Visual Studio
CVE-2007-4889
	- php5 <removed> (unimportant)
	NOTE: basedir and safemode not supported
CVE-2007-4888
	NOT-FOR-US: Xwiki
CVE-2007-4887
	- php5 5.2.5-1 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-4886
	NOT-FOR-US: Aura CMS
CVE-2007-4885
	NOT-FOR-US: Avnex AV MP3 Player
CVE-2007-4884
	NOT-FOR-US: Windows
CVE-2007-4883
	- mediawiki-extensions <not-affected> (We don't ship this extension)
CVE-2007-4882
	NOT-FOR-US: TechExcel CustomerWise
CVE-2007-4881
	NOT-FOR-US: Psilabs
CVE-2007-4880
	NOT-FOR-US: IBM Tivoli Storage Manager (TSM)
CVE-2007-4879
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1 (low; bug #444803)
	- iceape 1.1.9-1 (low; bug #444805)
	- xulrunner 1.8.1.13-1
CVE-2007-4878
	RESERVED
CVE-2007-4877
	RESERVED
CVE-2007-4876
	RESERVED
CVE-2007-4875
	RESERVED
CVE-2007-4874
	NOT-FOR-US: SimpNews
CVE-2007-4873
	NOT-FOR-US: SimpNews
CVE-2007-4872
	NOT-FOR-US: SimpNews
CVE-2007-4871
	RESERVED
CVE-2007-4870
	RESERVED
CVE-2007-4869
	RESERVED
CVE-2007-4868
	RESERVED
CVE-2007-4867
	RESERVED
CVE-2007-4866
	RESERVED
CVE-2007-4865
	RESERVED
CVE-2007-4864
	RESERVED
CVE-2007-4863
	NOT-FOR-US: SAXON
CVE-2007-4862
	NOT-FOR-US: SAXON
CVE-2007-4861
	NOT-FOR-US: SAXON
CVE-2007-4860
	RESERVED
CVE-2007-4859
	RESERVED
CVE-2007-4858
	RESERVED
CVE-2007-4857
	RESERVED
CVE-2007-4856
	RESERVED
CVE-2007-4855
	RESERVED
CVE-2007-4854
	RESERVED
CVE-2007-4853
	RESERVED
CVE-2007-4852
	RESERVED
CVE-2007-4851
	REJECTED
CVE-2007-4850
	- php4 <removed> (unimportant)
	- php5 5.2.6-1 (unimportant)
	NOTE: Safe mode bypasses not treated as security problems
CVE-2007-4849
	{DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.23-1 (bug #442245; low)
CVE-2007-4848
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4847
	NOT-FOR-US: Google Picasa
CVE-2007-4846
	NOT-FOR-US: Webace-Linkscript
CVE-2007-4845
	NOT-FOR-US: RW::Download
CVE-2007-4844
	NOT-FOR-US: Unreal Commander
CVE-2007-4843
	NOT-FOR-US: Unreal Commander
CVE-2007-4842
	NOT-FOR-US: Magellan Explorer
CVE-2007-4841
	- iceweasel <not-affected> (windows only issue)
	- iceape <not-affected> (windows only issue)
	- xulrunner <not-affected> (windows only issue)
	- icedove <not-affected> (windows only issue)
	NOTE: MFSA2007-36
	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=394974
CVE-2007-4840
	- glibc 2.7-1 (unimportant)
	NOTE: Original PHP issue only triggerable by malicious script
CVE-2007-4839
	NOT-FOR-US: IBM WebSphere
CVE-2007-4838
	NOT-FOR-US: CellFactor Revolution
CVE-2007-4837
	NOT-FOR-US: Proxy Anket
CVE-2007-4836
	NOT-FOR-US: phpMyQuote
CVE-2007-4835
	NOT-FOR-US: phpMyQuote
CVE-2007-4834
	NOT-FOR-US: phpRealty
CVE-2007-4833
	NOT-FOR-US: IBM WebSphere
CVE-2007-4832
	NOT-FOR-US: CellFactor Revolution
CVE-2007-4831
	NOT-FOR-US: TorrentTrader
CVE-2007-4830
	NOT-FOR-US: DirectAdmin
CVE-2007-4829
	- perl 5.10.0-19
	[etch] - perl <not-affected> (Was merged into Perl as of 5.10)
	- libarchive-tar-perl 1.38-1 (low; bug #449544)
	[sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
	[etch] - libarchive-tar-perl <no-dsa> (Minor issue)
CVE-2007-4828
	- mediawiki 1.10.2-1 (low; bug #442255)
	[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
CVE-2007-4827
	NOT-FOR-US: Modbus Slave ActiveX Control
CVE-2007-4826
	{DSA-1382-1}
	- quagga 0.99.9-1 (low; bug #442133)
	NOTE: Upstream says that this can only be exploited by configured peers.
CVE-2007-4825
	- php5 5.2.5-1 (unimportant)
	- php4 <not-affected> (error message "Allowed memory size of 8388608 bytes exhausted...")
	NOTE: php5 PoC can be reproduced, basedir violations not treated as security problems
CVE-2007-4824
	NOT-FOR-US: Google Picasa
CVE-2007-4823
	NOT-FOR-US: Google Picasa
CVE-2007-4822
	NOT-FOR-US: Buffalo AirStation firmware
CVE-2007-4821
	NOT-FOR-US: EDraw Office Viewer
CVE-2007-4820
	NOT-FOR-US: Sisfo Kampus
CVE-2007-4819
	NOT-FOR-US: Txx CMS
CVE-2007-4818
	NOT-FOR-US: Txx CMS
CVE-2007-4817
	NOT-FOR-US: Joomla component
	NOTE: not included in standard joomla installation, joomla has an itp though
CVE-2007-4816
	NOT-FOR-US: BaoFeng2
CVE-2007-4815
	NOT-FOR-US: WebED
CVE-2007-4814
	NOT-FOR-US: Microsoft SQL Server Enterprise Manager
CVE-2007-4813
	NOT-FOR-US: Domino Blogsphere
CVE-2007-4812
	NOT-FOR-US: Mac OS
CVE-2007-4811
	NOT-FOR-US: Netjuke
CVE-2007-4810
	NOT-FOR-US: Netjuke
CVE-2007-4809
	NOT-FOR-US: Online Fantasy Football League
CVE-2007-4808
	NOT-FOR-US: TLM CMS
CVE-2007-4807
	NOT-FOR-US: Focus/SIS
CVE-2007-4806
	NOT-FOR-US: Focus/SIS
CVE-2007-4805
	NOT-FOR-US: Fuzzylime CMS
CVE-2007-4804
	NOT-FOR-US: AuraCMS
CVE-2007-4803
	NOT-FOR-US: AtomixMP3
CVE-2007-4802
	NOT-FOR-US: GlobalLink
CVE-2007-4801
	RESERVED
CVE-2007-4800
	RESERVED
CVE-2007-4799
	NOT-FOR-US: AIX perfstat kernel extension
CVE-2007-4798
	NOT-FOR-US: invscout
CVE-2007-4797
	NOT-FOR-US: System V print
CVE-2007-4796
	NOT-FOR-US: uucp IBM AIX
CVE-2007-4795
	NOT-FOR-US: mkpath IBM AIX
CVE-2007-4794
	NOT-FOR-US: fcstat IBM AIX
CVE-2007-4793
	NOT-FOR-US: xlplm IBM AIX
CVE-2007-4792
	NOT-FOR-US: ibstat IBM AIX
CVE-2007-4791
	NOT-FOR-US: swcons IBM AIX
CVE-2007-4790
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2007-4789
	NOT-FOR-US: Cisco CSM
CVE-2007-4788
	NOT-FOR-US: Cisco CSM
CVE-2007-4787
	NOT-FOR-US: Sophos Anti-Virus
CVE-2007-4786
	NOT-FOR-US: Cisco ASA
CVE-2007-4785
	NOT-FOR-US: Sony Micro Vault
CVE-2007-4784
	- php5 5.2.5-1 (unimportant; bug #441972)
	NOTE: Only triggerable by malicious script
CVE-2007-4783
	- php5 5.2.5-1 (unimportant; bug #441972)
	NOTE: Only triggerable by malicious script
CVE-2007-4782
	- php5 5.2.3-1 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-4781
	NOT-FOR-US: Joomla!
CVE-2007-4780
	NOT-FOR-US: Joomla!
CVE-2007-4779
	NOT-FOR-US: Joomla!
CVE-2007-4778
	NOT-FOR-US: Joomla!
CVE-2007-4777
	NOT-FOR-US: Joomla!
CVE-2007-4776
	NOT-FOR-US: Microsoft Visual Basic
CVE-2007-4775
	RESERVED
CVE-2007-4774
	RESERVED
CVE-2007-4773
	RESERVED
CVE-2007-4772
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 8.3.5-13 (low)
	[etch] - tcl8.3 <no-dsa> (Minor issue)
	- tcl8.4 8.4.17-1 (low)
	[etch] - tcl8.4 <no-dsa> (Minor issue)
	[sarge] - postgresql <unfixed>
CVE-2007-4771
	{DSA-1511-1}
	- icu 3.8-6 (bug #463688)
CVE-2007-4770
	{DSA-1511-1}
	- icu 3.8-6 (bug #463688)
CVE-2007-4769
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)
	- tcl8.4 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)
	[sarge] - postgresql <unfixed>
CVE-2007-4768
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4767
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4766
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4765
	RESERVED
CVE-2007-4764
	NOT-FOR-US: Pawfaliki
CVE-2007-4763
	NOT-FOR-US: PHPOF
CVE-2007-4762
	NOT-FOR-US: E-SMARTCART
CVE-2007-4761
	NOT-FOR-US: Barbo91
CVE-2007-4760
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4759
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4758
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4757
	NOT-FOR-US: phpMytourney
CVE-2007-4756
	NOT-FOR-US: Total Commander
CVE-2007-4755
	- alien-arena 6.05-4.1 (low; bug #442075)
CVE-2007-4754
	- alien-arena 6.05-4.1 (medium; bug #442075)
CVE-2007-4753
	NOT-FOR-US: Thomson ST 2030 SIP phone
CVE-2007-4751
	NOT-FOR-US: RemoteDocs R-Viewer
CVE-2007-4750
	NOT-FOR-US: RemoteDocs R-Viewer
CVE-2007-4749
	NOT-FOR-US: Autodesk Backburner
CVE-2007-4752
	{DSA-1576-1}
	- openssh 1:4.7p1-1 (low; bug #444738)
	[etch] - openssh <no-dsa> (minor issue in weak security measure)
	[sarge] - openssh <no-dsa> (minor issue in weak security measure)
	NOTE: An exploit needs limited control over the machine running a
	NOTE: trusted X client, so this is only a slight privilege
	NOTE: escalation. The X Security extension is merely an afterthought
	NOTE: and is unlikely to provide strong security guarantees.
CVE-2007-4748
	NOT-FOR-US: PowerPlayer
CVE-2007-4747
	NOT-FOR-US: Cisco firmware
CVE-2007-4746
	NOT-FOR-US: Cisco firmware
CVE-2007-4745
	NOT-FOR-US: AkoBook
CVE-2007-4744
	NOT-FOR-US: AnyInventory
CVE-2007-4742
	NOT-FOR-US: Claroline
CVE-2007-4741
	NOT-FOR-US: Claroline
CVE-2007-4740
	NOT-FOR-US: HPRevolutionRegistryManager
CVE-2007-4739
	{DSA-1394-1}
	- reprepro 2.2.4-1 (high; bug #440535)
	NOTE: patch for etch in the BTS
	[sarge] - reprepro <not-affected> (Vulnerable code introduced in 1.3.0)
CVE-2007-4738
	NOT-FOR-US: SpeedTech PHP Library
CVE-2007-4737
	NOT-FOR-US: SpeedTech PHP Library
CVE-2007-4736
	NOT-FOR-US: CartKeeper CKGold Shopping Cart
CVE-2007-4735
	NOT-FOR-US: Virtual DJ
CVE-2007-4734
	NOT-FOR-US: OTSTurntables
CVE-2007-4733
	NOT-FOR-US: Aztech firmware
CVE-2007-4732
	NOT-FOR-US: Special File System
CVE-2007-4743
	{DSA-1387-1 DSA-1367-1}
	- krb5 1.6.dfsg.1-7 (high; bug #441209)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
	- librpcsecgss 0.14-4 (high; bug #441393)
	NOTE: http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
	NOTE: 1.6.dfsg.1-7 somehow already includes the updated version
CVE-2007-4731
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4730
	{DSA-1372-1 DTSA-73-1}
	- xorg-server 2:1.4-1
	NOTE: XFree86 is not affected
CVE-2007-4729
	RESERVED
CVE-2007-4728
	RESERVED
CVE-2007-4727
	{DSA-1362-1}
	- lighttpd 1.4.18-1 (medium; bug #441555)
	NOTE: http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
	NOTE: http://www.lighttpd.net/download/lighttpd-1.4.x_mod_fastcgi_overrun.patch
	NOTE: http://www.milw0rm.com/exploits/4391
CVE-2007-4726
	NOT-FOR-US: Web Oddity
CVE-2007-4725
	NOT-FOR-US: AkkyWareHOUSE
CVE-2007-4724
	- tomcat5.5 <not-affected> (Version already ships fixed files)
	- tomcat5 <removed> (unimportant; bug #441205)
	- libservlet2.4-java 5.0.30-6 (unimportant)
	NOTE: DSA should not be required, minor issue, jsp just present as example
CVE-2007-4723
	NOT-FOR-US: Ragnarok
CVE-2007-4722
	NOT-FOR-US: Quantum Streaming
CVE-2007-4721
	REJECTED
CVE-2007-4720
	NOT-FOR-US: Hitachi
CVE-2007-4719
	NOT-FOR-US: 212cafeBoard
CVE-2007-4718
	NOT-FOR-US: Claroline
CVE-2007-4717
	NOT-FOR-US: Claroline
CVE-2007-4716
	NOT-FOR-US: PHD Help Desk
CVE-2007-4715
	NOT-FOR-US: Weblogicnet
CVE-2007-4714
	NOT-FOR-US: Yvora
CVE-2007-4713
	NOT-FOR-US: Urchin
CVE-2007-4712
	NOT-FOR-US: eNetman
CVE-2007-4711
	NOT-FOR-US: Toms Gaestebuch
CVE-2007-4710
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4709
	NOT-FOR-US: CFNetwork (Apple Mac OS X)
CVE-2007-4708
	NOT-FOR-US: Address Book (Apple Mac OS X)
CVE-2007-4707
	NOT-FOR-US: Apple QuickTime
CVE-2007-4706
	NOT-FOR-US: Apple QuickTime
CVE-2007-4705
	RESERVED
CVE-2007-4704
	NOT-FOR-US: Mac OS X
CVE-2007-4703
	NOT-FOR-US: Mac OS X
CVE-2007-4702
	NOT-FOR-US: Mac OS X
CVE-2007-4701
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4700
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4699
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4698
	NOT-FOR-US: Apple Mac OS X, Windows
CVE-2007-4697
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4696
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4695
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4694
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4693
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4692
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4691
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4690
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4689
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4688
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4687
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4686
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4685
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4684
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4683
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4682
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4681
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4680
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4679
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4678
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4677
	NOT-FOR-US: Apple QuickTime
CVE-2007-4676
	NOT-FOR-US: Apple QuickTime
CVE-2007-4675
	NOT-FOR-US: Apple QuickTime
CVE-2007-4674
	NOT-FOR-US: Apple QuickTime
CVE-2007-4673
	NOT-FOR-US: Apple QuickTime
CVE-2007-4672
	NOT-FOR-US: Apple QuickTime
CVE-2007-4671
	NOT-FOR-US: Safari
CVE-2007-4670
	- php5 5.2.4-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285 and a non-issue
CVE-2007-4669
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4668
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4667
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4666
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4665
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4664
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4663
	- php5 5.2.4-1 (unimportant)
	NOTE: open_basedir not supported
CVE-2007-4662
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1
	NOTE: fixed in php5/etch svn
	NOTE: fix is at http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/openssl.c?r1=1.146&r2=1.147
CVE-2007-4661
	- php5 5.2.4-1 (unimportant)
	NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue only
	NOTE: triggerable by malicious script
CVE-2007-4660
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.60&r2=1.445.2.14.2.61&pathrev=PHP_5_2
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.61&r2=1.445.2.14.2.62&pathrev=PHP_5_2
CVE-2007-4659
	{DTSA-61-1}
	- php5 5.2.4-1 (low)
	[etch] - php5 <no-dsa> (Backport prone to regressions, causes more problems that it does resolved, minor issue anyway)
CVE-2007-4658
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1 (low)
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641, starting "Line 7667"
	NOTE: limited format string vulnerability, the will be put into strfmon and the format string chars are limited to i,n and %
CVE-2007-4657
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1
	- php4 <removed>
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641
	NOTE: Only exploitable by malicious script
CVE-2007-4656
	{DSA-1518-1}
	- backup-manager 0.7.6-3 (bug #439392)
CVE-2007-4655
	NOT-FOR-US: CGI RESCUE Shopping Basket
CVE-2007-4654
	NOT-FOR-US: SSHield
CVE-2007-4653
	NOT-FOR-US: Cisco Content Services Switch
CVE-2007-4652
	- php5 5.2.4-1 (unimportant)
	NOTE: open_basedir() not supported
CVE-2007-4651
	NOT-FOR-US: Adobe Connect Enterprise Server
CVE-2007-4650
	{DSA-1404-1}
	- gallery2 2.2.3-1
	NOTE: does not affect gallery 1.x (package 'gallery')
CVE-2007-4649
	NOT-FOR-US: MicroWorld eScan Virus Contro
CVE-2007-4648
	NOT-FOR-US: Norman Virus Control
CVE-2007-4647
	NOT-FOR-US: Ourspace
CVE-2007-4646
	NOT-FOR-US: Hexamail
CVE-2007-4645
	NOT-FOR-US: NMDeluxe
CVE-2007-4644
	NOT-FOR-US: Doomsday/deng
CVE-2007-4643
	NOT-FOR-US: Doomsday/deng
CVE-2007-4642
	NOT-FOR-US: Doomsday/deng
CVE-2007-4641
	NOT-FOR-US: Pakupaku
CVE-2007-4640
	NOT-FOR-US: Pakupaku
CVE-2007-4639
	NOT-FOR-US: EnterpriseDB
CVE-2007-4638
	NOT-FOR-US: StarCraft
CVE-2007-4637
	NOT-FOR-US: xGB
CVE-2007-4636
	NOT-FOR-US: phpBG
CVE-2007-4635
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-4634
	NOT-FOR-US: Cisco
CVE-2007-4633
	NOT-FOR-US: Cisco
CVE-2007-4632
	NOT-FOR-US: Cisco
CVE-2007-4631
	- qgit 1.5.5-1.1 (bug #440950; low)
	[etch] - qgit <no-dsa> (Minor issue)
CVE-2007-4630
	NOT-FOR-US: Absolute Poll Manager
CVE-2007-4629
	{DSA-1539-1}
	- mapserver 4.10.3-1
CVE-2007-4628
	NOT-FOR-US: phpns
CVE-2007-4627
	NOT-FOR-US: ABC eStore
CVE-2007-4626
	- polipo 1.0.2-1 (low)
	[sarge] - polipo <no-dsa> (Minor issue)
	[etch] - polipo <no-dsa> (Minor issue)
CVE-2007-4625
	- polipo 1.0.2-1 (low)
	[sarge] - polipo <no-dsa> (Minor issue)
	[etch] - polipo <no-dsa> (Minor issue)
CVE-2007-4624
	NOT-FOR-US: AbleDesign Dynamic Picture Frame
CVE-2007-4623
	NOT-FOR-US: IBM AIX
CVE-2007-4622
	NOT-FOR-US: IBM AIX
CVE-2007-4621
	NOT-FOR-US: IBM AIX
CVE-2007-4620
	NOT-FOR-US: CA products
CVE-2007-4619
	{DSA-1469-1}
	- flac 1.2.1-1 (medium)
CVE-2007-4618
	NOT-FOR-US: BEA WebLogic
CVE-2007-4617
	NOT-FOR-US: BEA WebLogic
CVE-2007-4616
	NOT-FOR-US: BEA WebLogic
CVE-2007-4615
	NOT-FOR-US: BEA WebLogic
CVE-2007-4614
	NOT-FOR-US: BEA WebLogic
CVE-2007-4613
	NOT-FOR-US: BEA WebLogic
CVE-2007-4612
	NOT-FOR-US: Moonware
CVE-2007-4611
	NOT-FOR-US: Moonware
CVE-2007-4610
	NOT-FOR-US: Moonware
CVE-2007-4609
	NOT-FOR-US: eyeOS
CVE-2007-4608
	NOT-FOR-US: ePersonnel
CVE-2007-4607
	NOT-FOR-US: EasyMailSMTPObj ActiveX control
CVE-2007-4606
	NOT-FOR-US: Php-Nuke
CVE-2007-4605
	NOT-FOR-US: Vwar
CVE-2007-4604
	NOT-FOR-US: DL PayCart
CVE-2007-4603
	NOT-FOR-US: ACG news
CVE-2007-4602
	NOT-FOR-US: Micro-CMS
CVE-2007-4600
	NOT-FOR-US: Mathsoft Mathcad
CVE-2007-4599
	NOT-FOR-US: RealPlayer
CVE-2007-4598
	NOT-FOR-US: IBM
CVE-2007-4597
	NOT-FOR-US: SunShop Shopping Cart
CVE-2007-4596
	- php5 <removed> (unimportant)
	NOTE: Safe mode violations not treated as vulnerabilities
CVE-2007-4595
	NOT-FOR-US: Mayaa
CVE-2007-4594
	NOT-FOR-US: Entrust Entelligence Security Provider
CVE-2007-4593
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-4592
	NOT-FOR-US: Rational
CVE-2007-4591
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-4590
	NOT-FOR-US: Ignite-UX
CVE-2007-4589
	NOT-FOR-US: InterWorx Hosting Control Panel
CVE-2007-4588
	NOT-FOR-US: InterWorx Hosting Control Panel
CVE-2007-4587
	NOT-FOR-US: escafeWeb
CVE-2007-4586
	NOT-FOR-US: iisfunc (windows only)
CVE-2007-4585
	NOT-FOR-US: 2532|Gigs
CVE-2007-4584
	- ircii-pana <removed> (medium; bug #443544)
CVE-2007-4583
	NOT-FOR-US: ACTi Network Video Recorder
CVE-2007-4582
	NOT-FOR-US: ACTi Network Video Recorder
CVE-2007-4581
	NOT-FOR-US: WBB2-Addon: Acrotxt 1
CVE-2007-4601
	- tcp-wrappers 7.6.dbs-12 (bug #405342; medium)
	[etch] - tcp-wrappers <not-affected> (Vulnerability was introduced in -10)
	[sarge] - tcp-wrappers <not-affected> (Vulnerability was introduced in -10)
CVE-2007-4580
	NOT-FOR-US: BufferZone (Windows)
CVE-2007-4579
	REJECTED
CVE-2007-4578
	NOT-FOR-US: Sophos
CVE-2007-4577
	NOT-FOR-US: Sophos
CVE-2007-4576
	REJECTED
CVE-2007-4575
	{DSA-1419-1}
	- openoffice.org 2.3.1~rc1-1 (medium; bug #454463)
	- hsqldb 1.8.0.9-1
CVE-2007-4574
	- linux-2.6 <not-affected> (Redhat specific vulnerability)
	NOTE: I contacted the redhat security team about this, this was caused by an incomplete
	NOTE: backport for stack unwinder fixes in the linux kernel made by them.
	NOTE: redhat sent a reproducer to the vendor-sec list
CVE-2007-4573
	{DSA-1504-1 DSA-1381-2 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.22-5 (medium)
CVE-2007-4572
	{DSA-1409-3 DSA-1409-2 DSA-1409-1}
	- samba 3.0.27-1 (high; bug #451385)
CVE-2007-4571
	{DSA-1505-1 DSA-1479-1}
	- linux-2.6 2.6.22-5 (low; bug #444571)
	- alsa-driver 1.0.15-1
	NOTE: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212
	NOTE: very easy to exploit locally
CVE-2007-4570
	NOT-FOR-US: MCS translation daemon
CVE-2007-4569
	{DSA-1376-1 DTSA-60-1}
	- kdebase 4:3.5.7-4
	[sarge] - kdebase <not-affected> (problem not present in code)
	NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt
CVE-2007-4568
	{DSA-1385-1}
	- xfs 1:1.0.5-1
CVE-2007-4567
	- linux-2.6 2.6.22-1
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.20)
CVE-2007-4566
	NOT-FOR-US: SIDVault
CVE-2007-4565
	{DSA-1377-2}
	- fetchmail 6.3.8-8 (bug #440006; low)
	[etch] - fetchmail <no-dsa> (Hardly a security problem)
	[sarge] - fetchmail <not-affected> (problem not present in source)
CVE-2007-4564
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-4563
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-4562
	NOT-FOR-US: Hitachi DABroker
CVE-2007-4561
	NOT-FOR-US: Helix DNA Server
CVE-2007-4560
	{DSA-1366-1}
	- clamav 0.91.2-1~volatile1 (high)
CVE-2007-4559
	- python2.3 <removed> (unimportant)
	- python2.4 <unfixed> (unimportant; bug #440097)
	- python2.5 <unfixed> (unimportant; bug #440099)
	NOTE: According to upstream this is the intended behaviour for the module.
	NOTE: Since this is a library interface to embed Tar functionality into applications
	NOTE: it is in order to not provide the full security safety belts one might
	NOTE: expect from an enduser application like tar(1). Plus, addressing this would
	NOTE: mean to diverge from upstream permanently and could break the behaviour
	NOTE: of external apps. Anyone who wants to see this "fixed" should rather file
	NOTE: a PEP on an improved tar interface with additional security guarantees
	NOTE: provided by design.
CVE-2007-4558
	REJECTED
CVE-2007-4557
	NOT-FOR-US: Novell
CVE-2007-4556
	NOT-FOR-US: OpenSymphony XWork
CVE-2007-4555
	NOT-FOR-US: Ipswitch WS_FTP
CVE-2007-4554
	- tikiwiki <removed>
CVE-2007-4553
	NOT-FOR-US: Thomson ST 2030 SIP phone
CVE-2007-4552
	NOT-FOR-US: Agares Media Arcadem
CVE-2007-4551
	NOT-FOR-US: Agares Media Arcadem
CVE-2007-4550
	NOT-FOR-US: ALPass
CVE-2007-4549
	NOT-FOR-US: ALPass
CVE-2007-4548
	NOT-FOR-US: Apache Geronimo
CVE-2007-4547
	NOT-FOR-US: Unreal Commander
CVE-2007-4546
	NOT-FOR-US: Unreal Commander
CVE-2007-4545
	NOT-FOR-US: Unreal Commander
CVE-2007-4544
	NOT-FOR-US: WordPress multi-user (MU)
CVE-2007-4543
	- bugzilla 2.22.1-2.2 (low; bug #440106)
	[etch] - bugzilla <no-dsa> (Affected code only shipped in example, minor issue anyway)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-4542
	{DSA-1539-1}
	- mapserver 4.10.3-1 (bug #439346)
CVE-2007-4541
	NOT-FOR-US: Olate Download
CVE-2007-4540
	NOT-FOR-US: Olate Download
CVE-2007-4539
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-4538
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-4537
	NOT-FOR-US: Skulltag
CVE-2007-4536
	NOT-FOR-US: TorrentTrader
CVE-2007-4535
	NOT-FOR-US: Vavoom
CVE-2007-4534
	NOT-FOR-US: Vavoom
CVE-2007-4533
	NOT-FOR-US: Vavoom
CVE-2007-4532
	NOT-FOR-US: Soldat game server
CVE-2007-4531
	NOT-FOR-US: Soldat game server
CVE-2007-4530
	- teamspeak-server 2.0.23.19-1
CVE-2007-4529
	- teamspeak-server 2.0.23.19-1
CVE-2007-4528
	NOT-FOR-US: ffi extension for php
CVE-2007-4527
	NOT-FOR-US: phUploader
CVE-2007-4526
	NOT-FOR-US: Novell Identity Manager
CVE-2007-4525
	- spip 2.0.6-1
CVE-2007-4524
	NOT-FOR-US: PhPress
CVE-2007-4523
	NOT-FOR-US: Ripe Website Manager
CVE-2007-4522
	NOT-FOR-US: Ripe Website Manager
CVE-2007-4521
	- asterisk <not-affected> (The voicemail backend is not enabled in Debian)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	NOTE: Patch: http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.html
	NOTE: the backend will be enabled in future uploads with a fixed package.
CVE-2007-4520
	RESERVED
CVE-2007-4519
	RESERVED
CVE-2007-4518
	RESERVED
CVE-2007-4517
	NOT-FOR-US: Oracle
CVE-2007-4516
	NOT-FOR-US: Volume Manager Scheduler Service
CVE-2007-4515
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-4514
	NOT-FOR-US: HP ProCurve Manager
CVE-2007-4513
	NOT-FOR-US: IBM AIX
CVE-2007-4512
	NOT-FOR-US: Sophos Anti-Virus for Windows
CVE-2007-4511
	NOT-FOR-US: Sun Application Server
CVE-2007-4510
	{DSA-1366-1}
	- clamav 0.91.2-1~volatile1
	[sarge] - clamav <not-affected> (Vulnerable code not present)
	NOTE: Only exploitable if CL_EXPERIMENTAL is set
CVE-2007-4509
	NOT-FOR-US: EventList component for Joomla!
CVE-2007-4508
	NOT-FOR-US: Rebellion Asura engine
CVE-2007-4507
	NOT-FOR-US: External PHP component only relevant for Windows
CVE-2007-4506
	NOT-FOR-US: NeoRecruit component for Joomla!
CVE-2007-4505
	NOT-FOR-US: RemoSitory component for Mambo
CVE-2007-4504
	NOT-FOR-US: RSfiles component for Joomla!
CVE-2007-4503
	NOT-FOR-US: Nice Talk component for Joomla!
CVE-2007-4502
	NOT-FOR-US: BibTeX component for Joomla!
CVE-2007-4501
	NOT-FOR-US: SSHKeychain
CVE-2007-4500
	NOT-FOR-US: SSHKeychain
CVE-2007-4499
	NOT-FOR-US: American Financing eMail Image Upload
CVE-2007-4498
	NOT-FOR-US: Grandstream SIP Phone
CVE-2007-4497
	- vmware-package 0.16
CVE-2007-4496
	- vmware-package 0.16
CVE-2007-4495
	NOT-FOR-US: Solaris
CVE-2007-4494
	- ezpublish <removed>
CVE-2007-4493
	- ezpublish <removed>
CVE-2007-4492
	NOT-FOR-US: Solaris
CVE-2007-4491
	NOT-FOR-US: Gurur haber
CVE-2007-4490
	NOT-FOR-US: Trend Micro
CVE-2007-4489
	NOT-FOR-US: eCentrex VOIP
CVE-2007-4488
	NOT-FOR-US: Siemens GigaSet firmware
CVE-2007-4487
	NOT-FOR-US: Invision Power Board
CVE-2007-4486
	NOT-FOR-US: Linkliste
CVE-2007-4485
	NOT-FOR-US: Butterfly online visitors counter
CVE-2007-4484
	NOT-FOR-US: My_REFERER
CVE-2007-4483
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-4482
	NOT-FOR-US: Pool 1.0.7 theme for WordPress
CVE-2007-4481
	NOT-FOR-US: Rus themes for WordPress
CVE-2007-4480
	NOT-FOR-US: Sirius 1.0 theme for WordPress
CVE-2007-4479
	NOT-FOR-US: Search Engine Builder
CVE-2007-4478
	NOT-FOR-US: Internet Explorer
CVE-2007-4477
	NOT-FOR-US: Planet VC-200M VDSL2 router
CVE-2007-4476
	{DSA-1566-1 DSA-1438-1}
	- tar 1.18-1 (low; bug #441444)
	- cpio 2.9-5 (low; bug #449222)
CVE-2007-4475
	NOT-FOR-US: EAI WebViewer3D ActiveX control
CVE-2007-4474
	NOT-FOR-US: IBM Lotus Domino Web Access
CVE-2007-4473
	NOT-FOR-US: Gesytec Easylon OPC Server
CVE-2007-4472
	NOT-FOR-US: Broderbund Expressit
CVE-2007-4471
	NOT-FOR-US: QuickBooks
CVE-2007-4470
	NOT-FOR-US: Earth Resource Mapping NCSView
CVE-2007-4469
	RESERVED
CVE-2007-4468
	RESERVED
CVE-2007-4467
	NOT-FOR-US: Oracle
CVE-2007-4466
	NOT-FOR-US: Electronic Arts (EA) SnoopyCtrl ActiveX
CVE-2007-4465
	- apache <removed> (low)
	- apache2 2.2.6-1 (bug #453783)
	[sarge] - apache <no-dsa> (browser issue, low impact)
	[sarge] - apache2 <no-dsa> (browser issue, low impact)
	NOTE: This is really a browser bug, see CVE-2006-5152. But still unfixed in MSIE.
	NOTE: Etch's default configuration not vulnerable due to AddDefaultCharset,
	NOTE: but many users change this.
	NOTE: The apache2 fix is actually a workaround. It will not be applied to apache 1.3.
CVE-2007-4464
	NOT-FOR-US: Total Commander
CVE-2007-4463
	NOT-FOR-US: Total Commander
CVE-2007-4462
	- po4a 0.31-1 (bug #439226)
	[etch] - po4a 0.29-1etch1
	[sarge] - po4a 0.20-2sarge1
CVE-2007-4461
	- nufw 2.2.4-1 (bug #439227)
	[etch] - nufw <not-affected>
CVE-2007-4460
	{DSA-1365-3 DSA-1365-2 DSA-1365-1}
	- id3lib3.8.3 3.8.3-7 (low; bug #438540)
CVE-2007-4459
	NOT-FOR-US: Cisco IP Phone
CVE-2007-4458
	NOT-FOR-US: Firesoft
CVE-2007-4457
	NOT-FOR-US: Dalai Forum
CVE-2007-4456
	NOT-FOR-US: mambo
	NOTE: mambo is in experimental though
CVE-2007-4455
	- asterisk 1:1.4.11~dfsg-1
	[sarge] - asterisk <not-affected> (not affected according to advisory)
	[etch] - asterisk <not-affected> (not affected according to advisory)
CVE-2007-4454
	NOT-FOR-US: Olate Download
CVE-2007-4453
	NOT-FOR-US: vBulletin
CVE-2007-4452
	NOT-FOR-US: Toribash
CVE-2007-4451
	NOT-FOR-US: Toribash
CVE-2007-4450
	NOT-FOR-US: Toribash
CVE-2007-4449
	NOT-FOR-US: Toribash
CVE-2007-4448
	NOT-FOR-US: Toribash
CVE-2007-4447
	NOT-FOR-US: Toribash
CVE-2007-4446
	NOT-FOR-US: Toribash
CVE-2007-4445
	NOT-FOR-US: Image space rfactor
CVE-2007-4444
	NOT-FOR-US: Image space rfactor
CVE-2007-4443
	NOT-FOR-US: Unreal on Windows
CVE-2007-4442
	NOT-FOR-US: Unreal on Windows
CVE-2007-4441
	- php5 <not-affected> (Windows-specific)
CVE-2007-4440
	NOT-FOR-US: Mercury mail system
CVE-2007-4439
	NOT-FOR-US: Squirrelcart
CVE-2007-4438
	- ampache 3.3.3.5-dfsg-1 (bug #407337)
CVE-2007-4437
	- ampache 3.3.3.5-dfsg-1 (bug #407337)
CVE-2007-4436
	- drupal <not-affected> (External addon, see bug #439379)
CVE-2007-4435
	NOT-FOR-US: TorrentTrader
CVE-2007-4434
	NOT-FOR-US: Text File Search ASP
CVE-2007-4433
	NOT-FOR-US: Text File Search ASP
CVE-2007-4432
	NOT-FOR-US: SUSE
CVE-2007-4431
	NOT-FOR-US: Safari/windows
CVE-2007-4430
	NOT-FOR-US: Cisco IOS
CVE-2007-4429
	NOT-FOR-US: Skype
CVE-2007-4428
	NOT-FOR-US: lhaz
CVE-2007-4427
	NOT-FOR-US: InterSystems Cache
CVE-2007-4426
	NOT-FOR-US: Live for Speed
CVE-2007-4425
	NOT-FOR-US: Live for Speed
CVE-2007-4424
	NOT-FOR-US: Safari
CVE-2007-4423
	NOT-FOR-US: IBM DB2
CVE-2007-4422
	NOT-FOR-US: Symantec Enterprise Firewall
CVE-2007-4421
	NOT-FOR-US: Olate Download
CVE-2007-4420
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-4419
	NOT-FOR-US: Olate Download
CVE-2007-4418
	NOT-FOR-US: IBM DB2
CVE-2007-4417
	NOT-FOR-US: IBM DB2
CVE-2007-4416
	NOT-FOR-US: BellaBook
CVE-2007-4415
	NOT-FOR-US: Cisco VPN client/windows
CVE-2007-4414
	NOT-FOR-US: Cisco VPN client/windows
CVE-2007-4413
	NOT-FOR-US: Headstart Solutions DeskPRO 3.0.2
CVE-2007-4412
	NOT-FOR-US: Deskpro
CVE-2007-4411
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4410
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4409
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4408
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4407
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4406
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4405
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4404
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4403
	NOT-FOR-US: mirc/winamp
CVE-2007-4402
	NOT-FOR-US: mirc
CVE-2007-4401
	NOT-FOR-US: mirc
CVE-2007-4400
	- konversation 1.0.1-4 (low; bug #439837)
	[etch] - konversation <no-dsa> (minor issue)
	[sarge] - konversation <no-dsa> (minor issue)
CVE-2007-4399
	NOT-FOR-US: xmms.bx 1.0 script for BitchX (not included in Debian package)
CVE-2007-4398
	- irssi-scripts 20070925 (low; bug #439840)
	- weechat-scripts 20070425-0.1 (low; bug #439839)
	[etch] - irssi-scripts <no-dsa> (minor issue)
	[etch] - weechat-scripts <no-dsa> (minor issue)
	[sarge] - irssi-scripts <no-dsa> (minor issue)
CVE-2007-4397
	NOT-FOR-US: various IRC now_playing scripts
CVE-2007-4396
	- irssi-scripts 20070925 (low; bug #439840)
	[etch] - irssi-scripts <no-dsa> (minor issue)
	[sarge] - irssi-scripts <no-dsa> (minor issue)
	NOTE: weechat-scripts does not include the mentioned scripts
CVE-2007-4395
	NOT-FOR-US: Sun Solaris 8
CVE-2007-4394
	NOT-FOR-US: findutils-locate on SUSE Linux
CVE-2007-4393
	NOT-FOR-US: oracle
CVE-2007-4392
	NOT-FOR-US: winamp
CVE-2007-4391
	NOT-FOR-US: kakadu
CVE-2007-4390
	NOT-FOR-US: BlueCat
CVE-2007-4389
	NOT-FOR-US: 2wire
CVE-2007-4388
	NOT-FOR-US: 2wire
CVE-2007-4387
	NOT-FOR-US: 2wire
CVE-2007-4386
	NOT-FOR-US: GetMyOwnArcade
CVE-2007-4385
	NOT-FOR-US: Stinger
CVE-2007-4384
	NOT-FOR-US: Stephane Pineau VOTE
CVE-2007-4383
	NOT-FOR-US: Trackeur
CVE-2007-4382
	NOT-FOR-US: CounterPath X-Lite
CVE-2007-4381
	- sun-java5 1.5.0-10-1
CVE-2007-4380
	NOT-FOR-US: Altiris Deployment Solution
CVE-2007-4379
	NOT-FOR-US: Babo Violent
CVE-2007-4378
	NOT-FOR-US: Babo Violent
CVE-2007-4377
	NOT-FOR-US: SurgeMail
CVE-2007-4376
	NOT-FOR-US: Szymon Kosok Best Top List
CVE-2007-4375
	NOT-FOR-US: Diskeeper
CVE-2007-4374
	NOT-FOR-US: Babo Violent
CVE-2007-4373
	NOT-FOR-US: Babo Violent
CVE-2007-4372
	NOT-FOR-US: SurgeMail
CVE-2007-XXXX [pam usb wrongly allows authentication without password in ssh sessions]
	- libpam-usb 0.4.1-1 (medium)
	NOTE: see http://sourceforge.net/mailarchive/forum.php?thread_name=7D75703BC8E1C149BF78A1E79AAAB169B8A2E4%40svits28.main.ad.rit.edu&forum_name=pamusb-devel
CVE-2007-XXXX [lwat sometimes logs passwords in access.log]
	- lwat 0.15-2 (low)
CVE-2007-4371
	NOT-FOR-US: Neuron Blog
CVE-2007-4370
	NOT-FOR-US: Racer
CVE-2007-4369
	NOT-FOR-US: SOTEeSKLEP
CVE-2007-4368
	NOT-FOR-US: IBM Rational ClearQuest (CQ)
CVE-2007-4367
	NOT-FOR-US: Opera
CVE-2007-4366
	- wengophone 2.1.1.dfsg0-3 (bug #438419)
CVE-2007-4365
	NOT-FOR-US: eXV2 CMS
CVE-2007-4364
	NOT-FOR-US: Fedora Commons
CVE-2007-4363
	NOT-FOR-US: Drupal Content Construction Kit (CCK)
CVE-2007-4362
	NOT-FOR-US: Prozilla Webring
CVE-2007-4361
	NOT-FOR-US: ReadyNAS RAIDiator
CVE-2007-4360
	NOT-FOR-US: Dell
CVE-2007-4359
	NOT-FOR-US: JobLister3
CVE-2007-4358
	NOT-FOR-US: Zoidcom
CVE-2007-4357
	- mozilla-firefox <removed> (unimportant)
	- mozilla <removed> (unimportant)
	- iceweasel <removed> (unimportant)
	- iceape <removed> (unimportant)
CVE-2007-4356
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4355
	NOT-FOR-US: AIX
CVE-2007-4354
	NOT-FOR-US: AIX
CVE-2007-4353
	NOT-FOR-US: AIX
CVE-2007-4352
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	[etch] - kdegraphics <not-affected> (Vulnerable code not used)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	NOTE: cups uses xpdf-utils and poppler-utils since version 1.1.22-7
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- swftools 0.9.2+ds1-2
CVE-2007-4351
	{DSA-1407-1 DTSA-81-1}
	- cupsys 1.3.4-1 (medium; bug #448866)
	- cups 1.3.4-1 (medium; bug #448866)
	[sarge] - cupsys <not-affected> (Only vulnerable to code injection since 1.2.x, effects are harmless otherwise)
CVE-2007-4350
	NOT-FOR-US: HP SiteScope
CVE-2007-4349
	NOT-FOR-US: HP OpenView Report
CVE-2007-4348
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2007-4347
	NOT-FOR-US: Job Engine
CVE-2007-4346
	NOT-FOR-US: Job Engine
CVE-2007-4345
	NOT-FOR-US: IMail Client
CVE-2007-4344
	NOT-FOR-US: ACDSee
CVE-2007-4343
	NOT-FOR-US: IrfanView
CVE-2007-4342
	NOT-FOR-US: PHPCentral
CVE-2007-4341
	NOT-FOR-US: Omnistar Lib2 PHP
CVE-2007-4340
	NOT-FOR-US: phpDVD
CVE-2007-4339
	NOT-FOR-US: PHPCentral Poll Script
CVE-2007-4338
	NOT-FOR-US: Family Connections
CVE-2007-4337
	{DSA-1683-1}
	- streamripper 1.62.2-1 (low)
CVE-2007-4336
	NOT-FOR-US: Microsoft
CVE-2007-4335
	NOT-FOR-US: Qbik WinGate
CVE-2007-4334
	NOT-FOR-US: Php-stats
CVE-2007-4333
	NOT-FOR-US: Article Dashboard
CVE-2007-4332
	NOT-FOR-US: Article Dashboard
CVE-2007-4331
	NOT-FOR-US: FindNix
CVE-2007-4330
	NOT-FOR-US: Shoutbox
CVE-2007-4329
	NOT-FOR-US: Web News
CVE-2007-4328
	NOT-FOR-US: Bilder Galerie
CVE-2007-4327
	NOT-FOR-US: File Uploader
CVE-2007-4326
	NOT-FOR-US: Bilder Uploader
CVE-2007-4325
	NOT-FOR-US: Gaestebuch
CVE-2007-4324
	- flashplugin-nonfree 9.0.115.0.1
	[etch] - flashplugin-nonfree 9.0.115.0.1~etch1
	[sarge] - flashplugin-nonfree <no-dsa> (Non-free not supported)
CVE-2007-4323
	- denyhosts 2.6-2.1 (bug #438162; medium)
	[etch] - denyhosts 2.6-1etch1
CVE-2007-4322
	NOT-FOR-US: BlockHosts
CVE-2007-4321
	{DSA-1456-1}
	- fail2ban 0.8.0-4 (bug #438187; medium)
CVE-2007-4320
	NOT-FOR-US: Ncaster
CVE-2007-4319
	NOT-FOR-US: Zyxel
CVE-2007-4318
	NOT-FOR-US: Zyxel
CVE-2007-4317
	NOT-FOR-US: Zyxel
CVE-2007-4316
	NOT-FOR-US: Zyxel
CVE-2007-4315
	NOT-FOR-US: ATI
CVE-2007-4314
	NOT-FOR-US: Pixlie
CVE-2007-4313
	NOT-FOR-US: Php Blue Dragon CMS
CVE-2007-4312
	NOT-FOR-US: Php Blue Dragon CMS
CVE-2007-4311
	{DSA-1503-2 DSA-1503-1}
	- linux-2.6 <not-affected> (buffer is local to the function that uses sizeof on it)
CVE-2007-4310
	NOT-FOR-US: Solaris
CVE-2007-4309
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-4308
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1}
	- linux-2.6 2.6.22-4 (medium; bug #443694)
CVE-2007-4307
	NOT-FOR-US: Storesprite
CVE-2007-4306
	- phpmyadmin <unfixed> (unimportant)
	[sarge] - phpmyadmin <not-affected>
	NOTE: It seems that this requires knowledge of a unguessable session token.
	NOTE: Confirmed by upstream. Sarge is not affected at all.
CVE-2007-4305
	NOT-FOR-US: NetBSD and OpenBSD
CVE-2007-4304
	NOT-FOR-US: CerbNG for FreeBSD
CVE-2007-4303
	NOT-FOR-US: CerbNG for FreeBSD
CVE-2007-4302
	NOT-FOR-US: Generic Software Wrappers Toolkit
CVE-2007-4301
	NOT-FOR-US: WebCart
CVE-2007-4300
	RESERVED
CVE-2007-4299
	RESERVED
CVE-2007-4298
	RESERVED
CVE-2007-4297
	NOT-FOR-US: Modulu
CVE-2007-4296
	NOT-FOR-US: Anti-Spam SMTP Proxy Server
CVE-2007-4295
	NOT-FOR-US: Cisco
CVE-2007-4294
	NOT-FOR-US: Cisco
CVE-2007-4293
	NOT-FOR-US: Cisco
CVE-2007-4292
	NOT-FOR-US: Cisco
CVE-2007-4291
	NOT-FOR-US: Cisco
CVE-2007-4290
	NOT-FOR-US: Guestbook Script
CVE-2007-4289
	NOT-FOR-US: Sun Java System Portal Server
CVE-2007-4288
	NOT-FOR-US: Microsoft
CVE-2007-4287
	NOT-FOR-US: FishCart
CVE-2007-4286
	NOT-FOR-US: Cisco
CVE-2007-4285
	NOT-FOR-US: Cisco
CVE-2007-4284
	NOT-FOR-US: Cisco
CVE-2007-4283
	NOT-FOR-US: Coppermine Photo Gallery (CPG)
CVE-2007-4282
	- serendipity 1.1.4-1
	[etch] - serendipity <not-affected> (introduced in 1.1.x)
CVE-2007-4281
	- knowledgetree <removed>
CVE-2007-4279
	NOT-FOR-US: FrontAccounting
CVE-2007-4278
	NOT-FOR-US: ESRI ArcSDE
CVE-2007-4277
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-4276
	NOT-FOR-US: IBM DB2
CVE-2007-4275
	NOT-FOR-US: IBM DB2
CVE-2007-4274
	REJECTED
CVE-2007-4273
	NOT-FOR-US: IBM DB2
CVE-2007-4272
	NOT-FOR-US: IBM DB2
CVE-2007-4271
	NOT-FOR-US: IBM DB2
CVE-2007-4270
	NOT-FOR-US: IBM DB2
CVE-2007-4269
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4268
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4267
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4266
	RESERVED
CVE-2007-4265
	NOT-FOR-US: VisionProject
CVE-2007-4264
	NOT-FOR-US: snif
CVE-2007-4280
	- asterisk 1:1.4.10~dfsg-1
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-019.htm
	[sarge] - asterisk <not-affected> (not affected according to advisory)
	[etch] - asterisk <not-affected> (not affected according to advisory)
CVE-2007-4263
	NOT-FOR-US: Cisco
CVE-2007-4262
	NOT-FOR-US: EZPhotoSales
CVE-2007-4261
	NOT-FOR-US: EZPhotoSales
CVE-2007-4260
	NOT-FOR-US: EZPhotoSales
CVE-2007-4259
	NOT-FOR-US: EZPhotoSales
CVE-2007-4258
	NOT-FOR-US: Prozilla
CVE-2007-4257
	NOT-FOR-US: Live for Speed
CVE-2007-4256
	NOT-FOR-US: YNP Portal System
CVE-2007-4255
	- php5 <removed> (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Only exploitable by malicious script
CVE-2007-4254
	NOT-FOR-US: Microsoft
CVE-2007-4253
	NOT-FOR-US: Envolution
CVE-2007-4252
	NOT-FOR-US: CHILKAT ASP String
CVE-2007-4251
	- openoffice.org <unfixed> (unimportant)
	NOTE: Only a crasher with malformed documents
CVE-2007-4250
	NOT-FOR-US: Advanced Searchbar
CVE-2007-4249
	NOT-FOR-US: ExportNation toolbar
CVE-2007-4248
	NOT-FOR-US: Toolbar Gaming toolbar
CVE-2007-4247
	NOT-FOR-US: Microsoft
CVE-2007-4246
	NOT-FOR-US: Justsystem Ichitaro
CVE-2007-4245
	NOT-FOR-US: DiMeMa CONTENTdm
CVE-2007-4244
	NOT-FOR-US: Joomla!
CVE-2007-4243
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-4242
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-4241
	NOT-FOR-US: Hewlett-Packard
CVE-2007-4240
	NOT-FOR-US: Help Center Live
CVE-2007-4239
	NOT-FOR-US: C-SAM oneWallet
CVE-2007-4238
	NOT-FOR-US: AIX
CVE-2007-4237
	NOT-FOR-US: AIX
CVE-2007-4236
	NOT-FOR-US: AIX
CVE-2007-4235
	NOT-FOR-US: VietPHP
CVE-2007-4234
	NOT-FOR-US: Camera Life
CVE-2007-4233
	NOT-FOR-US: Camera Life
CVE-2007-4232
	NOT-FOR-US: PHPNews
CVE-2007-4231
	NOT-FOR-US: PhpHostBot
CVE-2007-4230
	NOT-FOR-US: BellaBiblio
CVE-2007-4229
	- kdebase <unfixed> (unimportant)
	NOTE: Browser DoS not treated as vulnerabilities
CVE-2007-4228
	NOT-FOR-US: AIX
CVE-2007-4227
	NOT-FOR-US: Microsoft
CVE-2007-4226
	NOT-FOR-US: BlueCat Networks Proteus IPAM appliance
CVE-2007-4225
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
CVE-2007-4224
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
CVE-2007-4223
	NOT-FOR-US: Microsoft Sysinternals DebugView
CVE-2007-4222
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-4221
	NOT-FOR-US: Motorola Timbuktu
CVE-2007-4220
	NOT-FOR-US: Motorola Timbuktu
CVE-2007-4219
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4218
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4217
	NOT-FOR-US: IBM AIX
CVE-2007-4216
	NOT-FOR-US: ZoneAlarm
CVE-2007-4215
	RESERVED
CVE-2007-4214
	RESERVED
CVE-2007-4213
	NOT-FOR-US: Palm OS
CVE-2007-4212
	NOT-FOR-US: PHP-Nuke
CVE-2007-4211
	- dovecot 1:1.0.3-2 (low)
	[etch] - dovecot <no-dsa> (minor issue)
	[sarge] - dovecot <no-dsa> (minor issue)
CVE-2007-4210
	NOT-FOR-US: LANAI CMS
CVE-2007-4209
	NOT-FOR-US: Aceboard forum
CVE-2007-4208
	NOT-FOR-US: Next Gen Portfolio Manager
CVE-2007-4207
	NOT-FOR-US: Gallery In A Box
CVE-2007-4206
	NOT-FOR-US: Kaspersky Anti-Spam
CVE-2007-4205
	NOT-FOR-US: BlueCat Networks Adonis
CVE-2007-4204
	NOT-FOR-US: Hitachi Groupmax Collaboration
CVE-2007-4203
	NOT-FOR-US: Mambo
CVE-2007-4202
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4201
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4200
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4199
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4198
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4197
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4196
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4195
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4194
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4193
	NOT-FOR-US: DVD Rental System
CVE-2007-4192
	NOT-FOR-US: DVD Rental System
CVE-2007-4191
	NOT-FOR-US: Panda Antivirus
CVE-2007-4190
	NOT-FOR-US: Joomla!
CVE-2007-4189
	NOT-FOR-US: Joomla!
CVE-2007-4188
	NOT-FOR-US: Joomla!
CVE-2007-4187
	NOT-FOR-US: Joomla!
CVE-2007-4186
	NOT-FOR-US: Joomla! addon
CVE-2007-4185
	NOT-FOR-US: Joomla!
CVE-2007-4184
	NOT-FOR-US: Joomla!
CVE-2007-4183
	NOT-FOR-US: paBugs
CVE-2007-4182
	NOT-FOR-US: WikiWebWeaver
CVE-2007-4181
	NOT-FOR-US: Pluck
CVE-2007-4180
	NOT-FOR-US: Pluck
CVE-2007-4179
	NOT-FOR-US: HPUX
CVE-2007-4178
	NOT-FOR-US: Webdirector
CVE-2007-4177
	NOT-FOR-US: Interact
CVE-2007-4176
	NOT-FOR-US: EQDKP Plus
CVE-2007-4175
	NOT-FOR-US: Openrat CMS
CVE-2007-4174
	- tor 0.1.2.16-1 (medium)
CVE-2007-4173
	NOT-FOR-US: Hunkaray Okul Portali
CVE-2007-4172
	NOT-FOR-US: Openwebmail
CVE-2007-4171
	NOT-FOR-US: Aura CMS
CVE-2007-4170
	NOT-FOR-US: AL-Athkar
CVE-2007-4169
	NOT-FOR-US: vgallite
CVE-2007-4167
	NOT-FOR-US: AL-Caricatier
CVE-2007-4166
	NOT-FOR-US: Xu Yiyang
CVE-2007-4165
	- wordpress <not-affected> (Wordpress doesn't ship this theme)
CVE-2007-4164
	NOT-FOR-US: IndexScript
CVE-2007-4163
	NOT-FOR-US: IndexScript
CVE-2007-4162
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4161
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4160
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4159
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4158
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4157
	NOT-FOR-US: PHPBlogger
CVE-2007-4156
	NOT-FOR-US: wolioCMS
CVE-2007-4155
	- vmware-package 0.16
CVE-2007-4154
	{DSA-1564-1}
	- wordpress 2.2.2-1
CVE-2007-4153
	{DSA-1564-1}
	- wordpress 2.2.2-1 (low)
	NOTE: see issue 4690 and 4691 in wordpress trac
CVE-2007-4152
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4151
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4150
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4149
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4148
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4147
	NOT-FOR-US: Interspire ArticleLive NX
CVE-2007-4146
	NOT-FOR-US: WebEvent
CVE-2007-4145
	NOT-FOR-US: BlueSkychat
CVE-2007-4144
	NOT-FOR-US: MitriDAT eMail Form Processor Pro
CVE-2007-4143
	NOT-FOR-US: Billing Control Panel in phpCoupon
CVE-2007-4142
	NOT-FOR-US: IBM Lotus Sametime Server
CVE-2007-4141
	NOT-FOR-US: OpenRat CMS
CVE-2007-4140
	NOT-FOR-US: Live for Speed
CVE-2007-4139
	NOT-FOR-US: Temporary Uploads
CVE-2007-4138
	- samba 3.0.26-1
	[etch] - samba <not-affected> (Vulnerable code was introduced in 3.0.25)
	[sarge] - samba <not-affected> (Vulnerable code was introduced in 3.0.25)
CVE-2007-4137
	{DSA-1426-1}
	- qt-x11-free 3:3.3.7-8 (medium; bug #442780)
	- qt4-x11 <not-affected> (Not exploitable according to upstream)
CVE-2007-4136
	NOT-FOR-US: Conga
CVE-2007-4135
	- libnfsidmap 0.18-0 (low; bug #442935)
	NOTE: https://issues.rpath.com/browse/RPL-1731
CVE-2007-4134
	- star 1.5a67-1.1 (bug #440100; low)
	[etch] - star <no-dsa> (Minor issue)
CVE-2007-4133
	{DSA-1504-1 DSA-1381-2}
	- linux-2.6 2.6.20-1
CVE-2007-4132
	NOT-FOR-US: Red Hat Satellite Server
CVE-2007-4131
	{DSA-1438-1}
	- tar 1.18-2 (medium; bug #439335)
CVE-2007-4130
	- linux-2.6 2.6.12-1 (low)
	NOTE: a fix is included in 2.6, see line 854 mempolicy.c
	NOTE: it was maybe fixed earlier, 2.6.12 is the first version in git
	NOTE: which I can see and ships the fix
CVE-2007-4129
	- coolkey 1.1.0-3
CVE-2007-4128
	NOT-FOR-US: com_gmaps for Joomla!
CVE-2007-4127
	NOT-FOR-US: Ralf Image Gallery
CVE-2007-4126
	NOT-FOR-US: Sun Solaris
CVE-2007-4125
	NOT-FOR-US: HP-UX
CVE-2007-4124
	NOT-FOR-US: Cosminexus
CVE-2007-4123
	NOT-FOR-US: Hitachi Groupmax
CVE-2007-4122
	NOT-FOR-US: Hitachi Hierarchical Viewer
CVE-2007-4121
	NOT-FOR-US: E-Commerce Scripts Shopping Cart Script
CVE-2007-4120
	NOT-FOR-US: vBulletin
CVE-2007-4119
	NOT-FOR-US: Defteri
CVE-2007-4118
	NOT-FOR-US: phpVoter
CVE-2007-4117
	NOT-FOR-US: phpVoter
CVE-2007-XXXX [teamspeak-server arbitrary file disclosure]
	- teamspeak-server 2.0.23.19-1 (bug #435707; medium)
CVE-2007-XXXX [tor insufficient authentication on control port]
	- tor 0.1.2.16-1
CVE-2007-4116
	NOT-FOR-US: Metyus Forum Portal
CVE-2007-4115
	NOT-FOR-US: IT!CMS (itcms)
CVE-2007-4114
	NOT-FOR-US: SuskunDuygular Uyelik Sistemi
CVE-2007-4113
	NOT-FOR-US: Advanced Webhost Billing System (AWBS)
CVE-2007-4112
	NOT-FOR-US: Advanced Webhost Billing System (AWBS)
CVE-2007-4111
	NOT-FOR-US: Real Estate listing website
CVE-2007-4110
	NOT-FOR-US: Message Board / Threaded Discussion Forum Application Template
CVE-2007-4109
	NOT-FOR-US: WebStore (Online StoreWebStore (Online Store Application Template)
CVE-2007-4108
	NOT-FOR-US: WebEvents (Online Event Registration Template)
CVE-2007-4107
	NOT-FOR-US: phpMyForum
CVE-2007-4106
	NOT-FOR-US: CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface
CVE-2007-4105
	NOT-FOR-US: Baidu Soba Search Bar
CVE-2007-4104
	NOT-FOR-US: WP-FeedStats plugin for WordPress
CVE-2007-4103
	- asterisk 1:1.4.9~dfsg-1
	[etch] - asterisk <not-affected> (Only 1.2.20, 1.2.21, 1.2.21.1 and 1.2.22 affected)
	[sarge] - asterisk <not-affected> (1.0 not affected)
CVE-2007-4102
	NOT-FOR-US: sBlog
CVE-2007-4101
	NOT-FOR-US: Madoa Poll
CVE-2007-4100
	- mldonkey 2.9.0-1 (bug #435439)
	[etch] - mldonkey <no-dsa> (Minor issue)
CVE-2007-4099
	- tor 0.1.2.15-1
CVE-2007-4098
	- tor 0.1.2.15-1
CVE-2007-4097
	- tor 0.1.2.15-1
CVE-2007-4096
	- tor 0.1.2.15-1
CVE-2007-4095
	NOT-FOR-US: BSM Store Dependent Forums
CVE-2007-4094
	NOT-FOR-US: IDevSpot PhpHostBot
CVE-2007-4093
	NOT-FOR-US: Minb Is Not a Blog (minb)
CVE-2007-4092
	NOT-FOR-US: iFoto
CVE-2007-4091
	{DSA-1360-1}
	- rsync 2.6.9-5 (bug #438125; medium)
CVE-2007-4090
	NOT-FOR-US: Vikingboard
CVE-2007-4089
	NOT-FOR-US: Vikingboard
CVE-2007-4088
	NOT-FOR-US: Vikingboard
CVE-2007-4087
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-4086
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-4085
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2007-4084
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2007-4083
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2007-4082
	NOT-FOR-US: AlstraSoft Article Manager Pro
CVE-2007-4081
	NOT-FOR-US: AlstraSoft Affiliate Network Pro
CVE-2007-4080
	NOT-FOR-US: AlstraSoft
CVE-2007-4079
	NOT-FOR-US: AlstraSoft
CVE-2007-4078
	NOT-FOR-US: AlstraSoft
CVE-2007-4077
	NOT-FOR-US: AlstraSoft
CVE-2007-4076
	NOT-FOR-US: Alisveris Sitesi Scripti
CVE-2007-4075
	NOT-FOR-US: Alisveris Sitesi Scripti
CVE-2007-4074
	- festival 1.96~beta-6 (bug #435445; low)
	[etch] - festival <no-dsa> (Minor issue)
CVE-2007-4073
	NOT-FOR-US: Webbler CMS
CVE-2007-4072
	NOT-FOR-US: Webbler CMS
CVE-2007-4071
	NOT-FOR-US: Webbler CMS
CVE-2007-4070
	- lbxproxy <removed>
CVE-2007-4069
	NOT-FOR-US: IndexScript
CVE-2007-4068
	NOT-FOR-US: Webyapar
CVE-2007-4067
	NOT-FOR-US: Clever Internet ActiveX Suite
CVE-2007-4066
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1
	NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4065
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1
	NOTE: Just an infinite loop in an enduser multimedia libarary, not treated as a vulnerability
	NOTE: svn revisionions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4064
	- drupal 4.7.7-1 (low)
	- drupal5 5.2-1 (low)
	[sarge] - drupal <not-affected> (Only Drupal 5.x is affected)
CVE-2007-4063
	- drupal5 5.2-1 (low)
	NOTE: DRUPAL-SA-2007-017
CVE-2007-4062
	- nessus-core <not-affected> (Windows only)
CVE-2007-4061
	- nessus-core <not-affected> (Windows only)
CVE-2007-4060
	NOT-FOR-US: corehttp
CVE-2007-4059
	- vmware-package 0.16
CVE-2007-4058
	- vmware-package 0.16
CVE-2007-4057
	NOT-FOR-US: Neocrome Seditio
CVE-2007-4056
	NOT-FOR-US: Adult Directory
CVE-2007-4055
	NOT-FOR-US: SimpleBlog
CVE-2007-4054
	NOT-FOR-US: PHP123 Top Sites
CVE-2007-4053
	NOT-FOR-US: LinPHA
CVE-2007-4052
	NOT-FOR-US: nukedit
CVE-2007-4051
	NOT-FOR-US: UltraDefrag
CVE-2007-4050
	NOT-FOR-US: ADempiere Bazaar
CVE-2007-4049
	REJECTED
CVE-2007-4048
	{DTSA-58-1}
	- phpsysinfo 2.5.1-6.1 (unimportant; bug #435935)
	- phpgroupware 0.9.16.012-1 (low; bug #435936; bug #472685)
	[etch] - phpgroupware <not-affected> (Affected code is not used in phpgroupware)
	- egroupware 1.2.107-2.dfsg-1.1 (low; bug #435937)
	NOTE: phpsysinfo alone doesn't maintain any data, which makes this an issue
CVE-2007-4047
	NOT-FOR-US: geoBlog
CVE-2007-4046
	NOT-FOR-US: Pony Gallery
CVE-2007-4045
	- cupsys 1.2
	- cups 1.2
	NOTE: Since 1.2 allocation has changed and this issue is no longer exploitable
CVE-2007-4044
	REJECTED
CVE-2007-4043
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-4042
	NOT-FOR-US: Netscape Navigator
CVE-2007-4041
	{DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
	- iceweasel 2.0.0.6-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5-1
CVE-2007-4040
	NOT-FOR-US: Micrsoft Outlook
CVE-2007-4039
	- icedove <not-affected> (Windows-specific)
CVE-2007-4038
	{DSA-1338-1}
	- iceweasel 2.0.0.5-1
CVE-2007-4037
	NOT-FOR-US: Guidance Software
CVE-2007-4036
	NOT-FOR-US: Guidance Software
CVE-2007-4035
	NOT-FOR-US: Guidance Software
CVE-2007-4034
	NOT-FOR-US: Yahoo! Widgets
CVE-2007-4033
	{DSA-1390-1}
	- t1lib 5.1.0-3 (bug #439927)
	NOTE: originally posted as a php vuln, actually in libt1
	NOTE: http://www.securityfocus.com/bid/25079 (particularly the discussions)
CVE-2007-4032
	NOT-FOR-US: CrystalPlayer
CVE-2007-4031
	NOT-FOR-US: Nessus ActiveX control
CVE-2007-4030
	RESERVED
CVE-2007-4029
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1 (medium; bug #437916)
	NOTE: svn revisions fixing this https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4028
	NOT-FOR-US: WebSPELL
CVE-2007-4027
	NOT-FOR-US: Areca
CVE-2007-4026
	NOT-FOR-US: epesi
CVE-2007-4025
	NOT-FOR-US: Sun Java System Application Server
CVE-2007-4024
	NOT-FOR-US: W1L3D4
CVE-2007-4023
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-4022
	NOT-FOR-US: cPanel
CVE-2007-4021
	NOT-FOR-US: Brain Book Software Secure
CVE-2007-4020
	NOT-FOR-US: AdMan
CVE-2007-4019
	REJECTED
CVE-2007-5645
	REJECTED
CVE-2007-4018
	NOT-FOR-US: Citrix
CVE-2007-4017
	NOT-FOR-US: Citrix
CVE-2007-4016
	NOT-FOR-US: Citrix
CVE-2007-4015
	REJECTED
CVE-2007-4014
	NOT-FOR-US: Blix themes for WordPress
CVE-2007-4013
	NOT-FOR-US: Citrix
CVE-2007-4012
	NOT-FOR-US: Cisco
CVE-2007-4011
	NOT-FOR-US: Cisco
CVE-2007-4010
	- php5 <not-affected> (Windows-specific issue)
CVE-2007-4009
	NOT-FOR-US: SWSoft Confixx
CVE-2007-4008
	NOT-FOR-US: Entertainment CMS
CVE-2007-4007
	NOT-FOR-US: Article Directory
CVE-2007-4006
	NOT-FOR-US: Mike Dubman Windows RSH daemon
CVE-2007-4005
	NOT-FOR-US: Mike Dubman Windows RSH daemon
CVE-2007-4004
	NOT-FOR-US: IBM AIX
CVE-2007-4003
	NOT-FOR-US: IBM AIX
CVE-2007-4002
	RESERVED
CVE-2007-4001
	RESERVED
CVE-2007-4000
	- krb5 1.6.dfsg.1-7 (high)
	[etch] - krb5 <not-affected> (Vulnerable code not present)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3999
	{DSA-1368-1 DSA-1367-1}
	- librpcsecgss 0.14-3
	- krb5 1.6.dfsg.1-7 (high)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3998
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1 (low)
	- php4 <removed> (low)
	NOTE: this applies to php4 as well
	NOTE: i think it is medium since it can be easily used to DoS on shared hosting systems
	NOTE: a diff between 5.2.3 (debian) and 5.2.4 (upstream) of ext/standard/string.c
	NOTE: so maybe this is already fixed in 5.2.3, not sure
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.63&r2=1.445.2.14.2.64
CVE-2007-3997
	- php5 5.2.4-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: only exploitable by malicious script
CVE-2007-3996
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (bug #443456; medium)
	- libwmf <unfixed> (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	NOTE: Debian's PHP packages are linked dynamically against libgd
	NOTE: see http://www.php.net/releases/5_2_4.php
CVE-2007-3995
	RESERVED
CVE-2007-3994
	RESERVED
CVE-2007-3993
	NOT-FOR-US: Kerio MailServer
CVE-2007-3992
	NOT-FOR-US: iExpress Property Pro
CVE-2007-3991
	NOT-FOR-US: Asp cvmatik
CVE-2007-3990
	NOT-FOR-US: Dora Emlak
CVE-2007-3989
	NOT-FOR-US: Dora Emlak
CVE-2007-3988
	NOT-FOR-US: Virtual Hosting Control System
CVE-2007-3987
	NOT-FOR-US: ImageRacer
CVE-2007-3986
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-3985
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-3984
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3983
	NOT-FOR-US: ActiveReports
CVE-2007-3982
	NOT-FOR-US: ActiveReports
CVE-2007-3981
	NOT-FOR-US: WSN Links
CVE-2007-3980
	NOT-FOR-US: RCMS Pro RGameScript Pro
CVE-2007-3979
	NOT-FOR-US: BlogSite Professional
CVE-2007-3978
	NOT-FOR-US: bwired
CVE-2007-3977
	NOT-FOR-US: bwired
CVE-2007-3976
	NOT-FOR-US: bwired
CVE-2007-3975
	NOT-FOR-US: Elite Forum
CVE-2007-3974
	NOT-FOR-US: JBlog
CVE-2007-3973
	NOT-FOR-US: JBlog
CVE-2007-3972
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3971
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3970
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3969
	NOT-FOR-US: Panda Antivirus
CVE-2007-3968
	NOT-FOR-US: dirLIST
CVE-2007-3967
	NOT-FOR-US: dirLIST
CVE-2007-3966
	NOT-FOR-US: Munch Pro
CVE-2007-3965
	NOT-FOR-US: uFMOD
CVE-2007-3964
	NOT-FOR-US: Itaka
CVE-2007-3963
	NOT-FOR-US: UseBB
CVE-2007-3962
	NOT-FOR-US: fsplib, vulnerable code not present in lib.c from fsp source package
CVE-2007-3961
	NOT-FOR-US: fsplib, vulnerable code not present in lib.c from fsp source package
CVE-2007-3960
	NOT-FOR-US: IBM WebSphere
CVE-2007-3959
	NOT-FOR-US: Ipswitch Collaboration Suite (ICS)
CVE-2007-3958
	NOT-FOR-US: Microsoft
CVE-2007-3957
	NOT-FOR-US: Nipun Jain xserver
CVE-2007-3956
	- teamspeak-server 2.0.23.19-1 (bug #435707)
CVE-2007-3955
	NOT-FOR-US: LinkedIn Toolbar
CVE-2007-3954
	NOT-FOR-US: Microsoft
CVE-2007-3953
	NOT-FOR-US: Norman Antivirus
CVE-2007-3952
	NOT-FOR-US: Norman Antivirus
CVE-2007-3951
	NOT-FOR-US: Norman Antivirus
CVE-2007-3950
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3949
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3948
	- lighttpd 1.4.16-1 (low; bug #434888)
CVE-2007-3947
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #428368)
	[etch] - libghttpd <no-dsa> (Accidentally omitted in DSA, but doesn't warrant another update itself)
CVE-2007-3946
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3945
	NOT-FOR-US: Rule Set Based Access Control (RSBAC)
CVE-2007-3944
	NOT-FOR-US: MobileSafari
CVE-2007-3943
	NOT-FOR-US: Infinite Responder
CVE-2007-3942
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3941
	NOT-FOR-US: Jasmine CMS
CVE-2007-3940
	NOT-FOR-US: QuickerSite
CVE-2007-3939
	NOT-FOR-US: Vivvo Article Management CMS
CVE-2007-3938
	NOT-FOR-US: MAXdev MDPro (MD-Pro)
CVE-2007-3937
	NOT-FOR-US: A-shop
CVE-2007-3936
	NOT-FOR-US: A-shopA-shop
CVE-2007-3935
	NOT-FOR-US: SupaNav
CVE-2007-3934
	NOT-FOR-US: BBS E-Market
CVE-2007-3933
	NOT-FOR-US: QuickEStore
CVE-2007-3932
	NOT-FOR-US: Expose RC35 for Joomla
CVE-2007-3931
	NOT-FOR-US: Samsung SCX-4200 Driver installation script
CVE-2007-3930
	NOT-FOR-US: Microsoft
CVE-2007-3929
	NOT-FOR-US: Opera
CVE-2007-3928
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-3927
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3926
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3925
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3924
	NOT-FOR-US: Microsoft
CVE-2007-3923
	NOT-FOR-US: Cisco
CVE-2007-3922
	- sun-java5 1.5.0-12-2
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-02-1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3921
	{DSA-1402-1}
	- gforge 4.6.99+svn6169-1
CVE-2007-3920
	{DTSA-75-1}
	[etch] - gnome-screensaver <not-affected> (Affected Compiz not present in Etch version)
	[etch] - xorg-server <not-affected> (Affected Compiz not present in Etch version)
	- gnome-screensaver 2.20.0-1.1
	- xorg-server 2:1.4.1~git20080118-1 (bug #449108; medium)
CVE-2007-3919
	{DSA-1395-1}
	- xen-unstable 3.0-unstable+hg11561-1 (low; bug #464044)
	- xen-3 3.1.2-1 (low)
CVE-2007-3918
	{DSA-1383-1}
	- gforge 4.6.99+svn6094-1
CVE-2007-3917
	{DSA-1386-1}
	- wesnoth 1.2.7-1
CVE-2007-3916
	- skktools 1.2+0.20061004-3 (low)
	[sarge] - skktools <no-dsa> (Minor issue)
	[etch] - skktools <no-dsa> (Minor issue)
CVE-2007-3915 [mondo insecure handling of temporary files]
	RESERVED
	- mondo 2.24-2 (low)
CVE-2007-3914
	RESERVED
CVE-2007-3913
	{DSA-1369-1 DTSA-57-1}
	- gforge 4.6.99+svn6086-1
CVE-2007-3912
	{DSA-1527-1}
	- debian-goodies 0.34 (bug #440411; medium)
CVE-2007-3911
	NOT-FOR-US: BakBone NetVault Reporter
CVE-2007-3910
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-3909
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-3908
	NOT-FOR-US: HP ServiceGuard
CVE-2007-3907
	NOT-FOR-US: LedgerSMB
CVE-2007-3906
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-3905
	{DSA-1389-2 DSA-1389-1}
	- zoph 0.7.0.2-1 (bug #435711)
CVE-2007-3904
	REJECTED
CVE-2007-3903
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3902
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3901
	NOT-FOR-US: Microsoft DirectX
CVE-2007-3900
	REJECTED
CVE-2007-3899
	NOT-FOR-US: Microsoft Word
CVE-2007-3898
	NOT-FOR-US: Microsoft Windows
CVE-2007-3897
	NOT-FOR-US: Outlook Express
CVE-2007-3896
	NOT-FOR-US: Windows
CVE-2007-3895
	NOT-FOR-US: Microsoft DirectX
CVE-2007-3894
	REJECTED
CVE-2007-3893
	NOT-FOR-US: Internet Explorer
CVE-2007-3892
	NOT-FOR-US: Internet Explorer
CVE-2007-3891
	NOT-FOR-US: Windows Vista
CVE-2007-3890
	NOT-FOR-US: Microsoft
CVE-2007-3889
	NOT-FOR-US: Insanely Simple Blog
CVE-2007-3888
	NOT-FOR-US: Insanely Simple Blog
CVE-2007-3887
	NOT-FOR-US: ASP Ziyaretci Defteri
CVE-2007-3886
	NOT-FOR-US: Element CMS
CVE-2007-3885
	NOT-FOR-US: husrevforum
CVE-2007-3884
	NOT-FOR-US: husrevforum
CVE-2007-3883
	NOT-FOR-US: Data Dynamics ActiveBar ActiveX control
CVE-2007-3882
	NOT-FOR-US: Expert Advisor
CVE-2007-3881
	NOT-FOR-US: Pictures Rating
CVE-2007-3880
	NOT-FOR-US: Net Connect
CVE-2007-3879
	RESERVED
CVE-2007-3878
	RESERVED
CVE-2007-3877
	RESERVED
CVE-2007-3876
	NOT-FOR-US: SMB (Apple Mac OS X)
CVE-2007-3875
	NOT-FOR-US: CA Anti-Virus
CVE-2007-3874
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2007-3873
	NOT-FOR-US: SSAPI Engine
CVE-2007-3872
	NOT-FOR-US: HP OpenView
CVE-2007-3871
	NOT-FOR-US: Stampit
CVE-2007-XXXX [dokuwiki XSS in spellchecker]
	- dokuwiki 0.0.20070626b-1 (unimportant; bug #434134)
	NOTE: IE browser bug are not treated as security issues in packages applications
CVE-2007-3870
	NOT-FOR-US: Oracle
CVE-2007-3869
	NOT-FOR-US: Oracle
CVE-2007-3868
	NOT-FOR-US: Oracle
CVE-2007-3867
	NOT-FOR-US: Oracle
CVE-2007-3866
	NOT-FOR-US: Oracle
CVE-2007-3865
	NOT-FOR-US: Oracle
CVE-2007-3864
	NOT-FOR-US: Oracle
CVE-2007-3863
	NOT-FOR-US: Oracle
CVE-2007-3862
	NOT-FOR-US: Oracle
CVE-2007-3861
	NOT-FOR-US: Oracle
CVE-2007-3860
	NOT-FOR-US: Oracle
CVE-2007-3859
	NOT-FOR-US: Oracle
CVE-2007-3858
	NOT-FOR-US: Oracle
CVE-2007-3857
	NOT-FOR-US: Oracle
CVE-2007-3856
	NOT-FOR-US: Oracle
CVE-2007-3855
	NOT-FOR-US: Oracle
CVE-2007-3854
	NOT-FOR-US: Oracle
CVE-2007-3853
	NOT-FOR-US: Oracle
CVE-2007-3852
	- sysstat <not-affected> (We have our own init script not prone to this vulnerability)
CVE-2007-3851
	{DSA-1356-1}
	- linux-2.6 2.6.22-4
CVE-2007-3850
	- linux-2.6 <not-affected> (Debian's kernel doesn't enable CONFIG_PPC_64K_PAGES)
CVE-2007-3849
	NOT-FOR-US: RedHat Advanced Intrusion Detection Environment
CVE-2007-3848
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-4
CVE-2007-3847
	- apache2 2.2.6-1 (bug #441845; low)
	[etch] - apache2 2.2.3-4+etch3 (bug #441845; low)
	- apache <removed> (unimportant)
	NOTE: Apache 1.3 is non-threaded, therefore unimportant
CVE-2007-3846
	NOT-FOR-US: TortoiseSVN on Windows
CVE-2007-3845
	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1}
	- iceweasel 2.0.0.6-1 (medium)
	- xulrunner 1.8.1.6-1 (medium)
	- iceape 1.1.3-2 (medium)
	- icedove 2.0.0.6-1 (medium)
	NOTE: MFSA2007-27
CVE-2007-3844
	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1}
	- iceweasel 2.0.0.6-1 (medium)
	- xulrunner 1.8.1.6-1 (medium)
	- iceape 1.1.3-2 (medium)
	- icedove 2.0.0.6-1 (medium)
	NOTE: MFSA2007-26
CVE-2007-3843
	{DSA-1363-1}
	- linux-2.6 2.6.23-1 (bug #446073)
CVE-2007-3842
	NOT-FOR-US: 8e6 R3000 Enterprise Filter
CVE-2007-3841
	NOTE: this information is based upon a vague advisory by a vulnerability
	NOTE: information sales organization that does not coordinate with vendors or
	NOTE: release actionable advisories. So maybe it is not fixed _but_ since it is
	NOTE: not disclosed it would be hard to fix and track it.
CVE-2007-3840
	NOT-FOR-US: Traffic Stats
CVE-2007-3839
	NOT-FOR-US: TBDev.NET
CVE-2007-3838
	NOT-FOR-US: TBDev.NET
CVE-2007-3837
	NOT-FOR-US: HydraIRC
CVE-2007-3836
	NOT-FOR-US: HydraIRC
CVE-2007-3835
	NOT-FOR-US: Ex Libris MetaLib
CVE-2007-3834
	NOT-FOR-US: Ex Libris ALEPH
CVE-2007-3833
	NOT-FOR-US: Trillian
CVE-2007-3832
	NOT-FOR-US: Trillian
CVE-2007-3831
	NOT-FOR-US: ISS Proventia Network IPS
CVE-2007-3830
	NOT-FOR-US: ISS Proventia Network IPS
CVE-2007-3829
	NOT-FOR-US: InterActual Player
CVE-2007-3828
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3827
	NOTE: Unreproducible for upstream
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=388097
CVE-2007-3826
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3825
	NOT-FOR-US: CA Alert Notification Server
CVE-2007-3824
	NOT-FOR-US: MzK Blog
CVE-2007-3823
	NOT-FOR-US: IPSwitch WS_FTP
CVE-2007-3822
	NOT-FOR-US: Webcit
CVE-2007-3821
	NOT-FOR-US: Webcit
CVE-2007-3819
	NOT-FOR-US: Opera
CVE-2007-3818
	NOT-FOR-US: LoginToboggan
CVE-2007-3817
	NOT-FOR-US: LoginToboggan
CVE-2007-3816
	NOT-FOR-US: JWIG
CVE-2007-3815
	NOT-FOR-US: Poslovni informator Republike Slovenije
CVE-2007-3814
	NOT-FOR-US: MKPortal
CVE-2007-3813
	NOT-FOR-US: NoBoard BETA module for MKPortal
CVE-2007-3812
	NOT-FOR-US: CMScout
CVE-2007-3811
	NOT-FOR-US: eSyndiCat
CVE-2007-3810
	NOT-FOR-US: Realtor 747
CVE-2007-3809
	NOT-FOR-US: Prozilla Directory Script
CVE-2007-3808
	NOT-FOR-US: paFileDB
CVE-2007-3807
	NOT-FOR-US: SiteScape Forum
CVE-2007-3806
	{DSA-1578-1 DSA-1572-1 DTSA-61-1}
	- php5 5.2.4-1 (medium; bug #441433)
	- php4 <removed>
	[etch] - php5 <no-dsa> (requires malicious script)
	[etch] - php4 <no-dsa> (requires malicious script)
	[sarge] - php4 <no-dsa> (requires malicious script)
CVE-2007-3805
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3804
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3803
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3802
	REJECTED
CVE-2007-3801
	REJECTED
CVE-2007-3800
	NOT-FOR-US: Symantec
CVE-2007-3799
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	NOTE: this does not affect default installs, only those who have written
	NOTE: custom session handlers (which isn't *that* uncommon though), and
	NOTE: also may not work if other cookie values are set.
	NOTE: fix sneaked into php 5.2.3 sans-mention:
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36&r2=1.417.2.8.2.37&pathrev=PHP_5_2
	NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
	- php4 <removed> (low)
	- php5 5.2.4-1 (low; bug #441433)
CVE-2007-3798
	{DSA-1353-1}
	- tcpdump 3.9.5-3 (bug #434030)
CVE-2007-3797
	RESERVED
CVE-2007-3796
	NOT-FOR-US: Spam Quarantine HTTP interface for MailMarshal SMTP
CVE-2007-3795
	NOT-FOR-US: Hitachi
CVE-2007-3794
	NOT-FOR-US: Hitachi
CVE-2007-3793
	NOT-FOR-US: Job Management Partner
CVE-2007-3792
	NOT-FOR-US: AzDG Dating Gold
CVE-2007-3791
	{DSA-1361-1}
	- postfix-policyd 1.80-2.2 (bug #435735)
CVE-2007-3790
	- php5 <not-affected> (com_print_typeinfo is a windows only func)
	- php4 <not-affected> (com_print_typeinfo is a windows only func)
CVE-2007-3789
	NOT-FOR-US: Inmostore
CVE-2007-3788
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3787
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3786
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3785
	NOT-FOR-US: EldoS SecureBlackbox
CVE-2007-3784
	NOT-FOR-US: Belkin
CVE-2007-3783
	NOT-FOR-US: enVivo!CMS
CVE-2007-3782
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.42
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality was introduced in 5.0)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable functionality was introduced in 5.0)
CVE-2007-3781
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-1
	[etch] - mysql-dfsg-5.0 <no-dsa> (Minor issue, too intrusive to backport)
	[sarge] - mysql-dfsg <no-dsa> (Minor issue, too intrusive to backport)
	[sarge] - mysql-dfsg-4.1 <no-dsa> (Minor issue, too intrusive to backport)
CVE-2007-3780
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.44
	[sarge] - mysql-dfsg <not-affected> (Introduced with SSL support in 4.1)
CVE-2007-3779
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3778
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3777
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2007-3776
	NOT-FOR-US: Cisco
CVE-2007-3775
	NOT-FOR-US: Cisco
CVE-2007-3774
	NOT-FOR-US: Dvbbs
CVE-2007-3773
	NOT-FOR-US: Generic YouTube Clone Script
CVE-2007-3772
	NOT-FOR-US: PsNews
CVE-2007-3771
	NOT-FOR-US: Symantec Antivirus
CVE-2007-3770
	{DSA-1393-1}
	- xfce4-terminal 0.2.6-3 (bug #437454)
CVE-2007-3769
	NOT-FOR-US: SurgeFTP
CVE-2007-3768
	NOT-FOR-US: SurgeFTP
CVE-2007-3767
	RESERVED
CVE-2007-3766
	RESERVED
CVE-2007-3765
	- asterisk 1:1.4.8~dfsg-1 (bug #433681)
	[sarge] - asterisk <not-affected> (1.0.x not affected)
	[etch] - asterisk <not-affected> (1.2.x not affected)
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-017.htm
CVE-2007-3764
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-016.htm
CVE-2007-3763
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-015.htm
CVE-2007-3762
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1 (high)
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-014.htm
CVE-2007-3820
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
	NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2
CVE-2007-3761
	NOT-FOR-US: Safari
CVE-2007-3760
	NOT-FOR-US: Safari
CVE-2007-3759
	NOT-FOR-US: Safari
CVE-2007-3758
	NOT-FOR-US: Safari
CVE-2007-3757
	NOT-FOR-US: Safari
CVE-2007-3756
	NOT-FOR-US: Safari
CVE-2007-3755
	NOT-FOR-US: Aplle iPhone
CVE-2007-3754
	NOT-FOR-US: Aplle iPhone
CVE-2007-3753
	NOT-FOR-US: Aplle iPhone
CVE-2007-3752
	NOT-FOR-US: iTunes
CVE-2007-3751
	NOT-FOR-US: Apple QuickTime
CVE-2007-3750
	NOT-FOR-US: Apple QuickTime
CVE-2007-3749
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3748
	NOT-FOR-US: iChat on Apple Mac OS X
CVE-2007-3747
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3746
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3745
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3744
	NOT-FOR-US: Apple Mac OSX
CVE-2007-3743
	NOT-FOR-US: Apple Safari
CVE-2007-3742
	NOT-FOR-US: Apple Safari
CVE-2007-3741
	- gimp 2.2.17-1 (unimportant)
	NOTE: Only DoS by memleaks or double-frees, not treated as security problems
CVE-2007-3740
	{DSA-1504-1 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.22
CVE-2007-3739
	{DSA-1504-1 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.20-1
CVE-2007-3738
	{DSA-1534-2 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceape 1.1.3-1 (medium)
	- xulrunner 1.8.1.5-1 (medium)
	- iceweasel 2.0.0.5-1 (medium)
	NOTE: MFSA2007-25
CVE-2007-3737
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	- iceweasel 2.0.0.5-1 (high)
	NOTE: MFSA2007-21
CVE-2007-3736
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (high)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-19
CVE-2007-3735
	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
	- iceweasel 2.0.0.5-1 (high)
	- icedove 2.0.0.6-1 (low)
	NOTE: Affects only broken setups, enabling js in Icedove is strongly not recommended
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-18
CVE-2007-3734
	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
	- iceweasel 2.0.0.5-1 (high)
	- icedove 2.0.0.6-1 (high; bug #444010)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-18
CVE-2007-3733
	RESERVED
CVE-2007-3732
	RESERVED
	- linux-2.6 2.6.23-1
	NOTE: Upstream fix: https://git.kernel.org/linus/a10d9a71bafd3a283da240d2868e71346d2aef6f (v2.6.23-rc1)
CVE-2007-3731
	{DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.23-1
CVE-2007-3730
	NOT-FOR-US: HP OpenVMS
CVE-2007-3729
	NOT-FOR-US: HP OpenVMS
CVE-2007-3728
	- silc-toolkit 1.1.2-1
	[etch] - silc-toolkit <not-affected> (Only the 1.1.x branch is affected)
	NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2
CVE-2007-3727
	NOT-FOR-US: WebMatic
CVE-2007-3726
	- unrar-nonfree 3.7.3-1.1 (low; bug #437703)
	[etch] - unrar-nonfree <no-dsa> (Non-free not supported)
	[sarge] - unrar-nonfree <no-dsa> (Non-free not supported)
	- rar 1:3.7b1-1 (low; bug #437704)
	[etch] - rar <not-affected> (Vulnerable code was fixed already)
	[sarge] - rar <no-dsa> (Non-free not supported)
CVE-2007-3725
	{DSA-1340-1 DTSA-43-1}
	- clamav 0.91-1
	[sarge] - clamav <not-affected> (Vulnerable code was introduced in 0.9x)
CVE-2007-3724
	NOT-FOR-US: Microsoft Windows XP
CVE-2007-3723
	NOT-FOR-US: Solaris
CVE-2007-3722
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-3721
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-3720
	- linux-2.6 <not-affected> (There's a separate ID for 2.6, see CVE-2007-3719)
CVE-2007-3719
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: This is the existing default behaviour of the scheduler, can be tuned
	NOTE: to suit individual needs
CVE-2007-3718
	NOT-FOR-US: Apple Safari
CVE-2007-3717
	NOT-FOR-US: Sun Solaris
CVE-2007-3716
	- sun-java6 6-02-1 (medium)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3715
	NOT-FOR-US: Sun Java System Application Server and Web Server
CVE-2007-3714
	NOT-FOR-US: Ada Image Server
CVE-2007-3713
	{DSA-1433-1 DTSA-55-1}
	- centericq 4.22.1-2.1 (bug #438511; medium)
	- centerim 4.22.1-2.1 (medium)
CVE-2007-3712
	NOT-FOR-US: HiddenChest
CVE-2007-3711
	NOT-FOR-US: TippingPoint IPS
CVE-2007-3710
	NOT-FOR-US: PHP Comet-Server
CVE-2007-3709
	- codeigniter <itp> (bug #471583)
CVE-2007-3708
	- codeigniter <itp> (bug #471583)
CVE-2007-3707
	- codeigniter <itp> (bug #471583)
CVE-2007-3706
	- codeigniter <itp> (bug #471583)
CVE-2007-3705
	NOT-FOR-US: FuseTalk
CVE-2007-3704
	NOT-FOR-US: Entertainment CMS
CVE-2007-3703
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3702
	NOT-FOR-US: Mail Machine
CVE-2007-3701
	NOT-FOR-US: TippingPoint IPS
CVE-2007-3700
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-3699
	NOT-FOR-US: Symantec
CVE-2007-3698
	- sun-java5 1.5.0-12-1
	- sun-java6 6-02-1
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3697
	NOT-FOR-US: FlashBB
CVE-2007-3696
	NOT-FOR-US: CA ERwin Data Model Validator
CVE-2007-3695
	NOT-FOR-US: CA ERwin
CVE-2007-3694
	NOT-FOR-US: Broadcast Machine
CVE-2007-3693
	NOT-FOR-US: gobi
CVE-2007-3692
	NOT-FOR-US: EZFactory KDDI Download CGI
CVE-2007-3691
	NOT-FOR-US: AV Tutorial
CVE-2007-3690
	NOT-FOR-US: Forward module for Drupal
CVE-2007-3689
	NOT-FOR-US: Print module for Drupal
CVE-2007-3688
	NOT-FOR-US: DotClear
CVE-2007-3687
	NOT-FOR-US: Inferno Technologies
CVE-2007-3686
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3685
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3684
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3683
	NOT-FOR-US: Aigaion
CVE-2007-3682
	NOT-FOR-US: OpenLD
CVE-2007-3681
	NOT-FOR-US: WinPcap
CVE-2007-3680
	NOT-FOR-US: IBM AIX
CVE-2007-3679
	NOT-FOR-US: Citrix
CVE-2007-3678
	NOT-FOR-US: QuarkXPress
CVE-2007-3677
	NOT-FOR-US: Maxsi eVisit Analyst
CVE-2007-3676
	NOT-FOR-US: IBM DB2
CVE-2007-3675
	NOT-FOR-US: Kaspersky Online Scanner
CVE-2007-3674
	RESERVED
CVE-2007-3673
	NOT-FOR-US: Symantec AntiVirus
CVE-2007-3672
	NOT-FOR-US: DotClear
CVE-2007-3671
	NOT-FOR-US: Microsoft Windows
CVE-2007-3670
	- iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
	- icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
	NOTE: MFSA2007-23
CVE-2007-3669
	NOT-FOR-US: InnovaDSXP2.OCX ActiveX Control
CVE-2007-3668
	NOT-FOR-US: NMSDVDXLib
CVE-2007-3667
	NOT-FOR-US: ActiveReportsExcelReport
CVE-2007-3666
	NOT-FOR-US: Symantec Ghost
CVE-2007-3665
	NOT-FOR-US: Symantec Ghost
CVE-2007-3664
	NOT-FOR-US: Eltima Software
CVE-2007-3663
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-3662
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-3661
	NOT-FOR-US: Eltima Software
CVE-2007-3660
	NOT-FOR-US: Nonnoi
CVE-2007-3659
	NOT-FOR-US: FreeWRL
CVE-2007-3658
	NOT-FOR-US: Microsoft
CVE-2007-3657
	NOTE: Disputed Firefox issue, browser crashes not treated as security problems anyway
CVE-2007-3656
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (high)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-24
CVE-2007-3655
	- sun-java5 1.5.0-12-1
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-02-1
CVE-2007-3654
	NOT-FOR-US: NetBSD
CVE-2007-3653
	NOT-FOR-US: Farsi Script
CVE-2007-3652
	NOT-FOR-US: Farsi Script
CVE-2007-3651
	NOT-FOR-US: Farsi Script
CVE-2007-3650
	NOT-FOR-US: myWebland myBloggie
CVE-2007-3649
	NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control
CVE-2007-3648
	NOT-FOR-US: WebMatic
CVE-2007-3647
	NOT-FOR-US: phpTrafficA
CVE-2007-3646
	NOT-FOR-US: FlashGameScript
CVE-2007-3645
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3644
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3643
	NOT-FOR-US: AV Arcade
CVE-2007-3642
	{DSA-1356-1}
	- linux-2.6 2.6.22-2
CVE-2007-3641
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3640
	NOT-FOR-US: Adobe Apollo
CVE-2007-3639
	{DSA-1564-1}
	- wordpress 2.2.2-1
CVE-2007-3638
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-3637
	NOT-FOR-US: MKPortal
CVE-2007-3636
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3635
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3634
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3633
	NOT-FOR-US: Chilkat Software
CVE-2007-3632
	NOTE: Moodle contains a copy of the files, but not the string
	NOTE: "homedir", so it is not affected.
CVE-2007-3631
	NOT-FOR-US: GameSiteScript
CVE-2007-3630
	NOT-FOR-US: AV Tutorial
CVE-2007-3629
	NOT-FOR-US: Levent Veysi Portal
CVE-2007-3628
	NOT-FOR-US: Structures-DataGrid-DataSource-MDB2
CVE-2007-3627
	NOT-FOR-US: PHP Lite Calender Express
CVE-2007-3626
	NOT-FOR-US: Hitachi
CVE-2007-3625
	NOT-FOR-US: Citrix
CVE-2007-3624
	NOT-FOR-US: SAP
CVE-2007-3623
	NOT-FOR-US: Hitachi
CVE-2007-3622
	NOT-FOR-US: MDaemon
CVE-2007-3621
	NOT-FOR-US: AsteriDex
CVE-2007-3620
	NOT-FOR-US: Maia Mailguard
CVE-2007-3619
	NOT-FOR-US: Maia Mailguard
CVE-2007-3618
	NOT-FOR-US: EMC Software NetWorker
CVE-2007-3617
	NOT-FOR-US: vtiger CRM
CVE-2007-3616
	NOT-FOR-US: vtiger CRM
CVE-2007-3615
	NOT-FOR-US: SAP
CVE-2007-3614
	NOT-FOR-US: SAP DB Web Server
CVE-2007-3613
	NOT-FOR-US: SAP
CVE-2007-3612
	NOT-FOR-US: Visual IRC
CVE-2007-3611
	NOT-FOR-US: VRNews
CVE-2007-3610
	NOT-FOR-US: phpVID
CVE-2007-3609
	NOT-FOR-US: eMeeting
CVE-2007-3608
	NOT-FOR-US: SAP
CVE-2007-3607
	NOT-FOR-US: SAP
CVE-2007-3606
	NOT-FOR-US: SAP
CVE-2007-3605
	NOT-FOR-US: SAP
CVE-2007-3604
	NOT-FOR-US: vtiger CRM
CVE-2007-3603
	NOT-FOR-US: vtiger CRM
CVE-2007-3602
	NOT-FOR-US: vtiger CRM
CVE-2007-3601
	NOT-FOR-US: vtiger CRM
CVE-2007-3600
	NOT-FOR-US: vtiger CRM
CVE-2007-3599
	NOT-FOR-US: vtiger CRM
CVE-2007-3598
	NOT-FOR-US: vtiger CRM
CVE-2007-3597
	NOT-FOR-US: Zen Cart
CVE-2007-3596
	NOT-FOR-US: phpVideoPro
CVE-2007-3595
	REJECTED
CVE-2007-3594
	NOT-FOR-US: ManageEngine OpManager
CVE-2007-3593
	NOT-FOR-US: ManageEngine NetflowAnalyzer
CVE-2007-3592
	NOT-FOR-US: Elite Bulletin Board
CVE-2007-3591
	NOT-FOR-US: Elite Bulletin Board
CVE-2007-3590
	NOT-FOR-US: b1gBB
CVE-2007-3589
	NOT-FOR-US: b1gbb
CVE-2007-3588
	NOT-FOR-US: VBZooM
CVE-2007-3587
	NOT-FOR-US: MyCMS
CVE-2007-3586
	NOT-FOR-US: MyCMS
CVE-2007-3585
	NOT-FOR-US: MyCMS
CVE-2007-3584
	NOT-FOR-US: PNphpBB2
CVE-2007-3583
	NOT-FOR-US: Girlserv ads
CVE-2007-3582
	NOT-FOR-US: SuperCali PHP Event Calendar
CVE-2007-3581
	NOT-FOR-US: Jedox
CVE-2007-3580
	NOT-FOR-US: PHPIDS
CVE-2007-3579
	NOT-FOR-US: PHPIDS
CVE-2007-3578
	NOT-FOR-US: PHPIDS
CVE-2007-3577
	NOT-FOR-US: PHPIDS
CVE-2007-3576
	NOT-FOR-US: Microsoft
CVE-2007-3575
	NOT-FOR-US: FreeDomain.co.nr Clone
CVE-2007-3574
	NOT-FOR-US: Linksys
CVE-2007-3573
	NOT-FOR-US: AkoComment
CVE-2007-3572
	NOT-FOR-US: Yoggie
CVE-2007-3571
	NOT-FOR-US: Novell
CVE-2007-3570
	NOT-FOR-US: Novell
CVE-2007-3569
	NOT-FOR-US: Oliver Library Management System
CVE-2007-3568
	- imlib 1.9.15-3 (bug #437708; low)
	[sarge] - imlib <no-dsa> (Minor issue, just a crash)
	[etch] - imlib <no-dsa> (Minor issue, just a crash)
CVE-2007-3567
	NOT-FOR-US: MysqlDumper
CVE-2007-3566
	NOT-FOR-US: Borland InterBase
CVE-2007-3565
	RESERVED
CVE-2007-3564
	{DSA-1333-1}
	- curl 7.16.4-1 (low)
CVE-2007-3563
	NOT-FOR-US: AV Arcade
CVE-2007-3562
	NOT-FOR-US: PHP Director
CVE-2007-3561
	NOT-FOR-US: Efendy Blog
CVE-2007-3560
	NOT-FOR-US: Esqlanelapse
CVE-2007-3559
	NOT-FOR-US: PHP-Fusion
CVE-2007-3558
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-3557
	NOT-FOR-US: Wheatblog
CVE-2007-3556
	NOT-FOR-US: Liesbeth
CVE-2007-3555
	{DSA-1691-1}
	- moodle 1.8.2-1 (low; bug #432264)
CVE-2007-3554
	NOT-FOR-US: HP
CVE-2007-3553
	NOT-FOR-US: Oracle
CVE-2007-3552
	NOT-FOR-US: bbs100
CVE-2007-3551
	NOT-FOR-US: bbs100
CVE-2007-3550
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3549
	NOT-FOR-US: Buddy Zone
CVE-2007-3548
	NOT-FOR-US: W3Filer
CVE-2007-3547
	NOT-FOR-US: QuickTicket
CVE-2007-3546
	NOT-FOR-US: Nessus Windows GUI
CVE-2007-3545
	NOT-FOR-US: Warzone
CVE-2007-3544
	- wordpress 2.2.2-1
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-3543
	- wordpress 2.2.1-1
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-3542
	NOT-FOR-US: Pluxml
CVE-2007-3541
	NOT-FOR-US: Kurinton sHTTPd
CVE-2007-3540
	NOT-FOR-US: rwAuction
CVE-2007-3539
	NOT-FOR-US: QuickTicket
CVE-2007-3538
	NOT-FOR-US: QuickTalk
CVE-2007-3537
	NOT-FOR-US: IBM OS/400
CVE-2007-3536
	NOT-FOR-US: AMX NetLinx VNC
CVE-2007-3535
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2007-3534
	NOT-FOR-US: WebChat
CVE-2007-3533
	NOT-FOR-US: 3Com
CVE-2007-3532
	- nvidia-kernel-common 20051028+1-0.1 (bug #434398; low)
	[sarge] - nvidia-kernel-common <no-dsa> (Contrib and non-free not supported)
	[etch] - nvidia-kernel-common <no-dsa> (Contrib and non-free not supported)
CVE-2007-3531
	- nvclock 0.8b-1 (low)
CVE-2007-3530
	NOT-FOR-US: PHPDirector
CVE-2007-3529
	NOT-FOR-US: PHPDirector
CVE-2007-3528
	- dar 2.3.3-1 (low; bug #425335)
	[etch] - dar <no-dsa> (Minor issue)
	[sarge] - dar <no-dsa> (Minor issue)
CVE-2007-3527
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-3526
	NOT-FOR-US: Buddy Zone
CVE-2007-3525
	NOT-FOR-US: Ripe Website Manager
CVE-2007-3524
	NOT-FOR-US: Ripe Website Manager
CVE-2007-3523
	NOT-FOR-US: XCMS
CVE-2007-3522
	NOT-FOR-US: sPHPell
CVE-2007-3521
	NOT-FOR-US: ArcadeBuilder Game Portal Manager
CVE-2007-3520
	NOT-FOR-US: Easybe
CVE-2007-3519
	NOT-FOR-US: phpEventCalendar
CVE-2007-3518
	NOT-FOR-US: HispaH YouTube Clone Script
CVE-2007-3517
	NOT-FOR-US: Claroline
CVE-2007-3516
	NOT-FOR-US: Gorki Online Santrac Sitesi
CVE-2007-3515
	NOT-FOR-US: TotalCalendar
CVE-2007-3514
	NOT-FOR-US: Apple Safari
CVE-2007-3513
	{DSA-1356-1}
	- linux-2.6 2.6.22-1
	NOTE: Fixed in commit 5afeb104e7901168b21aad0437fb51dc620dfdd3
	NOTE: in Linus' tree.
CVE-2007-3512
	NOT-FOR-US: Lhaca
CVE-2007-3511
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (bug #438873; low)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-32
CVE-2007-3510
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-3509
	NOT-FOR-US: Symantec
CVE-2007-3508
	- glibc 2.6-2 (unimportant; bug #431858)
	NOTE: Not security-relevant
CVE-2007-3507
	- flac123 0.0.11-1 (low; bug #432008)
	[etch] - flac123 <no-dsa> (Minor issue)
CVE-2007-3506
	- freetype 2.3.4 (bug #432013)
	[sarge] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
	[etch] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
	[lenny] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
CVE-2007-3505
	NOT-FOR-US: QuickTalk forum
CVE-2007-3504
	- sun-java5 <not-affected>
	NOTE: Sun Alert ID 102957 says issue is Windows only
CVE-2007-3503
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java5 1.5.0-12-1
	[etch] - sun-java6 <no-dsa> (non-free)
	- sun-java6 6-01-1 (bug #432006)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3502
	NOT-FOR-US: Kaspersky Anti-Spam
CVE-2007-3501
	NOT-FOR-US: DirectAdmin
CVE-2007-3500
	NOT-FOR-US: Xeweb XEForum
CVE-2007-3499
	NOT-FOR-US: SlackRoll
CVE-2007-3498
	NOT-FOR-US: HTML Purifier
CVE-2007-3497
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3496
	NOT-FOR-US: SAP Web Dynpro Java
CVE-2007-3495
	NOT-FOR-US: SAP Internet Communication Framework
CVE-2007-3494
	NOT-FOR-US: Papoo CMS
CVE-2007-3493
	NOT-FOR-US: NCTAudioStudio
CVE-2007-3492
	NOT-FOR-US: Conti FtpServer
CVE-2007-3491
	NOT-FOR-US: Progress Software OpenEdge
CVE-2007-3490
	NOT-FOR-US: Microsoft Excel 2003 SP2
CVE-2007-3489
	NOT-FOR-US: Check Point VPN-1 Edge X
CVE-2007-3488
	NOT-FOR-US: Sony Network Camera SNC-P5 1.0
CVE-2007-3487
	NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control
CVE-2007-3486
	NOT-FOR-US: AltaVista
CVE-2007-3485
	NOT-FOR-US: Yandex.Server
CVE-2007-3484
	NOT-FOR-US: Google Custom Search Engine
CVE-2007-3483
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2007-3482
	NOT-FOR-US: Apple Safari
CVE-2007-3481
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3480
	NOT-FOR-US: PCSoft WinDEV
CVE-2007-3479
	NOT-FOR-US: PCSoft WinDEV
CVE-2007-3478
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: this is a crash, and does not seem to be attacker controlled.
CVE-2007-3477
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (low)
	- libwmf <unfixed>  (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	NOTE: CPU consumption DoS
CVE-2007-3476
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (low)
	- libwmf <unfixed> (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	NOTE: can write a 0 to a 4k window in heap, very unlikely to be controllable.
CVE-2007-3475
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: out-of-band memory read, does not appear attacker controlled.
CVE-2007-3474
	NOTE: appears to be prophylactic dup of CVE-2007-3476.
CVE-2007-3473
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: this is only a NULL deref crash (same as CVE-2007-3472)
CVE-2007-3472
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: this is only a NULL deref crash.
CVE-2007-3471
	NOT-FOR-US: Sun Solaris dtsession
CVE-2007-3470
	NOT-FOR-US: Sun Solaris
CVE-2007-3469
	NOT-FOR-US: Sun Solaris
CVE-2007-3468
	{DSA-1332-1}
	- vlc 0.8.6.c.debian-1 (bug #429726)
CVE-2007-3467
	{DSA-1332-1}
	- vlc 0.8.6.c-1 (bug #429726)
CVE-2007-3466
	RESERVED
CVE-2007-3465
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3464
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3463
	NOT-FOR-US: Microsoft Windows XP SP2
CVE-2007-3462
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3461
	NOT-FOR-US: elkagroup Image Gallery
CVE-2007-3460
	NOT-FOR-US: EVA-Web
CVE-2007-3459
	NOT-FOR-US: Civitech Avax Vector
CVE-2007-3458
	NOT-FOR-US: Sun Solaris libsldap
CVE-2007-3457
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
CVE-2007-3456
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
CVE-2007-3455
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2007-3454
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2007-3453
	NOT-FOR-US: Papoo
CVE-2007-3452
	NOT-FOR-US: eDocStore
CVE-2007-3451
	NOT-FOR-US: 6ALBlog
CVE-2007-3450
	NOT-FOR-US: 6ALBlog
CVE-2007-3449
	NOT-FOR-US: 6ALBlog
CVE-2007-3448
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3447
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3446
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3445
	NOT-FOR-US: SJphone
CVE-2007-3444
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3443
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3442
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3441
	NOT-FOR-US: Aastra 9112i SIP Phone
CVE-2007-3440
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2007-3439
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2007-3438
	NOT-FOR-US: Nortel PC Client SIP Soft Phone
CVE-2007-3437
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-3436
	NOT-FOR-US: Microsoft
CVE-2007-3435
	NOT-FOR-US: BarCodeAx.dll
CVE-2007-3434
	NOT-FOR-US: Pharmacy System
CVE-2007-3433
	NOT-FOR-US: Pharmacy System
CVE-2007-3432
	NOT-FOR-US: Pluxml
CVE-2007-3431
	NOT-FOR-US: Dagger
CVE-2007-3430
	NOT-FOR-US: Simple Invoices
CVE-2007-3429
	NOT-FOR-US: e107
CVE-2007-3428
	NOT-FOR-US: phpTrafficA
CVE-2007-3427
	NOT-FOR-US: phpTrafficA
CVE-2007-3426
	NOT-FOR-US: phpTrafficA
CVE-2007-3425
	NOT-FOR-US: phpTrafficA
CVE-2007-3424
	NOT-FOR-US: WebAPP
CVE-2007-3423
	NOT-FOR-US: WebAPP
CVE-2007-3422
	NOT-FOR-US: WebAPP
CVE-2007-3421
	NOT-FOR-US: WebAPP
CVE-2007-3420
	NOT-FOR-US: WebAPP
CVE-2007-3419
	NOT-FOR-US: WebAPP
CVE-2007-3418
	NOT-FOR-US: WebAPP
CVE-2007-3417
	NOT-FOR-US: WebAPP
CVE-2007-3416
	NOT-FOR-US: WebAPP
CVE-2007-3415
	NOT-FOR-US: phpRaider
CVE-2007-3414
	NOT-FOR-US: access2asp
CVE-2007-3413
	NOT-FOR-US: bosDataGrid
CVE-2007-3412
	NOT-FOR-US: ClickGallery Server
CVE-2007-3411
	NOT-FOR-US: ClickGallery Server
CVE-2007-3410
	- helix-player <not-affected> (Debian versions of Helix player not affected according to maintainer)
CVE-2007-3409
	{DSA-1515-1}
	- libnet-dns-perl 0.60-1 (low)
CVE-2007-3408
	- dia <not-affected> (Windows packaging with bundled FreeType libs)
CVE-2007-3407
	NOT-FOR-US: Simple HTTPD
CVE-2007-3406
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3405
	NOT-FOR-US: Lebisoft zdefter
CVE-2007-3404
	NOT-FOR-US: SiteDepth CMS
CVE-2007-3403
	NOT-FOR-US: dreamLog
CVE-2007-3402
	NOT-FOR-US: pagetool
CVE-2007-3401
	NOT-FOR-US: B1GBB
CVE-2007-3400
	NOT-FOR-US: NCTAudioEditor2 ActiveX control
CVE-2007-3399
	NOT-FOR-US: Power Phlogger
CVE-2007-3398
	NOT-FOR-US: LiveWEB
CVE-2007-3397
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3396
	NOT-FOR-US: KeyFocus
CVE-2007-3395
	REJECTED
CVE-2007-3394
	NOT-FOR-US: eNdonesia
CVE-2007-3388
	{DSA-1426-1}
	- qt-x11-free 3:3.3.7-6
	- qt4-x11 <not-affected> (This problem is not present in any version of Qt 4)
	NOTE: http://web.archive.org/web/20080206133848/http://trolltech.com:80/company/newsroom/announcements/press.2007-07-27.7503755960
CVE-2007-3387
	{DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1 DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1 DTSA-62-1}
	- poppler 0.5.4-6.1 (bug #435460)
	- gpdf <removed>
	- xpdf 3.02-1.1 (bug #435462)
	- kdegraphics 4:3.5.7-3
	- koffice 1:1.6.3-2
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cupsys <not-affected> (unimportant; bug #436099)
	- cups <not-affected> (unimportant; bug #436099)
	NOTE: cups uses xpdf-utils
	- pdfkit.framework 0.8-4
	NOTE: links to poppler since 0.8-4, thus marking as fixed
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- ipe <not-affected> (Does not include the vulnerable code)
	- swftools 0.9.2+ds1-2
CVE-2007-3386
	{DSA-1447-1}
	- tomcat5.5 5.5.25-1
CVE-2007-3385
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-1
	- tomcat5 <removed>
CVE-2007-3384
	NOT-FOR-US: tomcat 3.3
CVE-2007-3383
	- tomcat4 <removed> (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
	NOTE: affects example app in tomcat4-webapps
CVE-2007-3382
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-1
	- tomcat5 <removed>
CVE-2007-3381
	- gdm 2.18.4-1 (low)
	[sarge] - gdm <no-dsa> (Minor issue)
	[etch] - gdm <no-dsa> (Minor issue)
CVE-2007-3380
	- linux-2.6 2.6.23-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-3379
	- linux-2.6 <not-affected> (Red Hat-specific vulnerability)
CVE-2007-3378
	- php4 <removed> (unimportant)
	- php5 5.2.4-1 (unimportant)
CVE-2007-3377
	{DSA-1515-1}
	- libnet-dns-perl 0.60-1 (low)
CVE-2007-3376
	NOT-FOR-US: Apple Safari
CVE-2007-3375
	NOT-FOR-US: Lhaca
CVE-2007-3374
	- redhat-cluster <not-affected> (Just relevant in newer versions, we don't ship this file)
CVE-2007-3373
	- redhat-cluster <not-affected> (Just relevant in newer versions, we don't ship this file)
CVE-2007-3389
	- wireshark 0.99.6pre1-1
	[etch] - wireshark <not-affected> (Only affected 0.99.5)
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3390
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3391
	- wireshark 0.99.6pre1-1
	[etch] - wireshark <not-affected> (Only affected 0.99.5)
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3392
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3393
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3372
	{DSA-1690-1}
	- avahi 0.6.20-2 (low)
	[etch] - avahi <no-dsa> (Minor issue, only affects local users)
CVE-2007-3371
	NOT-FOR-US: Powl
CVE-2007-3370
	NOT-FOR-US: Sun Board
CVE-2007-3369
	NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone
CVE-2007-3368
	NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone
CVE-2007-3367
	NOT-FOR-US: cPanel
CVE-2007-3366
	NOT-FOR-US: cPanel
CVE-2007-3365
	NOT-FOR-US: MyServer
CVE-2007-3364
	NOT-FOR-US: MyServer
CVE-2007-3363
	NOT-FOR-US: AGEphone
CVE-2007-3362
	NOT-FOR-US: AGEphone
CVE-2007-3361
	NOT-FOR-US: Nortel PC Client SIP Soft Phone
CVE-2007-3360
	- ircii-pana <removed> (medium; bug #432120)
	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=bitchx_CVE-2007-3360.patch;att=1;bug=432120
CVE-2007-3359
	NOT-FOR-US: SerWeb
CVE-2007-3358
	NOT-FOR-US: SerWeb
CVE-2007-3357
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3356
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3355
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3354
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3353
	NOT-FOR-US: MyEvent
CVE-2007-3352
	NOT-FOR-US: Stephen Ostermiller Contact Form
CVE-2007-3351
	NOT-FOR-US: SJPhone SIP
CVE-2007-3350
	NOT-FOR-US: AIM
CVE-2007-3349
	NOT-FOR-US: Aastra 9112i SIP Phone
CVE-2007-3348
	NOT-FOR-US: D-Link DPH-540/DPH-541 phone
CVE-2007-3347
	NOT-FOR-US: D-Link DPH-540/DPH-541 phone
CVE-2007-3346
	NOT-FOR-US: PHPAccounts
CVE-2007-3345
	NOT-FOR-US: PHPAccounts
CVE-2007-3344
	NOT-FOR-US: netjukebox
CVE-2007-3343
	NOT-FOR-US: RaidenHTTPD
CVE-2007-3342
	NOT-FOR-US: Movable Type
CVE-2007-3341
	NOT-FOR-US: Microsoft
CVE-2007-3340
	NOT-FOR-US: HTTP Server 1.6.2
CVE-2007-3339
	NOT-FOR-US: ColdFusion
CVE-2007-3338
	NOT-FOR-US: Ingres
CVE-2007-3337
	NOT-FOR-US: Ingres
CVE-2007-3336
	NOT-FOR-US: Ingres
CVE-2007-3335
	NOT-FOR-US: PHPEcho CMS
CVE-2007-3334
	NOT-FOR-US: Ingres
CVE-2007-3333
	NOT-FOR-US: IBM AIX
CVE-2007-3332
	NOT-FOR-US: Satel Lite for PhpNuke
CVE-2007-3331
	NOT-FOR-US: STphp EasyNews PRO
CVE-2007-3330
	NOT-FOR-US: STphp EasyNews PRO
CVE-2007-3329
	NOT-FOR-US: Xvid
CVE-2007-3328
	NOT-FOR-US: Interact
CVE-2007-3327
	NOT-FOR-US: HTTP Server 1.6.2
CVE-2007-3326
	NOT-FOR-US: vBulletin
CVE-2007-3325
	NOT-FOR-US: LAN Management System
CVE-2007-3324
	NOT-FOR-US: Comersus Cart
CVE-2007-3323
	NOT-FOR-US: Comersus Shop Cart
CVE-2007-4168
	REJECTED
CVE-2007-3322
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3321
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3320
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3319
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3318
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2007-3317
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2007-3316
	{DSA-1332-1}
	- vlc 0.8.6.c-1 (medium; bug #429726)
CVE-2007-3315
	NOT-FOR-US: YourFreeScreamer
CVE-2007-3314
	NOT-FOR-US: Altap Servant Salamander
CVE-2007-3313
	NOT-FOR-US: Jasmine CMS
CVE-2007-3312
	NOT-FOR-US: Jasmine CMS
CVE-2007-3311
	NOT-FOR-US: Articles
CVE-2007-3310
	NOT-FOR-US: TDizin
CVE-2007-3309
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3308
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3307
	NOT-FOR-US: Solar Empire
CVE-2007-3306
	NOT-FOR-US: MiniBill
CVE-2007-3305
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2007-3304
	- apache <removed> (low)
	- apache2 2.2.4-2 (low)
	[etch] - apache2 2.2.3-4+etch2
	[sarge] - apache2 2.0.54-5sarge2 (low)
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-3303
	- apache2 <unfixed> (unimportant)
	NOTE: If you can execute arbitrary code, a DoS is not a problem.
CVE-2007-3302
	NOT-FOR-US: CA
CVE-2007-3301
	NOT-FOR-US: FuseTalk
CVE-2007-3300
	NOT-FOR-US: F-Secure
CVE-2007-3299
	- awffull 3.7.4final-1 (unimportant)
	NOTE: awffull (a webalizer fork) does not have any cookie based authentication
	NOTE: or other sensitive data that could be leaked through this
CVE-2007-3298
	NOT-FOR-US: Spey
CVE-2007-3297
	NOT-FOR-US: Musoo
CVE-2007-3296
	NOT-FOR-US: Web Thunderbolt
CVE-2007-3295
	NOT-FOR-US: YaBB
CVE-2007-3294
	- php5 <removed> (unimportant)
	NOTE: Only exploitable by malicious script
CVE-2007-3293
	NOT-FOR-US: LiveCMS
CVE-2007-3292
	NOT-FOR-US: LiveCMS
CVE-2007-3291
	NOT-FOR-US: LiveCMS
CVE-2007-3290
	NOT-FOR-US: LiveCMS
CVE-2007-3289
	NOT-FOR-US: WiwiMod for XOOPS
CVE-2007-3288
	NOT-FOR-US: skeltoac stats plugin for WordPress
CVE-2007-3287
	RESERVED
CVE-2007-3286
	NOT-FOR-US: Avaya IP Softphone
CVE-2007-3285
	- iceweasel <not-affected> (Affects only Firefox in Windows)
	NOTE: MFSA2007-22
CVE-2007-3284
	NOT-FOR-US: Apple Safari
CVE-2007-3283
	- xscreensaver <not-affected> (Not a security issue: works as documented)
CVE-2007-3282
	NOT-FOR-US: Microsoft Office
CVE-2007-3281
	NOT-FOR-US: Php Hosting Biller
CVE-2007-3280
	- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
	- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
CVE-2007-3279
	- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
	- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
CVE-2007-3278
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.1 <not-affected> (local trust authentication is not enabled in Debian)
	- postgresql-8.2 <not-affected> (local trust authentication is not enabled in Debian)
CVE-2007-3277
	NOT-FOR-US: localization module for WIKINDX
CVE-2007-3276
	NOT-FOR-US: Site
CVE-2007-3275
	NOT-FOR-US: MailWasher Server
CVE-2007-3274
	NOT-FOR-US: Apple Safari
CVE-2007-3273
	NOT-FOR-US: FuseTalk
CVE-2007-3272
	NOT-FOR-US: MiniBB
CVE-2007-3271
	NOT-FOR-US: YourFreeScreamer
CVE-2007-3270
	NOT-FOR-US: phpMyInventory
CVE-2007-3269
	NOT-FOR-US: Papoo Light
CVE-2007-3268
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2007-3267
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3266
	NOT-FOR-US: WEBIF
CVE-2007-3265
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3264
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3263
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3262
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3261
	NOT-FOR-US: dKret
CVE-2007-3260
	NOT-FOR-US: HP System Management Homepage
CVE-2007-3259
	NOT-FOR-US: Calendarix
CVE-2007-3258
	NOT-FOR-US: Calendarix
CVE-2007-3257
	{DSA-1325-1 DSA-1321-1}
	- evolution 2.12.0-1
	- evolution-data-server 1.10.2-2 (bug #429876)
	[sarge] - evolution-data-server <not-affected> (Vulnerable code present in a different source package)
CVE-2007-3256
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3255
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3254
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3253
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-3252
	NOT-FOR-US: PortalApp
CVE-2007-3251
	NOT-FOR-US: e-Vision CMS
CVE-2007-3250
	NOT-FOR-US: Elxis CMS
CVE-2007-3249
	NOT-FOR-US: Letterman Subscriber
CVE-2007-3248
	NOT-FOR-US: Sun Solaris
CVE-2007-3247
	NOT-FOR-US: VirtueMart
CVE-2007-3246
	NOT-FOR-US: IRC Services
CVE-2007-3245
	NOT-FOR-US: IRC Services
CVE-2007-3244
	NOT-FOR-US: bbPress
CVE-2007-3243
	NOT-FOR-US: bbPress
CVE-2007-3242
	NOT-FOR-US: WebAPP
CVE-2007-3241
	NOT-FOR-US: cordobo-green-park theme for WordPress
CVE-2007-3240
	NOT-FOR-US: Vistered-Little theme for WordPress
CVE-2007-3239
	NOT-FOR-US: AndyBlue theme for WordPress
CVE-2007-3238
	{DSA-1502-1}
	- wordpress 2.2.2-1 (low)
CVE-2007-3237
	NOT-FOR-US: XOOPS
CVE-2007-3236
	NOT-FOR-US: XOOPS
CVE-2007-3235
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3234
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3233
	NOT-FOR-US: TEC-IT
CVE-2007-3232
	NOT-FOR-US: IBM
CVE-2007-3231
	- mecab 0.95-1.1 (bug #429174; low)
	[etch] - mecab <no-dsa> (Minor issue)
	[sarge] - mecab <no-dsa> (Minor issue)
CVE-2007-3230
	NOT-FOR-US: PHP::HTML
CVE-2007-3229
	NOT-FOR-US: Singapore Gallery
CVE-2007-3228
	NOT-FOR-US: Sitellite CMS
CVE-2007-3227
	- rails 1.2.5-1 (bug #429177)
CVE-2007-3226
	NOT-FOR-US: dotProject
CVE-2007-3225
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-3224
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-3223
	NOT-FOR-US: Sun Solaris
CVE-2007-3222
	NOT-FOR-US: XOOPS
CVE-2007-3221
	NOT-FOR-US: XOOPS
CVE-2007-3220
	NOT-FOR-US: XOOPS
CVE-2007-3219
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2007-3218
	NOT-FOR-US: PHP Live!
CVE-2007-3217
	NOT-FOR-US: Prototype of an PHP application
CVE-2007-3216
	NOT-FOR-US: CA BrightStor products
CVE-2007-3215
	{DSA-1315-1}
	- libphp-phpmailer 1.73-4 (high; bug #429179)
	- flyspray 0.9.8-12 (bug #429191; bug #429195)
	[etch] - flyspray <not-affected> (Vulnerable code not)
	[sarge] - flyspray <not-affected> (Vulnerable code not included)
	- moodle 1.8.2-2 (bug #429190)
	- owl-dms 0.94-2 (bug #429197)
	- knowledgeroot 0.9.8.2-2 (bug #429196)
	[etch] - knowledgeroot <not-affected> (Vulnerable code not used)
	[etch] - owl-dms <not-affected> (Vulnerable code not used)
	- ipplan 4.85-2 (bug #429193)
	- glpi 0.68.3.2-1 (bug #429192)
	[etch] - glpi <not-affected> (Vulnerable code not used)
	- wordpress 2.2.1-1 (bug #429194)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	- mahara 1.0.5-2 (bug #504253)
	[lenny] - mahara 1.0.4-3
	[etch] - phpgroupware <not-affected> (bug #504255; Vulnerable code not used)
	- phpgroupware 0.9.16.012+dfsg-9 (medium; bug #504255)
	- egroupware <not-affected> (bug #504283; Vulnerable code not used)
CVE-2007-3214
	NOT-FOR-US: e-Vision CMS
CVE-2007-3213
	NOT-FOR-US: Sporum Forum
CVE-2007-3212
	NOT-FOR-US: Beehive Forum
CVE-2007-3211
	NOT-FOR-US: Domain Technologie Control (DTC)
CVE-2007-3210
	NOT-FOR-US: Cellosoft Tokens Object
CVE-2007-3209
	- mail-notification 4.0.dfsg.1-2 (low; bug #428157)
	[sarge] - mail-notification <not-affected> (Only affects 3.x and 4.x)
	[etch] - mail-notification <no-dsa> (Minor issue, needs proper documentation in errata)
CVE-2007-3208
	NOT-FOR-US: YaBB
CVE-2007-3207
	NOT-FOR-US: Novell NetWare
CVE-2007-3206
	RESERVED
CVE-2007-3205
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: That's by design
CVE-2007-3204
	NOTE: This is an jffnms ID, which has been wrongly reported by an external party,
	NOTE: The data is sufficiently sanitised with the Debian fix for CVE-2007-3192
CVE-2007-3203
	NOT-FOR-US: 602Pro LAN SUITE
CVE-2007-3202
	NOT-FOR-US: Webwiz
CVE-2007-3201
	NOT-FOR-US: Windows Privacy Tray (WinPT)
CVE-2007-3200
	NOT-FOR-US: Novell
CVE-2007-3199
	NOT-FOR-US: Link Request Contact Form
CVE-2007-3198
	NOT-FOR-US: Maran PHP Blog
CVE-2007-3197
	NOT-FOR-US: vBulletin
CVE-2007-3196
	NOT-FOR-US: VBulletin
CVE-2007-3195
	NOT-FOR-US: ERFAN WIKI
CVE-2007-3194
	NOT-FOR-US: myBloggie
CVE-2007-3193
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (low; bug #429201)
CVE-2007-3192
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4 (medium)
	NOTE: 20_security.dpatch is addressing this bug however the maintainer didn't include
	NOTE: a note about the CVE id.
CVE-2007-3191
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3190
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3189
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3188
	NOT-FOR-US: Fullaspsite GeometriX Download Portal
CVE-2007-3187
	NOT-FOR-US: Apple
CVE-2007-3186
	NOT-FOR-US: Apple
CVE-2007-3185
	NOT-FOR-US: Apple
CVE-2007-3184
	NOT-FOR-US: Cisco
CVE-2007-3183
	NOT-FOR-US: Calendarix
CVE-2007-3182
	NOT-FOR-US: Calendarix
CVE-2007-3181
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (medium)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed> (medium)
	NOTE: maybe fixed prior to 2.0.3.12981.ds1-1 (2.0.1) but couldn't find any earlier source code
	NOTE: in the pool to check and since this version is in testing and unstable...
CVE-2007-3180
	NOT-FOR-US: HP
CVE-2007-3179
	NOT-FOR-US: Particle Blogger
CVE-2007-3178
	NOT-FOR-US: Sistemi
CVE-2007-3177
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2007-3176
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2007-3175
	NOT-FOR-US: W2B Online Banking
CVE-2007-3174
	NOT-FOR-US: W2B Online Banking
CVE-2007-3173
	NOT-FOR-US: Almnzm
CVE-2007-3172
	NOT-FOR-US: UebiMiau
CVE-2007-3171
	NOT-FOR-US: UebiMiau
CVE-2007-3170
	NOT-FOR-US: Uebimiau
CVE-2007-3169
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-3168
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-3167
	NOT-FOR-US: Vivotek
CVE-2007-3166
	NOT-FOR-US: Qualcomm Eudora
CVE-2007-3165
	- tor 0.1.2.14-1 (medium)
CVE-2007-3164
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3163
	- moin 1.5.8-4.1 (unimportant; bug #429205)
	- knowledgeroot 0.9.8.2-2 (unimportant; bug #429204)
	- karrigell <removed> (unimportant; bug #429207)
	NOTE: This is only exploitable on NTFS filesystems
	NOTE: Given the state of Linux' NTFS support it seems highly unlikely
	NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based
	NOTE: web server with NTFS
CVE-2007-3162
	NOT-FOR-US: Internet Download Accelerator
CVE-2007-3161
	NOT-FOR-US: Ace-FTP Client
CVE-2007-3160
	NOT-FOR-US: PHP Real Estate Classifieds Premium Plus
CVE-2007-3159
	NOT-FOR-US: MiniWeb
CVE-2007-3158
	NOT-FOR-US: ASP Folder Gallery
CVE-2007-3157
	NOT-FOR-US: SafeNET
CVE-2007-3156
	- webmin <removed>
CVE-2007-3155
	- egroupware 1.2.107-2.dfsg-1 (bug #429208)
CVE-2007-3154
	NOTE: Apparently a bogus issue; upstream developer of wz_tooltip.js isn't aware
	NOTE: of any security problem, see #429215, #429209, #429214, #429213
CVE-2007-3153
	NOT-FOR-US: c-ares
CVE-2007-3152
	NOT-FOR-US: c-ares
CVE-2007-3151
	NOT-FOR-US: Packeteer PacketShaper
CVE-2007-3150
	NOT-FOR-US: Google Desktop
CVE-2007-3149
	- sudo <not-affected> (Not linked with krb5)
CVE-2007-3148
	NOT-FOR-US: Yahoo! Webcam Viewer
CVE-2007-3147
	NOT-FOR-US: Yahoo! Webcam Upload
CVE-2007-3146
	NOT-FOR-US: Zen Help Desk
CVE-2007-3145
	- galeon <removed> (unimportant; bug #429216)
	NOTE: Hardly a problem, Galeon's rotting any way and doesn't offer up-to-date
	NOTE: phishing protections anyway
CVE-2007-3144
	NOTE: Minor issue, exact details unknown to upstream
CVE-2007-3143
	- kdebase 4:3.5.7-3 (low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
	NOTE: referring to maintainer this is definetly fixed in 4:3.5.7-3
CVE-2007-3142
	NOT-FOR-US: Opera
CVE-2007-3141
	NOT-FOR-US: phpWebThings
CVE-2007-3140
	- wordpress 2.2.1-1 (bug #428073)
	[etch] - wordpress <not-affected> (Doesn't affect 2.0.x branch)
CVE-2007-3139
	NOT-FOR-US: Quick.Cart
CVE-2007-3138
	NOT-FOR-US: Quick.Cart
CVE-2007-3137
	NOT-FOR-US: WmsCMS
CVE-2007-3136
	NOT-FOR-US: newsSync
CVE-2007-3135
	NOT-FOR-US: Atom Photoblog
CVE-2007-3134
	NOT-FOR-US: Atom PhotoBlog
CVE-2007-3133
	NOT-FOR-US: W1L3D4
CVE-2007-3132
	NOT-FOR-US: Symantec Ghost
CVE-2007-3131
	NOT-FOR-US: Light Blog
CVE-2007-3130
	NOT-FOR-US: OpenWiki
CVE-2007-3129
	NOT-FOR-US: Utopia News Pro
CVE-2007-3128
	NOT-FOR-US: WSPortal
CVE-2007-3127
	NOT-FOR-US: WSPortal
CVE-2007-3126
	- gimp 2.8.22-1 (unimportant; bug #885382)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=773233
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=46bcd82800e37b0f5aead76184430ef2fe802748 (master)
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7 (gimp-2-8)
CVE-2007-3125
	REJECTED
CVE-2007-3124
	NOT-FOR-US: FreeVMS
CVE-2007-3123
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3122
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3121
	- zvbi 0.2.25-1 (bug #429221; unimportant)
	NOTE: Only exploitable through malformed closed captions
	NOTE: Malicious TV networks have more subtle methods to control people...
CVE-2007-3120
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-3119
	NOT-FOR-US: Kartli Alisveris Sistemi
CVE-2007-3118
	NOT-FOR-US: Kravchuk letter
CVE-2007-3117
	NOT-FOR-US: ADPLAN
CVE-2007-3116
	{DSA-1319-1}
	- maradns 1.2.12.06-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3115
	{DSA-1319-1}
	- maradns 1.2.12.06-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3114
	{DSA-1319-1}
	- maradns 1.2.12.05-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3113
	{DSA-1954-1}
	- cacti 0.8.6j-1.1 (low; bug #429224)
	[sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication)
	[etch] - cacti <no-dsa> (Minor issue, would only be run within authentication)
CVE-2007-3112
	{DSA-1954-1}
	- cacti 0.8.6j-1.1 (low; bug #429224)
	[sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication)
	[etch] - cacti <no-dsa> (Minor issue, would only be run within authentication)
CVE-2007-3111
	NOT-FOR-US: Provideo Camimage
CVE-2007-3110
	NOT-FOR-US: Andy Frank Beatnik
CVE-2007-3109
	NOT-FOR-US: Microsoft FrontPage
CVE-2007-3108
	{DSA-1571-1}
	- openssl 0.9.8e-6 (bug #438142; low)
	- openssl097 <removed> (bug #438180)
	[sarge] - openssl <no-dsa> (Not exploitable in a real-world scenario)
	[etch] - openssl097 <no-dsa> (Not exploitable in a real-world scenario)
CVE-2007-3107
	- linux-2.6 2.6.22-1 (unimportant)
	NOTE: Not reproducibly reliably by an attacker, mostly a bug
	NOTE: This is fixed by 9a08e732533b940d2d31f4e9999dfee5e1ca3914
	NOTE: in Linus' tree.
CVE-2007-3106
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1 (medium)
CVE-2007-3105
	{DSA-1504-1 DSA-1363-1}
	- linux-2.6 2.6.22-4
CVE-2007-3104
	{DSA-1428-1}
	- linux-2.6 2.6.22-4 (low)
CVE-2007-3103
	{DSA-1342-1}
	- xfs 1:1.0.8-2.1 (low)
	NOTE: i've checked 1.0.8, and this problem is no longer present
CVE-2007-3102
	- openssh <not-affected> (This is a redhat/fedora specific issue)
	NOTE: this issue was introduced by a patch of redhat (openssh-4.3p1-audit.patch)
	NOTE: The patch fixing this (openssh-4.3p2-cve-2007-3102.patch) can be found on:
	NOTE: http://mirror.linux.duke.edu/pub/fedora/linux/core/updates/6/SRPMS/openssh-4.3p2-25.fc6.src.rpm
CVE-2007-3101
	NOT-FOR-US: Apache MyFaces Tomahawk
CVE-2007-3100
	{DSA-1314-1}
	- open-iscsi 2.0.865-1 (low; bug #429225)
CVE-2007-3099
	{DSA-1314-1}
	- open-iscsi 2.0.865-1 (medium; bug #429225)
CVE-2007-3098
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2007-3097
	NOT-FOR-US: F5 Firepass 4100 SSL VPN
CVE-2007-3096
	NOT-FOR-US: PBLang (PBL)
CVE-2007-3095
	NOT-FOR-US: Symantec Reporting Server
CVE-2007-3094
	NOT-FOR-US: Solaris Management Console
CVE-2007-3093
	NOT-FOR-US: Solaris Management Console
CVE-2007-3092
	NOT-FOR-US: MSIE6
CVE-2007-3091
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3090
	REJECTED
CVE-2007-3089
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (low; bug #427691)
	- iceape 1.1.3-1 (low)
	- xulrunner 1.8.1.5-1 (low)
	NOTE: MFSA2007-20
CVE-2007-3088
	NOT-FOR-US: Comicsense
CVE-2007-3087
	NOT-FOR-US: PeerCast
CVE-2007-3086
	NOT-FOR-US: Outpost Firewall PRO
CVE-2007-3085
	NOT-FOR-US: PBSite
CVE-2007-3084
	NOT-FOR-US: Comdev Web Blogger
CVE-2007-3083
	NOT-FOR-US: Z-Blog
CVE-2007-3082
	NOT-FOR-US: Sendcard
CVE-2007-3081
	NOT-FOR-US: Comdev eCommerce
CVE-2007-3080
	NOT-FOR-US: Hunkaray Okul Portaly
CVE-2007-3079
	NOT-FOR-US: EQdkp
CVE-2007-3078
	NOT-FOR-US: Aigaion
CVE-2007-3077
	NOT-FOR-US: EQdkp
CVE-2007-3076
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3075
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3074
	{DSA-1707-1 DSA-1704-1 DSA-1697-1}
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.0.9-1 (low)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-3073
	NOTE: Duplicate of CVE-2008-4067
CVE-2007-3072
	- iceweasel <not-affected> (Only affects Windows versions of Firefox)
CVE-2007-3071
	NOT-FOR-US: eSellerate
CVE-2007-3070
	NOT-FOR-US: BDigital Web Solutions WebStudio
CVE-2007-3069
	NOT-FOR-US: Sun Solaris
CVE-2007-3068
	NOT-FOR-US: DVD X Player
CVE-2007-3067
	NOT-FOR-US: EQdkp
CVE-2007-3066
	NOT-FOR-US: IBM DB2
CVE-2007-3065
	NOT-FOR-US: Particle Gallery
CVE-2007-3064
	NOT-FOR-US: My Datebook
CVE-2007-3063
	NOT-FOR-US: My Datebook
CVE-2007-3062
	NOT-FOR-US: HP System Management Homepage
CVE-2007-3061
	NOT-FOR-US: Cactushop
CVE-2007-3060
	NOT-FOR-US: PHP Live!
CVE-2007-3059
	NOT-FOR-US: SendCard
CVE-2007-3058
	NOT-FOR-US: Madirish Webmail
CVE-2007-3057
	NOT-FOR-US: XOOPS
CVE-2007-3056
	- websvn 1.61-22.3 (unimportant; bug #439337)
	NOTE: Websvn does not have cookie based authentication by itself.
	NOTE: I therefore don't think this is serious enough for a stable update.
CVE-2007-3055
	NOT-FOR-US: Codelib Linker
CVE-2007-3054
	NOT-FOR-US: Codelib Linker
CVE-2007-3053
	NOT-FOR-US: Calimero
CVE-2007-3052
	NOT-FOR-US: PostNuke
CVE-2007-3051
	NOT-FOR-US: RevokeSoft RevokeBB
CVE-2007-3050
	NOT-FOR-US: chameleon cms
CVE-2007-3049
	NOT-FOR-US: Buttercup BWFM
CVE-2007-3048
	- screen <not-affected> (not reproducible)
CVE-2007-3047
	NOT-FOR-US: Vonage
CVE-2007-3046
	NOT-FOR-US: Advanced Software Production Line Vortex Library
CVE-2007-3045
	NOT-FOR-US: Hitachi TP1
CVE-2007-3044
	NOT-FOR-US: Hitachi
CVE-2007-3043
	NOT-FOR-US: Hitachi Collaboration
CVE-2007-3042
	NOT-FOR-US: Meneame
CVE-2007-3041
	NOT-FOR-US: Microsoft
CVE-2007-3040
	NOT-FOR-US: Windows
CVE-2007-3039
	NOT-FOR-US: Windows
CVE-2007-3038
	NOT-FOR-US: Microsoft
CVE-2007-3037
	NOT-FOR-US: Microsoft
CVE-2007-3036
	NOT-FOR-US: Windows Services for UNIX
CVE-2007-3035
	NOT-FOR-US: Microsoft
CVE-2007-3034
	NOT-FOR-US: Microsoft
CVE-2007-3033
	NOT-FOR-US: Microsoft
CVE-2007-3032
	NOT-FOR-US: Microsoft
CVE-2007-3031
	REJECTED
CVE-2007-3030
	NOT-FOR-US: Microsoft Excel
CVE-2007-3029
	NOT-FOR-US: Microsoft Excel
CVE-2007-3028
	NOT-FOR-US: Microsoft
CVE-2007-3027
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3026
	NOT-FOR-US: Panda
CVE-2007-3025
	- clamav <not-affected> (Solaris-specific bug)
CVE-2007-3024
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3023
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3022
	NOT-FOR-US: Symantec
CVE-2007-3021
	NOT-FOR-US: Symantec
CVE-2007-3020
	RESERVED
CVE-2007-3019
	RESERVED
CVE-2007-3018
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3017
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3016
	RESERVED
CVE-2007-3015
	RESERVED
CVE-2007-3014
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3013
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3012
	NOT-FOR-US: Fujitsu-Siemens
CVE-2007-3011
	NOT-FOR-US: Fujitsu-Siemens
CVE-2007-3010
	NOT-FOR-US: Alcatel OmniPCX Enterprise Communication Server
CVE-2007-3009
	NOT-FOR-US: Mbedthis AppWeb
CVE-2007-3008
	NOT-FOR-US: Mbedthis AppWeb
CVE-2007-3007
	- php5 5.2.3-1 (unimportant)
CVE-2007-3006
	NOT-FOR-US: Acoustica MP3 CD Burner
CVE-2007-3005
	REJECTED
CVE-2007-3004
	REJECTED
CVE-2007-3003
	NOT-FOR-US: myBloggie
CVE-2007-3002
	NOT-FOR-US: PHP JackKnife
CVE-2007-3001
	NOT-FOR-US: PHP JackKnife
CVE-2007-3000
	NOT-FOR-US: PHP JackKnife
CVE-2007-2999
	NOT-FOR-US: Microsoft
CVE-2007-2998
	NOT-FOR-US: OpenVMS
CVE-2007-2997
	NOT-FOR-US: SalesCart Shopping Cart
CVE-2007-2996
	NOT-FOR-US: IBM AIX
CVE-2007-2995
	NOT-FOR-US: IBM AIX
CVE-2007-2994
	NOT-FOR-US: DGNews
CVE-2007-2993
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2007-2992
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2007-2991
	NOT-FOR-US: Evenzia CMS
CVE-2007-2990
	NOT-FOR-US: Sun Solaris
CVE-2007-2989
	NOT-FOR-US: Sun Solaris
CVE-2007-2988
	NOT-FOR-US: Inout Meta Search Engine
CVE-2007-2987
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-2986
	NOT-FOR-US: AdminBot
CVE-2007-2985
	NOT-FOR-US: Pheap
CVE-2007-2984
	NOT-FOR-US: Media Technology Group CDPass
CVE-2007-2982
	NOT-FOR-US: British Telecommunications Business Connect
CVE-2007-2981
	NOT-FOR-US: LeadTools
CVE-2007-2980
	NOT-FOR-US: LeadTools
CVE-2007-2979
	NOT-FOR-US: Techno Dreams Web Directory / Search Engine
CVE-2007-2978
	NOT-FOR-US: eggblog
CVE-2007-2977
	NOT-FOR-US: DOMjudge
CVE-2007-2976
	NOT-FOR-US: Centrinity
CVE-2007-2975
	NOT-FOR-US: Ignite Realtime
CVE-2007-2974
	NOT-FOR-US: Avira Antivirus
CVE-2007-2973
	NOT-FOR-US: Avira Antivirus
CVE-2007-2972
	NOT-FOR-US: Avira Antivirus
CVE-2007-2971
	NOT-FOR-US: gCards
CVE-2007-2970
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2007-2969
	NOT-FOR-US: WAnewsletter
CVE-2007-2968
	NOT-FOR-US: cpCommerce
CVE-2007-XXXX [webpy HTTP response splitting vulnerability]
	- webpy 0.210-1 (bug #427715; unimportant)
	NOTE: This is not a vulnerability, but an additional precaution function for
	NOTE: a development framework. If someone wants to have this updated in Etch, this
	NOTE: needs to go through a point update
CVE-2007-2967
	NOT-FOR-US: F-Secure
CVE-2007-2966
	NOT-FOR-US: F-Secure
CVE-2007-2965
	NOT-FOR-US: F-Secure
CVE-2007-2964
	NOT-FOR-US: F-Secure
CVE-2007-2963
	NOT-FOR-US: Invision Power Board
CVE-2007-2962
	NOT-FOR-US: Particle Gallery
CVE-2007-2961
	NOT-FOR-US: FileCloset
CVE-2007-2960
	NOT-FOR-US: Scallywag
CVE-2007-2959
	NOT-FOR-US: cpCommerce
CVE-2007-2958
	- sylpheed-claws 1.0.5-5.2 (low; bug #441854)
	[etch] - sylpheed-claws <no-dsa> (Minor issue)
	[sarge] - sylpheed-claws <no-dsa> (Minor issue)
	- sylpheed 2.4.5-1 (low)
	[etch] - sylpheed <no-dsa> (Minor issue)
	[sarge] - sylpheed <no-dsa> (Minor issue)
	NOTE: the cvs referenced in redhat bugzilla is not available anymore however
	NOTE: http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
CVE-2007-2957
	NOT-FOR-US: McAfee on Solaris
CVE-2007-2956
	NOT-FOR-US: Qtpfsgui and pfstools
CVE-2007-2955
	NOT-FOR-US: Norton Antivirus/Internet Security/System Works
CVE-2007-2954
	NOT-FOR-US: Novell Client
CVE-2007-2953
	{DSA-1364-2 DSA-1364-1}
	- vim 1:7.1-056+1 (low)
CVE-2007-2952
	NOT-FOR-US: Blue Coat K9 Web Protection
CVE-2007-2951
	- kvirc 2:3.2.4-5 (bug #434419; medium)
CVE-2007-2950
	NOT-FOR-US: Centennial
CVE-2007-2949
	{DSA-1335-1}
	- gimp 2.2.16-1 (medium)
	- ingimp 2.2.16.20070710-1
	NOTE: http://secunia.com/secunia_research/2007-63/advisory
CVE-2007-2948
	{DSA-1313-1}
	- mplayer 1.0~rc1-14
CVE-2007-2947
	NOT-FOR-US: OpenBASE Alpha
CVE-2007-2946
	NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL)
CVE-2007-2945
	NOT-FOR-US: RMForum
CVE-2007-2944
	NOT-FOR-US: WabCMS
CVE-2007-2943
	NOT-FOR-US: Webavis
CVE-2007-2942
	NOT-FOR-US: My Little Forum
CVE-2007-2941
	NOT-FOR-US: vBulletin Google Yahoo Site Map
CVE-2007-2940
	NOT-FOR-US: FlaP
CVE-2007-2939
	NOT-FOR-US: Mazen's PHP Chat
CVE-2007-2938
	NOT-FOR-US: BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module
CVE-2007-2937
	NOT-FOR-US: TROforum
CVE-2007-2936
	NOT-FOR-US: Frequency Clock
CVE-2007-2935
	NOT-FOR-US: Fundanemt
CVE-2007-2934
	NOT-FOR-US: Vistered Little
CVE-2007-2933
	NOT-FOR-US: Phil-a-Form
CVE-2007-2932
	NOT-FOR-US: BoastMachine
CVE-2007-2931
	NOT-FOR-US: MSN Messenger
CVE-2007-2930
	- bind <removed> (bug #442910)
	[etch] - bind <no-dsa> (It's documented in README.Debian that Bind 8 has architectual limitations and should not be used unless you know what you're doing)
	[sarge] - bind <no-dsa> (It's documented in README.Debian that Bind 8 has architectual limitations and should not be used unless you know what you're doing)
CVE-2007-2929
	NOT-FOR-US: IBM Lenovo Access Support
CVE-2007-2928
	NOT-FOR-US: IBM Lenovo Access Support
CVE-2007-2927
	NOT-FOR-US: Windows Atheros drivers
CVE-2007-2926
	{DSA-1341-2}
	- bind9 1:9.4.1-P1-1
CVE-2007-2925
	- bind9 1:9.4.1-P1-1 (medium)
	[etch] - bind9 <not-affected> (Only 9.4.x and 9.5.x are affected)
	[sarge] - bind9 <not-affected> (Only 9.4.x and 9.5.x are affected)
CVE-2007-2924
	NOT-FOR-US: RealNetworks GameHouse
CVE-2007-2923
	NOT-FOR-US: LocalExec ActiveX control
CVE-2007-2922
	RESERVED
CVE-2007-2921
	NOT-FOR-US: Corel
CVE-2007-2920
	NOT-FOR-US: Zoomify Viewer
CVE-2007-2919
	NOT-FOR-US: FViewerLoading
CVE-2007-2918
	NOT-FOR-US: Logitech
CVE-2007-2917
	NOT-FOR-US: Authentium
CVE-2007-2916
	NOT-FOR-US: GMTT Music Distro
CVE-2007-2915
	NOT-FOR-US: RM EasyMail Plus
CVE-2007-2914
	NOT-FOR-US: PsychoStats
CVE-2007-2913
	NOT-FOR-US: ClonusWiki
CVE-2007-2912
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2911
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2910
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2909
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2908
	NOT-FOR-US: vBulletin
CVE-2007-2907
	NOT-FOR-US: SSL-Explorer
CVE-2007-2906
	NOT-FOR-US: Java Embedding Plugin for Mac OS X
CVE-2007-2905
	NOT-FOR-US: 2z Project
CVE-2007-2904
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2007-2903
	NOT-FOR-US: Microsoft Office ActiveX control
CVE-2007-2902
	NOT-FOR-US: Dokeos
CVE-2007-2901
	NOT-FOR-US: Dokeos
CVE-2007-2900
	NOT-FOR-US: Scallywag
CVE-2007-2899
	NOT-FOR-US: Navboard
CVE-2007-2898
	NOT-FOR-US: 2z Project
CVE-2007-2897
	NOT-FOR-US: Microsoft IIS
CVE-2007-2896
	NOT-FOR-US: Symantec
CVE-2007-2895
	NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL)
CVE-2007-2894
	- bochs <unfixed> (unimportant)
CVE-2007-2893
	{DSA-1351-1}
	- bochs 2.3+20070705-1 (low; bug #427144)
	NOTE: kvm/qemu are tracked as CVE-2007-5729 and CVE-2007-5730
CVE-2007-2892
	NOT-FOR-US: ASP-Nuke
CVE-2007-2891
	NOT-FOR-US: FirmWorX
CVE-2007-2890
	NOT-FOR-US: cpCommerce
CVE-2007-2889
	NOT-FOR-US: Dokeos
CVE-2007-2888
	NOT-FOR-US: UltraISO
CVE-2007-2887
	NOT-FOR-US: WIYS
CVE-2007-2886
	NOT-FOR-US: Nortel
CVE-2007-2885
	NOT-FOR-US: Microsoft Visual Database Tools
CVE-2007-2884
	NOT-FOR-US: Microsoft Visual Basic
CVE-2007-2883
	NOT-FOR-US: Credant
CVE-2007-2882
	NOT-FOR-US: Sun Solaris
CVE-2007-2881
	NOT-FOR-US: Sun Java Web Proxy Server
CVE-2007-2880
	NOT-FOR-US: Digirez
CVE-2007-2879
	NOT-FOR-US: GNUTurk
CVE-2007-2878
	{DSA-1479-1}
	- linux-2.6 2.6.21-3
CVE-2007-2877
	NOTE: Not a security issue; Windows-only anyway.
CVE-2007-2876
	{DSA-1356-1}
	- linux-2.6 2.6.21-5 (medium)
CVE-2007-2875
	{DSA-1363-1}
	- linux-2.6 2.6.21-5 (medium)
CVE-2007-2874
	- wpasupplicant <not-affected> (Fedora-only issue)
CVE-2007-2873
	- spamassassin 3.2.1-1 (low)
	[sarge] - spamassassin <no-dsa> (Only obscure setups affected, only locally exploitable)
	[etch] - spamassassin 3.1.7-2etch1
	NOTE: Minor issue fixed in etch r6 point update
	NOTE: Only obscure setups affected, only locally exploitable
CVE-2007-2872
	- php5 5.2.3-1 (unimportant)
	NOTE: Only triggerable by malicious script
	NOTE: Fix from 5.2.3 was ineffective
CVE-2007-2871
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-17
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.1.2-1 (low)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-2870
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-16
	- iceweasel 2.0.0.4-1 (medium)
	- iceape 1.1.2-1 (medium)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner 1.8.1.4-1 (medium)
CVE-2007-2869
	{DSA-1308-1 DSA-1306-1 DTSA-45-1 DTSA-51-1}
	NOTE: MFSA2007-13
	- iceweasel 2.0.0.4-1
	- iceape 1.1.2-1
	- mozilla <removed>
	- xulrunner 1.8.1.4-1
CVE-2007-2868
	{DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-12
	- iceweasel 2.0.0.4-1 (high)
	- iceape 1.1.2-1 (high)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- icedove 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-2867
	{DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-12
	- iceweasel 2.0.0.4-1 (high)
	- iceape 1.1.2-1 (high)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- icedove 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-2866
	NOT-FOR-US: PHPEcho CMS
CVE-2007-2865
	{DSA-1693-1}
	- phppgadmin 4.1.2-1 (low; bug #427151)
	[sarge] - phppgadmin <not-affected> (Vulnerable code not present)
	NOTE: http://phppgadmin.cvs.sourceforge.net/phppgadmin/webdb/classes/Misc.php?r1=1.156&r2=1.157&pathrev=MAIN
CVE-2007-2864
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2863
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2862
	NOT-FOR-US: CubeCart
CVE-2007-2861
	NOT-FOR-US: SAXON
CVE-2007-2860
	NOT-FOR-US: BoastMachine
CVE-2007-2859
	NOT-FOR-US: SimpGB
CVE-2007-2858
	NOT-FOR-US: IP-Tracking Mod for phpBB
CVE-2007-2857
	NOT-FOR-US: ABC Excel Parser Pro
CVE-2007-2856
	NOT-FOR-US: Dart Communications PowerTCP
CVE-2007-2855
	NOT-FOR-US: Dart ZipLite
CVE-2007-2854
	NOT-FOR-US: BtiTracker
CVE-2007-2853
	NOT-FOR-US: Virtual CD
CVE-2007-2852
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-2851
	NOT-FOR-US: LeadTools
CVE-2007-2850
	NOT-FOR-US: Citrix
CVE-2007-2849
	- knowledgetree <removed> (bug #432123)
CVE-2007-2848
	NOT-FOR-US: Sky Software
CVE-2007-2847
	NOT-FOR-US: HLstats
CVE-2007-2846
	NOT-FOR-US: Avast
CVE-2007-2845
	NOT-FOR-US: Avast
CVE-2007-2844
	- php5 <not-affected> (Multi-threaded operation not supported in Debian)
	- php4 <not-affected> (Multi-threaded operation not supported in Debian)
CVE-2007-2843
	NOT-FOR-US: Apple Safari
	NOTE: Does not seem to work with Konqueror.
CVE-2007-2842
	RESERVED
CVE-2007-2841 [lighttpd DoS]
	RESERVED
	- lighttpd 1.4.16-1 (bug #428368)
	NOTE: Duplicate of CVE-2007-3947, was assigned from Debian CNA and clashed with MITRE
	NOTE: assignment
CVE-2007-2840
	RESERVED
CVE-2007-2839
	{DSA-1329-1}
	- gfax 0.6 (bug #431893; low)
	NOTE: Vulnerable code no longer present since 0.6, so marking this as fixed version
CVE-2007-2838
	{DSA-1327-1}
	- gsambad 0.1.6-2 (bug #431331)
CVE-2007-2837
	{DSA-1326-1}
	- fireflier 1.1.7
CVE-2007-2836
	{DSA-1324-1}
	- hiki 0.8.7-1 (bug #430691; medium)
	[sarge] - hiki <not-affected> (Vulnerable code not present)
CVE-2007-2835
	{DSA-1328-1}
	- unicon 3.0.4-12 (bug #431336)
CVE-2007-2834
	{DSA-1375-1}
	- openoffice.org 2.2.1-9 (medium)
	[sarge] - openoffice.org 1.1.3-9sarge8
CVE-2007-2833
	{DSA-1316-1}
	- emacs21 21.4a+1-5.1 (bug #408929; low)
	- emacs-snapshot <removed>
	NOTE: The bug is not present in emacs22 22.2+1-1. It was probably
	NOTE: fixed before the first emacs22 upload.
CVE-2007-2832
	NOT-FOR-US: Cisco
CVE-2007-2831
	- madwifi 1:0.9.3-2 (high; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2830
	- madwifi 1:0.9.3-2 (medium; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2829
	- madwifi 1:0.9.3-2 (medium; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2828
	NOT-FOR-US: AdSense-Deluxe
CVE-2007-2827
	NOT-FOR-US: LeadTools
CVE-2007-2826
	NOT-FOR-US: Madirish Webmail
CVE-2007-2825
	NOT-FOR-US: @Mail
CVE-2007-2824
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2007-2823
	NOT-FOR-US: HT Editor
CVE-2007-2822
	NOT-FOR-US: TutorialCMS
CVE-2007-2821
	{DSA-1502-1}
	- wordpress 2.2-1 (high)
	NOTE: seems present in etch even though admin-ajax.php was not shipped yet
CVE-2007-2820
	NOT-FOR-US: KSign
CVE-2007-2819
	NOT-FOR-US: Track+
CVE-2007-2818
	NOT-FOR-US: Parodia
CVE-2007-2817
	NOT-FOR-US: ol'bookmarks
CVE-2007-2816
	NOT-FOR-US: ol'bookmarks
CVE-2007-2815
	NOT-FOR-US: Microsoft IIS
CVE-2007-2814
	NOT-FOR-US: Pegasus ImagN'
CVE-2007-2813
	NOT-FOR-US: Cisco
CVE-2007-2812
	NOT-FOR-US: HLstats
CVE-2007-2811
	NOT-FOR-US: OSK Advance-Flow
CVE-2007-2810
	NOT-FOR-US: Gazi Download Portal
CVE-2007-2809
	NOT-FOR-US: Opera
CVE-2007-2808
	{DSA-1486-1}
	- gnatsweb 4.00-1.1 (low; bug #427156)
CVE-2007-2807
	{DSA-1826-1 DSA-1448-1}
	- eggdrop 1.6.18-1.1 (medium; bug #427157)
CVE-2007-2806
	NOT-FOR-US: GaliX
CVE-2007-2805
	NOT-FOR-US: ClientExec
CVE-2007-2804
	NOT-FOR-US: CandyPress Store
CVE-2007-2803
	NOT-FOR-US: Vizayn Urun Tanitim Sitesi
CVE-2007-2802
	NOT-FOR-US: RM EasyMail Plus
CVE-2007-2801
	NOT-FOR-US: eTicket
CVE-2007-2800
	NOT-FOR-US: eTicket
CVE-2007-2799
	{DSA-1343-2 DSA-1343-1}
	- file 4.21-1 (medium; bug #428293)
CVE-2007-2798
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (high; bug #430785)
CVE-2007-XXXX [mantis multiple issues fixed in 1.0.7]
	- mantis 1.0.7+dfsg-1
	[sarge] - mantis 0.19.2-5sarge5
	NOTE: "email notifications bypass security on custom fields" and "XSS vulnerabilities"
CVE-2007-XXXX [NTFS driver for FUSE unspecified issue]
	- ntfs-3g 1:1.516-1
	NOTE: local root exploit
CVE-2007-2797
	- xterm <not-affected> (Debian uses safe compile-time settings)
CVE-2007-2796
	NOT-FOR-US: Arris Cadant
CVE-2007-2795
	NOT-FOR-US: Ipswitch IMail
CVE-2007-2794
	RESERVED
CVE-2007-2793
	NOT-FOR-US: Geeklog
CVE-2007-2792
	NOT-FOR-US: com_yanc for Mambo
	NOTE: com_yanc component not in Mambo Debian package
CVE-2007-2791
	NOT-FOR-US: HP Tru64
CVE-2007-2790
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2007-2789
	- sun-java5 1.5.0-11-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-01-1 (bug #422403)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-2788
	- sun-java5 1.5.0-11-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-01-1 (bug #422403)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-2787
	NOT-FOR-US: LeadTools Raster Thumbnail Object Library
CVE-2007-2786
	NOT-FOR-US: ircd-ratbox
CVE-2007-2785
	NOT-FOR-US: eSyndiCat Pro
CVE-2007-2784
	NOT-FOR-US: Globus Toolkit
CVE-2007-2783
	NOT-FOR-US: Rational Soft Hidden Administrator
CVE-2007-2782
	NOT-FOR-US: Packeteer PacketShaper
CVE-2007-2781
	NOT-FOR-US: WikyBlog
CVE-2007-2780
	NOT-FOR-US: PsychoStats
CVE-2007-2779
	NOT-FOR-US: Libstats
CVE-2007-2778
	NOT-FOR-US: MolyX BOARD
CVE-2007-2777
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2007-2776
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2007-2775
	NOT-FOR-US: AlstraSoft Live Support
CVE-2007-2774
	NOT-FOR-US: SunLight CMS
CVE-2007-2773
	NOT-FOR-US: Zomplog
CVE-2007-2772
	NOT-FOR-US: CA BrightStor Backup
CVE-2007-2771
	NOT-FOR-US: LeadTools JPEG 2000
CVE-2007-2770
	NOT-FOR-US: Eudora
CVE-2007-2769
	NOT-FOR-US: OPeNDAP
CVE-2007-2768
	- openssh <unfixed> (bug #436571; unimportant)
	[etch] - openssh <no-dsa> (Minor issue)
	[sarge] - openssh <no-dsa> (Minor issue)
	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=112279
CVE-2007-2767
	NOT-FOR-US: OPeNDAP
CVE-2007-2766
	- backup-manager 0.7.6-1 (low)
	[sarge] - backup-manager <no-dsa> (Minor issue)
	[etch] - backup-manager 0.7.5-5
CVE-2007-2765
	NOT-FOR-US: BlockHosts
CVE-2007-2764
	NOT-FOR-US: Sun-Brocade SilkWorm
CVE-2007-2763
	NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
CVE-2007-2762
	NOT-FOR-US: Build it Fast
CVE-2007-2761
	NOT-FOR-US: MagicISO
CVE-2007-2760
	NOT-FOR-US: Adempiere
CVE-2007-2759
	NOT-FOR-US: Adempiere
CVE-2007-2758
	NOT-FOR-US: WinImage
CVE-2007-2757
	NOT-FOR-US: Redoable
CVE-2007-2756
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (bug #426100; bug #426099; bug #425584; low)
	[etch] - libgd <no-dsa> (Minor issue)
	[sarge] - libgd <no-dsa> (Minor issue)
	[etch] - libgd2 <no-dsa> (Minor issue)
	[sarge] - libgd2 <no-dsa> (Minor issue)
	NOTE: https://web.archive.org/web/20090212193455/http://bugs.libgd.org/?do=details&task_id=86
CVE-2007-2755
	NOT-FOR-US: PrecisionID
CVE-2007-2754
	{DSA-1334-1 DSA-1302-1}
	- freetype 2.2.1-6 (bug #425625)
	[sarge] - freetype 2.1.7-8
CVE-2007-2753
	NOT-FOR-US: RunawaySoft
CVE-2007-2752
	NOT-FOR-US: RunawaySoft
CVE-2007-2751
	NOT-FOR-US: PHPGlossar
CVE-2007-2750
	NOT-FOR-US: SimpNews
CVE-2007-2749
	NOT-FOR-US: FAQEngine
CVE-2007-2748
	- php4 <not-affected> (Debian shipped the correct fix from the beginning)
	- php5 <not-affected> (Debian shipped the correct fix from the beginning)
CVE-2007-2747
	NOT-FOR-US: rdiffWeb
CVE-2007-2746
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-2745
	NOT-FOR-US: vDesk Webmail
CVE-2007-2744
	NOT-FOR-US: PrecisionID
CVE-2007-2743
	NOT-FOR-US: GlossWord
CVE-2007-2742
	NOT-FOR-US: w2box
CVE-2007-2741
	- lcms 1.15-1 (medium)
CVE-2007-2740
	- php-xajax 0.2.5-1 (bug #426103; unimportant)
	NOTE: This issue was created because of an upstream changelog entry, which however
	NOTE: was meant for the XSS, which is the general issue.
CVE-2007-2739
	{DSA-1692-1}
	- php-xajax 0.2.5-1 (bug #426103; low)
CVE-2007-2738
	NOT-FOR-US: Glossaire for Xoops
CVE-2007-2737
	NOT-FOR-US: MyConference for Xoops
CVE-2007-2736
	NOT-FOR-US: Achievo
CVE-2007-2735
	NOT-FOR-US: ResManager for Xoops
CVE-2007-2734
	NOT-FOR-US: 3Com TippingPoint IPS
CVE-2007-2733
	NOT-FOR-US: Jetbox CMS
CVE-2007-2732
	NOT-FOR-US: Jetbox CMS
CVE-2007-2731
	NOT-FOR-US: Jetbox CMS
CVE-2007-2730
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2729
	NOT-FOR-US: Comodo Personal Firewall
CVE-2007-2728
	- php5 5.2.3-1 (low)
	[etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand())
	- php4 <not-affected> (no soap functions in php4)
CVE-2007-2727
	[etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand())
	- php5 5.2.2-1 (low)
	NOTE: Code not present in PHP 4.
CVE-2007-2726
	NOT-FOR-US: BitsCast
CVE-2007-2725
	NOT-FOR-US: DeWizardX
CVE-2007-2724
	NOT-FOR-US: fotolog
CVE-2007-2723
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-2722
	NOT-FOR-US: NewzCrawler
CVE-2007-2721
	{DSA-2036-1}
	- jasper 1.900.1-6 (medium; bug #413033; bug #528543)
	NOTE: Jasper was initially fixed in 1.900.1-3, but the fix got dropped later, see #528543
	- ghostscript 8.61.dfsg.1~svn8187-1.1 (medium; bug #447188)
	- gs-gpl <removed> (medium; bug #561717)
	NOTE: see http://ghostscript.com/pipermail/gs-cvs/2007-October/007877.html
CVE-2007-2720
	NOT-FOR-US: Group-Office
CVE-2007-2719
	NOT-FOR-US: HP Systems Insight Manager
CVE-2007-2718
	NOT-FOR-US: Stalker CommuniGate Pro
CVE-2007-2717
	NOT-FOR-US: iGeneric (iG) Shop
CVE-2007-2716
	NOT-FOR-US: EQdkp
CVE-2007-2715
	NOT-FOR-US: Snaps! Gallery
CVE-2007-2714
	- wordpress 2.2-1
	NOTE: See http://plugins.trac.wordpress.org/changeset/12812/akismet/trunk/akismet.php
CVE-2007-2713
	NOT-FOR-US: iFdate
CVE-2007-2712
	NOT-FOR-US: MH Software Connect Daily Web Calendar
CVE-2007-2711
	NOT-FOR-US: TinyIdentD
CVE-2007-2710
	NOT-FOR-US: NagiosQL
CVE-2007-2709
	NOT-FOR-US: NagiosQL
CVE-2007-2708
	NOT-FOR-US: News-Script
CVE-2007-2707
	NOT-FOR-US: Linksnet Newsfeed
CVE-2007-2706
	NOT-FOR-US: Geeklog
CVE-2007-2705
	NOT-FOR-US: BEA WebLogic Integration
CVE-2007-2704
	NOT-FOR-US: BEA WebLogic Server
CVE-2007-2703
	NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2702
	NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2701
	NOT-FOR-US: BEA WebLogic
CVE-2007-2700
	NOT-FOR-US: BEA WebLogic
CVE-2007-2699
	NOT-FOR-US: BEA WebLogic
CVE-2007-2698
	NOT-FOR-US: BEA WebLogic
CVE-2007-2697
	NOT-FOR-US: BEA WebLogic
CVE-2007-2696
	NOT-FOR-US: BEA WebLogic
CVE-2007-2695
	NOT-FOR-US: BEA WebLogic
CVE-2007-2694
	NOT-FOR-US: BEA WebLogic
CVE-2007-2693
	- mysql-dfsg-5.0 <not-affected> (Only MySQL 5.1 affected)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Only MySQL 5.1 affected)
	[sarge] - mysql-dfsg <not-affected> (Only MySQL 5.1 affected)
CVE-2007-2692
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.42 (bug #424778)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable functionality not implemented)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality not implemented)
	NOTE: http://bugs.mysql.com/bug.php?id=28499
CVE-2007-2691
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.41a-1 (bug #424778; bug #424830)
CVE-2007-2690
	NOT-FOR-US: ISS
CVE-2007-2689
	NOT-FOR-US: Check Point
CVE-2007-2688
	NOT-FOR-US: Cisco
CVE-2007-2687
	NOT-FOR-US: MicroWorld
CVE-2007-2686
	NOT-FOR-US: Jetbox CMS
CVE-2007-2685
	NOT-FOR-US: Jetbox CMS
CVE-2007-2684
	NOT-FOR-US: Jetbox CMS
CVE-2007-2683
	- mutt 1.5.15+20070608-1 (low; bug #426116)
	[etch] - mutt <no-dsa> (Minor issue, hardly exploitable)
	[sarge] - mutt <no-dsa> (Minor issue, hardly exploitable)
CVE-2007-2682
	NOT-FOR-US: Adobe
CVE-2007-2681
	- b2evolution <unfixed> (unimportant)
	NOTE: This is a register_globals=on issue.
	NOTE: More than just blogs/index.php is affected (that file isn't
	NOTE: installed by the Debian package).
CVE-2007-2680
	NOT-FOR-US: Canon
CVE-2007-2679
	NOT-FOR-US: Simple PHP Scripts
CVE-2007-2678
	NOT-FOR-US: Netsprint
CVE-2007-2677
	NOT-FOR-US: phpChess
CVE-2007-2676
	NOT-FOR-US: Open Translation Engine
CVE-2007-2675
	NOT-FOR-US: Pre Classifieds Listings
CVE-2007-2674
	NOT-FOR-US: Pre Shopping Mall
CVE-2007-2673
	NOT-FOR-US: Censura
CVE-2007-2672
	NOT-FOR-US: PHP Coupon Script
CVE-2007-2671
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-2670
	NOT-FOR-US: PHPChain
CVE-2007-2669
	NOT-FOR-US: PHPChain
CVE-2007-2668
	NOT-FOR-US: webdesproxy
CVE-2007-2667
	NOT-FOR-US: VImpX
CVE-2007-2666
	NOT-FOR-US: notepad++
CVE-2007-2665
	NOT-FOR-US: PhpFirstPost
CVE-2007-2664
	NOT-FOR-US: Yaap
CVE-2007-2663
	NOT-FOR-US: Beacon
CVE-2007-2662
	NOT-FOR-US: EfesTECH
CVE-2007-2661
	NOT-FOR-US: BlogMe
CVE-2007-2660
	NOT-FOR-US: PhpConcept
CVE-2007-2659
	NOT-FOR-US: PHP Advanced Transfer Manager (phpATM)
CVE-2007-2658
	NOT-FOR-US: ID Automation
CVE-2007-2657
	NOT-FOR-US: PrecisionID
CVE-2007-2656
	NOT-FOR-US: HP
CVE-2007-2655
	NOT-FOR-US: NetWin
CVE-2007-2654
	- xfsdump 2.2.45-1 (bug #417894; low)
	[etch] - xfsdump <no-dsa> (Minor issue)
CVE-2007-2653
	REJECTED
CVE-2007-2652
	NOT-FOR-US: Free-SA
CVE-2007-2651
	NOT-FOR-US: VooDoo cIRCle
CVE-2007-2650
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.2-1
CVE-2007-2649
	NOT-FOR-US: Speedport W 700v
CVE-2007-2648
	NOT-FOR-US: Clever Database Comparer
CVE-2007-2647
	NOT-FOR-US: MonAlbum
CVE-2007-2646
	NOT-FOR-US: yEnc32
CVE-2007-2645
	{DSA-1487-1}
	- libexif 0.6.15-1 (bug #424775)
CVE-2007-2644
	NOT-FOR-US: Morovia
CVE-2007-2643
	NOT-FOR-US: maGAZIn
CVE-2007-2642
	NOT-FOR-US: R2K Gallery
CVE-2007-2641
	NOT-FOR-US: W1L3D4
CVE-2007-2640
	NOT-FOR-US: LibTMCG
CVE-2007-2639
	NOT-FOR-US: TFTPDWIN
CVE-2007-2638
	NOT-FOR-US: eFileCabinet
CVE-2007-2637
	{DSA-1514-1}
	- moin 1.5.7-2 (low)
CVE-2007-2636
	NOT-FOR-US: phpTodo
CVE-2007-2635
	- interchange 5.4.2-1 (low)
CVE-2007-2634
	NOT-FOR-US: aForum
CVE-2007-2633
	NOT-FOR-US: H-Sphere
CVE-2007-2632
	NOT-FOR-US: phpMUR
CVE-2007-2631
	NOTE: Duplicate of CVE-2007-2589
CVE-2007-2630
	- moin 1.5.8-4.1 (unimportant)
	- karrigell <not-affected> (Vulnerable php code not present)
	- knowledgeroot 0.9.8.2-2 (unimportant)
CVE-2007-2629
	NOT-FOR-US: Bradford
CVE-2007-2628
	NOT-FOR-US: PHPSecurityAdmin
CVE-2007-2627
	- wordpress 2.2.2-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-2626
	NOT-FOR-US: SchoolBoard
CVE-2007-2625
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-2624
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-2623
	NOT-FOR-US: Remote Display Dev kit
CVE-2007-2622
	NOT-FOR-US: TaskDriver
CVE-2007-2621
	NOT-FOR-US: Thyme Calendar
CVE-2007-2620
	NOT-FOR-US: Jakub Steiner (aka jimmac) original
CVE-2007-2619
	NOT-FOR-US: Symantec pcAnywhere
CVE-2007-2618
	NOT-FOR-US: Drake CMS
CVE-2007-2617
	NOT-FOR-US: Sun Solaris
CVE-2007-2616
	NOT-FOR-US: Novell NetMail
CVE-2007-2615
	NOT-FOR-US: PHPLojaFacil
CVE-2007-2614
	NOT-FOR-US: phpHtmlLib
CVE-2007-2613
	NOT-FOR-US: WikkaWiki
CVE-2007-2612
	NOT-FOR-US: WikkaWiki
CVE-2007-2611
	NOT-FOR-US: CGX
CVE-2007-2610
	NOT-FOR-US: OpenLD
CVE-2007-2609
	NOT-FOR-US: gnuedu
CVE-2007-2608
	NOT-FOR-US: Miplex2
CVE-2007-2607
	NOT-FOR-US: LaVague
CVE-2007-2606
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (low; bug #444976)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed> (low)
	NOTE: Minor issue, because conffile is restricted
CVE-2007-2605
	NOT-FOR-US: Brujula Toolbar
CVE-2007-2604
	NOT-FOR-US: FlexLabel
CVE-2007-2603
	NOT-FOR-US: Audio CD Ripper
CVE-2007-2602
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2007-2601
	NOT-FOR-US: GDivX Zenith Player
CVE-2007-2600
	NOT-FOR-US: TutorialCMS
CVE-2007-2599
	NOT-FOR-US: TutorialCMS
CVE-2007-2598
	NOT-FOR-US: PHP SimpleNEWS
CVE-2007-2597
	NOT-FOR-US: telltarget CMS
CVE-2007-2596
	NOT-FOR-US: aForum
CVE-2007-2595
	NOT-FOR-US: RSAuction
CVE-2007-2594
	NOT-FOR-US: phpMyPortal
CVE-2007-2593
	NOT-FOR-US: Microsoft
CVE-2007-2592
	NOT-FOR-US: Nokia
CVE-2007-2591
	NOT-FOR-US: Nokia
CVE-2007-2590
	NOT-FOR-US: Nokia
CVE-2007-2589
	{DSA-1290-1}
	- squirrelmail 2:1.4.10a-1 (low)
	NOTE: CVE id has later been assigned to a part of this issue
CVE-2007-2588
	NOT-FOR-US: Office Viewer OCX ActiveX
CVE-2007-2587
	NOT-FOR-US: Cisco
CVE-2007-2586
	NOT-FOR-US: Cisco
CVE-2007-2585
	NOT-FOR-US: BarCodeWiz ActiveX control
CVE-2007-2584
	NOT-FOR-US: Subscription Manager ActiveX control
CVE-2007-2583
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.41-1 (low; bug #426353)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality not implemented)
	NOTE: [sarge] Not affected, test case doesn't crash the daemon
CVE-2007-2582
	NOT-FOR-US: IBM DB2
CVE-2007-2581
	NOT-FOR-US: Microsoft
CVE-2007-2580
	NOT-FOR-US: Safari
CVE-2007-2579
	NOT-FOR-US: ACP3
CVE-2007-2578
	NOT-FOR-US: ACP3
CVE-2007-2577
	NOT-FOR-US: ACP3
CVE-2007-2576
	NOT-FOR-US: advdaudio.ocx ActiveX control
CVE-2007-2575
	NOT-FOR-US: vm watermark 0.4.1 mod for Gallery
CVE-2007-2574
	NOT-FOR-US: Archangel Weblog
CVE-2007-2573
	NOT-FOR-US: PHPtree
CVE-2007-2572
	NOT-FOR-US: NoAh (aka PHP Content Architect, phparch)
CVE-2007-2571
	NOT-FOR-US: wfquotes module for XOOPS
CVE-2007-2570
	NOT-FOR-US: Wikivi5
CVE-2007-2569
	NOT-FOR-US: Friendly
CVE-2007-2568
	NOT-FOR-US: VCDGear
CVE-2007-2567
	NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2566
	NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2565
	NOT-FOR-US: Cdelia Software ImageProcessing
CVE-2007-2564
	NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
CVE-2007-2563
	NOT-FOR-US: VersalSoft HTTP File Upload ActiveX control
CVE-2007-2562
	NOT-FOR-US: Kayako eSupport
CVE-2007-2561
	NOT-FOR-US: fipsCMS
CVE-2007-2560
	NOT-FOR-US: ACGVannu
CVE-2007-2559
	NOT-FOR-US: american cart
CVE-2007-2558
	NOT-FOR-US: pfa CMS
CVE-2007-2557
	NOT-FOR-US: Mambo
CVE-2007-2556
	NOT-FOR-US: Nuked-klaN
CVE-2007-2555
	NOT-FOR-US: Podium CMS
CVE-2007-2554
	NOT-FOR-US: Newspower
CVE-2007-2553
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-2552
	NOT-FOR-US: WikkaWiki
CVE-2007-2551
	NOT-FOR-US: WikkaWiki
CVE-2007-2550
	NOT-FOR-US: CubeCart
CVE-2007-2549
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2548
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2547
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2546
	NOT-FOR-US: SMF
CVE-2007-2545
	NOT-FOR-US: Persism
CVE-2007-2544
	NOT-FOR-US: TopTree BBS
CVE-2007-2543
	NOT-FOR-US: XOOPS
CVE-2007-2542
	NOT-FOR-US: workbench survival guide
CVE-2007-2541
	NOT-FOR-US: Versado
CVE-2007-2540
	NOT-FOR-US: PMECMS
CVE-2007-2539
	NOT-FOR-US: RunCms
CVE-2007-2538
	NOT-FOR-US: RunCms
CVE-2007-2537
	NOT-FOR-US: NPDS
CVE-2007-2536
	NOT-FOR-US: Picozip
CVE-2007-2535
	NOT-FOR-US: WinAce
CVE-2007-2534
	NOT-FOR-US: phpHoo3
CVE-2007-2533
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-2532
	NOT-FOR-US: Minh Nguyen Duong Obie Website Mini Web Shop
CVE-2007-2531
	NOT-FOR-US: Berylium2
CVE-2007-2530
	NOT-FOR-US: Tropicalm
CVE-2007-2529
	NOT-FOR-US: Solaris 10
CVE-2007-2528
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-2527
	NOT-FOR-US: DynamicPAD
CVE-2007-2526
	NOT-FOR-US: VNC Viewer ActiveX control
CVE-2007-2525
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-1
	NOTE: Fixed in commit 202a03acf9994076055df40ae093a5c5474ad0bd in
	NOTE: Linus' tree.
CVE-2007-2524
	{DSA-1298-1}
	- otrs2 2.1.1-1 (bug #423524)
	NOTE: 2.1 and 2.2 are not affected, so recording earliest 2.1 version as fix
CVE-2007-2523
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2522
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2521
	NOT-FOR-US: E-GADS!
CVE-2007-2520
	NOT-FOR-US: MyNews
CVE-2007-2519
	- php5 5.2.3-1 (unimportant; bug #441433)
	- php4 <removed> (unimportant)
	NOTE: The installation of the PEAR needs to be trusted anyway, this doesn't
	NOTE: cross trust boundaries
CVE-2007-2518
	REJECTED
CVE-2007-2517
	RESERVED
CVE-2007-2516
	RESERVED
CVE-2007-2515
	RESERVED
CVE-2007-2514
	NOT-FOR-US: Symantec
CVE-2007-2513
	NOT-FOR-US: Novell GroupWise
CVE-2007-2512
	NOT-FOR-US: Alcatel-Lucent
CVE-2007-2511
	{DTSA-39-1}
	- php5 5.2.2-1
	NOTE: Only triggerable by malicious script
CVE-2007-2510
	{DSA-1295-1 DTSA-39-1}
	- php5 5.2.2-1 (low)
CVE-2007-2509
	{DSA-1296-1 DSA-1295-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.2-1 (low)
	- php4 4.4.7-1 (low)
CVE-2007-2508
	NOT-FOR-US: Trend Micro
CVE-2007-2507
	NOT-FOR-US: Treble Designs 1024 CMS
CVE-2007-2506
	NOT-FOR-US: OpenEdge WebSpeed
CVE-2007-2505
	NOT-FOR-US: MailCOPA
CVE-2007-2504
	NOT-FOR-US: PHP Turbulence
CVE-2007-2503
	NOT-FOR-US: PHP Turbulence
CVE-2007-2502
	NOT-FOR-US: HP ProCurve 9300m Series switches
CVE-2007-2501
	NOT-FOR-US: CodePress
CVE-2007-2500
	{DTSA-48-1}
	- gnash 0.7.2+cvs20070518.1557-1 (bug #423433)
CVE-2007-2499
	NOT-FOR-US: DVDdb
CVE-2007-2498
	NOT-FOR-US: Winamp
CVE-2007-2497
	NOT-FOR-US: RealPlayer
	NOTE: helix-player not affected
CVE-2007-2496
	NOT-FOR-US: WordViewer.ocx
CVE-2007-2495
	NOT-FOR-US: ExcelViewer .ocx
CVE-2007-2494
	NOT-FOR-US: PowerPointViewer .ocx
CVE-2007-2493
	NOT-FOR-US: FAQ & RULES module for mxBB
CVE-2007-2492
	NOT-FOR-US: v4bJournal module for PostNuke
CVE-2007-2491
	NOT-FOR-US: EMC VMware
CVE-2007-2490
	NOT-FOR-US: LiveData Server
CVE-2007-2489
	NOT-FOR-US: LiveData Protocol Server
CVE-2007-2487
	NOT-FOR-US: AtomixMP3
CVE-2007-2486
	NOT-FOR-US: Motobit
CVE-2007-2485
	NOT-FOR-US: myflash plugin for WordPress
CVE-2007-2484
	NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2483
	NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2482
	NOT-FOR-US: wordTube plugin for WordPress
CVE-2007-2481
	NOT-FOR-US: wordTube plugin for WordPress
CVE-2007-XXXX [schroot may use outdated configuration information]
	- schroot <not-affected> (Upstream: "This bug was never present in a Debian release.")
CVE-2007-2488
	{DSA-1358-1}
	- asterisk 1:1.4.5~dfsg-1 (low)
	NOTE: no-dsa / unimportant candidate, the opposite side of the telephone line
	NOTE: could just as well hang-up
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-013.htm
CVE-2007-2480
	- linux-2.6 2.6.22-1 (medium)
CVE-2007-2479
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2478
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2477
	NOT-FOR-US: phpMyChat
CVE-2007-2476
	NOT-FOR-US: Novell
CVE-2007-2475
	NOT-FOR-US: Novell
CVE-2007-2474
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2007-2473
	NOT-FOR-US: CMS Made Simple
CVE-2007-2472
	NOT-FOR-US: Sendcard
CVE-2007-2471
	NOT-FOR-US: Sendcard
CVE-2007-2470
	NOT-FOR-US: FileRun
CVE-2007-2469
	NOT-FOR-US: FileRun
CVE-2007-2468
	NOT-FOR-US: HP OpenVMS
CVE-2007-2467
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2466
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-2465
	NOT-FOR-US: Sun Solaris
CVE-2007-2464
	NOT-FOR-US: Cisco
CVE-2007-2463
	NOT-FOR-US: Cisco
CVE-2007-2462
	NOT-FOR-US: Cisco
CVE-2007-2461
	NOT-FOR-US: Cisco
CVE-2007-2460
	NOT-FOR-US: FireFly
CVE-2007-2459
	{DSA-1498-1}
	- libimager-perl 0.58-1 (bug #421582)
CVE-2007-2458
	NOT-FOR-US: Pixaria Gallery
CVE-2007-2457
	NOT-FOR-US: Pixaria Gallery
CVE-2007-2456
	NOT-FOR-US: FireFly
CVE-2007-2455
	NOT-FOR-US: Parallels
CVE-2007-2454
	NOT-FOR-US: Parallels
CVE-2007-2453
	{DSA-1356-1}
	- linux-2.6 2.6.21-5 (low)
CVE-2007-2452
	- findutils 4.2.31-1 (low; bug #426862)
	[sarge] - findutils <no-dsa> (Not vulnerable in default configuration, minor issue)
	[etch] - findutils 4.2.28-1etch1 (low)
CVE-2007-2451
	- linux-2.6 2.6.21-3
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.20)
CVE-2007-2450
	{DSA-1468-1}
	- tomcat4 <removed> (low)
	- tomcat5 <removed> (low)
	- tomcat5.5 5.5.25-1 (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-2449
	- tomcat4 <removed> (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.25-1 (unimportant)
	NOTE: Only present in the examples, not in production code
CVE-2007-2448
	- subversion 1.4.4dfsg1-1 (bug #428194; low)
	[etch] - subversion <no-dsa> (Minor issue)
	[sarge] - subversion <no-dsa> (Minor issue)
CVE-2007-2447
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1 (high)
CVE-2007-2446
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1 (high)
CVE-2007-2445
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (low)
	[etch] - libgd2 2.0.33-5.2etch1 (low)
	- libpng 1.2.15~beta5-2
	- libpng3 <not-affected>
	[etch] - libpng 1.2.15~beta5-1+etch2
	NOTE: Only a crash, no code injection. Calling this DoS stretches things rather far
CVE-2007-2444
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1
CVE-2007-2443
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (bug #430787; medium)
CVE-2007-2442
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (bug #430787; high)
CVE-2007-2441
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2440
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2439
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2438
	{DSA-1364-2 DSA-1364-1}
	- vim 1:7.1-022+1 (bug #435401; low)
	[sarge] - vim <not-affected> (Vulnerable code not present)
	NOTE: Exploitable through modelines, needs to be used with care in any case
CVE-2007-2437
	- xorg-server 2:1.3.0.0.dfsg-4 (unimportant; bug #422936)
	NOTE: etch vulnerable (patch below applies)
	NOTE: git url to fix the issue
	NOTE: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=71fc5b3e9309182978ead676965d65ca93a4e3b9
	NOTE: Not considered a security problem, only exploitable by authenticated users
	NOTE: If an attacker convinces such a user to run his exploit code blindly she could
	NOTE: just as well provide a binary which does more harm
CVE-2007-2436
	REJECTED
CVE-2007-2435
	- sun-java5 1.5.0-11-1 (medium; bug #423062)
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-2434
	NOT-FOR-US: Aventail Connect
CVE-2007-2433
	NOT-FOR-US: Ariadne
CVE-2007-2432
	NOT-FOR-US: Nukedit
CVE-2007-2431
	NOT-FOR-US: TCExam
CVE-2007-2430
	NOT-FOR-US: TCExam
CVE-2007-2429
	NOT-FOR-US: ManageEngine PasswordManager Pro (PMP)
CVE-2007-2428
	NOT-FOR-US: Ahhp-Portal
CVE-2007-2427
	NOT-FOR-US: pnFlashGames
CVE-2007-2426
	NOT-FOR-US: myGallery
CVE-2007-2425
	NOT-FOR-US: Imageview
CVE-2007-2424
	NOT-FOR-US: The Merchant
CVE-2007-2423
	{DSA-1514-1}
	- moin 1.5.7-3 (medium; bug #422408)
CVE-2007-2422
	NOT-FOR-US: Comdev One Admin
CVE-2007-2421
	NOT-FOR-US: Hitachi Groupmax
CVE-2007-2420
	NOT-FOR-US: Burak Yilmaz Blog
CVE-2007-2419
	NOT-FOR-US: Macrovision
CVE-2007-2418
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2417
	NOT-FOR-US: Progress Software Progress and OpenEdge
CVE-2007-2416
	NOT-FOR-US: E-Annu
CVE-2007-2415
	NOT-FOR-US: Pi3Web Web Server
CVE-2007-2414
	NOT-FOR-US: MyServer
CVE-2007-2413
	REJECTED
CVE-2007-2412
	NOT-FOR-US: Seir Anphin
CVE-2007-2411
	NOT-FOR-US: Sphider
CVE-2007-2410
	NOT-FOR-US: Mac OS X
CVE-2007-2409
	NOT-FOR-US: Mac OS X
CVE-2007-2408
	NOT-FOR-US: Apple Safari
CVE-2007-2407
	- samba <not-affected> (MacOS/Apple-specific vulnerability)
CVE-2007-2406
	NOT-FOR-US: Mac OS X
CVE-2007-2405
	NOT-FOR-US: Mac OS X
CVE-2007-2404
	NOT-FOR-US: Mac OS X
CVE-2007-2403
	NOT-FOR-US: Mac OS X
CVE-2007-2402
	NOT-FOR-US: Apple Quicktime
CVE-2007-2401
	NOT-FOR-US: Apple
CVE-2007-2400
	NOT-FOR-US: Apple
CVE-2007-2399
	NOT-FOR-US: Apple
CVE-2007-2398
	NOT-FOR-US: Apple Safari
CVE-2007-2397
	NOT-FOR-US: Apple Quicktime
CVE-2007-2396
	NOT-FOR-US: Apple Quicktime
CVE-2007-2395
	NOT-FOR-US: Apple QuickTime
CVE-2007-2394
	NOT-FOR-US: Apple Quicktime
CVE-2007-2393
	NOT-FOR-US: Apple Quicktime
CVE-2007-2392
	NOT-FOR-US: Apple Quicktime
CVE-2007-2391
	NOT-FOR-US: Apple
CVE-2007-2390
	NOT-FOR-US: Apple
CVE-2007-2389
	NOT-FOR-US: Apple
CVE-2007-2388
	NOT-FOR-US: Apple
CVE-2007-2387
	NOT-FOR-US: Apple
CVE-2007-2386
	NOT-FOR-US: Apple mDNSResponder
CVE-2007-2385
	- yui <removed> (unimportant; bug #557745)
	- bcfg2 <not-affected> (present in source but not included in any binary files)
	- serendipity 1.5.3-1 (low; bug #557746)
	- moodle <not-affected> (uses system libjs-yui)
	- jifty 0.91117-1 (low; bug #557748)
	- webgui <not-affected> (uses system libjs-yui)
	- loggerhead <not-affected> (uses system libjs-yui)
	NOTE: see https://web.archive.org/web/20071105202514/http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2384
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2383
	{DSA-1952-1}
	- prototypejs <not-affected> (fixed before initial upload)
	- auth2db 0.2.5-2+dfsg-1 (low; bug #555217)
	- asterisk 1:1.6.2.0~rc3-1 (low; bug #555220)
	[etch] - asterisk <no-dsa> (minor issue)
	[lenny] - asterisk <no-dsa> (minor issue)
	- libaws 2.7-1 (low; bug #555221)
	[etch] - libaws <no-dsa> (minor issue)
	[lenny] - libaws <no-dsa> (minor issue)
	- libjson-ruby <not-affected> (has prototype.js >= 1.5.1)
	- lucene2 2.9.1+ds1-2 (low; bug #555225)
	[etch] - lucene2 <not-affected> (prototype.js not present)
	[lenny] - lucene2 <no-dsa> (minor issue)
	- glpi 0.72.3-1 (low; bug #555228)
	[etch] - glpi <no-dsa> (minor issue)
	[lenny] - glpi <no-dsa> (minor issue)
	- knowledgeroot 0.9.9.5-1 (low; bug #555229)
	[etch] - knowledgeroot <no-dsa> (minor issue)
	[lenny] - knowledgeroot <not-affected> (Uses the prototype.js copy from scriptaculous)
	- mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231)
	[etch] - mt-daapd <no-dsa> (minor issue)
	- mediatomb 0.11.0-3 (low; bug #555232)
	- op-panel 0.30~dfsg-1 (low; bug #555234)
	- ebug-http 0.31-2.1 (low; bug #555235)
	[lenny] - ebug-http <no-dsa> (Minor issue)
	- poker-network 1.7.6-1 (low; bug #555237)
	[etch] - poker-network <no-dsa> (minor issue)
	- webhelpers <not-affected> (fixed since initial inclusion)
	- qwik <removed> (low; bug #555240)
	[etch] - qwik <no-dsa> (minor issue)
	[lenny] - qwik <no-dsa> (minor issue)
	- wordpress <not-affected> (fixed since initial inclusion)
	- exaile <not-affected> (fixed since initial inclusion)
	- hobix 0.5~svn20070319-4 (low; bug #555246)
	[lenny] - hobix <no-dsa> (minor issue)
	- pixelpost 1.7.1-6 (low; bug #555248)
	[lenny] - pixelpost <no-dsa> (minor issue)
	- symfony 1.0.21-1.1 (low; bug #555250)
	[lenny] - symfony <no-dsa> (minor issue)
	- jscropperui 1.2.1-1 (low; bug #555255)
	[lenny] - jscropperui <no-dsa> (minor issue)
	- rt-extension-emailcompletion <not-affected> (fixed since initial inclusion)
	- scriptaculous <not-affected> (fixed since initial inclusion)
	- activeldap <not-affected> (fixed since initial inclusion)
	- mantis <not-affected> (fixed since initial inclusion)
	- otrs2 <not-affected> (fixed since initial inclusion)
	- webcalendar 1.2~b1-2 (low; bug #555268)
	[lenny] - webcalendar <not-affected> (prototype.js not present)
	- plone3 <removed> (low; bug #555274)
	- wesnoth <not-affected> (fixed since initial inclusion)
	- libhtml-prototype-perl 1.48-3 (low; bug #558977)
	[etch] - libhtml-prototype-perl <no-dsa> (minor issue)
	[lenny] - libhtml-prototype-perl <no-dsa> (minor issue)
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2382
	NOT-FOR-US: Moo.fx framework
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2381
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2380
	NOT-FOR-US: Microsoft Atlas
CVE-2007-2379
	- jquery <unfixed> (unimportant)
	NOTE: the paper in this reference is a guideline on how to avoid writing unsafe jquery applications. there really isn't anything to fix in the library itself.
	NOTE: https://www.fortify.com/vulncat/en/vulncat/javascript/javascript_hijacking_ad_hoc_ajax.html
CVE-2007-2378
	- gwt <removed> (unimportant; bug #563542)
	NOTE: javascript security guidelines provided to developers to avoid these issues
	NOTE: https://developers.google.com/web-toolkit/articles/security_for_gwt_applications
CVE-2007-2377
	NOT-FOR-US: Getahead Direct Web Remoting
CVE-2007-2376
	NOT-FOR-US: Dojo
CVE-2007-2375
	NOT-FOR-US: Symantec
CVE-2007-2374
	NOT-FOR-US: Microsoft
CVE-2007-2373
	NOT-FOR-US: WF-Links (wflinks) module for XOOPS
CVE-2007-2372
	NOT-FOR-US: phpMyNewsletter
CVE-2007-2371
	NOT-FOR-US: phpMyNewsletter
CVE-2007-2370
	NOT-FOR-US: Jobs module for XOOPS
CVE-2007-2369
	NOT-FOR-US: WebSPELL
CVE-2007-2368
	NOT-FOR-US: WebSPELL
CVE-2007-2367
	NOT-FOR-US: Wserve HTTP Server (whttp)
CVE-2007-2366
	NOT-FOR-US: Corel
CVE-2007-2365
	NOT-FOR-US: Adobe
CVE-2007-2364
	NOT-FOR-US: burnCMS
CVE-2007-2363
	NOT-FOR-US: IrfanView
CVE-2007-2362
	{DSA-1434-1 DTSA-36-1}
	- mydns 1:1.1.0-8
	[sarge] - mydns <not-affected> (Vulnerable code not present)
CVE-2007-2361
	NOT-FOR-US: Symantec
CVE-2007-2360
	NOT-FOR-US: Symantec
CVE-2007-2359
	NOT-FOR-US: Symantec
CVE-2007-2358
	- b2evolution <not-affected> (Debian's version does not contain the affected variables)
CVE-2007-2357
	NOT-FOR-US: SineCms
CVE-2007-2356
	{DSA-1301-1}
	- gimp 2.2.14-2
CVE-2007-2355
	NOT-FOR-US: OPeNDAP
CVE-2007-2354
	NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2353
	- axis <unfixed> (unimportant)
	NOTE: only path disclosure
CVE-2007-2352
	NOT-FOR-US: AFFLIB
CVE-2007-2351
	NOT-FOR-US: HP Power Manager Remote Agent
CVE-2007-2350
	NOT-FOR-US: freePBX
CVE-2007-2349
	NOT-FOR-US: Invision Power Board
CVE-2007-2348
	- lftp 3.5.9-1 (unimportant)
	NOTE: Non-issue, also already documented as potentially risky
CVE-2007-2347
	NOT-FOR-US: OneClick CMS
CVE-2007-2346
	NOT-FOR-US: PHP-Generics
CVE-2007-2345
	NOT-FOR-US: phpBrowse
CVE-2007-2344
	NOT-FOR-US: Enterasys
CVE-2007-2343
	NOT-FOR-US: Enterasys
CVE-2007-2342
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2007-2341
	NOT-FOR-US: phpBandManager
CVE-2007-2340
	NOT-FOR-US: phporacleview
CVE-2007-2339
	NOT-FOR-US: Phorum
CVE-2007-2338
	NOT-FOR-US: Phorum
CVE-2007-2337
	NOT-FOR-US: Exponent CMS
CVE-2007-2336
	NOT-FOR-US: NaviCOPA HTTP Server
CVE-2007-2335
	NOT-FOR-US: Lunascape
CVE-2007-2334
	NOT-FOR-US: Nortel
CVE-2007-2333
	NOT-FOR-US: Nortel
CVE-2007-2332
	NOT-FOR-US: Nortel
CVE-2007-2331
	NOT-FOR-US: Shop-Script
CVE-2007-2330
	NOT-FOR-US: DynaTracker
CVE-2007-2329
	NOT-FOR-US: Searchactivity
CVE-2007-2328
	NOT-FOR-US: phpMYTGP
CVE-2007-2327
	NOT-FOR-US: HTMLeditbox
CVE-2007-2326
	- smarty <removed> (unimportant; bug #488523)
	- moodle 1.8.2-2 (unimportant; bug #488525)
	- gallery2 2.2.5-2 (unimportant; bug #488527)
	NOTE: this is a non-issue
	NOTE: to exploit this, the smarty files need to be installed in a http daemon accessible directory
	NOTE: (should be the case for embedded copies), however
	NOTE: additionally this relies on register_globals being switched on.
CVE-2007-2325
	NOT-FOR-US: MyNewsGroups
CVE-2007-2324
	NOT-FOR-US: JulmaCMS
CVE-2007-2323
	NOT-FOR-US: InterVideo
CVE-2007-2322
	NOT-FOR-US: Nero
CVE-2007-2321
	NOT-FOR-US: SilverStripe
CVE-2007-2320
	NOT-FOR-US: Papoo
CVE-2007-2319
	NOT-FOR-US: AutoStand
CVE-2007-2318
	- filezilla 3.0.0~beta2-3 (bug #421776)
	NOTE: http://sourceforge.net/project/shownotes.php?release_id=501534&group_id=21558
CVE-2007-2317
	NOT-FOR-US: MiniBB
CVE-2007-2316
	NOT-FOR-US: Open Business Management
CVE-2007-2315
	NOT-FOR-US: MiniShare
CVE-2007-2314
	NOT-FOR-US: Crea-Book
CVE-2007-2313
	NOT-FOR-US: Shotcast module for mxBB
CVE-2007-2312
	NOT-FOR-US: Virtual War (VWar)
CVE-2007-2311
	NOT-FOR-US: BlooFoxCMS
CVE-2007-2310
	NOT-FOR-US: BloofoxCMS
CVE-2007-2309
	NOT-FOR-US: FloweRS
CVE-2007-2308
	NOT-FOR-US: FloweRS
CVE-2007-2307
	NOT-FOR-US: WebKalk2
CVE-2007-2306
	NOT-FOR-US: Virtual War (VWar)
CVE-2007-2305
	NOT-FOR-US: QDBlog
CVE-2007-2304
	NOT-FOR-US: QDBlog
CVE-2007-2303
	NOT-FOR-US: NMDeluxe
CVE-2007-2302
	NOT-FOR-US: Expow
CVE-2007-2301
	NOT-FOR-US: audioCMS
CVE-2007-2300
	NOT-FOR-US: phpwebnews
CVE-2007-2299
	NOT-FOR-US: CMS Frogss
CVE-2007-2298
	NOT-FOR-US: Garennes
CVE-2007-2297
	{DSA-1358-1}
	- asterisk 1:1.4.2~dfsg-1 (medium; bug #419820)
	[sarge] - asterisk <not-affected> (correctly logs a warning)
CVE-2007-2296
	NOT-FOR-US: Apple QuickTime
CVE-2007-2295
	NOT-FOR-US: Apple QuickTime
CVE-2007-2294
	{DSA-1358-1}
	- asterisk 1:1.4.3~dfsg-1 (low)
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-012.htm
CVE-2007-2293
	- asterisk 1:1.4.3~dfsg-1 (high)
	[sarge] - asterisk <not-affected> (1.0.x not affected)
	[etch] - asterisk <not-affected> (1.2.x not affected)
	[lenny] - asterisk <not-affected> (vulnerable code not present)
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-010.htm
CVE-2007-2292
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (low)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
CVE-2007-2291
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2290
	NOT-FOR-US: B2 Weblog
	NOTE: Debian's b2evolution does not contain the string "b2inc",
	NOTE: and does not seem to suffer from this vulnerability.
CVE-2007-2289
	NOT-FOR-US: Download-Engine
CVE-2007-2288
	NOT-FOR-US: doruk100net
CVE-2007-2287
	NOT-FOR-US: comus
CVE-2007-2286
	NOT-FOR-US: Built2Go
CVE-2007-2285
	NOT-FOR-US: Jack Slocum Ext
CVE-2007-2284
	NOT-FOR-US: ABC-View Manager
CVE-2007-2283
	NOT-FOR-US: Fresh View
CVE-2007-2282
	NOT-FOR-US: Cisco
CVE-2007-2281
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2007-2280
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2007-2279
	NOT-FOR-US: Symantec
CVE-2007-2278
	NOT-FOR-US: DCP-Portal
CVE-2007-2277
	NOT-FOR-US: Plogger
CVE-2007-2276
	NOT-FOR-US: TippingPoint IPS
CVE-2007-2275
	NOT-FOR-US: HP StorageWorks
CVE-2007-2274
	NOT-FOR-US: Opera
CVE-2007-2273
	NOT-FOR-US: wavewoo
CVE-2007-2272
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2007-2271
	NOT-FOR-US: TotaRam
CVE-2007-2270
	NOT-FOR-US: Linksys
CVE-2007-2269
	NOT-FOR-US: Plesk
CVE-2007-2268
	NOT-FOR-US: Plesk
CVE-2007-2267
	NOT-FOR-US: Sun Cluster
CVE-2007-2266
	NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2265
	NOT-FOR-US: YA Book
CVE-2007-2264
	NOT-FOR-US: RealPlayer
CVE-2007-2263
	NOT-FOR-US: RealPlayer
CVE-2007-2262
	NOT-FOR-US: jmuffin
CVE-2007-2261
	NOT-FOR-US: C-Arbre
CVE-2007-2260
	NOT-FOR-US: bibtex mase
CVE-2007-2259
	NOT-FOR-US: EsForum
CVE-2007-2258
	NOT-FOR-US: PHPMyBibli
CVE-2007-2257
	NOT-FOR-US: Fully Modded phpBB2
CVE-2007-2256
	NOT-FOR-US: TJSChat
CVE-2007-2255
	NOT-FOR-US: Download-Engine
CVE-2007-2254
	NOT-FOR-US: PHP Classifieds
CVE-2007-2253
	NOT-FOR-US: Exponent CMS
CVE-2007-2252
	NOT-FOR-US: Exponent CMS
CVE-2007-2251
	NOT-FOR-US: Xaraya
CVE-2007-2250
	NOT-FOR-US: Phorum
CVE-2007-2249
	NOT-FOR-US: Phorum
CVE-2007-2248
	NOT-FOR-US: Phorum
CVE-2007-2247
	NOT-FOR-US: phpMySpace
CVE-2007-2246
	NOT-FOR-US: HP-UX
CVE-2007-2245
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.1-1 (low)
	NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4
CVE-2007-2244
	NOT-FOR-US: Adobe Photoshop
CVE-2007-2243
	- openssh <unfixed> (bug #436571; unimportant)
	[etch] - openssh <no-dsa> (Minor issue)
	[sarge] - openssh <no-dsa> (Minor issue)
CVE-2007-2242
	{DSA-1356-1}
	- linux-2.6 2.6.21-1 (low; bug #421595)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (No security support for KFreeBSD)
	NOTE: This should be off by default, tweakable by a simple knob.
	NOTE: (FreeBSD has it turned on for hosts, too.)
CVE-2007-2241
	- bind9 1:9.4.1-1 (medium)
	[etch] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
	[sarge] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
CVE-2007-2240
	NOT-FOR-US: IBM Lenovo Access Support acpRunner ActiveX control
CVE-2007-2239
	NOT-FOR-US: AXIS Camera Control
CVE-2007-2238
	NOT-FOR-US: Whale Client Components ActiveX control
CVE-2007-2237
	NOT-FOR-US: Microsoft
CVE-2007-2236
	NOT-FOR-US: PunBB
CVE-2007-2235
	NOT-FOR-US: PunBB
CVE-2007-2234
	NOT-FOR-US: PunBB
CVE-2007-2233
	NOT-FOR-US: CoSign
CVE-2007-2232
	NOT-FOR-US: CoSign
CVE-2007-2231
	{DSA-1359-1}
	- dovecot 1.0.rc29-1
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
CVE-2007-2230
	NOT-FOR-US: CA Clever Path
CVE-2007-2229
	NOT-FOR-US: Microsoft
CVE-2007-2228
	NOT-FOR-US: Windows
CVE-2007-2227
	NOT-FOR-US: Microsoft
CVE-2007-2226
	REJECTED
CVE-2007-2225
	NOT-FOR-US: Microsoft
CVE-2007-2224
	NOT-FOR-US: Microsoft
CVE-2007-2223
	NOT-FOR-US: Microsoft XML
CVE-2007-2222
	NOT-FOR-US: Microsoft
CVE-2007-2221
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2220
	REJECTED
CVE-2007-2219
	NOT-FOR-US: Microsoft
CVE-2007-2218
	NOT-FOR-US: Microsoft
CVE-2007-2217
	NOT-FOR-US: Kodak Image Viewer
CVE-2007-2216
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2215
	REJECTED
CVE-2007-2214
	NOT-FOR-US: DmCMS
CVE-2007-2213
	NOT-FOR-US: WS_FTP
CVE-2007-2212
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-2211
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-2210
	NOT-FOR-US: Netsprint
CVE-2007-2209
	NOT-FOR-US: AccuSoft
CVE-2007-2208
	NOT-FOR-US: Extreme PHPBB2
CVE-2007-2207
	NOT-FOR-US: Ripe Website Manager
CVE-2007-2206
	NOT-FOR-US: Ripe Website Manager
CVE-2007-2205
	NOT-FOR-US: LAN Management System
CVE-2007-2204
	NOT-FOR-US: GPL PHP Board
CVE-2007-2203
	NOT-FOR-US: Big Blue Guestbook
CVE-2007-2202
	NOT-FOR-US: Accueil et Conseil en Visites et Sejours Web Services
CVE-2007-2201
	NOT-FOR-US: Post Revolution
CVE-2007-2200
	NOT-FOR-US: Pagode
CVE-2007-2199
	NOT-FOR-US: Joomla!
CVE-2007-2198
	NOT-FOR-US: LAN Management System
CVE-2007-2197
	NOT-FOR-US: NeatUpload
CVE-2007-2196
	NOT-FOR-US: Jambook module for Mambo and Joomla
CVE-2007-2195
	- amsn <not-affected> (Appears bogus, no such port is opened; bug #557754)
CVE-2007-2194
	NOT-FOR-US: XnView
CVE-2007-2193
	NOT-FOR-US: ACDSee
CVE-2007-2192
	NOT-FOR-US: Photofiltre
CVE-2007-2191
	NOT-FOR-US: freePBX
CVE-2007-2190
	NOT-FOR-US: Eba News
CVE-2007-2189
	NOT-FOR-US: mxBB Smartor Album
CVE-2007-2188
	NOT-FOR-US: eXtremail
CVE-2007-2187
	NOT-FOR-US: eXtremail
CVE-2007-2186
	NOT-FOR-US: Foxit Reader
CVE-2007-2185
	NOT-FOR-US: Supasite
CVE-2007-2184
	NOT-FOR-US: jchit
CVE-2007-2183
	NOT-FOR-US: PHP-Ring Webring System
CVE-2007-2182
	NOT-FOR-US: Maran PHP Forum
CVE-2007-2181
	NOT-FOR-US: WEBInsta
CVE-2007-2180
	NOT-FOR-US: Nullsoft Winamp
CVE-2007-2179
	NOT-FOR-US: RaidenFTPD
CVE-2007-2178
	NOT-FOR-US: Sharity
CVE-2007-2177
	NOT-FOR-US: Microgaming Download Helper
CVE-2007-2176
	NOT-FOR-US: Related to Apple QuickTime as well, no information about Mozilla being affected is available
CVE-2007-2175
	NOT-FOR-US: Apple QuickTime
CVE-2007-2174
	NOT-FOR-US: ZoneAlarm
CVE-2007-2173
	NOT-FOR-US: Gentoo's packaging of courier
CVE-2007-2172
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1 DSA-1356-1}
	- linux-2.6 2.6.21-1 (medium)
CVE-2007-2171
	NOT-FOR-US: Novell GroupWise
CVE-2007-2170
	NOT-FOR-US: Oracle E-Business Suite
CVE-2007-2169
	NOT-FOR-US: Mozzers SubSystem
CVE-2007-2168
	NOT-FOR-US: AimStats
CVE-2007-2167
	NOT-FOR-US: AimStats
CVE-2007-2166
	NOT-FOR-US: OpenSurveyPilot
CVE-2007-2165
	- proftpd 1.3.0-24 (low)
	[sarge] - proftpd <no-dsa> (Minor issue)
	- proftpd-dfsg 1.3.0-24 (low)
	[etch] - proftpd-dfsg 1.3.0-19etch1
	NOTE: Minor issue Fixed in 4.0r4 point release
CVE-2007-2164
	- kdelibs <unfixed> (unimportant)
	NOTE: Browser crashes are not treated as security problems
CVE-2007-2163
	NOT-FOR-US: Apple Safari
CVE-2007-2162
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes are not treated as security problems
CVE-2007-2161
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2160
	NOT-FOR-US: dba module for Drupal
CVE-2007-2159
	NOT-FOR-US: dba module for Drupal
CVE-2007-2158
	NOT-FOR-US: jGallery
CVE-2007-2157
	NOT-FOR-US: Zomplog
CVE-2007-2156
	NOT-FOR-US: Rezervi Generic
CVE-2007-2155
	NOT-FOR-US: phpFaber TopSites
CVE-2007-2154
	NOT-FOR-US: Cabron Connector
CVE-2007-2153
	NOT-FOR-US: @Mail
CVE-2007-2152
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2007-2151
	NOT-FOR-US: McAfee
CVE-2007-2150
	NOT-FOR-US: BlueArc
CVE-2007-2149
	NOT-FOR-US: Chatness
CVE-2007-2148
	NOT-FOR-US: Chatness
CVE-2007-2147
	NOT-FOR-US: Chatness
CVE-2007-2146
	NOT-FOR-US: MiniGal
CVE-2007-2145
	NOT-FOR-US: MiniGal
CVE-2007-2144
	NOT-FOR-US: JoomlaPack
CVE-2007-2143
	NOT-FOR-US: Be2004-2 template for Joomla
CVE-2007-2142
	NOT-FOR-US: AjPortal2Php
CVE-2007-2141
	NOT-FOR-US: ShoutPro
CVE-2007-2140
	NOT-FOR-US: Flip-search-add-on
CVE-2007-2139
	NOT-FOR-US: CA BrightStor
CVE-2007-2137
	NOT-FOR-US: Tivoli
CVE-2007-2136
	NOT-FOR-US: BMC Patrol PerformAgent
CVE-2007-2135
	NOT-FOR-US: Oracle
CVE-2007-2134
	NOT-FOR-US: Oracle
CVE-2007-2133
	NOT-FOR-US: Oracle
CVE-2007-2132
	NOT-FOR-US: Oracle
CVE-2007-2131
	NOT-FOR-US: Oracle
CVE-2007-2130
	NOT-FOR-US: Oracle
CVE-2007-2129
	NOT-FOR-US: Oracle
CVE-2007-2128
	NOT-FOR-US: Oracle
CVE-2007-2127
	NOT-FOR-US: Oracle
CVE-2007-2126
	NOT-FOR-US: Oracle
CVE-2007-2125
	NOT-FOR-US: Oracle
CVE-2007-2124
	NOT-FOR-US: Oracle
CVE-2007-2123
	NOT-FOR-US: Oracle
CVE-2007-2122
	NOT-FOR-US: Oracle
CVE-2007-2121
	NOT-FOR-US: Oracle
CVE-2007-2120
	NOT-FOR-US: Oracle
CVE-2007-2119
	NOT-FOR-US: Oracle
CVE-2007-2118
	NOT-FOR-US: Oracle
CVE-2007-2117
	NOT-FOR-US: Oracle
CVE-2007-2116
	NOT-FOR-US: Oracle
CVE-2007-2115
	NOT-FOR-US: Oracle
CVE-2007-2114
	NOT-FOR-US: Oracle
CVE-2007-2113
	NOT-FOR-US: Oracle
CVE-2007-2112
	NOT-FOR-US: Oracle
CVE-2007-2111
	NOT-FOR-US: Oracle
CVE-2007-2110
	NOT-FOR-US: Oracle
CVE-2007-2109
	NOT-FOR-US: Oracle
CVE-2007-2108
	NOT-FOR-US: Oracle
CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages]
	- mixmaster 3.0b2-5 (low; bug #418662)
	[etch] - mixmaster 3.0b2-4.etch1
	[sarge] - mixmaster <not-affected> (Code generation in Sarge pads over this)
CVE-2007-XXXX [heap-based buffer overflow in git-blame with long file names]
	[etch] - git-core <not-affected> (1.4.4.4 tagged 2007-1-8, bug introduced 2007-1-30)
	- git-core 1:1.5.1.2-1 (low)
	NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb
	NOTE: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=1cfe77333f274c9ba9879c2eb61057a790eb050f
	NOTE: http://git.kernel.org/?p=git/git.git;a=tag;h=ae9ced19800491a5d80de5ee36bc07d68868a4dd
CVE-2007-2138
	{DSA-1311-1 DSA-1309-1}
	- postgresql-8.2 8.2.4-1
	- postgresql-8.1 8.1.9-1
	- postgresql-7.4 1:7.4.17-1
CVE-2007-2107
	NOT-FOR-US: Rha7 Downloads
CVE-2007-2106
	NOT-FOR-US: Kai Content Management System
CVE-2007-2105
	NOT-FOR-US: Monkey CMS
CVE-2007-2104
	NOT-FOR-US: iXon CMS
CVE-2007-2103
	NOT-FOR-US: my little forum
CVE-2007-2102
	NOT-FOR-US: my little weblog
CVE-2007-2101
	NOT-FOR-US: FAC Guestbook
CVE-2007-2100
	NOT-FOR-US: FAC Guestbook
CVE-2007-2099
	NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2098
	NOT-FOR-US: Wabbit PHP Gallery
CVE-2007-2097
	NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2096
	NOT-FOR-US: PHPHD Download System
CVE-2007-2095
	NOT-FOR-US: MySpeach
CVE-2007-2094
	NOT-FOR-US: Anthologia
CVE-2007-2093
	NOT-FOR-US: Limesoft Guestbook
CVE-2007-2092
	NOT-FOR-US: Limesoft Guestbook
CVE-2007-2091
	NOT-FOR-US: tsdisplay4xoops
CVE-2007-2090
	NOT-FOR-US: TuMusika Evolution
CVE-2007-2089
	NOT-FOR-US: Jx Development Article component for Mambo and Joomla
CVE-2007-2088
	- sitebar 3.3.8-7 (low)
	NOTE: this was register globals only and is fixed in Debian anyway
CVE-2007-2087
	NOT-FOR-US: CNStats
CVE-2007-2086
	NOT-FOR-US: CNStats
CVE-2007-2085
	NOT-FOR-US: oe2edit CMS
CVE-2007-2084
	NOT-FOR-US: MobilePublisherphp
CVE-2007-2083
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2082
	NOT-FOR-US: MyBlog
CVE-2007-2081
	NOT-FOR-US: MyBlog
CVE-2007-2080
	NOT-FOR-US: XAMPP
CVE-2007-2079
	NOT-FOR-US: XAMPP
CVE-2007-2078
	NOT-FOR-US: Maian Weblog
CVE-2007-2077
	NOT-FOR-US: Maian Search
CVE-2007-2076
	NOT-FOR-US: Maian Gallery
CVE-2007-2075
	NOT-FOR-US: ScramDisk
CVE-2007-2074
	NOT-FOR-US: ScramDisk
CVE-2007-2073
	NOT-FOR-US: Ivan Gallery Script
CVE-2007-2072
	NOT-FOR-US: Ivan Gallery Script
CVE-2007-2071
	NOT-FOR-US: Open-gorotto
CVE-2007-2070
	NOT-FOR-US: SunShop Shopping Cart
CVE-2007-2069
	NOT-FOR-US: openMairie
CVE-2007-2068
	NOT-FOR-US: StoreFront extension for Gallery
CVE-2007-2067
	NOT-FOR-US: WebSlider
CVE-2007-2066
	NOT-FOR-US: UseBB
CVE-2007-2065
	NOT-FOR-US: ActionPoll
CVE-2007-2064
	NOT-FOR-US: ActionPoll
CVE-2007-2063
	NOT-FOR-US: IBM zOS
CVE-2007-2062
	NOT-FOR-US: VCDGear
CVE-2007-2061
	NOT-FOR-US: MailBee WebMail Pro
CVE-2007-2060
	NOT-FOR-US: Wizz RSS Reader
CVE-2007-2059
	NOT-FOR-US: eIQnetworks Enterprise Security Analyzer
CVE-2007-2058
	NOT-FOR-US: Acubix PicoZip
CVE-2007-2057
	{DSA-1280-1 DTSA-35-1}
	- aircrack-ng 1:0.7-3 (medium)
	NOTE: http://trac.aircrack-ng.org/changeset/288
CVE-2007-2056
	REJECTED
CVE-2007-2055
	NOT-FOR-US: AFFLIB
CVE-2007-2054
	NOT-FOR-US: AFFLIB
CVE-2007-2053
	NOT-FOR-US: AFFLIB
CVE-2007-2052
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.4-3 (bug #416931; low)
	- python2.5 2.5.1-1 (bug #416934; low)
	- python2.3 <removed> (low)
CVE-2007-2051
	NOT-FOR-US: bftpd
CVE-2007-2050
	NOT-FOR-US: RicarGBooK
CVE-2007-2049
	NOT-FOR-US: Calendar Module for Mambo
CVE-2007-2048
	NOT-FOR-US: webMethods Glue
CVE-2007-2047
	NOT-FOR-US: Openads
CVE-2007-2046
	NOT-FOR-US: Openads
CVE-2007-2045
	NOT-FOR-US: Sun Solaris
CVE-2007-2044
	NOT-FOR-US: Weather module for Mambo and Joomla
CVE-2007-2043
	NOT-FOR-US: MOSMedia Lite
CVE-2007-2042
	NOT-FOR-US: MOSMedia Lite
CVE-2007-2041
	NOT-FOR-US: Cisco
CVE-2007-2040
	NOT-FOR-US: Cisco
CVE-2007-2039
	NOT-FOR-US: Cisco
CVE-2007-2038
	NOT-FOR-US: Cisco
CVE-2007-2037
	NOT-FOR-US: Cisco
CVE-2007-2036
	NOT-FOR-US: Cisco
CVE-2007-2035
	NOT-FOR-US: Cisco
CVE-2007-2034
	NOT-FOR-US: Cisco
CVE-2007-2033
	NOT-FOR-US: Cisco
CVE-2007-2032
	NOT-FOR-US: Cisco
CVE-2007-2031
	NOT-FOR-US: 3proxy
CVE-2007-2030
	- lha 1.14i-10.2 (bug #437621; low)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2007-2029
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (low; bug #418849)
	NOTE: closed report: https://bugzilla.clamav.net/show_bug.cgi?id=459
	NOTE: Commit r3021 looks as if it's just a null pointer dereference.
CVE-2007-2028
	- freeradius 1.1.6-1 (low)
	[sarge] - freeradius <no-dsa> (Minor issue)
	[etch] - freeradius <no-dsa> (Minor issue)
CVE-2007-2027
	- elinks 0.11.1-1.4 (bug #417789; low)
	[sarge] - elinks <no-dsa> (Hardly exploitable)
	[etch] - elinks <no-dsa> (Hardly exploitable)
	NOTE: Unrealistic attack vector, no evidence code injection is possible
CVE-2007-2026
	- file 4.20-6 (low)
	[etch] - file 4.17-5etch3
	[sarge] - file <not-affected> (version too old)
CVE-2007-2025
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (bug #441390)
CVE-2007-2024
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (bug #441390)
CVE-2007-2023
	NOT-FOR-US: Secustick USB flash drive
CVE-2007-2022
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Non-free not supported)
	NOTE: Flash Plugin has a vulnerablity, which will only be disclosed in a few months
	NOTE: Some browser vendors produce updates, which fix this issue on the browser side,
	NOTE: but that it not of concern for Debian
CVE-2007-2021
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2007-2020
	NOT-FOR-US: xodagallery
CVE-2007-2019
	NOT-FOR-US: phpGalleryScript
CVE-2007-2018
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2017
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2016
	- phpmyadmin 4:2.6.2-3 (unimportant)
CVE-2007-2015
	NOT-FOR-US: Request It
CVE-2007-2014
	NOT-FOR-US: MyNews
CVE-2007-2013
	NOT-FOR-US: Passworschutz
CVE-2007-2012
	NOT-FOR-US: CompreXX
CVE-2007-2011
	NOT-FOR-US: DeskPro
CVE-2007-2010
	NOT-FOR-US: bftpd
CVE-2007-2009
	NOT-FOR-US: SimpCMS Light
CVE-2007-2008
	NOT-FOR-US: pL-PHP
CVE-2007-2007
	NOT-FOR-US: pL-PHP
CVE-2007-2006
	NOT-FOR-US: pL-PHP
CVE-2007-2005
	NOT-FOR-US: Taskhopper component for Mambo and Joomla
CVE-2007-2004
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2003
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2002
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2001
	NOT-FOR-US: Crea-Book
CVE-2007-2000
	NOT-FOR-US: Crea-Book
CVE-2007-1999
	NOT-FOR-US: Weatimages
CVE-2007-1998
	NOT-FOR-US: HIOX Guest Book
CVE-2007-1997
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (high)
CVE-2007-1996
	NOT-FOR-US: CodeBreak
CVE-2007-1995
	{DSA-1293-1}
	- quagga 0.99.6-5 (low; bug #418323)
	NOTE: The attributes are non-transitive, which means that they
	NOTE: are not propagated via BGP and therefore must originate
	NOTE: from a peer (which is explicitly configured).
CVE-2007-1994
	NOT-FOR-US: HP-UX ARPA transport
CVE-2007-1993
	NOT-FOR-US: HP-UX Portable File System
CVE-2007-1992
	NOT-FOR-US: com_zoom
CVE-2007-1991
	NOT-FOR-US: CmailServer WebMail
CVE-2007-1990
	NOT-FOR-US: MyBlog
CVE-2007-1989
	NOT-FOR-US: DotClear
CVE-2007-1988
	NOT-FOR-US: PHPEcho CMS
CVE-2007-1987
	NOT-FOR-US: PHPEcho CMS
CVE-2007-1986
	NOT-FOR-US: AROUNDMe
CVE-2007-1985
	NOT-FOR-US: phpexplorator
CVE-2007-1984
	NOT-FOR-US: lite-cms
CVE-2007-1983
	NOT-FOR-US: Cyboards PHP Lite
CVE-2007-1982
	NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1981
	NOT-FOR-US: Metamod-P
CVE-2007-1980
	NOT-FOR-US: Topliste module for PHP-Fusion
CVE-2007-1979
	NOT-FOR-US: PopnupBlog module for Xoops
CVE-2007-1978
	NOT-FOR-US: Arcade module for PHP-Fusion
CVE-2007-1977
	NOT-FOR-US: holaCMS
CVE-2007-1976
	NOT-FOR-US: Virii Info module for Xoops
CVE-2007-1975
	NOT-FOR-US: SLAED CMS
CVE-2007-1974
	NOT-FOR-US: Xoops modules
CVE-2007-1973
	NOT-FOR-US: Microsoft Windows
CVE-2007-1972
	NOT-FOR-US: BMC Patrol PerformAgent
CVE-2007-XXXX [mydms SQL injection]
	- mydms 1.4.4+1-5
CVE-2007-1971
	NOT-FOR-US: fotokategori.asp
CVE-2007-1970
	- iceweasel <removed> (unimportant; bug #556267)
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - iceweasel <no-dsa> (Minor issue)
CVE-2007-1969
	NOT-FOR-US: MyBlog
CVE-2007-1968
	NOT-FOR-US: MyBlog
CVE-2007-1967
	NOT-FOR-US: stat12
CVE-2007-1966
	NOT-FOR-US: eXV2 CMS
CVE-2007-1965
	NOT-FOR-US: eXV2 CMS
CVE-2007-1964
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-1963
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-1962
	NOT-FOR-US: WF-Snippets module for Xoops
CVE-2007-1961
	NOT-FOR-US: Mutant portal for phpBB
CVE-2007-1960
	NOT-FOR-US: Rha7 Downloads
CVE-2007-1959
	- tinymux <unfixed> (unimportant)
CVE-2007-1958
	- tinymux 2.4.3.31-1
CVE-2007-1957
	NOT-FOR-US: Portail Web Php
CVE-2007-1956
	NOT-FOR-US: Groupee UBB.threads
CVE-2007-1955
	NOT-FOR-US: SKCrypAX ActiveX control
CVE-2007-1954
	NOT-FOR-US: ArchiveXpert
CVE-2007-1953
	NOT-FOR-US: onelook courts on-line
CVE-2007-1952
	NOT-FOR-US: onelook onebyone CMS
CVE-2007-1951
	NOT-FOR-US: onelook obo Shop
CVE-2007-1950
	NOT-FOR-US: WebBlizzard CMS
CVE-2007-1949
	NOT-FOR-US: WebBlizzard CMS
CVE-2007-1948
	NOT-FOR-US: IrfanView
CVE-2007-1947
	NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1946
	NOT-FOR-US: WIndows Explorer
CVE-2007-1945
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1944
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1943
	NOT-FOR-US: ACDSee Photo Manager
CVE-2007-1942
	NOT-FOR-US: FastStone Image Viewer
CVE-2007-1941
	NOT-FOR-US: Domino Web Access
CVE-2007-1940
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2007-1939
	NOT-FOR-US: LanguageTool
CVE-2007-1938
	NOT-FOR-US: Ichitaro
CVE-2007-1937
	NOT-FOR-US: Scorp Book
CVE-2007-1936
	NOT-FOR-US: ScarAdControl
CVE-2007-1935
	NOT-FOR-US: ScarAdControl
CVE-2007-1934
	NOT-FOR-US: eBoard module for PHP-Nuke
CVE-2007-1933
	NOT-FOR-US: PcP-Guestbook
CVE-2007-1932
	NOT-FOR-US: ScarNews
CVE-2007-1931
	NOT-FOR-US: SmodCMS
CVE-2007-1930
	NOT-FOR-US: cattaDoc
CVE-2007-1929
	NOT-FOR-US: Beryo
CVE-2007-1928
	NOT-FOR-US: witshare
CVE-2007-1927
	NOT-FOR-US: CmailServer WebMail
CVE-2007-1926
	NOT-FOR-US: JBMC Software DirectAdmin
CVE-2007-1925
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2007-1924
	NOT-FOR-US: phpContact
CVE-2007-1923
	- sql-ledger <unfixed> (unimportant; bug #409703)
CVE-2007-1922
	NOT-FOR-US: Winamp
CVE-2007-1921
	NOT-FOR-US: Winamp
CVE-2007-1920
	NOT-FOR-US: aktualnosci module in SmodBIP
CVE-2007-1919
	NOT-FOR-US: Arizona Dream Livre d'or
CVE-2007-1918
	NOT-FOR-US: SAP RFC Library
CVE-2007-1917
	NOT-FOR-US: SAP RFC Library
CVE-2007-1916
	NOT-FOR-US: SAP RFC Library
CVE-2007-1915
	NOT-FOR-US: SAP RFC Library
CVE-2007-1914
	NOT-FOR-US: SAP RFC Library
CVE-2007-1913
	NOT-FOR-US: SAP RFC Library
CVE-2007-1912
	NOT-FOR-US: Microsoft Windows
CVE-2007-1911
	NOT-FOR-US: Microsoft Word
CVE-2007-1910
	NOT-FOR-US: Microsoft Word
CVE-2007-1909
	NOT-FOR-US: Battle.net Clan Script
CVE-2007-1908
	NOT-FOR-US: PHP121 Instant Messenger
CVE-2007-1907
	NOT-FOR-US: Pathos CMS
CVE-2007-1906
	NOT-FOR-US: eCardMAX HotEditor
CVE-2007-1905
	NOT-FOR-US: QuizShock
CVE-2007-1904
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-1903
	NOT-FOR-US: SonicBB
CVE-2007-1902
	NOT-FOR-US: SonicBB
CVE-2007-1901
	NOT-FOR-US: SonicBB
CVE-2007-1900
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (low)
CVE-2007-1899
	NOT-FOR-US: myWebland myBloggie
CVE-2007-1898
	NOT-FOR-US: Jetbox CMS
CVE-2007-1897
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1896
	NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1895
	NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1894
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1893
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1892
	NOT-FOR-US: Akamai
CVE-2007-1891
	NOT-FOR-US: Akamai
CVE-2007-1890
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: local code execution only, possibly only on FreeBSD
CVE-2007-1889
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1888
	- sqlite 2.8.17-2.1 (unimportant; bug #441233; bug #526328)
	NOTE: this is really just an "unsafe" API, not really a security issue against sqlite itself.
	NOTE: SQLite 3 no longer contains the affected function.
CVE-2007-1887
	{DSA-1283-1 DTSA-39-1}
	- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
	- php5 5.2.0-11 (medium)
	- php4-sqlite <removed> (medium; bug #420456)
	NOTE: php5 is vulnerable due to improper use of the system sqlite libs
CVE-2007-1886
	NOTE: Duplicate of CVE-2007-1885
CVE-2007-1885
	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1884
	NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1883
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1882
	NOT-FOR-US: HP Mercury Quality Center
CVE-2007-1881
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1880
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1879
	NOT-FOR-US: KL.SysInfo ActiveX control
CVE-2007-1878
	NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1877
	NOT-FOR-US: VMware
CVE-2007-1876
	NOT-FOR-US: VMware
CVE-2007-1875
	RESERVED
CVE-2007-1874
	NOT-FOR-US: Adobe ColdFusion MX
CVE-2007-1873
	NOT-FOR-US: mephisto
CVE-2007-1872
	NOT-FOR-US: toendaCMS
CVE-2007-1871
	NOT-FOR-US: chcounter
CVE-2007-1870
	{DSA-1303-1}
	- lighttpd 1.4.15-1 (low; bug #422254)
CVE-2007-1869
	{DSA-1303-1}
	- lighttpd 1.4.15-1 (medium; bug #422254)
CVE-2007-1868
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2007-1867
	NOT-FOR-US: IrfanView
CVE-2007-1866
	NOT-FOR-US: dproxy-nexgen
CVE-2007-1865
	NOT-FOR-US: not a bug
CVE-2007-1864
	{DSA-1331-1 DSA-1330-1}
	- php4 <removed>
	- php5 5.2.2-1
CVE-2007-1863
	- apache2 2.2.4-1 (low)
	- apache <removed> (unimportant)
	[sarge] - apache2 2.0.54-5sarge2
	[etch] - apache2 2.2.3-4+etch2
	NOTE: Apache 1.3 is non-threaded, therefore unimportant
CVE-2007-1862
	- apache2 <not-affected> (Only Apache 2.2.4 was affected, and all versions of 2.2.4 in Debian are fixed)
CVE-2007-1861
	{DSA-1289-1}
	- linux-2.6 2.6.21-1
CVE-2007-1860
	{DSA-1312-1}
	- libapache-mod-jk 1:1.2.23-1 (bug #425836)
CVE-2007-1859
	- xscreensaver 5.03-1 (low; bug #433964)
	[etch] - xscreensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
	[sarge] - xscreensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
CVE-2007-1858
	NOTE: insecure ciphers should not be (and usually are not) enabled in browsers
	[sarge] - tomcat4 <no-dsa> (low)
	[etch] - tomcat5 <no-dsa> (low; bug #423435)
	- tomcat5 <removed> (low; bug #423435)
	- tomcat5.5 5.5.17-1 (low)
	- tomcat4 <removed> (low)
CVE-2007-1857
	RESERVED
CVE-2007-1856
	- cron <not-affected> (Debian uses proper permission scheme)
CVE-2007-1855
	NOT-FOR-US: Shop-Script
CVE-2007-1854
	NOT-FOR-US: Hitachi Cosminexus Component Container
CVE-2007-1853
	NOT-FOR-US: Hitachi DeviceManager
CVE-2007-1852
	NOT-FOR-US: 2BGal
CVE-2007-1851
	NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1850
	NOT-FOR-US: Drake CMS
CVE-2007-1849
	NOT-FOR-US: Drake CMS
CVE-2007-1848
	NOT-FOR-US: Drake CMS
CVE-2007-1847
	NOT-FOR-US: Repository module for Xoops
CVE-2007-1846
	NOT-FOR-US: MyAds
CVE-2007-1845
	NOT-FOR-US: Expanded Calendar module for PHP-Fusion
CVE-2007-1844
	NOT-FOR-US: Aardvark Topsites
CVE-2007-1843
	NOT-FOR-US: MapLab
CVE-2007-1842
	NOT-FOR-US: JSBoard
CVE-2007-1841
	{DSA-1299-1 DTSA-42-1}
	- ipsec-tools 1:0.6.6-3.2 (medium; bug #423252)
	[sarge] - ipsec-tools <not-affected> (the older stream of development used in the sarge package is not vulnerable - a code change that went into that branch coincidentally fixed it and this change was already there in sarge)
CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable]
	- initramfs-tools 0.85g (low; bug #417995)
CVE-2007-1840
	{DSA-1287-1}
	- ldap-account-manager 1.1.1-2 (medium; bug #415379)
CVE-2007-1839
	NOT-FOR-US: CodeBB
CVE-2007-1838
	NOT-FOR-US: Friendfinder module for Xoops
CVE-2007-1837
	NOT-FOR-US: MangoBery CMS
CVE-2007-1836
	NOT-FOR-US: Data Domain OS
CVE-2007-1835
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2007-1834
	NOT-FOR-US: Cisco
CVE-2007-1833
	NOT-FOR-US: Cisco
CVE-2007-1832
	NOT-FOR-US: WebAPP
CVE-2007-1831
	NOT-FOR-US: WebAPP
CVE-2007-1830
	NOT-FOR-US: WebAPP
CVE-2007-1829
	NOT-FOR-US: WebAPP
CVE-2007-1828
	NOT-FOR-US: WebAPP
CVE-2007-1827
	NOT-FOR-US: WebAPP
CVE-2007-1826
	NOT-FOR-US: Cisco
CVE-2007-1825
	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1824
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1823
	NOT-FOR-US: T-Mobile
CVE-2007-1822
	NOT-FOR-US: Alcatel-Lucent
CVE-2007-1821
	NOT-FOR-US: Sprint Nextel
CVE-2007-1820
	NOT-FOR-US: Nortel Networks
CVE-2007-1819
	NOT-FOR-US: ActiveX control in TestDirector
CVE-2007-1818
	NOT-FOR-US: Forum picture and META tags module for phpBB
CVE-2007-1817
	NOT-FOR-US: Lykos Reviews module for Xoops
CVE-2007-1816
	NOT-FOR-US: Tutorials module for Xoops
CVE-2007-1815
	NOT-FOR-US: Library module for Xoops
CVE-2007-1814
	NOT-FOR-US: Core module for Xoops
CVE-2007-1813
	NOT-FOR-US: eCal module for Xoops
CVE-2007-1812
	NOT-FOR-US: BT-Sondage
CVE-2007-1811
	NOT-FOR-US: Tiny Event module for Xoops
CVE-2007-1810
	NOT-FOR-US: Kshop module for Xoops
CVE-2007-1809
	NOT-FOR-US: WebSite Builder
CVE-2007-1808
	NOT-FOR-US: Camportail module for Xoops
CVE-2007-1807
	NOT-FOR-US: myAlbum-P module for Xoops
CVE-2007-1806
	NOT-FOR-US: RM+Soft Gallery module for Xoops
CVE-2007-1805
	NOT-FOR-US: debaser module for Xoops
CVE-2007-1804
	{DTSA-44-1}
	- pulseaudio 0.9.6-1 (low)
	[etch] - pulseaudio <no-dsa> (Minor issue)
CVE-2007-1803
	NOT-FOR-US: MailDwarf
CVE-2007-1802
	NOT-FOR-US: MailDwarf
CVE-2007-1801
	NOT-FOR-US: sBLOG
CVE-2007-1800
	NOT-FOR-US: Cisco
CVE-2007-1799
	{DSA-1373-2 DSA-1373-1}
	- ktorrent 2.1.4.dfsg.1-1 (medium; bug #432007)
CVE-2007-1798
	NOT-FOR-US: IBM AIX
CVE-2007-1797
	{DSA-1903-1 DSA-1858-1}
	- imagemagick 7:6.2.4.5.dfsg1-1 (medium)
	- graphicsmagick 1.1.7-15 (medium)
CVE-2007-1796
	NOT-FOR-US: URLshrink
CVE-2007-1795
	NOT-FOR-US: URLshrink
CVE-2007-1794
	NOTE: Duplicate of CVE-2006-3805
CVE-2007-1793
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1792
	NOT-FOR-US: Symantec Mail Security
CVE-2007-1791
	NOT-FOR-US: Picture-Engine
CVE-2007-1790
	NOT-FOR-US: Kaqoo Auction Software
CVE-2007-1789
	- flyspray <not-affected> (Code was introduced in 0.9.9, not sensitive anyway)
CVE-2007-1788
	- flyspray 0.9.8-10 (medium)
	[sarge] - flyspray <not-affected> (Vulnerable code not present)
CVE-2007-1787
	NOT-FOR-US: Time-Assistant
CVE-2007-1786
	NOT-FOR-US: Hitachi Collaboration
CVE-2007-1785
	NOT-FOR-US: CA BrightStor ARCserve Backup
CVE-2007-1784
	NOT-FOR-US: JNILoader ActiveX control
CVE-2007-1783
	REJECTED
CVE-2007-XXXX [low-entropy default passphrase in Debian's dtc-xen]
	- dtc-xen 0.2.8-1 (low; bug #414480)
CVE-2007-XXXX [file permission race conidition in Debian's dtc-xen]
	- dtc-xen 0.2.8-1 (low; bug #414482)
CVE-2007-XXXX [too lenient UTF-8 decoder in kjs/function.cpp]
	- kdelibs 4:3.5.5a.dfsg.1-8
CVE-2007-XXXX [double-free vulnerability in the Real Media demuxer]
	- ffmpeg 0.cvs20060823-8 (low; bug #379922)
	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
CVE-2007-XXXX [various crashes and infinite loops in ffmpeg]
	- ffmpeg 0.cvs20060823-8 (low; bug #407003)
	- xmovie <removed>
CVE-2007-1782
	NOT-FOR-US: CruiseWorks
CVE-2007-1781
	NOT-FOR-US: Minna De Office
CVE-2007-1780
	NOT-FOR-US: Overlay Weaver
CVE-2007-1779
	NOT-FOR-US: Advanced Website Creator
CVE-2007-1778
	NOT-FOR-US: Eve-Nuke
CVE-2007-1777
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 6:4.4.6-1 (medium)
	- php5 5.2.0-11 (medium)
CVE-2007-1776
	NOT-FOR-US: D4J eZine
CVE-2007-1775
	NOT-FOR-US: JBrowser
CVE-2007-1774
	NOT-FOR-US: aBitWhizzy
CVE-2007-1773
	NOT-FOR-US: aBitWhizzy
CVE-2007-1772
	NOT-FOR-US: HP JetDirect
CVE-2007-1771
	NOT-FOR-US: Ay System Solutions Web Content System
CVE-2007-1770
	NOT-FOR-US: ArcSDE
CVE-2007-1769
	REJECTED
CVE-2007-1768
	NOT-FOR-US: Mephisto
CVE-2007-1767
	NOT-FOR-US: AOL
CVE-2007-1766
	NOT-FOR-US: Advanced Login
CVE-2007-1765
	NOT-FOR-US: Microsoft
CVE-2007-1764
	NOT-FOR-US: FastStone Image Viewer
CVE-2007-1763
	NOT-FOR-US: Microsoft
CVE-2007-1762
	- iceweasel 3.0.1-1 (unimportant; bug #445515)
	NOTE: I don't believe this has relevant security impact, such a black list
	NOTE: will register URLs found in the wild and the used adresses will be
	NOTE: volatile anyway
CVE-2007-1761
	REJECTED
CVE-2007-1760
	REJECTED
CVE-2007-1759
	REJECTED
CVE-2007-1758
	REJECTED
CVE-2007-1757
	REJECTED
CVE-2007-1756
	NOT-FOR-US: Microsoft Excel
CVE-2007-1755
	REJECTED
CVE-2007-1754
	NOT-FOR-US: Microsoft Office
CVE-2007-1753
	REJECTED
CVE-2007-1752
	REJECTED
CVE-2007-1751
	NOT-FOR-US: Microsoft
CVE-2007-1750
	NOT-FOR-US: Microsoft
CVE-2007-1749
	NOT-FOR-US: Vector Markup Language
CVE-2007-1748
	NOT-FOR-US: Microsoft Windows
CVE-2007-1747
	NOT-FOR-US: Microsoft Office
CVE-2007-1746
	RESERVED
CVE-2007-1745
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (high)
CVE-2007-1744
	NOT-FOR-US: VMware
CVE-2007-1743
	- apache2 <unfixed> (unimportant)
CVE-2007-1742
	- apache2 2.2.8-5 (unimportant)
CVE-2007-1741
	- apache2 2.2.8-5 (unimportant)
CVE-2007-1740
	REJECTED
CVE-2007-1739
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-1738
	NOT-FOR-US: TrueCrypt
CVE-2007-1737
	NOT-FOR-US: Opera
CVE-2007-1736
	- iceweasel <removed> (unimportant)
	NOTE: I don't believe this has relevant security impact, such a black list
	NOTE: will register URLs found in the wild and the used adresses will be
	NOTE: volatile anyway
CVE-2007-1735
	NOT-FOR-US: Corel WordPerfect
CVE-2007-1734
	- linux-2.6 2.6.20-1 (medium; bug #420875)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-1733
	NOT-FOR-US: NaviCOPA HTTP Server
CVE-2007-1732
	- wordpress 2.1.3-1 (unimportant)
	NOTE: Administrators can post full HTML, that is a feature. Rightly disputed.
CVE-2007-1731
	NOT-FOR-US: hpaftpd
CVE-2007-1730
	- linux-2.6 2.6.21-1 (medium)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-1729
	NOT-FOR-US: Flexbb
CVE-2007-1728
	NOT-FOR-US: Sony Playstation 3
CVE-2007-1727
	NOT-FOR-US: HP OpenView
CVE-2007-1726
	NOT-FOR-US: IceBB
CVE-2007-1725
	NOT-FOR-US: IceBB
CVE-2007-1724
	NOT-FOR-US: ReactOS
CVE-2007-1723
	NOT-FOR-US: IronMail
CVE-2007-1722
	NOT-FOR-US: SKCommAX ActiveX control
CVE-2007-1721
	NOT-FOR-US: C-Arbre
CVE-2007-1720
	NOT-FOR-US: Addressbook 1.2 module for PHP-Nuke
CVE-2007-1719
	NOT-FOR-US: mcweject
CVE-2007-1718
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 <removed> (medium)
	[sarge] - php4 <not-affected> (Vulnerable code not present)
	- php5 5.2.0-11 (medium)
CVE-2007-1717
	- php4 6:4.4.6-2 (unimportant)
	- php5 5.2.2-1 (unimportant)
	NOTE: This is a regular bug, not a security problem
CVE-2007-1716
	NOT-FOR-US: pam_console
CVE-2007-1715
	NOT-FOR-US: Free Image Hosting
CVE-2007-1714
	NOT-FOR-US: CcCounter
CVE-2007-1713
	NOT-FOR-US: BASP21
CVE-2007-1712
	NOT-FOR-US: Active Auction Pro
CVE-2007-1711
	{DSA-1283-1 DSA-1282-1}
	- php4 6:4.4.6-2
	- php5 5.2.0-9
	NOTE: register_globals not supported
CVE-2007-1710
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Safe mode violations not supported, insufficient measure
CVE-2007-1709
	NOT-FOR-US: PECL phpDOC
CVE-2007-1708
	NOT-FOR-US: ttCMS
CVE-2007-1707
	NOT-FOR-US: Net-Side.net CMS
CVE-2007-1706
	NOT-FOR-US: eWebQuiz
CVE-2007-1705
	NOT-FOR-US: Active Trade
CVE-2007-1704
	NOT-FOR-US: Joomla module Car Manager
CVE-2007-1703
	NOT-FOR-US: Joomla module RWCards
CVE-2007-1702
	NOT-FOR-US: Flatmenu
CVE-2007-1701
	- php5 5.2.0-9 (unimportant)
	- php4 6:4.4.4-9 (unimportant)
	NOTE: register_globals not supported
	NOTE: Dupe of CVE-2007-0910
CVE-2007-1700
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-9
	- php4 6:4.4.4-9
	[etch] - php5 5.2.0-8+etch1
	[etch] - php4 6:4.4.4-8+etch1
	[sarge] - php4 4:4.3.10-21
	NOTE: This was fixed as a side-effect of previous security fixes, noting the
	NOTE: status as of DSA-1286 as fixed version. likewise the oldstable
	NOTE: version was fixed.
CVE-2007-1699
	NOT-FOR-US: Mambo module SWmenu
CVE-2007-1698
	NOT-FOR-US: Philex
CVE-2007-1697
	NOT-FOR-US: Philex
CVE-2007-1696
	NOT-FOR-US: Active Newsletter
CVE-2007-1695
	- phpbb2 <not-affected> (requires register_globals to exploit)
	NOTE: Vulnerability is disputed, but is a non-issue anyway.
CVE-2007-1694
	RESERVED
CVE-2007-1693
	- yate 1.2.0-1.dfsg-1 (low; bug #421994)
	[etch] - yate <no-dsa> (Minor issue, fringe application)
CVE-2007-1692
	NOT-FOR-US: Microsoft
CVE-2007-1691
	NOT-FOR-US: Second Sight Software
CVE-2007-1690
	NOT-FOR-US: Second Sight Software
CVE-2007-1689
	NOT-FOR-US: Norton
CVE-2007-1688
	NOT-FOR-US: PhPInfo ActiveX control
CVE-2007-1687
	NOT-FOR-US: iPIX Image Well ActiveX control
CVE-2007-1686
	RESERVED
CVE-2007-1685
	NOT-FOR-US: BlueCoat
CVE-2007-1684
	NOT-FOR-US: sldimdownload ActiveX control
CVE-2007-1683
	NOT-FOR-US: IncrediMail
CVE-2007-1682
	NOT-FOR-US: FileManager ActiveX
CVE-2007-1681
	NOT-FOR-US: Sun Solaris
CVE-2007-1680
	NOT-FOR-US: AudioConf ActiveX control
CVE-2007-1679
	NOTE: Allegedly a duplicate of CVE-2006-4255.
	NOTE: The other issue needs a CSRF attack to exploit.
CVE-2007-1678
	NOT-FOR-US: Fizzle 0.5 extension for Firefox
CVE-2007-1677
	NOT-FOR-US: NetBSD
CVE-2007-1676
	RESERVED
CVE-2007-1675
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-1674
	NOT-FOR-US: LANDesk Management Suite
CVE-2007-1673
	[sarge] - zoo <no-dsa> (Minor issue)
	[etch] - zoo <no-dsa> (Minor issue)
	- zoo 2.10-19 (bug #424686)
	- unzoo 4.4-7 (bug #424690)
	[sarge] - unzoo <no-dsa> (Minor issue)
	[etch] - unzoo <no-dsa> (Minor issue)
CVE-2007-1672
	NOT-FOR-US: avast
CVE-2007-1671
	NOT-FOR-US: Avira
CVE-2007-1670
	NOT-FOR-US: Panda
CVE-2007-1669
	NOT-FOR-US: Barracuda
CVE-2007-1668
	RESERVED
CVE-2007-1666
	NOT-FOR-US: IDA Pro
CVE-2007-1665
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1664
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1663
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1662
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1661
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1660
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1659
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- kazehakase 0.5.2-1
	- pcre3 7.3-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1658
	NOT-FOR-US: Microsoft
CVE-2007-1657
	- python2.5 <not-affected> (does not build minigzip.c)
CVE-2007-1656
	NOT-FOR-US: Plyt Audio
CVE-2007-1655
	{DSA-1317-1}
	- tinymux 2.4.3.31-1.1 (bug #417539)
CVE-2007-1654
	NOT-FOR-US: ne7ssh
CVE-2007-1653
	NOT-FOR-US: GlowWorm FW
CVE-2007-1652
	NOT-FOR-US: MyOpenID.com
CVE-2007-1651
	NOT-FOR-US: MyOpenID.com
CVE-2007-1650
	NOT-FOR-US: pcapsipdump
CVE-2007-1649
	- php5 5.2.2-1
	[etch] - php5 <not-affected> (Only affects PHP 5.2.1)
CVE-2007-1648
	NOT-FOR-US: 0irc
CVE-2007-1647
	- moodle 1.5.3-1 (low)
CVE-2007-1646
	NOT-FOR-US: SubHub
CVE-2007-1645
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2007-1644
	NOT-FOR-US: Microsoft DNS Server
CVE-2007-1643
	NOT-FOR-US: LAN Management System
CVE-2007-1642
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2007-1641
	NOT-FOR-US: PortailPHP
CVE-2007-1640
	NOT-FOR-US: ClassWeb
CVE-2007-1639
	NOT-FOR-US: PHProjekt
CVE-2007-1638
	NOT-FOR-US: PHProjekt
CVE-2007-1637
	NOT-FOR-US: IMAILAPILib ActiveX control
CVE-2007-1636
	NOT-FOR-US: RoseOnlineCMS
CVE-2007-1635
	NOT-FOR-US: Net Portal Dynamic System
CVE-2007-1634
	NOT-FOR-US: Net Portal Dynamic System
CVE-2007-1633
	NOT-FOR-US: Splatt Forum
CVE-2007-1632
	NOT-FOR-US: webCMS
CVE-2007-1631
	NOT-FOR-US: CLBOX
CVE-2007-1630
	NOT-FOR-US: Active Link Engine
CVE-2007-1629
	NOT-FOR-US: Active Photo Gallery
CVE-2007-1628
	NOT-FOR-US: Study planner
CVE-2007-1627
	REJECTED
CVE-2007-1626
	NOT-FOR-US: iFrame Module for PHP-NUKE
CVE-2007-1625
	NOT-FOR-US: realGuestbook
CVE-2007-1624
	NOT-FOR-US: realGuestbook
CVE-2007-1623
	NOT-FOR-US: realGuestbook
CVE-2007-1622
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1621
	NOT-FOR-US: Active PHP Bookmark Notes
CVE-2007-1620
	NOT-FOR-US: PHP DB Designer
CVE-2007-1619
	NOT-FOR-US: ScriptMagix
CVE-2007-1618
	NOT-FOR-US: ScriptMagix
CVE-2007-1617
	NOT-FOR-US: ScriptMagix
CVE-2007-1616
	NOT-FOR-US: ScriptMagix
CVE-2007-1615
	NOT-FOR-US: ScriptMagix
CVE-2007-1614
	{DTSA-56-1}
	- zziplib 0.13.49-0 (bug #436701; low)
	[etch] - zziplib <no-dsa> (Minor issue)
	NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
	NOTE: If an attacker can supply arbitrary file names, we likely suffer from
	NOTE: an information disclosure issue anyway.
CVE-2007-1613
	NOT-FOR-US: MPM Chat
CVE-2007-1612
	NOT-FOR-US: Plyt Audio
CVE-2007-1611
	NOT-FOR-US: IKANARI JIJYOU
CVE-2007-1610
	NOT-FOR-US: NewsGlue
CVE-2007-1609
	NOT-FOR-US: Oracle Application Server
CVE-2007-1608
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1607
	NOT-FOR-US: Web-Agora
CVE-2007-1606
	NOT-FOR-US: Web-Agora
CVE-2007-1605
	NOT-FOR-US: Web-Agora
CVE-2007-1604
	NOT-FOR-US: Web-Agora
CVE-2007-1603
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1602
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1601
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1600
	NOT-FOR-US: Digital Eye Gallery
CVE-2007-1599
	{DSA-1601-1}
	- wordpress 2.2.2-1 (bug #437085; low)
CVE-2007-1598
	NOT-FOR-US: FileCOPA FTP
CVE-2007-1597
	NOT-FOR-US: Unclassified NewsBoard
CVE-2007-1596
	NOT-FOR-US: NFN Address Book
CVE-2007-1595
	- asterisk 1:1.4.0~dfsg-1 (low)
	[etch] - asterisk <not-affected> (Only affects 1.4.x)
	[sarge] - asterisk <not-affected> (Only affects 1.4.x)
CVE-2007-1593
	NOT-FOR-US: Symantec
CVE-2007-1592
	{DSA-1503-2 DSA-1503-1 DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1 (medium)
CVE-2007-1591
	NOT-FOR-US: Trend Micro
CVE-2007-1590
	NOT-FOR-US: Grandstream
CVE-2007-1589
	NOT-FOR-US: Truecrypt
CVE-2007-1588
	NOT-FOR-US: MyServer
CVE-2007-1587
	NOT-FOR-US: StatsDawg
CVE-2007-1586
	NOT-FOR-US: Zyxel
CVE-2007-1585
	NOT-FOR-US: Cisco
CVE-2007-1584
	NOTE: Dupe of CVE-2007-0907; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1583
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.0-11 (medium)
	- php4 <removed> (medium)
CVE-2007-1582
	- php5 <removed> (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1581
	- php5 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1580
	NOT-FOR-US: FTPDMIN
CVE-2007-1579
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1578
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1577
	NOT-FOR-US: GeBlog
CVE-2007-1576
	NOT-FOR-US: PHProjekt
CVE-2007-1575
	NOT-FOR-US: PHProjekt
CVE-2007-1574
	NOT-FOR-US: CARE2X
CVE-2007-1573
	NOT-FOR-US: vBulletin
CVE-2007-1572
	NOT-FOR-US: JGBBS
CVE-2007-1571
	NOT-FOR-US: Activist Mobilization Platform
CVE-2007-1570
	REJECTED
CVE-2007-1569
	NOT-FOR-US: NewsBin Pro
CVE-2007-1568
	NOT-FOR-US: NewsReactor
CVE-2007-1567
	NOT-FOR-US: WarFTPd
CVE-2007-1566
	NOT-FOR-US: NetVIOS Portal
CVE-2007-1565
	- kdelibs <unfixed> (unimportant)
CVE-2007-1564
	- kdelibs 4:3.5.5a.dfsg.1-7
CVE-2007-1563
	NOT-FOR-US: Opera
CVE-2007-1562
	- iceweasel 2.0.0.3-1 (low)
CVE-2007-1560
	- squid 2.6.5-6 (low)
	[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-1559
	NOT-FOR-US: Roxio
CVE-2007-1558
	{DSA-1305-1 DSA-1300-1 DTSA-46-1 DTSA-47-1}
	NOTE: Affects various clients, but no practical security implications
	NOTE: MFSA2007-15
	- icedove 2.0.0.4-1
	- iceape 1.1.2-1
	- fetchmail 6.3.8-1 (unimportant)
	[etch] - fetchmail 6.3.6-1etch3
	- mailfilter 0.8.2-1 (unimportant)
	- mutt 1.5.18-6 (unimportant)
	NOTE: i couldn't pinpoint exact mutt fixed version, but lenny's version has the
	NOTE: patch and etch's version does not (http://dev.mutt.org/trac/ticket/2846)
	- balsa 2.3.17-1 (unimportant)
	- claws-mail 2.9.1-1 (unimportant)
CVE-2007-1557
	NOT-FOR-US: F-Secure
CVE-2007-1556
	NOT-FOR-US: Creative Files
CVE-2007-1555
	NOT-FOR-US: Minerva module of phpBB
CVE-2007-1554
	NOT-FOR-US: Guestbara
CVE-2007-1553
	NOT-FOR-US: Guestbara
CVE-2007-1552
	NOT-FOR-US: MetaForum
CVE-2007-1551
	NOT-FOR-US: phpx
CVE-2007-1550
	NOT-FOR-US: phpx
CVE-2007-1549
	NOT-FOR-US: phpx
CVE-2007-1548
	NOT-FOR-US: Web Wiz Forums
CVE-2007-1547
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1546
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1545
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1544
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1543
	{DSA-1273-1}
	- nas 1.8-4 (medium; bug #416038)
CVE-2007-1542
	NOT-FOR-US: Cisco
CVE-2007-1541
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1540
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1539
	NOT-FOR-US: pragmaMX Landkarten
CVE-2007-1538
	NOT-FOR-US: McAfee
CVE-2007-1537
	NOT-FOR-US: Microsoft
CVE-2007-1536
	{DSA-1274-1}
	- file 4.20-1 (bug #415362; high)
	NOTE: Has got lots of reverse dependencies.
	NOTE: Some of them process remotely supplied untrusted input.
CVE-2007-1535
	NOT-FOR-US: Microsoft
CVE-2007-1534
	NOT-FOR-US: Microsoft
CVE-2007-1533
	NOT-FOR-US: Microsoft
CVE-2007-1532
	NOT-FOR-US: Microsoft
CVE-2007-1531
	NOT-FOR-US: Microsoft
CVE-2007-1530
	NOT-FOR-US: Microsoft
CVE-2007-1529
	NOT-FOR-US: Microsoft
CVE-2007-1528
	NOT-FOR-US: Microsoft
CVE-2007-1527
	NOT-FOR-US: Microsoft
CVE-2007-1526
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-1525
	NOT-FOR-US: Dayfox Blog
CVE-2007-1524
	NOT-FOR-US: ZomPlog
CVE-2007-1523
	NOT-FOR-US: NetBSD
CVE-2007-1522
	{DSA-1283-1}
	- php5 5.2.2-1 (medium)
CVE-2007-1521
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.0-11 (medium)
	- php4 6:4.4.6-2 (medium)
CVE-2007-1520
	NOT-FOR-US: PHP-Nuke
CVE-2007-1519
	NOT-FOR-US: PHP-Nuke
CVE-2007-1518
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-1517
	NOT-FOR-US: WSN Guest
CVE-2007-1561
	{DSA-1358-1}
	- asterisk 1:1.4.2~dfsg-5 (bug #415466; medium)
	NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
CVE-2007-1594
	NOTE: Duplicate of CVE-2007-2297
CVE-2007-1516
	NOT-FOR-US: CcMail
CVE-2007-1515
	- imp4 4.1.3-4 (medium; bug #415117)
CVE-2007-1514
	NOT-FOR-US: ViperWeb Portal
CVE-2007-1513
	NOT-FOR-US: WebSite Builder
CVE-2007-1512
	NOT-FOR-US: Microsoft Windows
CVE-2007-1511
	NOT-FOR-US: FrontBase Relational Database Server
CVE-2007-1510
	NOT-FOR-US: Particle Blogger
CVE-2007-1509
	NOT-FOR-US: krypt
CVE-2007-1508
	NOT-FOR-US: DirectAdmin
CVE-2007-1507
	{DSA-1271-1}
	- openafs 1.4.2-6 (medium)
CVE-2007-1506
	NOT-FOR-US: Oracle Portal
CVE-2007-1505
	NOT-FOR-US: Fujistu FENCE-Pro
CVE-2007-1504
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2007-1503
	- rhapsody <removed> (medium)
CVE-2007-1502
	- rhapsody <removed> (medium)
CVE-2007-1501
	NOT-FOR-US: Avant Browse
CVE-2007-1500
	NOT-FOR-US: Linux Security Auditing Tool
CVE-2007-1499
	NOT-FOR-US: Internet Explorer
CVE-2007-1498
	NOT-FOR-US: SiteManager.SiteMgr.1 ActiveX control
CVE-2007-1497
	{DSA-1289-1}
	- linux-2.6 2.6.20-1 (medium)
CVE-2007-1496
	{DSA-1289-1}
	- linux-2.6 2.6.21-1 (medium)
CVE-2007-1495
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1494
	NOT-FOR-US: NukeSentinel
CVE-2007-1493
	NOT-FOR-US: NukeSentinel
CVE-2007-1492
	NOT-FOR-US: Microsoft Windows XP
CVE-2007-1491
	NOT-FOR-US: Avaya S87XX
CVE-2007-1490
	NOT-FOR-US: Avaya S87XX
CVE-2007-1489
	NOT-FOR-US: WebAPP
CVE-2007-1488
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-1487
	NOT-FOR-US: CyberTeddy WebLog
CVE-2007-1486
	NOT-FOR-US: Carbonize Lazarus Guestbook
CVE-2007-1485
	NOT-FOR-US: LIBFtp
CVE-2007-1484
	- php4 <removed> (unimportant)
	- php5 5.2.2-1 (unimportant)
	NOTE: local malicious scripts only
CVE-2007-1483
	- webcalendar 1.0.5-1 (high)
	[sarge] - webcalendar 0.9.45-4sarge7
	NOTE: This was fixed in Sarge as a side-effect of an earlier fix, marking current
	NOTE: Sarge version as fixed version
CVE-2007-1482
	NOT-FOR-US: WBBlog
CVE-2007-1481
	NOT-FOR-US: WBBlog
CVE-2007-1480
	NOT-FOR-US: Creative Guestbook
CVE-2007-1479
	NOT-FOR-US: Creative Guestbook
CVE-2007-1478
	NOT-FOR-US: McGallery
CVE-2007-1477
	NOT-FOR-US: Point Of Sale for osCommerce
CVE-2007-1476
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1475
	- php4 <removed> (unimportant)
	NOTE: Can only be triggered by malicious script
CVE-2007-1474
	{DSA-1406-1}
	- horde3 3.1.3-4 (medium)
CVE-2007-1473
	{DSA-1406-1}
	- horde3 3.1.4-1 (low; bug #434045)
CVE-2007-1472
	NOT-FOR-US: Groupit
CVE-2007-1471
	NOT-FOR-US: Orion-Blog
CVE-2007-1470
	NOT-FOR-US: LIBFtp
CVE-2007-1469
	NOT-FOR-US: Absolute Image Gallery
CVE-2007-1468
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-1467
	NOT-FOR-US: Cisco
CVE-2007-1466
	- libwpd 0.8.9-1 (medium)
	[etch] - libwpd 0.8.7-6
CVE-2007-1465
	NOT-FOR-US: dproxy
CVE-2007-1464
	- inkscape 0.45.1-1 (medium)
	[etch] - inkscape <not-affected> (Versions prior to 0.45 used loudmouth, which isn't affected)
CVE-2007-1463
	- inkscape 0.45.1-1 (low)
	[etch] - inkscape <no-dsa> (Minor issue)
	[sarge] - inkscape <no-dsa> (Minor issue)
	NOTE: shell code would be prominently inside the file names
CVE-2007-1462
	NOT-FOR-US: conga
CVE-2007-1461
	- php5 5.2.2-1 (unimportant)
	NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1460
	- php5 5.2.2-1 (unimportant)
	NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1459
	NOT-FOR-US: WebCreator
CVE-2007-1458
	NOT-FOR-US: CARE2X
CVE-2007-1457
	NOT-FOR-US: UniquE RAR File Library
CVE-2007-1456
	NOT-FOR-US: PHP Photo Album
CVE-2007-1455
	NOT-FOR-US: Fantastico
CVE-2007-1454
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1453
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1452
	- php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1451
	NOT-FOR-US: GuppY
CVE-2007-1450
	NOT-FOR-US: PHP-Nuke
CVE-2007-1449
	NOT-FOR-US: PHP-Nuke
CVE-2007-1448
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2007-1447
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2007-1446
	NOT-FOR-US: Open Education System
CVE-2007-1445
	NOT-FOR-US: BP Blog
CVE-2007-1444
	- netperf 2.4.3-8 (bug #413658; medium)
	[sarge] - netperf <no-dsa> (Non-free not supported)
	[etch] - netperf <no-dsa> (Non-free not supported)
CVE-2007-1443
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-1442
	NOT-FOR-US: Oracle Database
CVE-2007-1441
	NOT-FOR-US: BlackBerry 8100
CVE-2007-1440
	NOT-FOR-US: JGBBS
CVE-2007-1439
	NOT-FOR-US: MySQL Commander
CVE-2007-1438
	NOT-FOR-US: X-Ice News System
CVE-2007-1437
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1436
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1435
	NOT-FOR-US: D-Link TFTP Server
CVE-2007-1434
	NOT-FOR-US: Grayscale Blog
CVE-2007-1433
	NOT-FOR-US: Grayscale Blog
CVE-2007-1432
	NOT-FOR-US: Grayscale Blog
CVE-2007-1431
	- pennmush 1.8.2p7-1 (low; bug #436249)
	[sarge] - pennmush <no-dsa> (Minor issue)
	[etch] - pennmush <no-dsa> (Minor issue)
CVE-2007-1430
	NOT-FOR-US: ClipShare
CVE-2007-1429
	- moodle <not-affected>
	NOTE: Security problem with the Windows version
	NOTE: Debian Maintainer and Upstream state that debian is not affected
	NOTE: and the problem is not reproducible there
CVE-2007-1428
	NOT-FOR-US: JobSitePro
CVE-2007-1427
	NOT-FOR-US: AssetMan
CVE-2007-1426
	NOT-FOR-US: AstroCam
CVE-2007-1425
	NOT-FOR-US: SonicMailer Pro
CVE-2007-1424
	NOT-FOR-US: DataLife Engine
CVE-2007-1423
	NOT-FOR-US: WORK system e-commerce
CVE-2007-1422
	NOT-FOR-US: Duyuru Scripti
CVE-2007-1421
	NOT-FOR-US: SubDog
CVE-2007-1420
	- mysql-dfsg-5.0 5.0.32-8 (bug #414790)
	[etch] - mysql-dfsg-5.0 5.0.32-7etch1
CVE-2007-1419
	NOT-FOR-US: JMX RMI-IIOP
CVE-2007-1418
	NOT-FOR-US: DekiWiki
CVE-2007-1417
	NOT-FOR-US: NEWSSYSTEM
CVE-2007-1416
	NOT-FOR-US: URLshrink
CVE-2007-1415
	NOT-FOR-US: PMB Services
CVE-2007-1414
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1413
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1412
	- php4 <not-affected> (cpdf extension not enabled in binary build)
	- php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1411
	- php4 <not-affected> (no mssql extension in Debian)
	- php5 <not-affected> (no mssql extension in Debian)
CVE-2007-1410
	NOT-FOR-US: GaziYapBoz Game Portal
CVE-2007-1409
	- wordpress <not-affected> (Path disclosure)
CVE-2007-1408
	NOT-FOR-US: Vallheru
CVE-2007-1407
	NOT-FOR-US: Quick.Cart
CVE-2007-1406
	[etch] - trac 0.10.3-1etch1
	- trac 0.10.4-1 (bug #414134; bug #420219)
	NOTE: Browser bug, only exploitable on IE, still fixed in a point release
CVE-2007-1405
	[etch] - trac 0.10.3-1etch1
	- trac 0.10.4-1 (bug #414134; bug #420219)
	NOTE: Browser bug, only exploitable on IE, still fixed in a point release
CVE-2007-1404
	NOT-FOR-US: ProSysInfo TFTP Server
CVE-2007-1403
	NOT-FOR-US: ActiveX control
CVE-2007-1402
	NOT-FOR-US: Rediff Toolbar ActiveX control
CVE-2007-1401
	NOT-FOR-US: php doesn't ship with cracklib activated in debian.
CVE-2007-1400
	NOT-FOR-US: Plash
CVE-2007-1399
	{DSA-1330-1}
	- php5 5.2.2-1 (medium)
CVE-2007-1398
	- snort <not-affected> (Vulnerable code not present)
CVE-2007-1397
	NOT-FOR-US: FiSH IRC Encryption
CVE-2007-1396
	- php5 5.2.2-1 (unimportant)
	NOTE: Non-issue
CVE-2007-1395
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.0.2-1 (medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-1394
	NOT-FOR-US: Flat Chat
CVE-2007-1393
	NOT-FOR-US: Magic CMS
CVE-2007-1392
	NOT-FOR-US: netForo!
CVE-2007-1391
	NOT-FOR-US: WEBO
CVE-2007-1390
	NOT-FOR-US: dynalias
CVE-2007-1389
	NOT-FOR-US: dynalias
CVE-2007-1388
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-1387
	{DSA-1536-1}
	- mplayer 1.0~rc1-13 (bug #414075; low)
	- xine-lib 1.1.2+dfsg-3 (bug #414072; low)
	[etch] - mplayer 1.0~rc1-12etch
	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
CVE-2007-1386
	RESERVED
CVE-2007-1385
	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1384
	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1383
	- php4 <removed> (unimportant)
	NOTE: Only triggerable by malicious PHP scripts, PHP5 not "affected"
CVE-2007-1382
	NOT-FOR-US: Windows PHP COM extensions
CVE-2007-1381
	- php5 <not-affected> (Affected only a php5 CVS version, not a release)
CVE-2007-1380
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.6-1 (low)
	- php5 5.2.0-11 (low)
CVE-2007-1379
	- php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1378
	- php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1377
	NOT-FOR-US: Adobe Reader
CVE-2007-1376
	{DSA-1283-1 DTSA-39-1}
	- php4 <removed>
	- php5 5.2.0-11
	NOTE: Only triggerable by malicious script
CVE-2007-1375
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (low)
	NOTE: Should be fixed, could be used as a stepstone for further attacks
CVE-2007-1374
	NOT-FOR-US: Snitz Forums
CVE-2007-1373
	NOT-FOR-US: Mercury Mail Transport System
CVE-2007-1372
	NOT-FOR-US: PostGuestbook
CVE-2007-1371
	- conquest 8.2b-1 (low)
	[sarge] - conquest <no-dsa> (Minor issue)
	[etch] - conquest <no-dsa> (Minor issue)
CVE-2007-1370
	NOT-FOR-US: Zend Platform
CVE-2007-1369
	NOT-FOR-US: Zend Platform
CVE-2007-1368
	NOT-FOR-US: Drupal module Project
CVE-2007-1367
	NOT-FOR-US: Avaya Communications Manager
CVE-2007-1366
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1365
	NOT-FOR-US: OpenBSD Kernel
CVE-2007-1364
	NOT-FOR-US: DropAFew
CVE-2007-1363
	NOT-FOR-US: DropAFew
CVE-2007-1362
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-14
	- iceape 1.1.2-1 (low)
	- iceweasel 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-1361
	NOT-FOR-US: VirtueMart
CVE-2007-1360
	NOT-FOR-US: Drupal module Nodefamily
CVE-2007-1359
	- libapache-mod-security 2.1.2-1
CVE-2007-1358
	- tomcat4 <removed> (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-1357
	{DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-1356
	REJECTED
CVE-2007-1355
	- tomcat4 <removed> (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.25-1 (unimportant)
	NOTE: Just an example application for documentation purposes
CVE-2007-1354
	NOT-FOR-US: JBoss Application Server
CVE-2007-1353
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-1 (low)
CVE-2007-1352
	{DSA-1294-1}
	- libxfont 1:1.2.2-2 (medium)
CVE-2007-1351
	{DSA-1454-1 DSA-1294-1}
	- libxfont 1:1.2.2-2 (medium)
	- freetype 2.3.5-1 (medium; bug #426771)
CVE-2007-1350
	NOT-FOR-US: Novell NetMail
CVE-2007-1349
	- apache <removed> (low)
	- libapache2-mod-perl2 2.0.2-5 (low; bug #433549)
	[etch] - libapache2-mod-perl2 <no-dsa> (Minor issue)
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-1348
	REJECTED
CVE-2007-1347
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2007-1346
	NOT-FOR-US: Sun Fire Server
CVE-2007-1345
	NOT-FOR-US: CA eTrust Admin
CVE-2007-1344
	NOT-FOR-US: Ezstream
CVE-2007-1343
	{DSA-1267-1}
	- webcalendar 1.0.5-1 (high)
CVE-2007-1342
	NOT-FOR-US: vBulletin
CVE-2007-1341
	NOT-FOR-US: Simple Invoices
CVE-2007-1340
	NOT-FOR-US: News-Letterman
CVE-2007-1339
	NOT-FOR-US: Links Management Application
CVE-2007-1338
	NOT-FOR-US: Apple AirPort Extreme
CVE-2007-1337
	NOT-FOR-US: VMware
CVE-2007-1336
	RESERVED
CVE-2007-1335
	RESERVED
CVE-2007-1334
	RESERVED
CVE-2007-1333
	RESERVED
CVE-2007-1332
	NOT-FOR-US: TKS Banking Solutions ePortfolio
CVE-2007-1331
	NOT-FOR-US: TKS Banking Solutions ePortfolio
CVE-2007-1330
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-1329
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1328
	NOT-FOR-US: JOLY BJ Webring
CVE-2007-1327
	NOT-FOR-US: silc daemon
CVE-2007-1326
	- serendipity <removed> (unimportant)
	NOTE: http://blog.s9y.org/archives/164-Serendipity-1.1.2-released.html
CVE-2007-1325
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.0.2-1
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-1324
	NOT-FOR-US: SnapGear
CVE-2007-1323
	REJECTED
CVE-2007-1322
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1321
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1320
	{DSA-1384-1 DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
	- xen-3 3.1.0-2 (bug #444007; medium)
	- xen-3.0 <removed>
CVE-2007-1319
	NOT-FOR-US: DeviceXPlorer OLE
CVE-2007-1318
	RESERVED
CVE-2007-1317
	RESERVED
CVE-2007-1316
	RESERVED
CVE-2007-1315
	RESERVED
CVE-2007-1314
	RESERVED
CVE-2007-1313
	NOT-FOR-US: NETxAutomation NETxEIB OPC Server
CVE-2007-1312
	RESERVED
CVE-2007-1311
	RESERVED
CVE-2007-1310
	RESERVED
CVE-2007-1309
	NOT-FOR-US: Novell Access Management
CVE-2007-1308
	- kdelibs <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-1307
	NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN
CVE-2007-1306
	{DSA-1358-1}
	- asterisk 1:1.2.16~dfsg-1 (medium)
CVE-2007-1305
	NOT-FOR-US: Sava's Guestbook
CVE-2007-1304
	NOT-FOR-US: Sava's Guestbook
CVE-2007-1303
	NOT-FOR-US: RRDBrowse
CVE-2007-1302
	NOT-FOR-US: LI-Guestbook
CVE-2007-1301
	NOT-FOR-US: MailEnable Enterprise
CVE-2007-1300
	NOT-FOR-US: ISPUtil
CVE-2007-1299
	NOT-FOR-US: Mani Stats Reader
CVE-2007-1298
	NOT-FOR-US: AJ Auction
CVE-2007-1297
	NOT-FOR-US: AJ Dating
CVE-2007-1296
	NOT-FOR-US: AJ Classifieds
CVE-2007-1295
	NOT-FOR-US: AJ Forum
CVE-2007-1294
	NOT-FOR-US: DivXBrowserPlugin ActiveX control
CVE-2007-1293
	NOT-FOR-US: Rigter Portal System
CVE-2007-1292
	NOT-FOR-US: vBulletin
CVE-2007-1291
	NOT-FOR-US: TygerBT
CVE-2007-1290
	NOT-FOR-US: TygerBT
CVE-2007-1289
	NOT-FOR-US: TygerBT
CVE-2007-1288
	NOT-FOR-US: WB News
CVE-2007-XXXX [unsafe temporary file in lintian's objdump-info]
	- lintian 1.23.28 (low)
	[sarge] - lintian <not-affected> (Vulnerable code not present)
CVE-2007-1287
	- php4 <removed> (unimportant)
	[sarge] - php4 <not-affected> (Regression introduced in 4.4.3)
	NOTE: Non-issue, explicit debug feature
CVE-2007-1286
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 6:4.4.6-1 (low)
	- php5 5.2.0-11 (low)
CVE-2007-1285
	- php5 5.2.2-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Needs to be sanisited within apps, only crashes the current instance anyway
CVE-2007-1284
	RESERVED
CVE-2007-1283
	RESERVED
CVE-2007-1282
	{DSA-1336-1}
	- icedove 1.5.0.10.dfsg1-1 (medium)
CVE-2007-1281
	NOT-FOR-US: Kaspersky AntiVirus Engine
CVE-2007-1280
	NOT-FOR-US: Adobe
CVE-2007-1279
	NOT-FOR-US: Adobe
CVE-2007-1278
	NOT-FOR-US: Adobe JRun and Coldfusion
CVE-2007-1277
	- wordpress <not-affected> (orig.tar.gz not compromised)
CVE-2007-1276
	- webmin <removed>
CVE-2007-1275
	RESERVED
CVE-2007-1274
	RESERVED
CVE-2007-XXXX [buffer overruns in GIT's http-push.c, fixed in 1.5.0.3]
	- git-core 1:1.5.0.3-1 (bug #413629; low)
	[etch] - git-core 1:1.4.4.4-2 (bug #413629; low)
CVE-2007-1273
	NOT-FOR-US: NetBSD Kernel
CVE-2007-1272
	RESERVED
CVE-2007-1271
	NOT-FOR-US: VMware ESX Server
CVE-2007-1270
	NOT-FOR-US: VMware ESX Server
CVE-2007-1269
	- gnumail <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1268
	- mutt <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1267
	- sylpheed <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1266
	- evolution <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1265
	- kdepim <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1264
	- enigmail 2:0.95.0+1-1 (unimportant; bug #415225)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1263
	{DSA-1266-1}
	- gnupg 1.4.6-2 (bug #413922; low)
	- gpgme1.0 1.1.2-3 (bug #414170; low)
	- gnupg2 2.0.3-1
	[sarge] - gnupg2 <no-dsa> (Minor issue)
	[etch] - gnupg2 <no-dsa> (Minor issue)
CVE-2007-1262
	{DSA-1290-1}
	- squirrelmail 2:1.4.10a-1
CVE-2007-1261
	NOT-FOR-US: OpenBiblio
CVE-2007-1260
	NOT-FOR-US: WebMod
CVE-2007-1259
	NOT-FOR-US: WebAPP
CVE-2007-1258
	NOT-FOR-US: Cisco
CVE-2007-1257
	NOT-FOR-US: Cisco
CVE-2007-1256
	- iceweasel <removed> (unimportant)
	NOTE: Not exploitable
CVE-2007-1255
	NOT-FOR-US: Connectix Boards
CVE-2007-1254
	NOT-FOR-US: Connectix Boards
CVE-2007-1253
	- blender 2.42a-6 (medium)
	[sarge] - blender <not-affected> (bug was introduced in version 2.42)
	NOTE: http://lists.alioth.debian.org/pipermail/secure-testing-team/2007-March/001095.html
CVE-2007-1252
	NOT-FOR-US: Symantec Mail Security
CVE-2007-1251
	NOT-FOR-US: Netrek Vanilla Server
CVE-2007-1250
	NOT-FOR-US: Learning Management Suite
CVE-2007-1249
	NOT-FOR-US: Contelligent
CVE-2007-1248
	NOT-FOR-US: News Manager Blog
CVE-2007-1247
	NOT-FOR-US: aWebNews
CVE-2007-1246
	{DSA-1536-1}
	- mplayer 1.0~rc1-13 (bug #414075; medium)
	- xine-lib 1.1.2+dfsg-3 (bug #414072; medium)
	[etch] - mplayer 1.0~rc1-12etch
	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
	NOTE: vlc checked, and is not affected.
CVE-2007-1245
	NOT-FOR-US: IrfanView
CVE-2007-1244
	- wordpress 2.1.2-1 (medium)
	[etch] - wordpress 2.0.10
CVE-2007-1243
	NOT-FOR-US: Audins Audiens
CVE-2007-1242
	NOT-FOR-US: Audins Audiens
CVE-2007-1241
	NOT-FOR-US: Audins Audiens
CVE-2007-1240
	NOT-FOR-US: Docebo CMS
CVE-2007-1239
	NOT-FOR-US: Microsoft Office
CVE-2007-1238
	NOT-FOR-US: Microsoft Office
CVE-2007-1237
	NOT-FOR-US: sitex
CVE-2007-1236
	NOT-FOR-US: sitex
CVE-2007-1235
	NOT-FOR-US: sitex
CVE-2007-1234
	NOT-FOR-US: sitex
CVE-2007-1233
	NOT-FOR-US: STWC-Counter
CVE-2007-1232
	NOT-FOR-US: SQLiteManager
CVE-2007-1231
	NOT-FOR-US: SQLiteManager
CVE-2007-1230
	- wordpress 2.1.2-1 (medium)
	[etch] - wordpress 2.0.10
CVE-2007-1229
	NOT-FOR-US: Nullsoft ShoutcastServer
CVE-2007-1228
	NOT-FOR-US: IBM DB2
CVE-2007-1227
	NOT-FOR-US: McAfee VirusScan
CVE-2007-1226
	NOT-FOR-US: McAfee VirusScan
CVE-2007-1225
	NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1224
	NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1223
	NOT-FOR-US: Hitachi OSAS/FT/W
CVE-2007-1222
	NOT-FOR-US: Parallels Desktop
CVE-2007-1221
	NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1220
	NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1219
	NOT-FOR-US: Phorum
CVE-2007-1217
	- isdnutils 1:3.9.20060704-3 (bug #408530; low)
	[sarge] - isdnutils <no-dsa> (Not exploitable over ISDN network)
	- asterisk-chan-capi 0.7.1-1.1 (bug #411293; unimportant)
	- linux-2.6 2.6.21-1 (bug #411294; unimportant)
	NOTE: Not exploitable over ISDN network, only theoretically through a dedicated CAPI server
CVE-2007-1216
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-1215
	NOT-FOR-US: Microsoft GDI
CVE-2007-1214
	NOT-FOR-US: Microsoft Excel
CVE-2007-1213
	NOT-FOR-US: Microsoft Windows
CVE-2007-1212
	NOT-FOR-US: Microsoft GDI
CVE-2007-1211
	NOT-FOR-US: Microsoft Windows
CVE-2007-1210
	REJECTED
CVE-2007-1209
	NOT-FOR-US: Windows Vista
CVE-2007-1208
	REJECTED
CVE-2007-1207
	REJECTED
CVE-2007-1206
	NOT-FOR-US: Microsoft Windows
CVE-2007-1205
	NOT-FOR-US: Microsoft Windows
CVE-2007-1204
	NOT-FOR-US: Microsoft Windows
CVE-2007-1203
	NOT-FOR-US: Microsoft Excel
CVE-2007-1202
	NOT-FOR-US: Microsoft Word
CVE-2007-1201
	NOT-FOR-US: Microsoft Office
CVE-2007-1200
	RESERVED
CVE-2007-1199
	NOT-FOR-US: Acrobat Reader
CVE-2007-1198
	NOT-FOR-US: TaskFreak!
CVE-2007-1197
	NOT-FOR-US: Epiware
CVE-2007-1196
	NOT-FOR-US: Citrix
CVE-2007-1195
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2007-1194
	NOT-FOR-US: SandBox Analyzer
CVE-2007-1193
	NOT-FOR-US: OrangeHRM
CVE-2007-1192
	NOT-FOR-US: HyperBook Guestbook
CVE-2007-1191
	NOT-FOR-US: Quicksilver plugin Social Bookmarks
CVE-2007-1190
	NOT-FOR-US: EmbeddedWB ActiveX control
CVE-2007-1189
	NOT-FOR-US: Alcatel-Lucent Bell Labs Plan 9
CVE-2007-1188
	NOT-FOR-US: WebAPP
CVE-2007-1187
	NOT-FOR-US: WebAPP
CVE-2007-1186
	NOT-FOR-US: WebAPP
CVE-2007-1185
	NOT-FOR-US: WebAPP
CVE-2007-1184
	NOT-FOR-US: WebAPP
CVE-2007-1183
	NOT-FOR-US: WebAPP
CVE-2007-1182
	NOT-FOR-US: WebAPP
CVE-2007-1181
	NOT-FOR-US: WebAPP
CVE-2007-1180
	NOT-FOR-US: WebAPP
CVE-2007-1179
	NOT-FOR-US: WebAPP
CVE-2007-1178
	NOT-FOR-US: WebAPP
CVE-2007-1177
	NOT-FOR-US: WebAPP
CVE-2007-1176
	NOT-FOR-US: WebAPP
CVE-2007-1175
	NOT-FOR-US: WebAPP
CVE-2007-1174
	NOT-FOR-US: WebAPP
CVE-2007-1173
	NOT-FOR-US: CentennialIPTransferServer
CVE-2007-1172
	NOT-FOR-US: WebAPP
CVE-2007-1171
	NOT-FOR-US: NukeSentinel
CVE-2007-1170
	NOT-FOR-US: SimBin Racing
CVE-2007-1169
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1168
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1167
	NOT-FOR-US: Clanportal
CVE-2007-1166
	NOT-FOR-US: Nabopoll
CVE-2007-1165
	NOT-FOR-US: DBGuestbook
CVE-2007-1164
	NOT-FOR-US: DBImageGallery
CVE-2007-1163
	NOT-FOR-US: webSPELL
CVE-2007-1162
	NOT-FOR-US: Common Controls ActiveX control
CVE-2007-1161
	NOT-FOR-US: Call Center Software
CVE-2007-1218
	{DSA-1272-1}
	- tcpdump 3.9.5-2 (bug #413430; low)
CVE-2007-1160
	NOT-FOR-US: webSPELL
CVE-2007-1159
	NOT-FOR-US: Pyrophobia
CVE-2007-1158
	NOT-FOR-US: Pagesetter
CVE-2007-1157
	NOT-FOR-US: JBoss
CVE-2007-1156
	NOT-FOR-US: JBrowser
CVE-2007-1155
	NOT-FOR-US: webSPELL
CVE-2007-1154
	NOT-FOR-US: webSPELL
CVE-2007-1153
	NOT-FOR-US: CuteNews
CVE-2007-1152
	NOT-FOR-US: Pyrophobia
CVE-2007-1151
	NOT-FOR-US: LoveCMS
CVE-2007-1150
	NOT-FOR-US: LoveCMS
CVE-2007-1149
	NOT-FOR-US: LoveCMS
CVE-2007-1148
	NOT-FOR-US: LoveCMS
CVE-2007-1147
	NOT-FOR-US: hbm
CVE-2007-1146
	NOT-FOR-US: arabhost
CVE-2007-1145
	NOT-FOR-US: Kayako SupportSuite
CVE-2007-1144
	NOT-FOR-US: J-Web Pics Navigator
CVE-2007-1143
	NOT-FOR-US: J-Web Pics Navigator
CVE-2007-1142
	NOT-FOR-US: Magic News Plus
CVE-2007-1141
	NOT-FOR-US: Magic News Plus
CVE-2007-1140
	NOT-FOR-US: pheap
CVE-2007-1139
	NOT-FOR-US: Simple Plantilla PHP
CVE-2007-1138
	NOT-FOR-US: Simple Plantilla PHP
CVE-2007-1137
	NOT-FOR-US: Putmail
CVE-2007-1136
	NOT-FOR-US: WebMplayer
CVE-2007-1135
	NOT-FOR-US: WebMplayer
CVE-2007-1134
	NOT-FOR-US: Watchtower
CVE-2007-1133
	NOT-FOR-US: FCRing
CVE-2007-1132
	NOT-FOR-US: MTCMS
CVE-2007-1131
	NOT-FOR-US: Sinapis Forum
CVE-2007-1130
	NOT-FOR-US: Sinapis Gastebuch
CVE-2007-1129
	NOT-FOR-US: MTCMS
CVE-2007-1128
	NOT-FOR-US: shopkitplus
CVE-2007-1127
	NOT-FOR-US: shopkitplus
CVE-2007-1126
	NOT-FOR-US: xtcommerce
CVE-2007-1125
	NOT-FOR-US: XeroXer Simple
CVE-2007-1124
	NOT-FOR-US: XeroXer Simple
CVE-2007-1123
	NOT-FOR-US: ZPanel
CVE-2007-1122
	NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued
CVE-2007-1121
	NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued
CVE-2007-1120
	NOT-FOR-US: TeeChart Pro ActiveX control
CVE-2007-1119
	NOT-FOR-US: Novell ZENworks
CVE-2007-1118
	NOT-FOR-US: eFiction
CVE-2007-1117
	NOT-FOR-US: Microsoft Office
CVE-2007-1116
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.1.2-1 (low)
	- xulrunner 1.8.1.4-1 (bug #415919; bug #415944; bug #415945; low)
	NOTE: according to a blog comment at http://www.gnucitizen.org/projects/hscan-redux/,
	NOTE: older mozillas are not vulnerable
CVE-2007-1115
	NOT-FOR-US: Opera
CVE-2007-1114
	NOT-FOR-US: Microsoft IE
CVE-2007-1113
	RESERVED
CVE-2007-1112
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1111
	NOT-FOR-US: ActiveCalendar
CVE-2007-1110
	NOT-FOR-US: ActiveCalendar
CVE-2007-1109
	NOT-FOR-US: Phpwebgallery
CVE-2007-1108
	NOT-FOR-US: CS-Gallery
CVE-2007-1107
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1106
	NOT-FOR-US: NoMoKeTos Rules
CVE-2007-1105
	NOT-FOR-US: phpBB Extreme
CVE-2007-1104
	NOT-FOR-US: PHP Module Implementation
CVE-2007-1103
	- tor <unfixed> (unimportant)
	NOTE: Minor issue, just puts more noise on the node
CVE-2007-1102
	NOT-FOR-US: Photostand
CVE-2007-1101
	NOT-FOR-US: Photostand
CVE-2007-1100
	NOT-FOR-US: Pickle
CVE-2007-1099
	- dropbear 0.49-1 (unimportant; bug #412899)
	[etch] - dropbear 0.48.1-2 (unimportant)
	NOTE: That's a lack of a security feature (strict hostkey checking in openssh
	NOTE: termininoloy) and an awkward interface, but not a vulnerability per se
	NOTE: Especially as dropbear is specifically labeled a stripped down SSH implementation
CVE-2007-1098
	NOT-FOR-US: ScryMUD
CVE-2007-1097
	NOT-FOR-US: Wiclear
CVE-2007-1096
	NOT-FOR-US: VirtueMart
CVE-2007-1095
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (low; bug #445514)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-30
CVE-2007-1094
	NOT-FOR-US: Microsoft IE
CVE-2007-1093
	NOT-FOR-US: Network Node Manager
CVE-2007-1092
	- iceweasel 2.0.0.2+dfsg-1 (low)
CVE-2007-1091
	NOT-FOR-US: Microsoft IE
CVE-2007-1090
	NOT-FOR-US: Microsoft Windows
CVE-2007-1089
	NOT-FOR-US: IBM DB2
CVE-2007-1088
	NOT-FOR-US: IBM DB2
CVE-2007-1087
	NOT-FOR-US: IBM DB2
CVE-2007-1086
	NOT-FOR-US: IBM DB2
CVE-2007-1085
	NOT-FOR-US: Google Desktop
CVE-2007-1084
	- iceweasel <removed> (unimportant; bug #556268)
	- iceape <removed> (unimportant)
	- epiphany-browser <unfixed> (unimportant; bug #556272)
	NOTE: only epiphany-gecko backend affected
	- galeon 2.0.7-2 (unimportant; bug #556270)
	- kazehakase 0.5.8-2 (bug #556271)
	[lenny] - kazehakase 0.5.4-2lenny1
	- conkeror <not-affected> (doesn't support bookmarks)
	- webkit <not-affected> (doesn't support javascript embedded in bookmarks)
CVE-2007-1083
	NOT-FOR-US: ConfigChk ActiveX control
CVE-2007-1082
	NOT-FOR-US: FTP Explorer
CVE-2007-1081
	- typo3-src 4.0.5+debian-1
	[etch] - typo3-src 4.0.2+debian-3
CVE-2007-1080
	NOT-FOR-US: TurboFTP
CVE-2007-1079
	NOT-FOR-US: FTP Voyager
CVE-2007-1078
	NOT-FOR-US: FlashGameScript
CVE-2007-1077
	NOT-FOR-US: UserPages2
CVE-2007-1076
	NOT-FOR-US: phpTrafficA
CVE-2007-1075
	NOT-FOR-US: TurboFTP
CVE-2007-1074
	NOT-FOR-US: NewsBin Pro
CVE-2007-1073
	NOT-FOR-US: mcRefer
CVE-2007-1072
	NOT-FOR-US: Cisco
CVE-2007-1071
	NOT-FOR-US: Apple ImageIO
CVE-2007-1069
	NOT-FOR-US: VMware
CVE-2007-1068
	NOT-FOR-US: Cisco
CVE-2007-1067
	NOT-FOR-US: Cisco
CVE-2007-1066
	NOT-FOR-US: Cisco
CVE-2007-1065
	NOT-FOR-US: Cisco
CVE-2007-1064
	NOT-FOR-US: Cisco
CVE-2007-1063
	NOT-FOR-US: Cisco
CVE-2007-1062
	NOT-FOR-US: Cisco
CVE-2007-1061
	NOT-FOR-US: PHP-Nuke
CVE-2007-1060
	NOT-FOR-US: SendStudio
CVE-2007-1059
	NOT-FOR-US: Ultimate Fun Book
CVE-2007-1058
	NOT-FOR-US: Online Web Building
CVE-2007-1057
	NOT-FOR-US: Nortel Application Switch
CVE-2007-1056
	NOT-FOR-US: VMware
CVE-2007-1055
	- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1054
	- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1053
	NOT-FOR-US: phpXmms
CVE-2007-1052
	NOT-FOR-US: PBLang
CVE-2007-1051
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-1050
	NOT-FOR-US: MyCalendar
CVE-2007-1048
	NOT-FOR-US: phpbb_wordsearch
CVE-2007-1047
	- dcc <removed> (medium; bug #439718)
CVE-2007-1046
	NOT-FOR-US: Dem_trac
CVE-2007-1045
	NOT-FOR-US: mAlbum
CVE-2007-1044
	NOT-FOR-US: PowerSchool
CVE-2007-1043
	NOT-FOR-US: Ezboo
CVE-2007-1042
	NOT-FOR-US: Xpression News
CVE-2007-1041
	NOT-FOR-US: News Rover
CVE-2007-1040
	NOT-FOR-US: Xpression News
CVE-2007-1039
	NOT-FOR-US: Peanut Knowledge Base
CVE-2007-1038
	NOT-FOR-US: Grabit
CVE-2007-1037
	NOT-FOR-US: News File Grabber
CVE-2007-XXXX [vserver patch allows renice of processes in different context]
	- linux-2.6 2.6.18.dfsg.1-12 (bug #412143)
CVE-2007-XXXX [apg generates insecure passwords on 64-bit architectures]
	- apg 2.2.3.dfsg.1-2 (low; bug #412618)
	[etch] - apg <no-dsa> (Minor issue)
	[sarge] - apg <no-dsa> (Minor issue)
CVE-2007-XXXX [mt-daapd remote access & default password]
	- mt-daapd 0.9~r1586-1 (unimportant; bug #404640)
	NOTE: User-unfriendly packaging flaw, but not a vulnerability per se
CVE-2007-XXXX [amavids-new uses contrib/non-free packers without security support in default config]
	- amavisd-new 1:2.5.2-1 (unimportant; bug #410588)
	NOTE: Doesn't affect a standard Debian installation, only users, which install
	NOTE: proprietary apps, it should be fixed for sanity, but not a direct vulnerability
CVE-2007-1049
	{DTSA-34-1}
	- wordpress 2.1.1-1 (low)
CVE-2007-1070
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1036
	NOT-FOR-US: JBoss
CVE-2007-1035
	NOT-FOR-US: Mediafield and Audio modules for Drupal
	NOTE: this is not a php-getid3 problem, but related to the way these modules embed getid3
CVE-2007-1034
	NOT-FOR-US: Emporium for PHP-Nuke
CVE-2007-1033
	NOT-FOR-US: Secure site for Drupal
CVE-2007-1032
	NOT-FOR-US: phpMyFAQ
CVE-2007-1031
	NOT-FOR-US: Vivvo Article Management CMS
CVE-2007-1030
	- libevent <not-affected> (vulnerable version 1.2 was never uploaded)
CVE-2007-1029
	NOT-FOR-US: Quiksoft EasyMail Objects
CVE-2007-1028
	NOT-FOR-US: Image Pager
CVE-2007-1027
	NOT-FOR-US: IBM DB2
CVE-2007-1026
	NOT-FOR-US: XLAtunes
CVE-2007-1025
	NOT-FOR-US: VS-Link-Partner
CVE-2007-1024
	NOT-FOR-US: Meganoide's news
CVE-2007-1023
	NOT-FOR-US: Snitz Forums 2000
CVE-2007-1022
	NOT-FOR-US: Turuncu Portal
CVE-2007-1021
	NOT-FOR-US: CodeAvalanche News
CVE-2007-1020
	NOT-FOR-US: CedStat
CVE-2007-1019
	NOT-FOR-US: webSPELL
CVE-2007-1018
	NOT-FOR-US: VS-News-System
CVE-2007-1017
	NOT-FOR-US: VS-News-System
CVE-2007-1016
	NOT-FOR-US: Aktueldownload Haber
CVE-2007-1015
	NOT-FOR-US: Aktueldownload Haber
CVE-2007-1014
	NOT-FOR-US: VicFTPS
CVE-2007-1013
	NOT-FOR-US: VirtualSystem Htaccess Password Generator
CVE-2007-1012
	NOT-FOR-US: DeskPRO
CVE-2007-1011
	NOT-FOR-US: VS-Gastebuch
CVE-2007-1010
	NOT-FOR-US: ZebraFeeds
CVE-2007-1009
	NOT-FOR-US: InstallAnywhere
CVE-2007-1008
	NOT-FOR-US: Apple iTunes
CVE-2007-1007
	{DSA-1262-1}
	- gnomemeeting <removed> (high)
CVE-2007-1006
	- ekiga 2.0.3-2.1 (bug #411944; high)
CVE-2007-1005
	NOT-FOR-US: eTrust Intrusion Detection
CVE-2007-1004
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.0.9-1 (low)
	- xulrunner 1.8.0.4-1 (low)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=370555
CVE-2007-1003
	{DSA-1294-1}
	- xorg-server 2:1.1.1-21 (medium)
CVE-2007-1002
	{DSA-1325-1}
	- evolution 2.10.2-1
	[sarge] - evolution <not-affected> (Vulnerable code not present)
CVE-2007-1001
	- libgd2 2.0.33-1 (medium)
	NOTE: This has been fixed in libgd2 for a while, and php is linked against libgd2.
CVE-2007-1000
	- linux-2.6 2.6.18.dfsg.1-12 (medium)
CVE-2007-0999
	- ekiga 2.0.3-5 (bug #414069; high)
CVE-2007-0998
	- xen-3.0 <removed> (bug #436250; medium)
	[etch] - xen-3.0 <unfixed>
	NOTE: Fedora disabled the VNC access to the Qemu monitor
	NOTE: An adjusted patch has been sent to the debian bugreport
CVE-2007-0997
	- linux-2.6 2.6.18-1
CVE-2007-0996
	{DSA-1336-1}
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- xulrunner 1.8.0.10-1 (low)
CVE-2007-0995
	{DSA-1336-1}
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0994
	{DSA-1336-1}
	- iceweasel 2.0.0.2+dfsg-2 (medium)
CVE-2007-0993
	REJECTED
CVE-2007-0992
	REJECTED
CVE-2007-0991
	REJECTED
CVE-2007-0990
	REJECTED
CVE-2007-0989
	REJECTED
CVE-2007-0988
	{DSA-1264-1}
	[etch] - php4 6:4.4.4-8+etch1
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	- php5 5.2.0-9
CVE-2007-0987
	NOT-FOR-US: Jupiter CMS
CVE-2007-0986
	NOT-FOR-US: Jupiter CMS
CVE-2007-0985
	NOT-FOR-US: phpCC
CVE-2007-0984
	NOT-FOR-US: PollMentor
CVE-2007-0983
	NOT-FOR-US: AT Contenator
CVE-2007-0982
	NOT-FOR-US: TaskFreak!
CVE-2007-0981
	{DSA-1336-1}
	NOTE: MFSA-2007-07
	- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
	- xulrunner 1.8.0.10-1 (high)
	- iceape 1.0.8-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0980
	NOT-FOR-US: HP Serviceguard
CVE-2007-0979
	NOT-FOR-US: LifeType
CVE-2007-0978
	NOT-FOR-US: IBM AIX
CVE-2007-0977
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-0976
	NOT-FOR-US: ActSoft DVD-Tools ActiveX control
CVE-2007-0975
	NOT-FOR-US: Apache Stats
CVE-2007-0974
	NOT-FOR-US: DropBox
CVE-2007-0973
	NOT-FOR-US: Jupiter CMS
CVE-2007-0972
	NOT-FOR-US: Jupiter CMS
CVE-2007-0971
	NOT-FOR-US: Jupiter CMS
CVE-2007-0970
	NOT-FOR-US: WebTester
CVE-2007-0969
	NOT-FOR-US: WebTester
CVE-2007-0968
	NOT-FOR-US: Cisco
CVE-2007-0967
	NOT-FOR-US: Cisco
CVE-2007-0966
	NOT-FOR-US: Cisco
CVE-2007-0965
	NOT-FOR-US: Cisco
CVE-2007-0964
	NOT-FOR-US: Cisco
CVE-2007-0963
	NOT-FOR-US: Cisco
CVE-2007-0962
	NOT-FOR-US: Cisco
CVE-2007-0961
	NOT-FOR-US: Cisco
CVE-2007-0960
	NOT-FOR-US: Cisco
CVE-2007-0959
	NOT-FOR-US: Cisco
CVE-2007-0958
	{DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-0957
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-0956
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-0955
	NOT-FOR-US: Mail Enable Professional
CVE-2007-0954
	NOT-FOR-US: MOHA Chat
CVE-2007-0953
	NOT-FOR-US: @Mail
CVE-2007-0952
	NOT-FOR-US: Virtual Calendar
CVE-2007-0951
	NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0950
	NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0949
	NOT-FOR-US: iTinySoft
CVE-2007-0948
	NOT-FOR-US: Microsoft Virtual PC
CVE-2007-0947
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0946
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0945
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0944
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0943
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0942
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0941
	REJECTED
CVE-2007-0940
	NOT-FOR-US: Microsoft CAPICOM
CVE-2007-0939
	NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0938
	NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0937
	REJECTED
CVE-2007-0936
	NOT-FOR-US: Microsoft
CVE-2007-0935
	REJECTED
CVE-2007-0934
	NOT-FOR-US: Microsoft
CVE-2007-0933
	NOT-FOR-US: D-Link
CVE-2007-0932
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0931
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0930
	NOT-FOR-US: Apache Stats
CVE-2007-0929
	NOT-FOR-US: prb (php rrd browser)
CVE-2007-0928
	NOT-FOR-US: Virtual Calendar
CVE-2007-0927
	NOT-FOR-US: uTorrent
CVE-2007-0926
	NOT-FOR-US: KvGuestbook
CVE-2007-0925
	NOT-FOR-US: Community Server
CVE-2007-0924
	NOT-FOR-US: phpPolls
CVE-2007-0923
	NOT-FOR-US: Portal Search
CVE-2007-0922
	NOT-FOR-US: Portal Search
CVE-2007-0921
	NOT-FOR-US: Portal Search
CVE-2007-0920
	NOT-FOR-US: Philboard
CVE-2007-0919
	NOT-FOR-US: MiniWebsvr
CVE-2007-0918
	NOT-FOR-US: Cisco
CVE-2007-0917
	NOT-FOR-US: Cisco
CVE-2007-0916
	NOT-FOR-US: HP-UX
CVE-2007-0915
	NOT-FOR-US: HP-UX
CVE-2007-0914
	NOT-FOR-US: Sun Solaris
CVE-2007-0913
	NOT-FOR-US: Microsoft
CVE-2007-0912
	NOT-FOR-US: JPortal
CVE-2007-0911
	- php5 5.2.2-1 (bug #410561; bug #410995; medium)
	[etch] - php5 <not-affected> (A regression only affecting 5.2.1)
CVE-2007-0910
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0909
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0908
	{DSA-1264-1}
	- php5 5.2.0-9
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	NOTE: this extension is not enabled by default in the php packages
CVE-2007-0907
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
CVE-2007-0906
	{DSA-1264-1}
	NOTE: (4) is a non-issue, as we don't use the bundled sqlite
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
	[etch] - php5 5.2.0-8+etch1
CVE-2007-0905
	- php5 5.2.0-9 (bug #410561; bug #410995; unimportant)
	NOTE: we normally don't spend much time on safe_mode and open_basedir
	NOTE: issues, but the because the attack vectors are "unspecified", it
	NOTE: might be harder for us to try and sort out the fixes for this
	NOTE: from the session fixes in CVE-2007-0906 (see there for more info)
CVE-2007-0904
	NOT-FOR-US: LightRO CMS
CVE-2007-0903
	- ejabberd 1.1.2-5
CVE-2007-0902
	- moin <unfixed> (unimportant)
	NOTE: this is a version information disclosure.
CVE-2007-0901
	- moin 1.5 (bug #411084; medium)
	NOTE: Despite what the CVE says, this is not a problem in the 1.5.x code
CVE-2007-0900
	NOT-FOR-US: TagIt! Tagboard
CVE-2007-0899 [Possible heap overflow in libclamav/fsg.c]
	RESERVED
	{DSA-1263-1}
	- clamav 0.90-1
	[etch] - clamav	0.88.7-2
CVE-2007-0898
	{DSA-1263-1}
	- clamav 0.90-1 (bug #411117)
	[etch] - clamav	0.88.7-2
CVE-2007-0897
	{DSA-1263-1}
	- clamav 0.90-1 (bug #411118)
	[etch] - clamav	0.88.7-2
CVE-2007-0896
	- firefox-sage 1.3.10-1
	[etch] - firefox-sage <not-affected> (HTML mode not enabled in Etch)
	NOTE: http://secunia.com/advisories/24086/
	NOTE: might not affect Debian version because HTML mode is disabled. sf: pinged maintainer
CVE-2007-0451
	- spamassassin 3.1.7-2 (bug #410843)
	NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318
CVE-2007-0895
	NOT-FOR-US: Sun Solaris
CVE-2007-0894
	- mediawiki <removed> (unimportant)
	NOTE: Only path disclosure
CVE-2007-0893
	NOT-FOR-US: phpMyVisites
CVE-2007-0892
	NOT-FOR-US: phpMyVisites
CVE-2007-0891
	NOT-FOR-US: phpMyVisites
CVE-2007-0890
	NOT-FOR-US: cPanel
CVE-2007-0889
	NOT-FOR-US: Kiwi CatTools
CVE-2007-0888
	NOT-FOR-US: Kiwi CatTools
CVE-2007-0887
	NOT-FOR-US: Axigen
CVE-2007-0886
	NOT-FOR-US: Axigen
CVE-2007-0885
	NOT-FOR-US: Rainbow.Zen
CVE-2007-0884
	- mimedefang <not-affected> (Only versions 2.59 and 2.60 vulnerable)
CVE-2007-0883
	NOT-FOR-US: IP3 NetAccess
CVE-2007-0882
	NOT-FOR-US: Sun Solaris
CVE-2007-0881
	NOT-FOR-US: OPENi-CMS
CVE-2007-0880
	NOT-FOR-US: Capital Request Forms
CVE-2007-0879
	NOT-FOR-US: PEBrowse
CVE-2007-0878
	NOT-FOR-US: Microsoft
CVE-2007-0877
	NOT-FOR-US: March Networks DVR
CVE-2007-0876
	NOT-FOR-US: Quick Digital Image Gallery
CVE-2007-0875
	NOT-FOR-US: mcRefer
CVE-2007-0874
	NOT-FOR-US: Allons_voter
CVE-2007-0873
	NOT-FOR-US: nabopoll
CVE-2007-0872
	NOT-FOR-US: Plain Old Webserver
CVE-2007-0871
	NOT-FOR-US: eXtreme File Hosting
CVE-2007-XXXX [dokuwiki conf directory accessible by web users]
	- dokuwiki 0.0.20061106-3 (bug #410557)
CVE-2007-0870
	NOT-FOR-US: Microsoft
CVE-2007-0869
	NOT-FOR-US: vBulletin
CVE-2007-0868
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-0867
	NOT-FOR-US: Site-Assistant
CVE-2007-0866
	NOT-FOR-US: HP OpenView
CVE-2007-0865
	NOT-FOR-US: LushiWarPlaner
CVE-2007-0864
	NOT-FOR-US: LushiWarPlaner
CVE-2007-0863
	NOT-FOR-US: Trevorchan
CVE-2007-0862
	NOT-FOR-US: gnopaste
CVE-2007-0861
	NOT-FOR-US: phpCOIN
CVE-2007-0860
	NOT-FOR-US: local Calendar System
CVE-2007-0859
	NOT-FOR-US: Palm OS Treo
CVE-2007-XXXX [ikiwiki allows web user to edit images and other non-page format files in the wiki]
	- ikiwiki 1.42 (low)
	[etch] - ikiwiki 1.33.1
CVE-2007-0858
	RESERVED
CVE-2007-0857
	- moin 1.5.3-1.2 (bug #410338; medium; bug #410552)
CVE-2007-0856
	NOT-FOR-US: Trend Micro Anti-Rootkit Common Module
CVE-2007-0855
	- rar 1:3.7b1-1 (high; bug #410582)
	[sarge]	- rar <no-dsa> (Non-free)
	[etch] - rar <no-dsa> (Non-free)
	- unrar-nonfree 1:3.7.3-1 (high; bug #410580)
	[sarge] - unrar-nonfree 1:3.5.2-0.2
	[etch] - unrar-nonfree 1:3.5.4-1.1
	NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-",
	NOTE: which probably turns this into remote code execution
	NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration
	NOTE: unrar-free and clamav (which embeds unrar-free code) not affected
CVE-2007-0854
	NOT-FOR-US: cPanel WebHost Manager
CVE-2007-0853
	NOT-FOR-US: DevTrack
CVE-2007-0852
	NOT-FOR-US: DevTrack
CVE-2007-0851
	NOT-FOR-US: Trend Micro Scan Engine
CVE-2007-0850
	NOT-FOR-US: SysCP
CVE-2007-0849
	NOT-FOR-US: SysCP
CVE-2007-0848
	NOT-FOR-US: Maian Recipe
CVE-2007-0847
	NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0846
	NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0845
	NOT-FOR-US: Advanced Poll
CVE-2007-0843
	NOT-FOR-US: Microsoft Windows
CVE-2007-0842
	NOT-FOR-US: Microsoft
CVE-2007-0841
	NOT-FOR-US: vbDrupal
CVE-2007-0840
	NOT-FOR-US: HLstats
CVE-2007-0839
	NOT-FOR-US: WebMatic
CVE-2007-0838
	NOT-FOR-US: FreeProxy
CVE-2007-0837
	NOT-FOR-US: AgerMenu
CVE-2007-0836
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0835
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0834
	NOT-FOR-US: FlashChat
CVE-2007-0833
	NOT-FOR-US: VMware
CVE-2007-0832
	NOT-FOR-US: VMware
CVE-2007-0831
	NOT-FOR-US: Atsphp
CVE-2007-0830
	NOT-FOR-US: vBulletin
CVE-2007-0829
	NOT-FOR-US: avast!
CVE-2007-0828
	NOT-FOR-US: MySQLNewsEngine
CVE-2007-0827
	NOT-FOR-US: Alibaba Alipay PTA Module ActiveX control
CVE-2007-0826
	NOT-FOR-US: Kisisel Site
CVE-2007-0825
	NOT-FOR-US: FlashFXP
CVE-2007-0824
	NOT-FOR-US: LightRO CMS
CVE-2007-0823
	- xterm <not-affected> (Not a security problem)
CVE-2007-0822
	- util-linux <not-affected> (Not a security problem)
CVE-2007-0821
	NOT-FOR-US: PortailPhp
CVE-2007-0820
	NOT-FOR-US: PortailPhp
CVE-2007-0819
	NOT-FOR-US: HP Network Node Manager
CVE-2007-0818
	REJECTED
CVE-2007-0817
	NOT-FOR-US: Adobe ColdFusion web server
CVE-2007-0816
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0815
	NOT-FOR-US: Uphotogallery
CVE-2007-0814
	NOT-FOR-US: ASP Chat
CVE-2007-0813
	NOT-FOR-US: MySearchEngine
CVE-2007-0812
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-0811
	NOT-FOR-US: Microsoft
CVE-2007-0810
	NOT-FOR-US: GeekLog
CVE-2007-0809
	NOT-FOR-US: Categories Hierarchy
CVE-2007-0808
	NOT-FOR-US: Mina Ajans Script
CVE-2007-0807
	NOT-FOR-US: flashChat
CVE-2007-0806
	NOT-FOR-US: Les News
CVE-2007-0805
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-0804
	NOT-FOR-US: GGCMS
CVE-2007-0803
	- stlport5 5.0.3-1 (bug #410864; low)
	[etch] - stlport5 5.0.2-12
	[sarge] - stlport5 <not-affected> (Vulnerable code not compiled in)
CVE-2007-0802
	- iceweasel 2.0.0.16-1 (low)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=367538
CVE-2007-0801
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- firefox 45.0-1 (low)
	- firefox-esr 45.0esr-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
CVE-2007-0800
	NOTE: MFSA-2007-05
	- iceweasel 2.0.0.2+dfsg-1 (medium)
	- iceape 1.0.8-1 (medium)
	- xulrunner 1.8.0.10-1 (medium)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0799
	NOT-FOR-US: Ublog Reload
CVE-2007-0798
	NOT-FOR-US: Ublog Reload
CVE-2007-0797
	NOT-FOR-US: SMA-DB
CVE-2007-0796
	NOT-FOR-US: WinProxy
CVE-2007-0795
	NOT-FOR-US: Wap Portal Server
CVE-2007-0794
	NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0793
	NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0792
	- bugzilla <not-affected> (Only development version 2.23.3 is affected)
CVE-2007-0791
	- bugzilla 2.22.1-2.1 (bug #409824; low)
	[etch] - bugzilla <no-dsa> (Minor issue, far-fetched attack, minor impact)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-0790
	NOT-FOR-US: SmartFTP
CVE-2007-0789
	- mambo 4.6.1-1 (medium)
	NOTE: only the 4.5.x tree was vulnerable
CVE-2007-0788
	- mediawiki <not-affected> (Only in 1.9 branch, fixed in 1.9.2)
CVE-2007-0787
	NOT-FOR-US: Simple Invoices
CVE-2007-0786
	NOT-FOR-US: Noname Media Photo Galerie Standard
CVE-2007-0785
	NOT-FOR-US: Flipsource Flip
CVE-2007-0784
	NOT-FOR-US: RBL ASP tPassword
CVE-2007-0783
	RESERVED
CVE-2007-0782
	RESERVED
CVE-2007-0781
	RESERVED
CVE-2007-0780
	NOTE: MFSA-2007-05
	- iceweasel 2.0.0.2+dfsg-1 (medium)
	- iceape 1.0.8-1 (medium)
	- xulrunner 1.8.0.10-1 (medium)
	[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
	[sarge] - mozilla <not-affected> (Vulnerable code not present)
CVE-2007-0779
	NOTE: MFSA-2007-04
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <not-affected> (introduced in firefox 1.5)
CVE-2007-0778
	{DSA-1336-1}
	NOTE: MFSA-2007-03
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0777
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0776
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <not-affected> (Only affected Firefox 2.0 et al)
	[sarge] - mozilla-thunderbird <not-affected> (Only affected Firefox 2.0 et al)
	[sarge] - mozilla <not-affected> (Only affected Firefox 2.0 et al)
CVE-2007-0775
	{DSA-1336-1}
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	NOTE: Only one of the crashes can be triggered in Sarge, 326864
CVE-2007-0774
	- libapache-mod-jk 1:1.2.21-1 (medium)
	[sarge] - libapache-mod-jk <not-affected>
	[etch] - libapache-mod-jk <not-affected>
	NOTE: affects only 1.2.19 and 1.2.20
CVE-2007-0773
	- linux-2.6 2.6.12-1
CVE-2007-0772
	- linux-2.6 2.6.18.dfsg.1-11
CVE-2007-0771
	- linux-2.6 <not-affected> (RHEL-specific backport, only present in -mm tree)
CVE-2007-0770
	{DSA-1260}
	- graphicsmagick 1.1.7-12
	- imagemagick 7:6.2.4.5.dfsg1-0.14 (bug #410435)
CVE-2007-1667
	{DSA-1903-1 DSA-1858-1 DSA-1294-1}
	- xfree86 <removed> (bug #414046; medium)
	- libx11 2:1.0.3-7 (bug #414045; medium)
	- graphicsmagick 1.1.7-14 (bug #417862; medium)
	- imagemagick 7:6.2.4.5.dfsg1-1 (medium)
	NOTE: Discovered through CVE-2007-0770.
	NOTE: With certain mail user agents, this issue is likely exploitable
	NOTE: without much user interaction.
CVE-2007-0844
	- libpam-ssh 1.91.0-9.2 (bug #410236; low)
	[etch] - libpam-ssh <no-dsa> (Minor issue)
	[sarge] - libpam-ssh <no-dsa> (Minor issue)
CVE-2007-0769
	NOT-FOR-US: Phorum
CVE-2007-0768
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-0767
	NOT-FOR-US: Phorum
CVE-2007-0766
	NOT-FOR-US: .NET Explorer
CVE-2007-0765
	NOT-FOR-US: Curium CMS
CVE-2007-0764
	NOT-FOR-US: F3Site
CVE-2007-0763
	NOT-FOR-US: F3Site
CVE-2007-0762
	NOT-FOR-US: phpBB++
CVE-2007-0761
	NOT-FOR-US: phpBB ezBoard converter
CVE-2007-0760
	NOT-FOR-US: EQdkp
CVE-2007-0759
	NOT-FOR-US: EasyMoblog
CVE-2007-0758
	NOT-FOR-US: PHPProbid
CVE-2007-0757
	NOT-FOR-US: CoD2 DreamStats
CVE-2007-0756
	NOT-FOR-US: Chicken of the VNC
CVE-2007-0755
	RESERVED
CVE-2007-0754
	NOT-FOR-US: Apple QuickTime
CVE-2007-0753
	NOT-FOR-US: Apple
CVE-2007-0752
	NOT-FOR-US: Apple
CVE-2007-0751
	NOT-FOR-US: Apple
CVE-2007-0750
	NOT-FOR-US: Apple
CVE-2007-0749
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0748
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0747
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0746
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0745
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0744
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0743
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0742
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0741
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0740
	NOT-FOR-US: Apple
CVE-2007-0739
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0738
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0737
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0736
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0735
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0734
	NOT-FOR-US: AirPort Extreme Base Station
CVE-2007-0733
	NOT-FOR-US: Apple Mac ImageIO
CVE-2007-0732
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0731
	NOT-FOR-US: Apple Mac
CVE-2007-0730
	NOT-FOR-US: Apple Mac Server Manager
CVE-2007-0729
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0728
	NOT-FOR-US: Apple Mac
CVE-2007-0727
	REJECTED
CVE-2007-0726
	NOT-FOR-US: Apple OpenSSH
CVE-2007-0725
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0724
	NOT-FOR-US: Apple Mac
CVE-2007-0723
	NOT-FOR-US: Mac OS X
CVE-2007-0722
	NOT-FOR-US: Apple Mac
CVE-2007-0721
	NOT-FOR-US: Apple Mac
CVE-2007-0720
	- cups 1.2.7-1 (bug #434734; low)
	- cupsys 1.2.7-1 (bug #434734; low)
	[sarge] - cupsys <no-dsa> (Minor, conceptual design problem)
	[etch] - cupsys <no-dsa> (Minor, conceptual design problem)
CVE-2007-0719
	NOT-FOR-US: Apple Mac
CVE-2007-0718
	NOT-FOR-US: Apple QuickTime
CVE-2007-0717
	NOT-FOR-US: Apple QuickTime
CVE-2007-0716
	NOT-FOR-US: Apple QuickTime
CVE-2007-0715
	NOT-FOR-US: Apple QuickTime
CVE-2007-0714
	NOT-FOR-US: Apple QuickTime
CVE-2007-0713
	NOT-FOR-US: Apple QuickTime
CVE-2007-0712
	NOT-FOR-US: Apple QuickTime
CVE-2007-0711
	NOT-FOR-US: Apple QuickTime
CVE-2007-0710
	NOT-FOR-US: Apple iChat
CVE-2007-0709
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0708
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0707
	NOT-FOR-US: GOM Player
CVE-2007-0706
	NOT-FOR-US: Darksky RSS
CVE-2007-0705
	NOT-FOR-US: Sleipnir
CVE-2007-0704
	NOT-FOR-US: Somery
CVE-2007-0703
	NOT-FOR-US: WebBuilder
CVE-2007-0702
	NOT-FOR-US: phpEventMan
CVE-2007-0701
	NOT-FOR-US: Epistemon
CVE-2007-0700
	NOT-FOR-US: Portail Web
CVE-2007-0699
	NOT-FOR-US: Portail Web
CVE-2007-0698
	NOT-FOR-US: ACGVannu
CVE-2007-0697
	NOT-FOR-US: ACGVannu
CVE-2007-0696
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0695
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0694
	NOT-FOR-US: DGNews
CVE-2007-0693
	NOT-FOR-US: DGNews
CVE-2007-0692
	NOT-FOR-US: DGNews
CVE-2007-0691
	REJECTED
CVE-2007-0690
	NOT-FOR-US: myEvent
CVE-2007-0689
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-XXXX [remctl ACL bypass vulnerability]
	- remctl 2.2-2
	[sarge] - remctl <not-affected> (Vulnerable code not present)
CVE-2007-0688
	NOT-FOR-US: Hunkaray Duyuru Scripti
CVE-2007-0687
	NOT-FOR-US: L2J Dropcalc
CVE-2007-0686
	NOT-FOR-US: Intel 2200BG Cards drive.
CVE-2007-0685
	NOT-FOR-US: Internet Explorer
CVE-2007-0684
	NOT-FOR-US: Cerulean Portal System
CVE-2007-0683
	NOT-FOR-US: Omegaboard
CVE-2007-0682
	NOT-FOR-US: JV2 Folder Gallery
CVE-2007-0681
	NOT-FOR-US: ExtCalendar
CVE-2007-0680
	NOT-FOR-US: Phpbb Tweaked it is a module to phpbb
CVE-2007-0679
	NOT-FOR-US: PHPMyRing
CVE-2007-0678
	NOT-FOR-US: Fullaspsite Asp Hosting Sites
CVE-2007-0677
	NOT-FOR-US: Cadre PHP Framework
CVE-2007-0676
	NOT-FOR-US: ExoPHPDesk
CVE-2007-0675
	NOT-FOR-US: Windows Vista
CVE-2007-0674
	NOT-FOR-US: Windows Mobile
CVE-2007-0673
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0672
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0671
	NOT-FOR-US: Microsoft Excel
CVE-2007-0670
	NOT-FOR-US: IBM AIX
CVE-2007-0669
	- twiki 1:4.0.5-9 (bug #410256)
CVE-2007-0668
	NOT-FOR-US: Sun Solaris.
CVE-2007-0667
	- sql-ledger <unfixed> (bug #409703; unimportant)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
	[etch] - sql-ledger <no-dsa> (Should only be used with trusted users)
	NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger
	NOTE: is not secure with untrusted users.
CVE-2007-0666
	NOT-FOR-US: WS_FTP Server
CVE-2007-0665
	NOT-FOR-US: WS_FTP Server
CVE-2007-0664
	- thttpd <not-affected> (Gentoo-specific packaging flaw)
	NOTE: In accordance with Debian Policy is not possible start Webserver
	NOTE: in root directory (/).
CVE-2007-0663
	NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0662
	NOT-FOR-US: Hailboards
CVE-2007-0661
	NOT-FOR-US: Intel BMC
CVE-2007-0660
	NOT-FOR-US: DotNetNuke
CVE-2007-0659
	NOT-FOR-US: MODx MuddyDogPaws FileDownload
CVE-2007-0658
	NOT-FOR-US: Drupal addon module "Textimage"
CVE-2007-0657
	- nexuiz 2.2.3-1 (medium)
	[etch] - nexuiz <not-affected> (Vulnerable code not present, was introduced in 2.2.2)
CVE-2007-0656
	NOT-FOR-US: phpBB2-MODificat it is a module to phpbb2
CVE-2007-0655
	NOT-FOR-US: MicroWorld
CVE-2007-0654
	{DSA-1277-1}
	- xmms 1:1.2.10+20070301-2 (bug #416423; low)
CVE-2007-0653
	{DSA-1277-1}
	- xmms 1:1.2.10+20070301-2 (bug #416423; low)
CVE-2007-0652
	NOT-FOR-US: MailEnable Professional
CVE-2007-0651
	NOT-FOR-US: MailEnable Professional
CVE-2007-0650
	- tetex-bin <not-affected> (Only vulnerable if compiled w/o kpathsea support, Debian does)
CVE-2007-0649
	NOT-FOR-US: OpenEMR
CVE-2007-0648
	NOT-FOR-US: Cisco
CVE-2007-0647
	NOT-FOR-US: AppleKit
CVE-2007-0646
	NOT-FOR-US: iMovie
CVE-2007-0645
	NOT-FOR-US: iPhoto
CVE-2007-0644
	NOT-FOR-US: Apple Safari
CVE-2007-0643
	NOT-FOR-US: Bloodshed Dev-C++
CVE-2007-0642
	NOT-FOR-US: Raymond BERTHOU script collection
CVE-2007-0641
	NOT-FOR-US: Shaffer Solutions (SSC)
CVE-2007-0640
	- zabbix 1:1.1.4-8 (bug #409257)
CVE-2007-0639
	NOT-FOR-US: GuppY
CVE-2007-0638
	NOT-FOR-US: PHPFootball
CVE-2007-0637
	NOT-FOR-US: Galeria Zdjec
CVE-2007-0636
	NOT-FOR-US: incron
CVE-2007-0635
	NOT-FOR-US: EncapsCMS
CVE-2007-0634
	NOT-FOR-US: Sun Solaris
CVE-2007-XXXX [kaya buffer overflow, cross-site scripting and data leak]
	- kaya 0.2.0-6 (bug #409062)
CVE-2007-XXXX [file descriptor leak when a Compose file uses the "include" directive]
	- libx11 2:1.0.3-5 (low)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=9279
CVE-2007-0633
	NOT-FOR-US: MyNews
CVE-2007-0632
	NOT-FOR-US: ASP EDGE
CVE-2007-0631
	NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0630
	NOT-FOR-US: xNews
CVE-2007-0629
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-0628
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-0627
	NOT-FOR-US: gtalkbot
CVE-2007-0626
	- drupal 4.7.6-1
CVE-2007-0625
	NOT-FOR-US: NoMachine NX Server
CVE-2007-0624
	NOT-FOR-US: MAXdev MDPro
CVE-2007-0623
	NOT-FOR-US: MAXdev MDPro
CVE-2007-0622
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-0621
	REJECTED
CVE-2007-0620
	NOT-FOR-US: FD Script
CVE-2007-0619
	- chmlib 2:0.39-1 (bug #408603; medium)
CVE-2007-0618
	NOT-FOR-US: IBM AIX
CVE-2007-0617
	NOT-FOR-US: Earthlink TotalAccess
CVE-2007-0616
	NOT-FOR-US: zenphoto
CVE-2007-0615
	NOT-FOR-US: Hitachi
CVE-2007-0614
	NOT-FOR-US: Apple
CVE-2007-0613
	NOT-FOR-US: Apple
CVE-2007-0612
	NOT-FOR-US: Microsoft ActiveX
CVE-2007-0611
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0610
	NOT-FOR-US: CMSimple
CVE-2007-0609
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0608
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0607
	NOT-FOR-US: Web-Agora
CVE-2007-0606
	NOT-FOR-US: Web-Agora
CVE-2007-0605
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0604
	NOT-FOR-US: Movable Type
CVE-2007-0603
	NOT-FOR-US: PGP Desktop
CVE-2007-0602
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-0601
	NOT-FOR-US: Aztek Forum
CVE-2007-0600
	NOT-FOR-US: makit news
CVE-2007-0599
	NOT-FOR-US: Aztek Forum
CVE-2007-0598
	NOT-FOR-US: Aztek Forum
CVE-2007-0597
	NOT-FOR-US: Aztek Forum
CVE-2007-0596
	NOT-FOR-US: Aztek Forum
CVE-2007-0595
	NOT-FOR-US: high5 Review
CVE-2007-0594
	NOT-FOR-US: Siteman
CVE-2007-0593
	NOT-FOR-US: Siteman
CVE-2007-0592
	NOT-FOR-US: EzDatabase
CVE-2007-0591
	NOT-FOR-US: VirtualPath
CVE-2007-0590
	NOT-FOR-US: Forum Livre
CVE-2007-0589
	NOT-FOR-US: Forum Livre
CVE-2007-0588
	NOT-FOR-US: Apple
CVE-2007-0587
	RESERVED
CVE-2007-0586
	RESERVED
CVE-2007-0585
	NOT-FOR-US: Webfwlog
CVE-2007-0584
	NOT-FOR-US: PhP Generic
CVE-2007-0583
	NOT-FOR-US: HTTP Commander
CVE-2007-0582
	NOT-FOR-US: ChernobiLe
CVE-2007-0581
	NOT-FOR-US: EclipseBB
CVE-2007-0580
	NOT-FOR-US: Foro Domus
CVE-2007-0579
	NOT-FOR-US: Horde Groupware
CVE-2007-0578
	- mpg123 0.61-5 (bug #409296; unimportant)
	NOTE: Not much of a security problem; user will abort mpg123 and never listen to
	NOTE: the faulty stream again
CVE-2007-0577
	NOT-FOR-US: ACGVclick
CVE-2007-0576
	NOT-FOR-US: Xt-Stats
CVE-2007-0575
	NOT-FOR-US: ASPCode.net AdMentor
CVE-2007-0574
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2007-0573
	NOT-FOR-US: nsGalPHP
CVE-2007-0572
	NOT-FOR-US: Drunken:Golem Gaming Portal
CVE-2007-0571
	NOT-FOR-US: phpMyReports
CVE-2007-0570
	NOT-FOR-US: Ad Fundum Integratable News Script
CVE-2007-0569
	NOT-FOR-US: xNews
CVE-2007-0568
	NOT-FOR-US: MyPHPCommander
CVE-2007-0567
	NOT-FOR-US: Interactive-Scripts.Com
CVE-2007-0566
	NOT-FOR-US: ASP NEWS
CVE-2007-0565
	NOT-FOR-US: CGI RESCUE
CVE-2007-0564
	NOT-FOR-US: Symantec
CVE-2007-0563
	NOT-FOR-US: Symantec
CVE-2007-0562
	NOT-FOR-US: Windows Explorer
CVE-2007-0561
	NOT-FOR-US: Xero Portal
CVE-2007-0560
	NOT-FOR-US: ASP EDGE
CVE-2007-0559
	NOT-FOR-US: RPW
CVE-2007-0558
	NOT-FOR-US: vHostAdmin
CVE-2007-0557
	NOT-FOR-US: rPath
CVE-2007-0556
	- postgresql-8.2 8.2.2-1
	- postgresql-8.1 8.1.7-1
	- postgresql-7.4 <not-affected> (only PostgreSQL 8.x)
	- postgresql <not-affected> (only PostgreSQL 8.x)
CVE-2007-0555
	{DSA-1261-1}
	- postgresql-8.2 8.2.2-1
	- postgresql-8.1 8.1.7-1
	- postgresql-7.4 1:7.4.16-1
	- postgresql <not-affected> (only transitional package)
CVE-2007-0554
	NOT-FOR-US: Guos Posting System
CVE-2007-0553
	NOT-FOR-US: PHProxy
CVE-2007-0552
	NOT-FOR-US: Onnac
CVE-2007-0551
	NOT-FOR-US: CMSimple
CVE-2007-0550
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0549
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0548
	NOT-FOR-US: KarjaSoft
CVE-2007-0547
	NOT-FOR-US: CGI RESCUE
CVE-2007-0546
	NOT-FOR-US: Toxiclab Shoutbox
CVE-2007-0545
	NOT-FOR-US: Maxtricity Tagger
CVE-2007-0544
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-0543
	NOT-FOR-US: ZixForum
CVE-2007-0542
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0541
	{DTSA-33-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0540
	{DSA-1564-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0539
	{DTSA-33-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0538
	NOT-FOR-US: Telligent
CVE-2007-0537
	- kdelibs 4:3.5.5a.dfsg.1-6 (bug #409868; medium)
CVE-2007-0536
	NOT-FOR-US: rPath
CVE-2007-0535
	NOT-FOR-US: Vote! Pro
CVE-2007-0534
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0533
	NOT-FOR-US: Borland Delphi
CVE-2007-0532
	NOT-FOR-US: Uploader
CVE-2007-0531
	NOT-FOR-US: FreeWebShop
CVE-2007-0530
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0529
	NOT-FOR-US: PHP Link Directory
CVE-2007-0528
	NOT-FOR-US: Centrality Communications
CVE-2007-0527
	NOT-FOR-US: Website Baker
CVE-2007-0526
	NOT-FOR-US: Bitweaver
CVE-2007-0525
	NOT-FOR-US: Mini Web server
CVE-2007-0524
	NOT-FOR-US: LG
CVE-2007-0523
	NOT-FOR-US: Nokia
CVE-2007-0522
	NOT-FOR-US: Motorola
CVE-2007-0521
	NOT-FOR-US: Sony Ericsson
CVE-2007-0520
	NOT-FOR-US: Unique Ads
CVE-2007-0519
	NOT-FOR-US: XMB Host
CVE-2007-0518
	NOT-FOR-US: Scriptsez
CVE-2007-0517
	NOT-FOR-US: Scriptsez
CVE-2007-0516
	NOT-FOR-US: Yana
CVE-2007-0515
	NOT-FOR-US: Microsoft
CVE-2007-0514
	NOT-FOR-US: Hitachi
CVE-2007-0513
	NOT-FOR-US: Hitachi
CVE-2007-0512
	NOT-FOR-US: Hitachi
CVE-2007-0511
	NOT-FOR-US: phpXD
CVE-2007-0510
	- awffull <unfixed> (unimportant)
	NOTE: This appears to be a bug without a vulnerability vector.
CVE-2007-0509
	NOT-FOR-US: MaklerPlus
CVE-2007-0507
	NOT-FOR-US: Drupal module "Acidfree"
CVE-2007-0506
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0505
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0504
	NOT-FOR-US: Vote! Pro
CVE-2007-0503
	NOT-FOR-US: Sun
CVE-2007-0502
	NOT-FOR-US: webSPELL
CVE-2007-0501
	NOT-FOR-US: Advanced Random Generators
CVE-2007-0500
	NOT-FOR-US: Bradabra
CVE-2007-0499
	NOT-FOR-US: phpIndexPage
CVE-2007-0498
	NOT-FOR-US: MySpeach
CVE-2007-0497
	NOT-FOR-US: Upload-Service
CVE-2007-0496
	NOT-FOR-US: Neon Lab
CVE-2007-0495
	NOT-FOR-US: PhpSherpa
CVE-2007-0492
	NOT-FOR-US: webSPELL
CVE-2007-0491
	NOT-FOR-US: MySpeach
CVE-2007-0490
	NOT-FOR-US: Open-Realty
CVE-2007-0489
	NOT-FOR-US: VisoHotlink
CVE-2007-0488
	NOT-FOR-US: Huawei
CVE-2007-0487
	NOT-FOR-US: FreeForum
CVE-2007-0486
	NOT-FOR-US: Openads
CVE-2007-0485
	NOT-FOR-US: Webdev
CVE-2007-0484
	NOT-FOR-US: ReviewPost
CVE-2007-0483
	NOT-FOR-US: ReviewPost
CVE-2007-0482
	NOT-FOR-US: Sun
CVE-2007-0481
	NOT-FOR-US: Cisco
CVE-2007-0480
	NOT-FOR-US: Cisco
CVE-2007-0479
	NOT-FOR-US: Cisco
CVE-2007-0478
	NOT-FOR-US: Apple Safari
CVE-2007-0477
	NOT-FOR-US: Openads
CVE-2007-0476
	- openldap2 <not-affected> (Gentoo packaging bug)
CVE-2007-0475
	- smb4k 0.8.1-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
	NOTE: not all problems fixed in 0.8.0
CVE-2007-0474
	- smb4k 0.8.1-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
	NOTE: not fixed in 0.8.0, see
	NOTE: https://web.archive.org/web/20070712072042/http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769
CVE-2007-0473
	- smb4k 0.8.0-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
CVE-2007-0472
	- smb4k 0.8.0-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
CVE-2007-0508
	- bbclone 0.4.6-8 (bug #408839; medium)
CVE-2007-XXXX [hinfo code injection]
	- hinfo 1.02-3.1 (bug #402316; low)
	[sarge] - hinfo <no-dsa> (Package completely broken, hardly usable for an attack)
CVE-2007-0494
	{DSA-1254-1}
	- bind9 1:9.3.4-2 (medium; bug #408432)
	- bind <not-affected>
CVE-2007-0493
	- bind9 1:9.3.4-2 (medium; bug #408432)
	[sarge] - bind9 <not-affected> (Vulnerable code not present)
	- bind <not-affected>
CVE-2007-XXXX [gstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions]
	- gstreamer0.10-ffmpeg 0.10.1-6
	- gst-ffmpeg 0.8.7-10
	[etch] - ffmpeg 0.cvs20060823-5
	- ffmpeg 0.cvs20060823-6
	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
	- mplayer 1.0~rc1-12
CVE-2007-0471
	NOT-FOR-US: Check Point
CVE-2007-0470
	NOT-FOR-US: Sun Solaris
CVE-2007-0469
	- libgems-ruby 0.9.3-1 (low; bug #408299)
	[etch] - libgems-ruby <no-dsa> (Minor issue, needs implicit trust on installed data)
CVE-2007-0468
	NOT-FOR-US: Visual C++
CVE-2007-0467
	NOT-FOR-US: Apple
CVE-2007-0466
	NOT-FOR-US: Telestream
CVE-2007-0465
	NOT-FOR-US: Apple
CVE-2007-0464
	NOT-FOR-US: CFNetwork on Apple Mac OS
CVE-2007-0463
	NOT-FOR-US: Apple
CVE-2007-0462
	NOT-FOR-US: Apple
CVE-2007-0461
	- dazuko-source <removed> (bug #408300)
	[sarge] - dazuko-source <not-affected> (Vulnerable code not present)
CVE-2007-0460
	- ulogd 1.23-6 (medium)
CVE-2007-0459
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0458
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0457
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0456
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0455
	{DSA-1936-1}
	- libgd2 2.0.35.dfsg-1 (bug #408982; low)
	[sarge] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
	[etch] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
CVE-2007-0454
	{DSA-1257}
	- samba 3.0.23d-5 (medium)
CVE-2007-0453
	- samba <not-affected> (Solaris-specific vulnerability)
CVE-2007-0452
	{DSA-1257}
	- samba 3.0.23d-5 (low)
CVE-2007-0450
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.23-1 (unimportant)
	NOTE: This only adds an additional control settings for path delimiters, the
	NOTE: necessary proxies still need to be secured or fixed individually (e.g.
	NOTE: as done for mod_jk in a DSA
CVE-2007-0449
	NOT-FOR-US: CA BrightStor
CVE-2007-0448
	- php5 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2007-0447
	NOT-FOR-US: Symantec
CVE-2007-0446
	NOT-FOR-US: HP Mercury
CVE-2007-0445
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-0444
	NOT-FOR-US: Citrix
CVE-2007-0443
	NOT-FOR-US: GraceNote ActiveX Control
CVE-2007-0442
	NOT-FOR-US: IBM OS/400
CVE-2007-0441
	NOT-FOR-US: OpenView Network Node Manager
CVE-2007-0440
	RESERVED
CVE-2007-0439
	RESERVED
CVE-2007-0438
	RESERVED
CVE-2007-0437
	NOT-FOR-US: InterSystems Cache
CVE-2007-0436
	NOT-FOR-US: X-Kryptor
CVE-2007-0435
	NOT-FOR-US: T-Com Speedport
CVE-2007-0434
	NOT-FOR-US: BEA
CVE-2007-0433
	NOT-FOR-US: BEA
CVE-2007-0432
	NOT-FOR-US: BEA
CVE-2007-0431
	NOT-FOR-US: AVM
CVE-2007-0430
	NOT-FOR-US: Apple Mac OS
CVE-2007-0429
	NOT-FOR-US: DivX Web Player
CVE-2007-0428
	- wzdftpd 0.8.1-1 (medium)
CVE-2007-0427
	NOT-FOR-US: Microsoft
CVE-2007-0426
	NOT-FOR-US: BEA
CVE-2007-0425
	NOT-FOR-US: BEA
CVE-2007-0424
	NOT-FOR-US: BEA
CVE-2007-0423
	NOT-FOR-US: BEA
CVE-2007-0422
	NOT-FOR-US: BEA
CVE-2007-0421
	NOT-FOR-US: BEA
CVE-2007-0420
	NOT-FOR-US: BEA
CVE-2007-0419
	NOT-FOR-US: BEA
CVE-2007-0418
	NOT-FOR-US: BEA
CVE-2007-0417
	NOT-FOR-US: BEA
CVE-2007-0416
	NOT-FOR-US: BEA
CVE-2007-0415
	NOT-FOR-US: BEA
CVE-2007-0414
	NOT-FOR-US: BEA
CVE-2007-0413
	NOT-FOR-US: BEA
CVE-2007-0412
	NOT-FOR-US: BEA
CVE-2007-0411
	NOT-FOR-US: BEA
CVE-2007-0410
	NOT-FOR-US: BEA
CVE-2007-0409
	NOT-FOR-US: BEA
CVE-2007-0408
	NOT-FOR-US: BEA
CVE-2007-0407
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0406
	- gxine 0.5.8-2 (medium; bug #405876)
CVE-2007-0405
	- python-django 0.95.1-1 (bug #407786)
CVE-2007-0404
	- python-django 0.95.1-1 (bug #407786)
CVE-2007-0403
	NOT-FOR-US: Easebay Resources
CVE-2007-0402
	NOT-FOR-US: Easebay Resources
CVE-2007-0401
	NOT-FOR-US: Easebay Resources
CVE-2007-0400
	NOT-FOR-US: Easebay Resources
CVE-2007-0399
	NOT-FOR-US: Simple Machines Forum
CVE-2007-0398
	NOT-FOR-US: MisterSPa-forum
CVE-2007-XXXX [wordpress unregister_globals workaround from 2.0.7]
	- wordpress 2.0.7 (bug #407116; unimportant)
	NOTE: Non-issue, hash issue fixed since months in Sarge and Etch,
	NOTE: register_globals unsupported anyway
CVE-2007-0397
	NOT-FOR-US: Cisco
CVE-2007-0396
	NOT-FOR-US: HP-UX
CVE-2007-0395
	NOT-FOR-US: ComVironment
CVE-2007-0394
	NOT-FOR-US: HP-UX
CVE-2007-0393
	NOT-FOR-US: Sun Solaris
CVE-2007-0392
	NOT-FOR-US: IBM AIX
CVE-2007-0391
	NOT-FOR-US: BitDefender
CVE-2007-0390
	NOT-FOR-US: sabros.us
CVE-2007-0389
	NOT-FOR-US: ArsDigita Community System
CVE-2007-0388
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-0387
	NOT-FOR-US: Joomla!
CVE-2007-0386
	NOT-FOR-US: PostNuke
CVE-2007-0385
	NOT-FOR-US: PostNuke
CVE-2007-0384
	NOT-FOR-US: PostNuke
CVE-2007-0383
	NOT-FOR-US: WDaemon
CVE-2007-0382
	NOT-FOR-US: Letterman 1.2.3 (com_letterman) component for Joomla!
CVE-2007-0381
	NOT-FOR-US: ATutor
CVE-2007-0380
	NOT-FOR-US: DocMan
CVE-2007-0379
	NOT-FOR-US: DocMan
CVE-2007-0378
	NOT-FOR-US: DocMan
CVE-2007-0377
	NOT-FOR-US: Xoops
CVE-2007-0376
	NOT-FOR-US: Virtuemart
CVE-2007-0375
	NOT-FOR-US: Joomla!
CVE-2007-0374
	- mambo 4.6.1-5 (bug #407995; low)
CVE-2007-0373
	NOT-FOR-US: Joomla!
CVE-2007-0372
	NOT-FOR-US: PHP-Nuke
CVE-2007-0371
	NOT-FOR-US: Common Controls Replacement Project (CCRP)
CVE-2007-0370
	NOT-FOR-US: phpBP
CVE-2007-0369
	NOT-FOR-US: phpBP
CVE-2007-0368
	NOT-FOR-US: mbse
CVE-2007-0367
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0366
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0365
	NOT-FOR-US: All In One Control Panel
CVE-2007-0364
	NOT-FOR-US: nicecoder.com INDEXU
CVE-2007-XXXX [libjabber DoS]
	- centericq 4.21.0-18 (unimportant; bug #406982)
	NOTE: Affected function isn't used in the source
CVE-2007-XXXX [python-django flup/FastCGI/debugging issue]
	- python-django 0.95.1-1 (bug #407607)
CVE-2007-XXXX [gstreamer-ffmpeg unspecified issue related to sps and pps ids]
	- gstreamer0.10-ffmpeg 0.10.1-5
	- gst-ffmpeg 0.8.7-9
	- mplayer 1.0~rc1-12
	[etch] - ffmpeg 0.cvs20060823-5
	- ffmpeg 0.cvs20060823-6
	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
CVE-2007-XXXX [netpbm heap corruption]
	- netpbm-free 2:10.0-11 (bug #407605)
CVE-2007-0363
	NOT-FOR-US: Openads
CVE-2007-0362
	NOT-FOR-US: FreshReader
CVE-2007-0361
	NOT-FOR-US: PHPMyphorum
CVE-2007-0360
	NOT-FOR-US: Oreon
CVE-2007-0359
	NOT-FOR-US: Travelsized CMS
CVE-2007-0358
	NOT-FOR-US: HP Jetdirect
CVE-2007-0357
	NOT-FOR-US: AVM
CVE-2007-0356
	NOT-FOR-US: Common Controls Replacement Project (CCRP)
CVE-2007-0355
	NOT-FOR-US: Apple
CVE-2007-0354
	NOT-FOR-US: MGB OpenSource Guestbook
CVE-2007-0353
	NOT-FOR-US: myBloggie
CVE-2007-0352
	NOT-FOR-US: Microsoft
CVE-2007-0351
	NOT-FOR-US: Microsoft
CVE-2007-0350
	NOT-FOR-US: FileMailer
CVE-2007-0349
	NOT-FOR-US: INDEXU
CVE-2007-0348
	NOT-FOR-US: ActiveX control in InterActual Player
CVE-2007-0347
	- cvstrac 2.0.1-1
	[etch] - cvstrac <not-affected> (Vulnerable code not present)
	[sarge] - cvstrac <not-affected> (Vulnerable code not present)
	NOTE: the vulnerable code can't be found on other places in 1.1.5 and also similar things
	NOTE: are done like using %q instead of %s for user supplied data
CVE-2007-0346
	NOT-FOR-US: FileMailer
CVE-2007-0345
	NOT-FOR-US: Apple
CVE-2007-0344
	- colloquy <removed>
CVE-2007-0343
	NOT-FOR-US: OpenBSD
CVE-2007-0342
	NOT-FOR-US: Apple WebKit
CVE-2007-0341
	- phpmyadmin 4:2.9.1.1-2 (medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-0340
	NOT-FOR-US: ThWboard
CVE-2007-0339
	NOT-FOR-US: FileMailer
CVE-2007-0338
	NOT-FOR-US: BolinTech Dream FTP Server
CVE-2007-0337
	NOT-FOR-US: KGB
CVE-2007-0336
	NOT-FOR-US: Rixstep
CVE-2007-0335
	NOT-FOR-US: Jax Petition Book
CVE-2007-0334
	NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0333
	NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0332
	NOT-FOR-US: liens_dynamiques
CVE-2007-0331
	NOT-FOR-US: liens_dynamiques
CVE-2007-0330
	NOT-FOR-US: Ipswitch WS_FTP
CVE-2007-0329
	NOT-FOR-US: Joonas Viljanen JV2 Folder Gallery
CVE-2007-0328
	NOT-FOR-US: Macrovision
CVE-2007-0327
	RESERVED
CVE-2007-0326
	NOT-FOR-US: PNI Digital Media Photo Upload
CVE-2007-0325
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2007-0324
	NOT-FOR-US: LizardTech DjVu Browser Plug-in
CVE-2007-0323
	NOT-FOR-US: Research In Motion (RIM) TeamOn Import Object ActiveX control
CVE-2007-0322
	NOT-FOR-US: Intuit QuickBooks
CVE-2007-0321
	NOT-FOR-US: FLEXnet Connect
CVE-2007-0320
	NOT-FOR-US: InstallFromTheWeb
CVE-2007-0319
	NOT-FOR-US: Motive ActiveEmailTest
CVE-2007-0318
	NOT-FOR-US: Apple Mac OS
CVE-2007-0317
	- filezilla 3.0.0~beta2-3 (medium; bug #407683)
CVE-2007-0316
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0315
	- filezilla <not-affected> (fixed before the first Debian upload)
CVE-2007-0314
	NOT-FOR-US: Article System
CVE-2007-0313
	- gosa 2.5.8-1 (medium)
	[etch] - gosa 2.5.6-2.1
CVE-2007-0312
	NOT-FOR-US: wcSimple
CVE-2007-0311
	NOT-FOR-US: Texas Imperial Software WFTPD Pro Server
CVE-2007-0310
	NOT-FOR-US: BMC Software
CVE-2007-0309
	NOT-FOR-US: PHP-Nuke
CVE-2007-0308
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0307
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0306
	NOT-FOR-US: Digiappz
CVE-2007-0305
	NOT-FOR-US: Okul Merkezi Portal
CVE-2007-0304
	NOT-FOR-US: MiNT Haber Sistemi
CVE-2007-0303
	NOT-FOR-US: Zina
CVE-2007-0302
	NOT-FOR-US: InstantASP
CVE-2007-0301
	NOT-FOR-US: FdWeB
CVE-2007-0300
	NOT-FOR-US: TLM CMS
CVE-2007-0299
	NOT-FOR-US: Apple Mac OS
CVE-2007-0298
	NOT-FOR-US: LunarPoll
CVE-2007-0297
	NOT-FOR-US: Oracle
CVE-2007-0296
	NOT-FOR-US: Oracle
CVE-2007-0295
	NOT-FOR-US: Oracle
CVE-2007-0294
	NOT-FOR-US: Oracle
CVE-2007-0293
	NOT-FOR-US: Oracle
CVE-2007-0292
	NOT-FOR-US: Oracle
CVE-2007-0291
	NOT-FOR-US: Oracle
CVE-2007-0290
	NOT-FOR-US: Oracle
CVE-2007-0289
	NOT-FOR-US: Oracle
CVE-2007-0288
	NOT-FOR-US: Oracle
CVE-2007-0287
	NOT-FOR-US: Oracle
CVE-2007-0286
	NOT-FOR-US: Oracle
CVE-2007-0285
	NOT-FOR-US: Oracle
CVE-2007-0284
	NOT-FOR-US: Oracle
CVE-2007-0283
	NOT-FOR-US: Oracle
CVE-2007-0282
	NOT-FOR-US: Oracle
CVE-2007-0281
	NOT-FOR-US: Oracle
CVE-2007-0280
	NOT-FOR-US: Oracle
CVE-2007-0279
	NOT-FOR-US: Oracle
CVE-2007-0278
	NOT-FOR-US: Oracle
CVE-2007-0277
	NOT-FOR-US: Oracle
CVE-2007-0276
	NOT-FOR-US: Oracle
CVE-2007-0275
	NOT-FOR-US: Oracle
CVE-2007-0274
	NOT-FOR-US: Oracle
CVE-2007-0273
	NOT-FOR-US: Oracle
CVE-2007-0272
	NOT-FOR-US: Oracle
CVE-2007-0271
	NOT-FOR-US: Oracle
CVE-2007-0270
	NOT-FOR-US: Oracle
CVE-2007-0269
	NOT-FOR-US: Oracle
CVE-2007-0268
	NOT-FOR-US: Oracle
CVE-2007-0267
	NOT-FOR-US: UFS filesystem on MacOS/FreeBSD
CVE-2007-0266
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0265
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0264
	NOT-FOR-US: Winzip
CVE-2007-0263
	NOT-FOR-US: Total Commander
CVE-2007-0262
	{DTSA-33-1}
	- wordpress 2.0.8-1 (bug #407289)
CVE-2007-0261
	NOT-FOR-US: sNews
CVE-2007-0260
	NOT-FOR-US: Naig
CVE-2007-0259
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0258
	NOT-FOR-US: Fastilo
CVE-2007-0257
	- kernel-patch-grsecurity2 2.1.10-1 (bug #407350)
	NOTE: exploitable as per http://grsecurity.net/pipermail/grsecurity/2007-January/000830.html
CVE-2007-0256
	- vlc 0.8.6.c-1 (unimportant; bug #407290)
CVE-2007-0255
	NOTE: I've been looking into this, but I can't find a copy of the VLC code anywhere
	NOTE: This appears to be a generic crash
CVE-2007-0254
	- xine-ui 0.99.4+dfsg+cvs20061111-1 (low; bug #407369)
	NOTE: If've verified the Etch version to contain the necessary format strings
CVE-2007-0253
	- kernel-patch-grsecurity2 2.1.10-1 (unimportant; bug #407350)
	NOTE: See CVE-2007-0257
CVE-2007-0252
	NOT-FOR-US: easy-content
CVE-2007-0251
	- snort <not-affected> (DecodeGRE function not in unstable version)
	NOTE: unstable contains version 2.3.3-11, and the last upstream is 2.6.1.2
	NOTE: This is fixed in upstream CVS so it's very likely to never affect Debian.
CVE-2007-0250
	NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0249
	NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0247
	- squid 2.6.5-4 (low)
	[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-0246
	{DSA-1297-1}
	- gforge-plugin-scmcvs 4.5.14-6
CVE-2007-0245
	{DSA-1307-1}
	- openoffice.org 2.2.1~rc1-1
	[lenny] - openoffice.org 2.0.4.dfsg.2-7etch1
CVE-2007-0244
	{DSA-1288-2 DSA-1288-1}
	- pptpd 1.3.4-1
CVE-2007-0243
	- sun-java5 1.5.0-10-1
CVE-2007-0242
	{DSA-1292-1}
	- qt4-x11 4.2.2-2
	- qt-x11-free 3:3.3.7-4
CVE-2007-0241
	RESERVED
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0240
	{DSA-1275-1}
	- zope2.9 2.9.7-1
	[etch] - zope2.9 2.9.6-4etch1
CVE-2007-0239
	{DSA-1270-1}
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
CVE-2007-0238
	{DSA-1270-1}
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
CVE-2007-0237
	{DSA-1269-1}
	- lookup-el 1.4-5 (low)
CVE-2007-0236
	NOT-FOR-US: Mac OS X
CVE-2007-0235
	{DSA-1255-1}
	- libgtop2 2.14.4-3 (medium; bug #407020)
	NOTE: libgtop does not contain the affected code.
CVE-2007-0234
	REJECTED
CVE-2007-0233
	- wordpress 2.1.0-1 (unimportant)
	NOTE: This is argubly a php bug, CVE-2006-3017
CVE-2007-0232
	NOT-FOR-US: Jshop Server
CVE-2007-0231
	NOT-FOR-US: Movable Type
CVE-2007-0230
	NOT-FOR-US: CS-Cart
CVE-2007-0229
	NOT-FOR-US: MacOS X
CVE-2007-0228
	NOT-FOR-US: EIQ Networks Network Security Analyzer
CVE-2007-0227
	- slocate 3.1-1.1 (bug #411937; low)
	[sarge] - slocate <not-affected> (Performs correct access checks)
	[etch] - slocate <no-dsa> (Minor issue)
	NOTE: slocate will allow users to find files in directories with the
	NOTE: executable bit set but without the readable bit set. This is
	NOTE: an information leak.
CVE-2007-0226
	NOT-FOR-US: uniForum
CVE-2007-0225
	NOT-FOR-US: Shopping Cart
CVE-2007-0224
	NOT-FOR-US: Shopping Cart
CVE-2007-0223
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0222
	NOT-FOR-US: Oracle Application Server
CVE-2007-0221
	NOT-FOR-US: Microsoft
CVE-2007-0220
	NOT-FOR-US: Microsoft
CVE-2007-0219
	NOT-FOR-US: Microsoft
CVE-2007-0218
	NOT-FOR-US: Microsoft
CVE-2007-0217
	NOT-FOR-US: Microsoft
CVE-2007-0216
	NOT-FOR-US: Microsoft Office
CVE-2007-0215
	NOT-FOR-US: Microsoft Excel
CVE-2007-0214
	NOT-FOR-US: Microsoft
CVE-2007-0213
	NOT-FOR-US: Microsoft
CVE-2007-0212
	REJECTED
CVE-2007-0211
	NOT-FOR-US: Microsoft
CVE-2007-0210
	NOT-FOR-US: Microsoft
CVE-2007-0209
	NOT-FOR-US: Microsoft
CVE-2007-0208
	NOT-FOR-US: Microsoft
CVE-2007-0207
	REJECTED
CVE-2007-0206
	NOT-FOR-US: OpenView Network Node Manager
CVE-2007-XXXX [udev wrong permissions on raid devices]
	- udev 0.105-2 (bug #404927)
	[sarge] - udev <not-affected> (Doesn't affect Sarge)
CVE-2007-XXXX [yacas insecure rpath]
	- yacas 1.0.57-3 (bug #399226; bug #399227; low)
CVE-2007-0248
	- squid 2.6.5-4 (low; bug #407202)
	[sarge] - squid <not-affected> (Vulnerable code not present)
	NOTE: reference - http://secunia.com/advisories/23767/
CVE-2007-XXXX [bcfg2 password disclosure]
	- bcfg2 0.8.7.3-1 (low; bug #406285)
	[etch] - bcfg2 0.8.6.1-1.1etch1
CVE-2007-XXXX [mysql 5.0 several DoS vulns]
	- mysql-dfsg-5.0 5.0.32-1
CVE-2007-0205
	NOT-FOR-US: @alex
CVE-2007-0204
	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
CVE-2007-0203
	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: duplicate of CVE-2006-6374?
CVE-2007-0202
	NOT-FOR-US: @lex
CVE-2007-0201
	NOT-FOR-US: TIS
CVE-2007-0200
	NOT-FOR-US: Geoffrey Golliher Axiom Photo/News Gallery
CVE-2007-0199
	NOT-FOR-US: Cisco
CVE-2007-0198
	NOT-FOR-US: Cisco
CVE-2007-0197
	NOT-FOR-US: Apple Mac OS
CVE-2007-0196
	NOT-FOR-US: Motionborg Web Real Estate
CVE-2007-0195
	NOT-FOR-US: F5
CVE-2007-0194
	NOT-FOR-US: MKPortal
CVE-2007-0193
	NOT-FOR-US: FON La Fonera
CVE-2007-0192
	NOT-FOR-US: MKPortal
CVE-2007-0191
	NOT-FOR-US: MKPortal
CVE-2007-0190
	NOT-FOR-US: edit-x ecommerce
CVE-2007-0189
	NOT-FOR-US: GeoBB
CVE-2007-0188
	NOT-FOR-US: F5
CVE-2007-0187
	NOT-FOR-US: F5
CVE-2007-0186
	NOT-FOR-US: F5
CVE-2007-0185
	NOT-FOR-US: Getahead
CVE-2007-0184
	NOT-FOR-US: Getahead
CVE-2007-0183
	NOT-FOR-US: iPlanet Web
CVE-2007-0182
	NOT-FOR-US: Magic photo storage website
CVE-2007-0181
	NOT-FOR-US: Magic Photo Storage website
CVE-2007-0180
	NOT-FOR-US: EF Commander
CVE-2007-0179
	NOT-FOR-US: PHPKIT
CVE-2007-0178
	NOT-FOR-US: Easy Banner Pro
CVE-2007-0177
	- mediawiki 1.7.1-6 (bug #406238; medium)
	NOTE: vendor advisory: http://sourceforge.net/forum/forum.php?forum_id=652721
CVE-2007-0176
	{DSA-1475-1}
	- gforge 4.6.99+svn6347-1 (low; bug #406244)
	[sarge] - gforge <not-affected> (Vulnerable code not present)
CVE-2007-0175
	{DSA-1568-1}
	- b2evolution 0.9.2-4 (bug #410568; low)
CVE-2007-0174
	NOT-FOR-US: Sina UC2006
CVE-2007-0173
	NOT-FOR-US: L2J Statistik Script
CVE-2007-0172
	NOT-FOR-US: AllMyGuest
CVE-2007-0171
	NOT-FOR-US: AllMyLinks
CVE-2007-0170
	NOT-FOR-US: AllmyVisitors
CVE-2007-0169
	NOT-FOR-US: Computer Associates (CA)
CVE-2007-0168
	NOT-FOR-US: Computer Associates (CA)
CVE-2007-0167
	NOT-FOR-US: PPC Search
CVE-2007-0166
	- kfreebsd-5 <not-affected>
CVE-2007-0165
	NOT-FOR-US: Solaris
CVE-2007-0164
	NOT-FOR-US: Camouflage
CVE-2007-0163
	NOT-FOR-US: Steganography
CVE-2007-0162
	NOT-FOR-US: Mac OS X
CVE-2007-0161
	NOT-FOR-US: HP all-in-one drivers
CVE-2007-0160
	- centericq 4.21.0-17 (low)
	[sarge] - centericq <no-dsa> (Not exploitable with official LiveJournal server)
	NOTE: The bug really exist but, is not exploitable because the LiveJournal server
	NOTE: has a length restriction on both the username (15 characters) and the real name
	NOTE: (50 characters). In my opnion is only exploitable if the user try connect in
	NOTE: fake LiveJournal server. All version of Debian centericq packages have a
	NOTE: compromised code.
CVE-2007-0159
	- geoip 1.3.17-1.1 (bug #406628; low)
	[sarge] - geoip <no-dsa> (Minor issue)
CVE-2007-0158
	RESERVED
CVE-2007-0157
	- neon26 0.26.2-3.1 (medium; bug #404723)
	NOTE: neon25 doesn't have the uri_lookup macro
CVE-2007-0156
	NOT-FOR-US: M-Core
CVE-2007-0155
	NOT-FOR-US: HarikaOnline
CVE-2007-0154
	NOT-FOR-US: Webulas
CVE-2007-0153
	NOT-FOR-US: AJLogin
CVE-2007-0152
	NOT-FOR-US: OhhASP
CVE-2007-0151
	NOT-FOR-US: MitiSoft
CVE-2007-0150
	NOT-FOR-US: Dayfox
CVE-2007-0149
	NOT-FOR-US: EMembersPro
CVE-2007-0148
	NOT-FOR-US: OminiGroup
CVE-2007-0147
	NOT-FOR-US: Cuyahoga
CVE-2007-0146
	NOT-FOR-US: Fix and Chips
CVE-2007-0145
	NOT-FOR-US: BinGoPHP
CVE-2007-0144
	NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM
CVE-2007-0143
	NOT-FOR-US: NUNE News
CVE-2007-0142
	NOT-FOR-US: ShopStoreNow
CVE-2007-0141
	NOT-FOR-US: YALD
CVE-2007-0140
	NOT-FOR-US: Kolayindir
CVE-2007-0139
	NOT-FOR-US: DECnet-Plus
CVE-2007-0138
	NOT-FOR-US: Formbankserver
CVE-2007-0137
	NOT-FOR-US: Serene Bach
CVE-2007-0136
	- drupal 4.7.5-1
	NOTE: vendor advisory: http://drupal.org/node/104233 - DRUPAL-SA-2007-001
CVE-2007-0135
	NOT-FOR-US: Aratix
CVE-2007-0134
	NOT-FOR-US: IG Shop
CVE-2007-0133
	NOT-FOR-US: IG Shop
CVE-2007-0132
	NOT-FOR-US: IG Shop
CVE-2007-0131
	NOT-FOR-US: JAMWiki
CVE-2007-0130
	NOT-FOR-US: iG Calendar
CVE-2007-0129
	NOT-FOR-US: LocazoList
CVE-2007-0128
	NOT-FOR-US: Digirez
CVE-2007-0127
	NOT-FOR-US: Opera
CVE-2007-0126
	NOT-FOR-US: Opera
CVE-2007-0125
	NOT-FOR-US: Kaspersky Labs
CVE-2007-0124
	- drupal 4.7.5-1 (low)
CVE-2007-0123
	NOT-FOR-US: Uber Uploader
CVE-2007-0122
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0121
	NOT-FOR-US: RI Blog
CVE-2007-0120
	NOT-FOR-US: Acunetix Web Vulnerability Scanner
CVE-2007-0119
	NOT-FOR-US: EditTag
CVE-2007-0118
	NOT-FOR-US: EditTag
CVE-2007-0117
	NOT-FOR-US: Mac OS
CVE-2007-0116
	NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2007-0115
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0114
	NOT-FOR-US: Sun Java System Content Delivery Server
CVE-2007-0113
	NOT-FOR-US: PacketWise
CVE-2007-0112
	NOT-FOR-US: createauction
CVE-2007-0111
	NOT-FOR-US: PocketPC
CVE-2007-0110
	NOT-FOR-US: Novell Access Manager
CVE-2007-0109
	- wordpress 2.0.6-1 (low)
	NOTE: http://trac.wordpress.org/changeset/4665
CVE-2007-0108
	NOT-FOR-US: Novell Client
CVE-2007-0105
	NOT-FOR-US: Cisco
CVE-2007-0104
	- kdegraphics 4:3.5.5-3 (unimportant)
	- koffice <unfixed> (unimportant)
	- poppler 0.4.5-5.1 (unimportant)
	- xpdf 3.02 (bug #406852; unimportant)
	- swftools <not-affected> (first version that entered the archive is based on xpdf 3.02)
	NOTE: hardly a security issue; if someone sends someone a crafted PDF file triggering
	NOTE: such an endless loop the user will simply abort kpdf and never look at
	NOTE: that file again, this is only denial of service by a _very_ far stretch
	NOTE: of imagination. I suppose KDE Security only issued an update for it
	NOTE: because the shared underlying code was part of the Month of Apple Bugs
	NOTE: and they wanted to debunk claims of code injection.
CVE-2007-0103
	NOT-FOR-US: Acrobat Reader
CVE-2007-0102
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0101
	NOT-FOR-US: SPINE
CVE-2007-0100
	NOT-FOR-US: Perforce
CVE-2007-0099
	NOT-FOR-US: Microsoft
CVE-2007-0098
	NOT-FOR-US: VerliAdmin
CVE-2007-0097
	NOT-FOR-US: ConeXware PowerArchive
CVE-2007-0096
	NOT-FOR-US: Carbon Communities
CVE-2007-0095
	- phpmyadmin 4:2.9.1.1-1 (bug #399329; unimportant)
	NOTE: Only path disclosure
CVE-2007-0094
	NOT-FOR-US: Sven Moderow GuestBook
CVE-2007-0093
	NOT-FOR-US: Simple Web Content Management System
CVE-2007-0092
	NOT-FOR-US: E-SMARTCART
CVE-2007-0091
	NOT-FOR-US: newsCMSlite
CVE-2007-0090
	NOT-FOR-US: WineGlass
CVE-2007-0089
	NOT-FOR-US: jgbbs
CVE-2007-0088
	NOT-FOR-US: openmedia
CVE-2007-0087
	NOT-FOR-US: Microsoft IIS
CVE-2007-0086
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
CVE-2007-0085
	NOT-FOR-US: OpenBSD VGA wscons driver
CVE-2007-0084
	NOT-FOR-US: Windows NT
CVE-2007-0083
	NOT-FOR-US: Nuked Klan
CVE-2007-0082
	NOT-FOR-US: IMGallery
CVE-2007-0081
	NOT-FOR-US: Sunbelt Kerio Personal Firewall
CVE-2007-0080
	- freeradius <unfixed> (unimportant)
	NOTE: Data triggering the buffer overflow can only be controlled by root
CVE-2007-0079
	NOT-FOR-US: rblog
CVE-2007-0078
	NOT-FOR-US: BattleBlog
CVE-2007-0077
	NOT-FOR-US: lblog
CVE-2007-0076
	NOT-FOR-US: Openforum
CVE-2007-0075
	NOT-FOR-US: AspBB
CVE-2007-0074
	NOT-FOR-US: Trend Micro
CVE-2007-0073
	NOT-FOR-US: Trend Micro
CVE-2007-0072
	NOT-FOR-US: Trend Micro
CVE-2007-0071
	- flashplugin-nonfree 1:1.4
	NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change
CVE-2007-0070
	RESERVED
CVE-2007-0069
	NOT-FOR-US: Microsoft Windows
CVE-2007-0068
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-0067
	NOT-FOR-US: Lotus Domino Server
CVE-2007-0066
	NOT-FOR-US: Microsoft Windows
CVE-2007-0065
	NOT-FOR-US: Microsoft Windows
CVE-2007-0064
	NOT-FOR-US: Windows
CVE-2007-0063
	- vmware-package 0.16
CVE-2007-0062
	- vmware-package 0.16
CVE-2007-0061
	- vmware-package 0.16
CVE-2007-0060
	NOT-FOR-US: CA
CVE-2007-0059
	NOT-FOR-US: Apple Quicktime
CVE-2007-0058
	NOT-FOR-US: Cisco
CVE-2007-0057
	NOT-FOR-US: Cisco
CVE-2007-0056
	NOT-FOR-US: AShop Deluxe
CVE-2007-0055
	NOT-FOR-US: Formbankserver
CVE-2007-0054
	NOT-FOR-US: Belchior Foundry vCard PRO
CVE-2007-0053
	NOT-FOR-US: ASP SiteWare autoDealer
CVE-2007-0052
	NOT-FOR-US: Vizayn Haber
CVE-2007-0051
	NOT-FOR-US: Apple iPhoto
CVE-2007-0106
	- wordpress 2.0.6-1 (bug #405691; medium)
	NOTE: http://www.hardened-php.net/advisory_022007.141.html
CVE-2007-0107
	- wordpress 2.0.6-1 (bug #405691; medium)
	NOTE: http://www.hardened-php.net/advisory_012007.140.html
CVE-2007-0050
	NOT-FOR-US: OpenPinboard
CVE-2007-0049
	NOT-FOR-US: TaskTracker
CVE-2007-0048
	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
CVE-2007-0047
	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
CVE-2007-0046
	NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0045
	{DSA-1336-1}
	NOT-FOR-US: Adobe Acrobat Reader Plugin
	NOTE: a fix for this is also in iceweasle 2.0.0.2+dfsg-1 (MFSA-2007-02)
	NOTE: and icape 1.0.8-1
CVE-2007-0044
	NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0043
	NOT-FOR-US: Microsoft .NET
CVE-2007-0042
	NOT-FOR-US: Microsoft .NET
CVE-2007-0041
	NOT-FOR-US: Microsoft .NET
CVE-2007-0040
	NOT-FOR-US: Microsoft Windows
CVE-2007-0039
	NOT-FOR-US: Microsoft
CVE-2007-0038
	NOT-FOR-US: Microsoft
CVE-2007-0037
	REJECTED
CVE-2007-0036
	REJECTED
CVE-2007-0035
	NOT-FOR-US: Microsoft Word
CVE-2007-0034
	NOT-FOR-US: Microsoft Outlook
CVE-2007-0033
	NOT-FOR-US: Microsoft Outlook
CVE-2007-0032
	REJECTED
CVE-2007-0031
	NOT-FOR-US: Microsoft Excel
CVE-2007-0030
	NOT-FOR-US: Microsoft Excel
CVE-2007-0029
	NOT-FOR-US: Microsoft Excel
CVE-2007-0028
	NOT-FOR-US: Microsoft Excel
CVE-2007-0027
	NOT-FOR-US: Microsoft Excel
CVE-2007-0026
	NOT-FOR-US: Microsoft
CVE-2007-0025
	NOT-FOR-US: Microsoft
CVE-2007-0024
	NOT-FOR-US: Microsoft IE
CVE-2007-0023
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0022
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0021
	NOT-FOR-US: Apple iChat
CVE-2007-0020
	NOT-FOR-US: Panic Transmit
CVE-2007-0019
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0018
	NOT-FOR-US: NCTAudioFile2 ActiveX control
CVE-2007-0017
	{DSA-1252-1}
	- vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium)
CVE-2007-0016
	NOT-FOR-US: MoviePlay
CVE-2007-XXXX [webcam-server unspecified vulnerability]
	- webcam-server 0.50-2
CVE-2007-0015
	NOT-FOR-US: Apple Quicktime
CVE-2007-0014
	NOT-FOR-US: ChainKey Java Code Protection
CVE-2007-0013
	RESERVED
CVE-2007-0012
	- sun-java5 <removed> (unimportant)
	- sun-java6 <removed> (unimportant)
	- openjdk-6 <removed> (unimportant)
	NOTE: not a security issue, browser dos treated as regular bugs, also likely Windows-specific
CVE-2007-0011
	NOT-FOR-US: Citrix Access Gateway
CVE-2007-0010
	{DSA-1256-1}
	- gtk+2.0 2.8.20-5
CVE-2007-0009
	{DSA-1336-1}
	NOTE: MFSA-2007-06
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	- icedove 1.5.0.10.dfsg1-1
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0008
	{DSA-1336-1}
	NOTE: MFSA-2007-06
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	- icedove 1.5.0.10.dfsg1-1
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0007
	- gnucash 2.0.5-1 (bug #411942; medium)
CVE-2007-0006
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0005
	{DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-0004
	NOTE: if security relevant at all, it's 2.4.* only
	- linux-2.6 <not-affected> (2.4 only)
CVE-2007-0003
	- pam <not-affected> (Only pam 0.99.7 affected)
CVE-2007-0002
	{DSA-1270-1 DSA-1268-1}
	- libwpd 0.8.9-1
	NOTE: openoffice.org changelog indicates libwpd is included but not used
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
	[etch] - libwpd 0.8.7-6
CVE-2007-0001
	- linux-2.6 <not-affected> (Red Hat specific vulnerability)