path: root/data/CVE/2008.list

CVE-2008-7320
	- seahorse <unfixed> (unimportant)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774
	NOTE: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/189774/comments/13
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=551036
	NOTE: Explicitly a design decision by upstream and not considered a security issue
CVE-2008-7319
	- libnet-ping-external-perl <removed> (bug #881097)
	[wheezy] - libnet-ping-external-perl <ignored> (Package may be removed from Wheezy, see #881102)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=33230
	NOTE: Proposed patch: http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch
CVE-2008-7318
	RESERVED
CVE-2008-7317
	RESERVED
CVE-2008-7316
	- linux <not-affected> (Issue fixed before the src:linux-2.6 rename)
	- linux-2.6 2.6.25-1
	NOTE: https://git.kernel.org/linus/124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 (v2.6.25-rc1)
CVE-2008-7315
	- libui-dialog-perl 1.21-0.1 (bug #496448)
	[jessie] - libui-dialog-perl <no-dsa> (Minor issue)
	[wheezy] - libui-dialog-perl <no-dsa> (Minor issue)
	[squeeze] - libui-dialog-perl <no-dsa> (Minor issue)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=107364
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/2
CVE-2008-7314
	RESERVED
CVE-2008-7313
	{DSA-3248-1 DLA-357-1}
	- libphp-snoopy 2.0.0-1 (bug #778634)
	NOTE: additional commit missing, so fix for CVE-2008-4796 was incomplete
	NOTE: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27
CVE-2008-7312
	NOT-FOR-US: Websense
CVE-2008-7311
	NOT-FOR-US: Spree
CVE-2008-7310
	NOT-FOR-US: Spree
CVE-2008-7309
	NOT-FOR-US: Insoshi
CVE-2008-7308
	RESERVED
CVE-2008-7307
	RESERVED
CVE-2008-7306
	RESERVED
CVE-2008-7305
	RESERVED
CVE-2008-7304
	RESERVED
CVE-2008-7303
	NOT-FOR-US: Apple Mac OS X
CVE-2008-7302
	NOT-FOR-US: Joomla extension
CVE-2008-7301
	NOT-FOR-US: jSite
CVE-2008-7300
	NOT-FOR-US: Oracle Solaris
CVE-2008-7299
	NOT-FOR-US: Tivoli
CVE-2008-7298
	NOT-FOR-US: Android browser
CVE-2008-7297
	NOT-FOR-US: Opera
CVE-2008-7296
	NOT-FOR-US: Safari, see CVE-2008-7294 for potential webkit ramifications
CVE-2008-7295
	NOT-FOR-US: Internet Explorer
CVE-2008-7294
	- chromium-browser 4.0.211.0
	- webkit <not-affected>
CVE-2008-7293
	- iceweasel 4.0-1 (unimportant)
	NOTE: This is about the lack of HTTP Strict Transport Security, which is ultimately
	NOTE: a security feature enhancement
CVE-2008-7292
	- bugzilla 3.0.4-1
CVE-2008-7290
	NOT-FOR-US: Tivoli
CVE-2008-7289
	NOT-FOR-US: Tivoli
CVE-2008-7288
	NOT-FOR-US: Tivoli
CVE-2008-7287
	NOT-FOR-US: Tivoli
CVE-2008-7286
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-7285
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-7284
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-7283
	- otrs2 2.2.6-1
CVE-2008-7282
	- otrs2 2.2.6-1
CVE-2008-7281
	- otrs2 2.2.7-1
CVE-2008-7280
	- otrs2 2.2.7-1
CVE-2008-7279
	- otrs2 2.3.2-1
CVE-2008-7278
	- otrs2 2.3.2-1 (low)
CVE-2008-7277
	- otrs2 2.3.2-1 (low)
CVE-2008-7276
	- otrs2 2.3.2-1 (low)
CVE-2008-7275
	- otrs2 2.3.3-1
CVE-2008-7274
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-7271
	- eclipse <not-affected> (Fixed before the version now in Squeeze)
CVE-2008-7270
	- openssl 0.9.8k-1
	[lenny] - openssl 0.9.8g-15+lenny11
	NOTE: lenny was fixed as a side effect of the fix of CVE-2010-4180
	NOTE: which disabled the bug compatibility code
CVE-2008-7269
	NOT-FOR-US: SiteEngine
CVE-2008-7268
	NOT-FOR-US: SiteEngine
CVE-2008-7267
	NOT-FOR-US: SiteEngine
CVE-2008-7266
	NOT-FOR-US: RSA Adaptive Authentication
CVE-2008-7265
	{DSA-2191-1}
	- proftpd-dfsg 1.3.2-1 (low)
CVE-2008-7264
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2008-7263
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2008-7262
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2008-7261
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2008-XXXX [greylistd bypass]
	- greylistd 0.8.7+nmu2 (low; bug #464084)
	[lenny] - greylistd <no-dsa> (Minor issue)
CVE-2008-7260
	RESERVED
CVE-2008-7259
	RESERVED
CVE-2008-7258
	- ssmtp <unfixed> (unimportant; bug #591515)
CVE-2008-7257
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2008-7256
	- linux-2.6 2.6.28-1 (low)
	[lenny] - linux-2.6 2.6.26-23
CVE-2008-7255
	- amsn 0.97.1~debian-1 (low)
CVE-2008-7254
	NOT-FOR-US: Pepsi CMS
CVE-2008-7253
	NOT-FOR-US: IBM Lotus Domino Server
CVE-2008-7252
	{DSA-2034-1}
	- phpmyadmin 4:3.0.0-1
	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528
CVE-2008-7251
	{DSA-2034-1}
	- phpmyadmin 4:3.0.0-1
	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536
CVE-2008-7250
	- sarg 2.2.5-1 (low)
CVE-2008-7249
	- sarg 2.2.4-1 (medium)
CVE-2008-7247
	- mysql-5.1 5.1.49-3 (low; bug #569484)
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present)
CVE-2008-7248
	- rails 2.2.3-1 (medium; bug #558685)
	[lenny] - rails <not-affected> (Vulnerable code not present)
	NOTE: http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
CVE-2008-7246
	- chromium-browser <unfixed> (unimportant)
	NOTE: browser denial of services aren't considered security-relevant
CVE-2008-7245
	NOT-FOR-US: Opera
CVE-2008-7244
	- xulrunner <unfixed> (unimportant)
	NOTE: browser denial-of-services are unimportant
CVE-2008-7243
	NOT-FOR-US: MODx CMS
CVE-2008-7242
	NOT-FOR-US: MODx CMS
CVE-2008-7241
	NOT-FOR-US: PunBB
CVE-2008-7240
	NOT-FOR-US: Linux Web Shop (LWS) php User Base
CVE-2008-7228
	- whitedune <not-affected> (bug #546903)
	NOTE: The debian binary versions are not compiled with the --with-aflockdebug option
CVE-2008-7224
	{DSA-1902-1}
	- elinks 0.11.3-1 (low; bug #380347)
CVE-2008-7239
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-7238
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-7237
	NOT-FOR-US: Oracle Application Server
CVE-2008-7236
	NOT-FOR-US: Oracle Application Server
CVE-2008-7235
	NOT-FOR-US: Oracle Application Server
CVE-2008-7234
	NOT-FOR-US: Oracle Application Server
CVE-2008-7233
	NOT-FOR-US: E-Business Application client
CVE-2008-7232
	NOT-FOR-US: xtacacsd
CVE-2008-7231
	NOT-FOR-US: Meridio Document and Records Management
CVE-2008-7230
	NOT-FOR-US: Small Footprint CIM Broker
CVE-2008-7229
	NOT-FOR-US: GreenSQL Firewall
CVE-2008-7227
	NOT-FOR-US: GeoServer
CVE-2008-7226
	NOT-FOR-US: Recipes module for PHP-Nuke
CVE-2008-7225
	NOT-FOR-US: Foxit Remote Access Server
CVE-2008-7223
	NOT-FOR-US: LinPHA
CVE-2008-7222
	NOT-FOR-US: RunCMS
CVE-2008-7221
	NOT-FOR-US: RunCMS
CVE-2008-7220
	{DSA-1952-1}
	- prototypejs 1.6.0.2-1
	- asterisk 1:1.6.2.0~rc3-1 (low; bug #555220)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - asterisk <no-dsa> (Minor issue)
	- auth2db 0.2.5-2+dfsg-1 (low; bug #555217)
	- libaws 2.7-1 (low; bug #555221)
	[etch] - libaws <no-dsa> (minor issue)
	[lenny] - libaws <no-dsa> (minor issue)
	- libjson-ruby 1.1.4-1 (low; bug #555223)
	[lenny] - libjson-ruby 1.1.2-1+lenny1
	- lucene2 2.9.1+ds1-2 (unimportant; bug #555225)
	[etch] - lucene2 <not-affected> (prototype.js not present)
	NOTE: prototype.js copy unused per #555225
	- glpi 0.72.3-1 (low; bug #555228)
	[etch] - glpi <no-dsa> (minor issue)
	[lenny] - glpi <no-dsa> (minor issue)
	- knowledgeroot 0.9.9.5-1 (low; bug #555229)
	[etch] - knowledgeroot <no-dsa> (minor issue)
	[lenny] - knowledgeroot <not-affected> (Vulnerable code not present)
	- mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231)
	[etch] - mt-daapd 0.2.4+r1376-1.1+etch3
	- mediatomb 0.12.0~svn2018-5 (low; bug #555232)
	[lenny] - mediatomb <no-dsa> (minor issue)
	- op-panel 0.30~dfsg-1 (low; bug #555234)
	- ebug-http 0.31-2.1 (low; bug #555235)
	[lenny] - ebug-http <no-dsa> (Minor issue)
	- poker-network 1.7.6-1 (low; bug #555237)
	[etch] - poker-network <no-dsa> (minor issue)
	- webhelpers 0.3.4-2 (low; bug #555239)
	- qwik <removed> (low; bug #555240)
	[etch] - qwik <no-dsa> (minor issue)
	[lenny] - qwik <no-dsa> (minor issue)
	- wordpress 2.5.0-2 (low; bug #555242)
	[etch] - wordpress <not-affected> (prototype.js not present)
	- exaile 0.2.14+debian-2.2 (low; bug #555244)
	[lenny] - exaile <no-dsa> (minor issue)
	- hobix 0.5~svn20070319-4 (low; bug #555246)
	[lenny] - hobix <no-dsa> (minor issue)
	- pixelpost 1.7.1-6 (low; bug #555248)
	[lenny] - pixelpost <no-dsa> (minor issue)
	- symfony 1.0.21-1.1 (low; bug #555250)
	[lenny] - symfony <no-dsa> (minor issue)
	- jscropperui 1.2.1-1 (low; bug #555255)
	[lenny] - jscropperui <no-dsa> (minor issue)
	- rt-extension-emailcompletion <not-affected> (prototype.js not included in the binary package; bug #555258)
	- scriptaculous 1.8.3-1 (low; bug #555259)
	[lenny] - scriptaculous <no-dsa> (Minor issue)
	- activeldap 1.0.9-1 (unimportant; bug #555263)
	NOTE: Only shipped in an example
	- otrs2 2.3.4-6 (low; bug #555266)
	[etch] - otrs2 <not-affected> (prototype.js not present)
	[lenny] - otrs2 <not-affected> (prototype.js not present)
	- webcalendar 1.2~b1-2 (low; bug #555268)
	[lenny] - webcalendar <not-affected> (prototype.js not present)
	- libhtml-prototype-perl 1.48-3 (low; bug #558977)
	[etch] - libhtml-prototype-perl <no-dsa> (minor issue)
	[lenny] - libhtml-prototype-perl <no-dsa> (minor issue)
	- plone3 <removed> (low; bug #555274)
	- wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555266)
	- webcit <not-affected> (fixed since initial inclusion)
	- zabbix <not-affected> (fixed since initial inclusion)
	- chora2 <not-affected> (fixed since initial inclusion)
	- gollem <not-affected> (fixed since initial inclusion)
	- ingo1 <not-affected> (fixed since initial inclusion)
	- kronolith2 <not-affected> (fixed since initial inclusion)
	- jifty <not-affected> (fixed since initial inclusion)
	- jquery <not-affected> (fixed since initial inclusion)
	- passenger <not-affected> (fixed since initial inclusion)
CVE-2008-7219
	- kronolith2 2.1.7-1
	- nag2 2.1.4-1
	- mnemo2 2.1.2-1
CVE-2008-7218
	{DSA-1897-1}
	- horde3 3.1.6-1
	- turba2 2.1.7-1
	- kronolith2 2.1.7-1
	- nag2 2.1.4-1
	- mnemo2 2.1.2-1
CVE-2008-7217
	NOT-FOR-US: Microsoft Office
CVE-2008-7216
	NOT-FOR-US: Math Anti-Spam Spinoff plugin for WordPress
CVE-2008-7215
	NOT-FOR-US: MOStlyCE
CVE-2008-7214
	NOT-FOR-US: MOStlyCE
CVE-2008-7213
	NOT-FOR-US: MOStlyCE
CVE-2008-7212
	NOT-FOR-US: MOStlyCE
CVE-2008-7211
	NOT-FOR-US: CreativeLabs WDM audio driver
CVE-2008-7210
	NOT-FOR-US: AJchat
CVE-2008-7209
	NOT-FOR-US: OneCMS
CVE-2008-7208
	NOT-FOR-US: OneCMS
CVE-2008-7207
	NOT-FOR-US: RivetTracker
CVE-2008-7206
	NOT-FOR-US: Electronic Logbook
CVE-2008-7205
	NOT-FOR-US: VirtueMart
CVE-2008-7204
	NOT-FOR-US: VirtueMart
CVE-2008-7203
	NOT-FOR-US: Valve Software Half-Life Counter-Strike
CVE-2008-7202
	NOT-FOR-US: OpenWebMail
CVE-2008-7201
	NOT-FOR-US: Lantronix MSS485-T
CVE-2008-7200
	NOT-FOR-US: Deliantra server engine
CVE-2008-7199
	NOT-FOR-US: Phoenix Contact FL IL 24 BK-PAC
CVE-2008-7198
	NOT-FOR-US: phpns
CVE-2008-7197
	NOT-FOR-US: G15Daemon
CVE-2008-7196
	NOT-FOR-US: metashell
CVE-2008-7195
	NOT-FOR-US: Fujitsu Interstage HTTP Server
CVE-2008-7194
	NOT-FOR-US: Fujitsu Interstage HTTP Server
CVE-2008-7193
	NOT-FOR-US: PHPKIT
CVE-2008-7192
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-7191
	- polipo 1.0.4-1 (low)
CVE-2008-7190
	NOT-FOR-US: Adium
CVE-2008-7189
	NOT-FOR-US: Local Media Browser
CVE-2008-7188
	NOT-FOR-US: ClipShare
CVE-2008-7187
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-7186
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-7185
	- rhythmbox <unfixed> (unimportant)
	NOTE: No practical security impact
CVE-2008-7184
	NOT-FOR-US: Diigo Toolbar and Diigolet
CVE-2008-7183
	NOT-FOR-US: EVA CMS
CVE-2008-7182
	NOT-FOR-US: Surgemail
CVE-2008-7181
	NOT-FOR-US: Butterfly Organizer
CVE-2008-7180
	NOT-FOR-US: Telephone Directory
CVE-2008-7179
	NOT-FOR-US: OTManager
CVE-2008-7178
	NOT-FOR-US: XOOPS
CVE-2008-7177
	- nasm 2.03.01-1 (low)
CVE-2008-7176
	NOT-FOR-US: Facil CMS
CVE-2008-7175
	NOT-FOR-US: NextGEN Gallery third party plugin for wordpress
CVE-2008-7174
	NOT-FOR-US: Jura Impressa
CVE-2008-7173
	NOT-FOR-US: Jura Impressa
CVE-2008-7172
	NOT-FOR-US: Lightweight news portal
CVE-2008-7171
	NOT-FOR-US: Lightweight news portal
CVE-2008-7170
	NOT-FOR-US: GSC build
CVE-2008-7169
	NOT-FOR-US: Joomla!
CVE-2008-7168
	NOT-FOR-US: ActiveX
CVE-2008-7167
	NOT-FOR-US: Page Manager
CVE-2008-7166
	NOT-FOR-US: web interface in BitTorrent 6.0.1 (build 7859)
CVE-2008-7165
	NOT-FOR-US: TELECOM ITALIA Alice Gate2 Plus Wi-Fi
CVE-2008-7164
	NOT-FOR-US: Shareaza
CVE-2008-7163
	NOT-FOR-US: SineCMS
CVE-2008-7162
	NOT-FOR-US: Hero Super Player
CVE-2008-7161
	NOT-FOR-US: Fortinet FortiGuard Fortinet
CVE-2008-7159
	{DSA-1879-1}
	[lenny] - silc-toolkit 1.1.7-2+lenny1
	- silc-toolkit 1.1.10-1 (low)
	- silc-client 1.1-2 (low)
	- silc-server <not-affected> (Vulnerable code not present)
	NOTE: silc-client uses libsilc from silc-toolkit since 1.1-2
CVE-2008-7160
	{DSA-1879-1}
	- silc-toolkit 1.1.10-1 (low)
	- silc-client 1.1-2 (low)
	- silc-server 1.1.2-1 (low)
	NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
CVE-2008-7158
	NOT-FOR-US: Numara FootPrints
CVE-2008-7157
	NOT-FOR-US: EkinBoard
CVE-2008-7156
	NOT-FOR-US: EkinBoard
CVE-2008-7155
	NOT-FOR-US: NetRisk
CVE-2008-7154
	NOT-FOR-US: Docebo
CVE-2008-7153
	NOT-FOR-US: Docebo
CVE-2008-7152
	NOT-FOR-US: Specimen Image Database
CVE-2008-7151
	NOT-FOR-US: Live third-party Drupal module
CVE-2008-7150
	NOT-FOR-US: Refine by Taxonomy
CVE-2008-7149
	NOT-FOR-US: AgileWiki
CVE-2008-7148
	- synfig 0.61.08-1
CVE-2008-7147
	NOT-FOR-US: IntraLearn Software IntraLearn
CVE-2008-7146
	NOT-FOR-US: IntraLearn Software IntraLearn
CVE-2008-7145
	NOT-FOR-US: CoronaMatrix phpAddressBook
CVE-2008-7144
	NOT-FOR-US: RARLAB WinRAR
CVE-2008-7143
	- phpbb2 <removed>
CVE-2008-7142
	NOT-FOR-US: cPanel
CVE-2008-7141
	NOT-FOR-US: @lex Poll
CVE-2008-7140
	NOT-FOR-US: @lex Guestbook
CVE-2008-7139
	NOT-FOR-US: Eye-Fi
CVE-2008-7138
	NOT-FOR-US: Eye-Fi
CVE-2008-7137
	NOT-FOR-US: Eye-Fi
CVE-2008-7136
	NOT-FOR-US: ICQ Toolbar
CVE-2008-7135
	NOT-FOR-US: ICQ Toolbar
CVE-2008-7134
	NOT-FOR-US: Chris LaPointe RedGalaxy Download Center
CVE-2008-7133
	NOT-FOR-US: onlinetools.org EasyImageCatalogue
CVE-2008-7132
	NOT-FOR-US: Nuked-Klan
CVE-2008-7131
	NOT-FOR-US: DB2 Monitoring Console
CVE-2008-7130
	NOT-FOR-US: DB2 Monitoring Console
CVE-2008-7129
	- xyssl 0.9-1
	- polarssl <not-affected> (fixed in xyssl before polarssl was forked from it)
	- pdkim <itp> (bug #543150)
	NOTE: check pdkim if/when it enters unstable (contains polarssl code copy)
CVE-2008-7128
	- xyssl 0.9-1
	- polarssl <not-affected> (fixed in xyssl before polarssl was forked from it)
	- pdkim <itp> (bug #543150)
	NOTE: check pdkim if/when it enters unstable (contains polarssl code copy)
CVE-2008-7127
	NOT-FOR-US: Borland VisiBroker Smart Agent
CVE-2008-7126
	NOT-FOR-US: Borland VisiBroker Smart Agent
CVE-2008-7125
	NOT-FOR-US: Ariadne
CVE-2008-7124
	NOT-FOR-US: zKup CMS
CVE-2008-7123
	NOT-FOR-US: zKup CMS
CVE-2008-7122
	NOT-FOR-US: ActiveX
CVE-2008-7121
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-7120
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-7119
	NOT-FOR-US: WeBid auction script
CVE-2008-7118
	NOT-FOR-US: WeBid auction script
CVE-2008-7117
	NOT-FOR-US: WeBid auction script
CVE-2008-7116
	NOT-FOR-US: WeBid auction script
CVE-2008-7115
	NOT-FOR-US: Belkin Wireless G
CVE-2008-7114
	NOT-FOR-US: iFusion Services
CVE-2008-7113
	NOT-FOR-US: Kyocera Mita
CVE-2008-7112
	NOT-FOR-US: Kyocera Mita
CVE-2008-7111
	NOT-FOR-US: Kyocera Mita
CVE-2008-7110
	NOT-FOR-US: Kyocera Mita
CVE-2008-7109
	NOT-FOR-US: Kyocera Mita
CVE-2008-7108
	NOT-FOR-US: Carmosa phpCart
CVE-2008-7107
	NOT-FOR-US: ESET Smart Security
CVE-2008-7106
	NOT-FOR-US: Microsoft Exchange
CVE-2008-7105
	NOT-FOR-US: Sophos PureMessage for Microsoft Exchange
CVE-2008-7104
	NOT-FOR-US: Sophos PureMessage Scanner service
CVE-2008-7103
	NOT-FOR-US: Toolbar 2.0.4.1
CVE-2008-7102
	NOT-FOR-US: DotNetNuke
CVE-2008-7101
	NOT-FOR-US: DotNetNuke
CVE-2008-7100
	NOT-FOR-US: DotNetNuke
CVE-2008-7099
	NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7098
	NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7097
	NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7096
	NOT-FOR-US: Intel Desktop and Intel Mobile Boards
CVE-2008-7095
	NOT-FOR-US: ArubaOS
CVE-2008-7094
	NOT-FOR-US: Affinium Campaign
CVE-2008-7093
	NOT-FOR-US: Affinium Campaign
CVE-2008-7092
	NOT-FOR-US: Affinium Campaign
CVE-2008-7091
	NOT-FOR-US: Pligg
CVE-2008-7090
	NOT-FOR-US: Pligg
CVE-2008-7089
	NOT-FOR-US: Pligg
CVE-2008-7088
	NOT-FOR-US: PhotoPost vBGallery
CVE-2008-7087
	NOT-FOR-US: OpenPro
CVE-2008-7086
	NOT-FOR-US: Maian Greetings
CVE-2008-7085
	NOT-FOR-US: TheHockeyStop HockeySTATS Online
CVE-2008-7084
	NOT-FOR-US: Velocity Security Management System
CVE-2008-7083
	NOT-FOR-US: ReVou Micro Blogging Twitter clone
CVE-2008-7082
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2008-7081
	NOT-FOR-US: RaidSonic ICY BOX NAS firmware
CVE-2008-7080
	NOT-FOR-US: Team PHP PHP Classifieds Script
CVE-2008-7079
	NOT-FOR-US: Nero ShowTime
CVE-2008-7078
	NOT-FOR-US: Rumpus
CVE-2008-7077
	NOT-FOR-US: SailPlanner
CVE-2008-7076
	NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles
CVE-2008-7075
	NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles
CVE-2008-7074
	NOT-FOR-US: MemeCode Software i.Scribe
CVE-2008-7073
	NOT-FOR-US: RSS module 0.1 for Pie Web M{a,e}sher
CVE-2008-7072
	NOT-FOR-US: Chipmunk Topsites
CVE-2008-7071
	NOT-FOR-US: Chipmunk Topsites
CVE-2008-7070
	- kvirc <not-affected> (Only affects Windows builds)
	NOTE: https://svn.kvirc.de/kvirc/ticket/274#comment:8
CVE-2008-7069
	NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-7067
	NOT-FOR-US: PageTree CMS
CVE-2008-7066
	NOT-FOR-US: OpenForum
CVE-2008-7065
	NOT-FOR-US: Siemens C450 IP and C475 IP VoIP devices
CVE-2008-7064
	NOT-FOR-US: Quicksilver Forums
CVE-2008-7063
	NOT-FOR-US: Ocean12 FAQ Manager Pro
CVE-2008-7062
	NOT-FOR-US: Download Manager module 1.0 for LoveCMS
CVE-2008-7061
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-7060
	NOT-FOR-US: One-News
CVE-2008-7059
	NOT-FOR-US: One-News
CVE-2008-7058
	NOT-FOR-US: BandSite CMS
CVE-2008-7057
	NOT-FOR-US: BandSite CMS
CVE-2008-7056
	NOT-FOR-US: BandSite CMS
CVE-2008-7055
	NOT-FOR-US: ezContents
CVE-2008-7054
	NOT-FOR-US: ezContents
CVE-2008-7053
	NOT-FOR-US: LogMeIn
CVE-2008-7052
	NOT-FOR-US: Pre Projects Pre Real Estate Listings
CVE-2008-7051
	NOT-FOR-US: AJ Square AJ Article
CVE-2008-7050
	NOT-FOR-US: WoW Raid Manager
CVE-2008-7049
	NOT-FOR-US: NatterChat
CVE-2008-7048
	NOT-FOR-US: NatterChat
CVE-2008-7047
	NOT-FOR-US: NatterChat
CVE-2008-7046
	NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7045
	NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7044
	NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7043
	NOT-FOR-US: FreshScripts Fresh Email Script
CVE-2008-7042
	NOT-FOR-US: FreshScripts Fresh Email Script
CVE-2008-7041
	NOT-FOR-US: AJ Classifieds
CVE-2008-7040
	NOT-FOR-US: Yellow Swordfish Simple Forum module for Wordpress
CVE-2008-7039
	NOT-FOR-US: Gelato CMS
CVE-2008-7038
	NOT-FOR-US: My_eGallery module for PHP-Nuke
CVE-2008-7037
	NOT-FOR-US: ITN News Gadget
CVE-2008-7036
	NOT-FOR-US: DevTracker module 3.0 for bcoos
CVE-2008-7035
	NOT-FOR-US: Simple Machines phpRaider
CVE-2008-7034
	NOT-FOR-US: PHPEcho CMS
CVE-2008-7033
	NOT-FOR-US: component for Joomla!
CVE-2008-7032
	NOT-FOR-US: web management console in F5 BIG-IP
CVE-2008-7031
	NOT-FOR-US: Foxit Remote Access Server (aka WAC Server)
CVE-2008-7030
	NOT-FOR-US: Site2Nite Real Estate Web
CVE-2008-7029
	NOT-FOR-US: AlilG Application AliBoard
CVE-2008-7028
	NOT-FOR-US: RPG.Board
CVE-2008-7027
	NOT-FOR-US: Libra File Manager
CVE-2008-7026
	NOT-FOR-US: eFront
CVE-2008-7025
	NOT-FOR-US: Check Point ZoneAlarm
CVE-2008-7024
	NOT-FOR-US: Arz Development The Gemini Portal
CVE-2008-7023
	NOT-FOR-US: ArubaOS
CVE-2008-7022
	NOT-FOR-US: Chilkat Software IMAP ActiveX control
CVE-2008-7021
	NOT-FOR-US: AvailScript Jobs Portal Script
CVE-2008-7020
	NOT-FOR-US: McAfee SafeBoot Device Encryption
CVE-2008-7019
	NOT-FOR-US: Esqlanelapse
CVE-2008-7018
	NOT-FOR-US: NashTech Easy PHP Calendar
CVE-2008-7017
	NOT-FOR-US: CAcert
CVE-2008-7016
	NOT-FOR-US: tnftpd
CVE-2008-7015
	NOT-FOR-US: Unreal Tournament
CVE-2008-7014
	NOT-FOR-US: fhttpd
CVE-2008-7013
	NOT-FOR-US: Baidu Hi IM
CVE-2008-7012
	NOT-FOR-US: Accellion File Transfer Appliance
CVE-2008-7011
	NOT-FOR-US: Unreal Tournament
CVE-2008-7010
	NOT-FOR-US: Skalfa Software SkaLinks Exchange Script
CVE-2008-7009
	NOT-FOR-US: Check Point ZoneAlarm Security Suite
CVE-2008-7008
	NOT-FOR-US: HyperStop Web Host Directory
CVE-2008-7007
	NOT-FOR-US: Free PHP VX Guestbook
CVE-2008-7006
	NOT-FOR-US: Free PHP VX Guestbook
CVE-2008-7005
	NOT-FOR-US: Minb Is Not a Blog
CVE-2008-7004
	NOT-FOR-US: Electronic Logbook
CVE-2008-7003
	NOT-FOR-US: The Rat CMS
CVE-2008-7002
	- php5 (unimportant)
	NOTE: safe-mode and basedir violations not treated as security issues
CVE-2008-7001
	NOT-FOR-US: Creative Mind Creator CMS
CVE-2008-7000
	NOT-FOR-US: phpAuction
CVE-2008-6999
	NOT-FOR-US: phpAuction
CVE-2008-6998
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6997
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6996
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6995
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6994
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6993
	NOT-FOR-US: Siemens Gigaset WLAN Camera
CVE-2008-6992
	NOT-FOR-US: GreenSQL Firewall
CVE-2008-6991
	NOT-FOR-US: CMSbright
CVE-2008-6990
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-6989
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-6988
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-6987
	NOT-FOR-US: eZoneScripts Dating Website script
CVE-2008-6986
	NOT-FOR-US: Zen Cart
CVE-2008-6985
	NOT-FOR-US: Zen Cart
CVE-2008-6984
	NOT-FOR-US: Plesk
CVE-2008-6983
	NOT-FOR-US: devalcms
CVE-2008-6982
	NOT-FOR-US: devalcms
CVE-2008-6981
	NOT-FOR-US: phpAdultSite CMS
CVE-2008-6980
	NOT-FOR-US: phpAdultSite CMS
CVE-2008-6979
	NOT-FOR-US: phpAdultSite CMS
CVE-2008-6978
	NOT-FOR-US: aspWebAlbum
CVE-2008-6977
	NOT-FOR-US: aspWebAlbum
CVE-2008-6976
	NOT-FOR-US: MicroTik RouterOS
CVE-2008-6975
	NOT-FOR-US: DD-WRT
CVE-2008-6974
	NOT-FOR-US: DD-WRT
CVE-2008-6973
	NOT-FOR-US: IBM WebSphere
CVE-2008-6961
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-6972
	NOT-FOR-US: Drupal Content Construction Kit (third-party module)
CVE-2008-6971
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6970
	NOT-FOR-US: UBB.threads
CVE-2008-6969
	NOT-FOR-US: Avactis Shopping Cart
CVE-2008-6968
	NOT-FOR-US: Pligg CMS
CVE-2008-6967
	NOT-FOR-US: Alt-N MDaemon
CVE-2008-6966
	NOT-FOR-US: AJ Square AJ Auction Pro Platinum Skin #1
CVE-2008-6965
	NOT-FOR-US: AJ Square AJ Auction OOPD
CVE-2008-6964
	NOT-FOR-US: X7 Chat
CVE-2008-6963
	NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-6962
	NOT-FOR-US: Avira AntiVir Premium
CVE-2008-6960
	NOT-FOR-US: X10media
CVE-2008-6959
	NOT-FOR-US: ActiveX
CVE-2008-6958
	NOT-FOR-US: Crossday Discuz! Board
CVE-2008-6957
	NOT-FOR-US: Crossday Discuz! Board
CVE-2008-6956
	NOT-FOR-US: mxCamArchive
CVE-2008-6955
	NOT-FOR-US: mxCamArchive
CVE-2008-6954
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2008-6953
	NOT-FOR-US: ooVoo
CVE-2008-6952
	NOT-FOR-US: MauryCMS
CVE-2008-6951
	NOT-FOR-US: MauryCMS
CVE-2008-6950
	NOT-FOR-US: Bankoi WebHosting Control Panel
CVE-2008-6949
	NOT-FOR-US: Collabtive
CVE-2008-6948
	NOT-FOR-US: Collabtive
CVE-2008-6947
	NOT-FOR-US: Collabtive
CVE-2008-6946
	NOT-FOR-US: Collabtive
CVE-2008-6945
	- interchange 5.6.1-1 (low; bug #505732)
CVE-2008-6944
	NOT-FOR-US: ScriptsFeed Auto Classifieds
CVE-2008-6943
	NOT-FOR-US: ScriptsFeed Recipes Listing Portal
CVE-2008-6942
	NOT-FOR-US: ScriptsFeed Realtor Classifieds System
CVE-2008-6941
	NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6940
	NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6939
	NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6938
	NOT-FOR-US: Pi3Web
CVE-2008-6937
	NOT-FOR-US: Exodus
CVE-2008-6936
	NOT-FOR-US: Exodus
CVE-2008-6935
	NOT-FOR-US: Exodus
CVE-2008-6934
	NOT-FOR-US: Sanus|artificium (aka Sanusart)
CVE-2008-6933
	NOT-FOR-US: MiniGal
CVE-2008-6932
	NOT-FOR-US: AlstraSoft SendIt Pro
CVE-2008-6931
	NOT-FOR-US: PHPStore Job Search (aka PHPCareers)
CVE-2008-6930
	NOT-FOR-US: PHPStore Real Estate
CVE-2008-6929
	NOT-FOR-US: PHPStore Auto Classifieds
CVE-2008-6928
	NOT-FOR-US: PHPStore Complete Classifieds
CVE-2008-6927
	NOT-FOR-US: cPanel
CVE-2008-6926
	NOT-FOR-US: cPanel
CVE-2008-6925
	NOT-FOR-US: Zenphoto
CVE-2008-6924
	NOT-FOR-US: eSyndiCat Directory
CVE-2008-6923
	NOT-FOR-US: Joomla!
CVE-2008-6922
	NOT-FOR-US: CMailServer
CVE-2008-6921
	NOT-FOR-US: phpAdBoard
CVE-2008-6920
	NOT-FOR-US: phpEmployment
CVE-2008-6919
	NOT-FOR-US: TaskDriver 1.3
CVE-2008-6918
	NOT-FOR-US: ThePortal2
CVE-2008-7291 [gri: insecure temp file generation]
	RESERVED
	- gri 2.12.18-1 (low)
	[etch] - gri <no-dsa> (Minor issue)
	[lenny] - gri <no-dsa> (Minor issue)
CVE-2008-6917
	NOT-FOR-US: ExoPHPDesk
CVE-2008-6916
	NOT-FOR-US: Siemens SpeedStream 5200
CVE-2008-6915
	NOT-FOR-US: Zeeways ZEEPROPERTY
CVE-2008-6914
	NOT-FOR-US: Zeeways ZEEPROPERTY
CVE-2008-6913
	NOT-FOR-US: Zeeways ZEEPROPERTY
CVE-2008-6912
	NOT-FOR-US: Zeeways SHAADICLONE
CVE-2008-6911
	NOT-FOR-US: BrewBlogger
CVE-2008-6910
	NOT-FOR-US: module for Drupal
CVE-2008-6909
	NOT-FOR-US: module for Drupal
CVE-2008-6908
	NOT-FOR-US: module for Drupal
CVE-2008-6907
	NOT-FOR-US: 2532designs 2532|Gigs
CVE-2008-6906
	NOT-FOR-US: BabbleBoard
CVE-2008-6905
	NOT-FOR-US: BabbleBoard
CVE-2008-6904
	NOT-FOR-US: Sophos SAVScan
CVE-2008-6903
	NOT-FOR-US: Sophos SAVScan
CVE-2008-6902
	NOT-FOR-US: 2532designs
CVE-2008-6901
	NOT-FOR-US: 2532designs
CVE-2008-6900
	NOT-FOR-US: AvailScript Article Script
CVE-2008-6899
	NOT-FOR-US: freeSSHd
CVE-2008-6898
	NOT-FOR-US: ActiveX control
CVE-2008-6897
	NOT-FOR-US: Andres Garcia Getleft
CVE-2008-6896
	NOT-FOR-US: 3CX Phone System
CVE-2008-6895
	NOT-FOR-US: 3CX Phone System
CVE-2008-6894
	NOT-FOR-US: 3CX Phone System
CVE-2008-6893
	NOT-FOR-US: MDaemon WorldClient
CVE-2008-6892
	NOT-FOR-US: Peel
CVE-2008-6891
	NOT-FOR-US: ASP Forum Script
CVE-2008-6890
	NOT-FOR-US: ASP Forum Script
CVE-2008-6889
	NOT-FOR-US: ASPReferral
CVE-2008-6888
	NOT-FOR-US: Pre Classified Listings
CVE-2008-6887
	NOT-FOR-US: Pre Classified Listings
CVE-2008-6886
	NOT-FOR-US: RSA EnVision
CVE-2008-6885
	NOT-FOR-US: XOOPS
CVE-2008-6884
	NOT-FOR-US: XOOPS
CVE-2008-6883
	NOT-FOR-US: Joomla!
CVE-2008-6882
	NOT-FOR-US: Joomla!
CVE-2008-6881
	NOT-FOR-US: Joomla!
CVE-2008-6880
	NOT-FOR-US: EasySiteNetwork Free Jokes Website
CVE-2008-6879
	NOT-FOR-US: Apache Roller
CVE-2008-6878
	NOT-FOR-US: Zen Cart
CVE-2008-6877
	NOT-FOR-US: Zen Cart
CVE-2008-6876
	NOT-FOR-US: EsPartenaires
CVE-2008-6875
	NOT-FOR-US: ASP Product Catalog
CVE-2008-6874
	NOT-FOR-US: ASP SiteWare autoDealer
CVE-2008-6873
	NOT-FOR-US: Active Web Mail 4.0
CVE-2008-6872
	NOT-FOR-US: ASPThai.NET ASPThai Forums
CVE-2008-6871
	NOT-FOR-US: Merlix Educate Server
CVE-2008-6870
	NOT-FOR-US: Merlix Educate Server
CVE-2008-6869
	NOT-FOR-US: Oramon Oracle Database Monitoring Tool
CVE-2008-6868
	NOT-FOR-US: EsBaseAdmin
CVE-2008-6867
	NOT-FOR-US: Scripts For Sites
CVE-2008-6866
	NOT-FOR-US: PHP-Nuke
CVE-2008-6865
	NOT-FOR-US: PHP-Nuke
CVE-2008-6864
	NOT-FOR-US: Xigla Software Absolute Live Support .NET
CVE-2008-6863
	NOT-FOR-US: Xigla Software
CVE-2008-6862
	NOT-FOR-US: Absolute Content Rotator
CVE-2008-6861
	NOT-FOR-US: Xigla Software Absolute Newsletter
CVE-2008-6860
	NOT-FOR-US: Xigla Software Absolute Poll Manager
CVE-2008-6859
	NOT-FOR-US: Xigla Software Absolute Control Panel
CVE-2008-6858
	NOT-FOR-US: Absolute Banner Manager .NET
CVE-2008-6857
	NOT-FOR-US: Absolute Podcast .NET
CVE-2008-6856
	NOT-FOR-US: Xigla Software Absolute News Manager.NET
CVE-2008-6855
	NOT-FOR-US: Xigla Software Absolute News Feed
CVE-2008-6854
	NOT-FOR-US: Xigla Software Absolute FAQ Manager.NET
CVE-2008-6853
	NOT-FOR-US: AIST NetCat
CVE-2008-6852
	NOT-FOR-US: Joomla! component
CVE-2008-6851
	NOT-FOR-US: PHP Link Directory
CVE-2008-6850
	NOT-FOR-US: PHP-Fusion
CVE-2008-6849
	NOT-FOR-US: phpGreetCards
CVE-2008-6848
	NOT-FOR-US: phpGreetCards
CVE-2008-6847
	NOT-FOR-US: Pre ASP Job Board
CVE-2008-6846
	NOT-FOR-US: avast! Linux Home Edition
CVE-2008-6845
	- clamav 0.94.dfsg-1
	[etch] - clamav <no-dsa> (Support was discontinued)
CVE-2008-6844
	NOT-FOR-US: eZ Publish
CVE-2008-6843
	NOT-FOR-US: Fantastico
CVE-2008-6842
	NOT-FOR-US: Pluck
CVE-2008-6841
	NOT-FOR-US: component for Joomla!
CVE-2008-6840
	NOT-FOR-US: V-webmail
CVE-2008-6839
	NOT-FOR-US: TGS Content Management
CVE-2008-6838
	- zoph 0.8.0.1-1 (low; bug #535188)
	[lenny] - zoph <no-dsa> (Minor issue, fringe package)
	NOTE: it seems a duplicate of CVE-2008-3258
CVE-2008-6837
	- zoph 0.8.0.1-1 (bug #535188)
	[lenny] - zoph <no-dsa> (Minor issue, fringe package)
	NOTE: the details are unknown
CVE-2008-6836
	NOT-FOR-US: OpenID module for Drupal
CVE-2008-6835
	NOT-FOR-US: OpenID module for Drupal
CVE-2008-6834
	NOT-FOR-US: fuzzylime
CVE-2008-6833
	NOT-FOR-US: fuzzylime
CVE-2008-6832
	NOT-FOR-US: Atlassian JIRA Enterprise Edition
CVE-2008-6831
	NOT-FOR-US: Atlassian JIRA Enterprise Edition
CVE-2008-6830
	NOT-FOR-US: Java Application Servers
CVE-2008-6829
	NOT-FOR-US: VicFTPS
CVE-2008-6828
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-6827
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-6826
	NOT-FOR-US: MHF Media Pro
CVE-2008-6825
	NOT-FOR-US: trixbox
CVE-2008-6824
	NOT-FOR-US: A-LINK WL54AP3 and WL54AP2 access points
CVE-2008-6823
	NOT-FOR-US: A-LINK WL54AP3 and WL54AP2 access points
CVE-2008-6822
	NOT-FOR-US: NEPT Image Uploader
CVE-2008-6821
	NOT-FOR-US: IBM DB2
CVE-2008-6820
	NOT-FOR-US: IBM DB2
CVE-2008-6819
	NOT-FOR-US: Microsoft Windows Server 2003 and Vista
CVE-2008-6818
	NOT-FOR-US: Mole Group Real Estate Script
CVE-2008-6817
	NOT-FOR-US: Mole Group Lastminute Script
CVE-2008-6816
	NOT-FOR-US: Eaton
CVE-2008-6815
	NOT-FOR-US: MyKtools
CVE-2008-6814
	NOT-FOR-US: SimpleBoard for Mambo
CVE-2008-6813
	NOT-FOR-US: phpWebNews
CVE-2008-6812
	NOT-FOR-US: phpWebNews
CVE-2008-6811
	NOT-FOR-US: e-Commerce Plugin for Wordpress
CVE-2008-6810
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2008-6809
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2008-6808
	NOT-FOR-US: SFS Link Directory
CVE-2008-6807
	NOT-FOR-US: osprey
CVE-2008-6806
	NOT-FOR-US: 7Shop
CVE-2008-6805
	NOT-FOR-US: Mic_Blog
CVE-2008-6804
	NOT-FOR-US: Tribiq CMS Community
CVE-2008-6803
	NOT-FOR-US: Yigit Aybuga Dizi Portali
CVE-2008-6802
	NOT-FOR-US: phPhotoGallery
CVE-2008-6801
	NOT-FOR-US: Vivvo CMS
CVE-2008-6800
	REJECTED
CVE-2008-6799
	NOT-FOR-US: FlashChat
CVE-2008-6798
	NOT-FOR-US: Pre Real Estate Listings
CVE-2008-6797
	NOT-FOR-US: Mitel NuPoint Messenger
CVE-2008-6796
	NOT-FOR-US: Pre Real Estate Listings
CVE-2008-6795
	NOT-FOR-US: nicLOR Vibro-School-CMS
CVE-2008-6794
	NOT-FOR-US: Scripts For Sites (SFS)
CVE-2008-6793
	NOT-FOR-US: DFLabs
CVE-2008-6792
	- system-tools-backends 2.6.0-6.1 (low; bug #527952)
	[lenny] - system-tools-backends 2.6.0-2lenny3
	[etch] - system-tools-backends <not-affected> (SHA was added to crypt(3) post-etch)
CVE-2008-6791
	NOT-FOR-US: PumpKIN TFTP Server
CVE-2008-6790
	NOT-FOR-US: MindDezign Photo Gallery
CVE-2008-6789
	NOT-FOR-US: MindDezign Photo Gallery
CVE-2008-6788
	NOT-FOR-US: MindDezign Photo Gallery
CVE-2008-6787
	NOT-FOR-US: Lizardware CMS
CVE-2008-6786
	NOT-FOR-US: GeekiGeeki
CVE-2008-6785
	NOT-FOR-US: Mini File Host
CVE-2008-6784
	NOT-FOR-US: EZ Adult Directory
CVE-2008-6783
	NOT-FOR-US: EZ Home Business Directory
CVE-2008-6782
	NOT-FOR-US: EZ Hosting Directory
CVE-2008-6781
	NOT-FOR-US: Gaming Directory
CVE-2008-6780
	NOT-FOR-US: EZ Affiliate
CVE-2008-6779
	NOT-FOR-US: PHP-Nuke
CVE-2008-6778
	NOT-FOR-US: EZ Auction
CVE-2008-6777
	NOT-FOR-US: MyPHP Forum
CVE-2008-6776
	NOT-FOR-US: EZ Hot or Not
CVE-2008-6775
	NOT-FOR-US: HTC Touch
CVE-2008-6774
	NOT-FOR-US: YourPlace
CVE-2008-6773
	NOT-FOR-US: YourPlace
CVE-2008-6772
	NOT-FOR-US: YourPlace
CVE-2008-6771
	NOT-FOR-US: YourPlace
CVE-2008-6770
	NOT-FOR-US: YourPlace
CVE-2008-6769
	NOT-FOR-US: YourPlace
CVE-2008-6768
	NOT-FOR-US: K&S Shopsoftware
CVE-2008-6767
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1 (low; bug #531736)
	NOTE: low impact, probably no-dsa
CVE-2008-6766
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6765
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6764
	NOT-FOR-US: Silentum LoginSys
CVE-2008-6763
	NOT-FOR-US: Silentum LoginSys
CVE-2008-6762
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1 (low; bug #531736)
	NOTE: low impact, probably no-dsa
CVE-2008-6761
	NOT-FOR-US: Flexcustomer
CVE-2008-6760
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6759
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6758
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6757
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6756
	- zoneminder 1.22.3-5
CVE-2008-6755
	- zoneminder 1.24.1-1 (unimportant; bug #528252)
	NOTE: we are also affected but this is not a security issue by itself even if it's ugly
CVE-2008-6754
	NOT-FOR-US: vBullerin addon
CVE-2008-6753
	NOT-FOR-US: SilverStripe
CVE-2008-6752
	NOT-FOR-US: Twitter Clone (TClone) plugin for ReVou Micro Blogging
CVE-2008-6751
	NOT-FOR-US: Twitter Clone (TClone) plugin for ReVou Micro Blogging
CVE-2008-6750
	NOT-FOR-US: FlexPHPDirectory
CVE-2008-6749
	NOT-FOR-US: FlexPHPDirectory
CVE-2008-6748
	NOT-FOR-US: Megacubo
CVE-2008-6747
	NOT-FOR-US: dotProject
CVE-2008-6746
	NOT-FOR-US: Turba Contact Manager
CVE-2008-6745
	NOT-FOR-US: BlogPHP
CVE-2008-6744
	NOT-FOR-US: Cybozu Office
CVE-2008-6743
	NOT-FOR-US: RSMScript
CVE-2008-6742
	NOT-FOR-US: Foxy P2P
CVE-2008-6741
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6740
	NOT-FOR-US: HoMaP-CMS
CVE-2008-6739
	NOT-FOR-US: Todd Woolums ASP Download management script
CVE-2008-6738
	NOT-FOR-US: MyShoutPro
CVE-2008-6737
	NOT-FOR-US: Crysis
CVE-2008-6736
	NOT-FOR-US: Flat Calendar
CVE-2008-6735
	NOT-FOR-US: ThaiQuickCart
CVE-2008-6734
	NOT-FOR-US: Keller Web Admin CMS
CVE-2008-6733
	NOT-FOR-US: DotNetNuke
CVE-2008-6732
	NOT-FOR-US: DotNetNuke
CVE-2008-6731
	NOT-FOR-US: FlexPHPLink Pro
CVE-2008-6730
	NOT-FOR-US: FlexPHPLink Pro
CVE-2008-6729
	NOT-FOR-US: PHPmotion
CVE-2008-6728
	NOT-FOR-US: PHP-Nuke
CVE-2008-6727
	NOT-FOR-US: Ultimate PHP Board
CVE-2008-6726
	NOT-FOR-US: CMScout
CVE-2008-6725
	NOT-FOR-US: CMScout
CVE-2008-6724
	NOT-FOR-US: Perl Nopaste
CVE-2008-6723
	NOT-FOR-US: TurnkeyForms
CVE-2008-6722
	NOT-FOR-US: Novell Access Manager
CVE-2008-6721
	NOT-FOR-US: AJ Square AJ Article
CVE-2008-6720
	NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-6719
	NOT-FOR-US: Software Event Lister
CVE-2008-6718
	NOT-FOR-US: JustBookIt
CVE-2008-6717
	NOT-FOR-US: Software Signup
CVE-2008-6716
	NOT-FOR-US: Pre ADS Portal
CVE-2008-6715
	NOT-FOR-US: Pre ADS Portal
CVE-2008-6714
	NOT-FOR-US: xeCMS
CVE-2008-6713
	NOT-FOR-US: World in Conflict
CVE-2008-6712
	NOT-FOR-US: Crysis
CVE-2008-6711
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6710
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6709
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6708
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6707
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6706
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6705
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6704
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6703
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6702
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6701
	NOT-FOR-US: NetScout Visualizer
CVE-2008-6700
	NOT-FOR-US: Butterfly Organizer
CVE-2008-6699
	NOT-FOR-US: Resource Library extension for TYPO3
CVE-2008-6698
	NOT-FOR-US: WorldCup Bets extension for TYPO3
CVE-2008-6697
	NOT-FOR-US: WorldCup Bets extension for TYPO3
CVE-2008-6696
	NOT-FOR-US: Fussballtippspiel extension for TYPO3
CVE-2008-6695
	NOT-FOR-US: TIMTAB social bookmark icons extension for TYPO3
CVE-2008-6694
	NOT-FOR-US: Random Prayer extension for TYPO3
CVE-2008-6693
	NOT-FOR-US: Download system extension for TYPO3
CVE-2008-6692
	NOT-FOR-US: Training Courses extension for TYPO3
CVE-2008-6691
	NOT-FOR-US: Calendar Today extension for TYPO3
CVE-2008-6690
	NOT-FOR-US: Spam Protection extension for TYPO3
CVE-2008-6689
	NOT-FOR-US: JobControl extension for TYPO3
CVE-2008-6688
	NOT-FOR-US: JobControl extension for TYPO3
CVE-2008-6687
	NOT-FOR-US: DCD GoogleMap extension for TYPO3
CVE-2008-6686
	NOT-FOR-US: CoolURI extension for TYPO3
CVE-2008-6685
	NOT-FOR-US: Frontend Filemanager extension for TYPO3
CVE-2008-6684
	NOT-FOR-US: Apartment Search Script
CVE-2008-6683
	NOT-FOR-US: Apartment Search Script
CVE-2008-6682
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
CVE-2008-6681
	NOT-FOR-US: Dojo
CVE-2008-6679
	{DSA-2080-1}
	- ghostscript 8.64~dfsg-1 (medium; bug #524803)
	- gs-gpl <removed> (medium; bug #561717)
CVE-2008-6678
	NOT-FOR-US: QuickerSite
CVE-2008-6677
	NOT-FOR-US: QuickerSite
CVE-2008-6676
	NOT-FOR-US: QuickerSite
CVE-2008-6675
	NOT-FOR-US: QuickerSite
CVE-2008-6674
	NOT-FOR-US: QuickerSite
CVE-2008-6673
	NOT-FOR-US: QuickerSite
CVE-2008-6672
	NOT-FOR-US: Vertex4 SunAge
CVE-2008-6671
	NOT-FOR-US: Vertex4 SunAge
CVE-2008-6670
	NOT-FOR-US: Vertex4 SunAge
CVE-2008-6669
	NOT-FOR-US: nweb2fax
CVE-2008-6668
	NOT-FOR-US: nweb2fax
CVE-2008-6667
	NOT-FOR-US: A+ PHP Scripts News Management System (NMS)
CVE-2008-6666
	NOT-FOR-US: Kronos webTA
CVE-2008-6665
	NOT-FOR-US: Ananta CMS
CVE-2008-6664
	NOT-FOR-US: SH-News
CVE-2008-6663
	NOT-FOR-US: PHPAuctions
CVE-2008-6662
	NOT-FOR-US: AVG Anti-Virus
CVE-2008-6661
	NOT-FOR-US: Bitdefender
CVE-2008-6660
	NOT-FOR-US: Alexey Ozerov BigDump
CVE-2008-6659
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6658
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6657
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6680
	{DSA-1771-1}
	- clamav 0.95.1+dfsg-1 (medium; bug #523016)
CVE-2008-6656
	NOT-FOR-US: Open Auto Classifieds
CVE-2008-6655
	NOT-FOR-US: GEDCOM_TO_MYSQL
CVE-2008-6654
	NOT-FOR-US: InfoBiz Server
CVE-2008-6653
	NOT-FOR-US: Joomla!
CVE-2008-6652
	NOT-FOR-US: OneCMS
CVE-2008-6651
	NOT-FOR-US: OxYProject OxYBox
CVE-2008-6650
	NOT-FOR-US: miniBloggie
CVE-2008-6649
	NOT-FOR-US: Ktools PhotoStore
CVE-2008-6648
	NOT-FOR-US: Ktools PhotoStore
CVE-2008-6647
	NOT-FOR-US: Ktools PhotoStore
CVE-2008-6646
	NOT-FOR-US: CoronaMatrix phpAddressBook
CVE-2008-6645
	NOT-FOR-US: Opencosmo VisualSentinel
CVE-2008-6644
	NOT-FOR-US: DotNetNuke
CVE-2008-6643
	NOT-FOR-US: LokiCMS
CVE-2008-6642
	NOT-FOR-US: DotContent FluentCMS
CVE-2008-6641
	NOT-FOR-US: Shader TV
CVE-2008-6640
	NOT-FOR-US: BatmanPorTaL
CVE-2008-6639
	- ajaxplorer <itp> (bug #668381)
CVE-2008-6638
	NOT-FOR-US: Versalsoft HTTP Image Uploader ActiveX
CVE-2008-6637
	NOT-FOR-US: Library Video Company SAFARI Montage
CVE-2008-6636
	NOT-FOR-US: Geody Labs Dagger
CVE-2008-6635
	NOT-FOR-US: Geody Labs Dagger
CVE-2008-6634
	NOT-FOR-US: RoomPHPlanning
CVE-2008-6633
	NOT-FOR-US: RoomPHPlanning
CVE-2008-6632
	NOT-FOR-US: MercuryBoard
CVE-2008-6631
	NOT-FOR-US: BlogPHP
CVE-2008-6630
	NOT-FOR-US: wt_gallery extension for TYPO3
CVE-2008-6629
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6628
	REJECTED
CVE-2008-6627
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6626
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6625
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6624
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6623
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6622
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6621
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6620
	NOT-FOR-US: GraFX miniCWB
CVE-2008-6619
	NOT-FOR-US: ClassSystem
CVE-2008-6618
	NOT-FOR-US: ClassSystem
CVE-2008-6617
	NOT-FOR-US: SiteXS CMS
CVE-2008-6616
	NOT-FOR-US: Zen Software Zen Cart
CVE-2008-6615
	NOT-FOR-US: Zen Software Zen Cart
CVE-2008-6614
	NOT-FOR-US: Micro CMS
CVE-2008-6613
	NOT-FOR-US: minimal-ablog
CVE-2008-6612
	NOT-FOR-US: minimal-ablog
CVE-2008-6611
	NOT-FOR-US: minimal-ablog
CVE-2008-6610
	NOT-FOR-US: phpcksec
CVE-2008-6609
	NOT-FOR-US: phpcksec
CVE-2008-6608
	NOT-FOR-US: DevelopItEasy Events Calendar
CVE-2008-6607
	NOT-FOR-US: MatPo Link
CVE-2008-6606
	NOT-FOR-US: MatPo Link
CVE-2008-6605
	NOT-FOR-US: 2wire
CVE-2008-6604
	NOT-FOR-US: PicoFlat CMS
CVE-2008-6603
	- moin 1.7.1-1 (low)
	[etch] - moin <not-affected> (Vulnerable code not present)
CVE-2008-6602
	NOT-FOR-US: Download Center Lite
CVE-2008-6601
	NOT-FOR-US: Epona
CVE-2008-6600
	NOT-FOR-US: XMLPortal
CVE-2008-6599
	NOT-FOR-US: CookieCheck
CVE-2008-6598
	NOT-FOR-US: WANPIPE
CVE-2008-6597
	NOT-FOR-US: PHCDownload
CVE-2008-6596
	NOT-FOR-US: PHCDownload
CVE-2008-6595
	NOT-FOR-US: pmk_rssnewsexport extension for TYPO3
CVE-2008-6594
	NOT-FOR-US: 3dparty typo3 extension
CVE-2008-6593
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6592
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6591
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6590
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6589
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6588
	NOT-FOR-US: Aztech port router
CVE-2008-6587
	NOT-FOR-US: Azureus HTML WebUI
CVE-2008-6586
	NOT-FOR-US: ?Torrent (uTorrent) WebUI
CVE-2008-6585
	- torrentflux <not-affected> (Debian packaging uses a different directory layout, see bug #531614)
CVE-2008-6584
	- torrentflux <not-affected> (Debian packaging uses a different directory layout, see bug #531614)
CVE-2008-6583
	NOT-FOR-US: BS.player
CVE-2008-6582
	NOT-FOR-US: Miniweb
CVE-2008-6581
	NOT-FOR-US: PhpAddEdit
CVE-2008-6580
	NOT-FOR-US: ColdFusion
CVE-2008-6579
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6578
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6577
	NOT-FOR-US: Nortel appliances
CVE-2008-6576
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6575
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6574
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6573
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6572
	NOT-FOR-US: ABK-Soft AbleDating
CVE-2008-6571
	NOT-FOR-US: LinPHA
CVE-2008-6570
	NOT-FOR-US: Cybozu Garoon
CVE-2008-6569
	NOT-FOR-US: Cybozu Garoon
CVE-2008-6568
	NOT-FOR-US: Yehe
CVE-2008-6567
	NOT-FOR-US: Gallarific Free Edition
CVE-2008-6566
	NOT-FOR-US: Octopussy
CVE-2008-6565
	NOT-FOR-US: Invision Power Board
CVE-2008-6564
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6563
	NOT-FOR-US: Trillian
CVE-2008-6562
	NOT-FOR-US: Jack (tR) Jax LinkLists
CVE-2008-6561
	NOT-FOR-US: Citrix
CVE-2008-6560
	- redhat-cluster 2.20081102-1
	NOTE: This seems like a non-issue, since the config file should be under control
	NOTE: of the admin?
	NOTE: Fixed in 2.03.09 upstream version.
CVE-2008-6559
	NOT-FOR-US: SCO UnixWare
CVE-2008-6558
	NOT-FOR-US: SCO UnixWare
CVE-2008-6557
	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
CVE-2008-6556
	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
CVE-2008-6555
	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
CVE-2008-6554
	NOT-FOR-US: Aztech router
CVE-2008-6553
	NOT-FOR-US: Micro CMS
CVE-2008-6552
	- redhat-cluster 2.20081102-1
	NOTE: Fixed in 2.03.09 upstream version.
	NOTE: Similar to CVE-2008-4192 and CVE-2008-4579
CVE-2008-6551
	NOT-FOR-US: e-vision CMS
CVE-2008-6550
	NOT-FOR-US: Glossaire
CVE-2008-6549
	- moin 1.6.2-1 (low)
CVE-2008-6548
	- moin 1.6.2-1 (low)
CVE-2008-6547
	- python-formencode 1.0.1-1
	[etch] - python-formencode <not-affected> (Vulnerable code was introduced in 1.0)
CVE-2008-6546
	NOT-FOR-US: phpns
CVE-2008-6545
	NOT-FOR-US: Web Server Creator Web Portal
CVE-2008-6544
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6543
	NOT-FOR-US: ComScripts TEAM Quick Classifieds
CVE-2008-6542
	NOT-FOR-US: DotNetNuke
CVE-2008-6541
	NOT-FOR-US: DotNetNuke
CVE-2008-6540
	NOT-FOR-US: DotNetNuke
CVE-2008-6539
	- destar <removed> (bug #522123)
CVE-2008-6538
	- destar <not-affected> (bug #522123)
	NOTE: we include a default configuration user which can be changed with instructions in README.Debian
CVE-2008-6537
	NOT-FOR-US: LightNEasy No database
CVE-2008-6536
	- p7zip 4.57~dfsg.1-1
CVE-2008-6535
	NOT-FOR-US: PayPal eStores
CVE-2008-6534
	NOT-FOR-US: NULL FTP Server
CVE-2008-6533
	- drupal5 5.14-1 (low)
	- drupal6 6.9-1 (low)
	[lenny] - drupal6 6.6-1.1
CVE-2008-6532
	- drupal5 5.14-1 (low)
	- drupal6 6.9-1 (low)
	[lenny] - drupal6 6.6-1.1
CVE-2008-6531
	NOT-FOR-US: Atlassian JIRA
CVE-2008-6530
	NOT-FOR-US: eZoneScripts Living Local
CVE-2008-6529
	NOT-FOR-US: eZoneScripts Living Local
CVE-2008-6528
	NOT-FOR-US: NTFS TmaxSoft JEUS 5
CVE-2008-6527
	NOT-FOR-US: GO4I.NET ASP Forum
CVE-2008-6526
	NOT-FOR-US: BosClassifieds
CVE-2008-6525
	NOT-FOR-US: Nice PHP FAQ Script
CVE-2008-6524
	NOT-FOR-US: openInvoice
CVE-2008-6523
	NOT-FOR-US: openInvoice
CVE-2008-6522
	NOT-FOR-US: OpenTerracotta
CVE-2008-6521
	NOT-FOR-US: OpenTerracotta
CVE-2008-6520
	NOT-FOR-US: Xitami Web Server
CVE-2008-6519
	NOT-FOR-US: Xitami Web Server
CVE-2008-6518
	NOT-FOR-US: VidiScript
CVE-2008-6517
	NOT-FOR-US: NewsHOWLER
CVE-2008-6516
	NOT-FOR-US: phpKF-Portal
CVE-2008-6515
	NOT-FOR-US: yappa-ng
CVE-2008-6514
	- compiz-fusion-plugins-main 0.8.2-1 (low)
	[lenny] - compiz-fusion-plugins-main <no-dsa> (Minor issue)
CVE-2008-6513
	NOT-FOR-US: Andy's PHP Knowledgebase
CVE-2008-6512
	NOT-FOR-US: Google Gears
CVE-2008-6511
	NOT-FOR-US: Openfire
CVE-2008-6510
	NOT-FOR-US: Openfire
CVE-2008-6509
	NOT-FOR-US: Openfire
CVE-2008-6508
	NOT-FOR-US: Openfire
CVE-2008-6507
	- phpbb3 3.0.2-4
CVE-2008-6505
	- libstruts1.2-java <not-affected> (Vulnerable code not present)
	NOTE: looks like this was introduced in 2.x, see upstream trunk r688095
CVE-2008-6504
	NOT-FOR-US: OpenSymphony XWork
CVE-2008-6503
	NOT-FOR-US: PrestaShop
CVE-2008-6502
	NOT-FOR-US: Pro Chat Rooms
CVE-2008-6501
	NOT-FOR-US: Pro Chat Rooms
CVE-2008-6500
	NOT-FOR-US: CodeToad ASP Shopping Cart Script
CVE-2008-6499
	NOT-FOR-US: XAMPP
CVE-2008-6498
	NOT-FOR-US: XAMPP
CVE-2008-6497
	NOT-FOR-US: Neostrada Livebox ADSL Router
CVE-2008-6496
	NOT-FOR-US: VSPDFEditorX.ocx
CVE-2008-6495
	NOT-FOR-US: Fritz Berger yet another php photo album - next generation
CVE-2008-6494
	NOT-FOR-US: ASP User Engine.NET
CVE-2008-6493
	NOT-FOR-US: Easy Content Management Publishing
CVE-2008-6492
	NOT-FOR-US: Tizag Countdown Creator
CVE-2008-6491
	NOT-FOR-US: PHPGKit
CVE-2008-6490
	NOT-FOR-US: FLABER
CVE-2008-6489
	NOT-FOR-US: MyAlbum component (com_myalbum) for Joomla!
CVE-2008-6488
	NOT-FOR-US: SoftComplex PHP Image Gallery
CVE-2008-6487
	NOT-FOR-US: Digiappz DigiAffiliate
CVE-2008-6486
	NOT-FOR-US: sharedlog CMS
CVE-2008-6485
	NOT-FOR-US: SoftComplex PHP Image Gallery
CVE-2008-6484
	NOT-FOR-US: Mole Group Taxi Map Script
CVE-2008-6483
	NOT-FOR-US: Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component for Joomla!
CVE-2008-6482
	NOT-FOR-US: Flash Tree Gallery (com_treeg) component for Joomla!
CVE-2008-6481
	NOT-FOR-US: Versioning component (com_versioning) in Joomla! and Mambo
CVE-2008-6480
	NOT-FOR-US: Datalife Engine
CVE-2008-6479
	NOT-FOR-US: swsoft
CVE-2008-6478
	NOT-FOR-US: swsoft
CVE-2008-6477
	NOT-FOR-US: Mumbo Jumbo Media
CVE-2008-6476
	NOT-FOR-US: BlogEngine.NET
CVE-2008-6475
	NOT-FOR-US: Drake CMS
CVE-2008-6474
	NOT-FOR-US: F5 BIG-IP
CVE-2008-6473
	NOT-FOR-US: Blogator-script
CVE-2008-6472
	[etch] - wireshark <not-affected> (vulnerable code not present)
	[lenny] - wireshark 1.0.2-3+lenny3
	- wireshark 1.0.5-1 (low; bug #506741)
CVE-2008-6471
	NOT-FOR-US: MountainGrafix easyLink
CVE-2008-6470
	NOT-FOR-US: ClanSphere
CVE-2008-6469
	NOT-FOR-US: PlainCart
CVE-2008-6468
	NOT-FOR-US: Diesel Pay
CVE-2008-6467
	NOT-FOR-US: Diesel Pay
CVE-2008-6466
	NOT-FOR-US: e107
CVE-2008-6465
	NOT-FOR-US: Parallels H-Sphere
CVE-2008-6464
	NOT-FOR-US: Mevin Productions Basic PHP Events Lister
CVE-2008-6463
	NOT-FOR-US: Diocese of Portsmouth Church Search extension for Typo3
CVE-2008-6462
	NOT-FOR-US: My quiz and poll
CVE-2008-6461
	NOT-FOR-US: Typo3 addon Random Prayer
CVE-2008-6460
	NOT-FOR-US: Typo3 addon Simple Random Objects
CVE-2008-6459
	NOT-FOR-US: Typo3 addon auto BE User Registration
CVE-2008-6458
	NOT-FOR-US: Typo3 addon
CVE-2008-6457
	NOT-FOR-US: Typo3 addon
CVE-2008-6456
	NOT-FOR-US: Typo3 addon
CVE-2008-6455
	NOT-FOR-US: Edikon phpShop
CVE-2008-6454
	NOT-FOR-US: 6rbScript
CVE-2008-6453
	NOT-FOR-US: 6rbScript
CVE-2008-6452
	NOT-FOR-US: Oceandir
CVE-2008-6451
	NOT-FOR-US: jPORTAL
CVE-2008-6450
	NOT-FOR-US: Under Construction, Baby
CVE-2008-6449
	NOT-FOR-US: Century Systems routers
CVE-2008-6448
	NOT-FOR-US: SKYARC System MTCMS WYSIWYG Editor
CVE-2008-6447
	NOT-FOR-US: QuikSoft EasyMail
CVE-2008-6446
	NOT-FOR-US: CMS MAXSITE
CVE-2008-6445
	NOT-FOR-US: YourPlace
CVE-2008-6444
	NOT-FOR-US: Baidu Hi IM
CVE-2008-6443
	NOT-FOR-US: phpKF
CVE-2008-6442
	NOT-FOR-US: Sina Inc. DLoader Class ActiveX
CVE-2008-6441
	NOT-FOR-US: Epic Games Unreal engine client
CVE-2008-6440
	NOT-FOR-US: Cerberus Helpdesk
CVE-2008-6439
	NOT-FOR-US: ABK-Soft AbleDating
CVE-2008-6438
	NOT-FOR-US: MacGuru BLOG Engine
CVE-2008-6437
	NOT-FOR-US: PHPFreeForum
CVE-2008-6436
	NOT-FOR-US: Xerox WorkCentre
CVE-2008-6435
	NOT-FOR-US: phpSQLiteCMS
CVE-2008-6434
	NOT-FOR-US: Blue River Interactive Group Sava CMS
CVE-2008-6433
	NOT-FOR-US: Blue River Interactive Group Sava CMS
CVE-2008-6431
	NOT-FOR-US: BMForum
CVE-2008-6430
	NOT-FOR-US: Joomla!
CVE-2008-6429
	NOT-FOR-US: Joomla!
CVE-2008-6428
	- kaya 0.4.2-1 (low)
	[etch] - kaya <no-dsa> (Minor issue)
	NOTE: the fix checks with a regex for malicious characters in the HTTP header, see CGI.k changes
CVE-2008-6427
	NOT-FOR-US: Hivemaker Professional
CVE-2008-6425
	NOT-FOR-US: ComicShout
CVE-2008-6424
	NOT-FOR-US: FFFTP
CVE-2008-6423
	NOT-FOR-US: PassWiki
CVE-2008-6422
	NOT-FOR-US: PsychoStats
CVE-2008-6421
	NOT-FOR-US: Social Site Generator
CVE-2008-6420
	NOT-FOR-US: Social Site Generator
CVE-2008-6419
	NOT-FOR-US: Social Site Generator
CVE-2008-6418
	NOT-FOR-US: TorrentTrader
CVE-2008-6417
	NOT-FOR-US: GreenSQL-Console
CVE-2008-6416
	NOT-FOR-US: GreenSQL-Console
CVE-2008-6415
	NOT-FOR-US: CCProxy
CVE-2008-6414
	NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6413
	NOT-FOR-US: Answers module for Drupal
CVE-2008-6412
	NOT-FOR-US: Vignette Content Management
CVE-2008-6411
	NOT-FOR-US: Explay CMS
CVE-2008-6410
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6409
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6408
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6407
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6406
	NOT-FOR-US: DataLife Engine
CVE-2008-6405
	NOT-FOR-US: Hotscripts Clone
CVE-2008-6404
	NOT-FOR-US: eXtrovert Software Thyme
CVE-2008-6403
	NOT-FOR-US: OpenRat
CVE-2008-6402
	NOT-FOR-US: Sofi WebGui
CVE-2008-6401
	NOT-FOR-US: JETIK-WEB
CVE-2008-6400
	NOT-FOR-US: refbase
CVE-2008-6399
	NOT-FOR-US: DotNetNuke
CVE-2008-6398
	- sng 1.0.2-6 (bug #496407; unimportant)
CVE-2008-6397
	- sgml2x 1.0.0-11.2 (bug #496368; low)
	[etch] - sgml2x <no-dsa> (Minor issue)
CVE-2008-6396
	NOT-FOR-US: Celerondude Uploader
CVE-2008-6395
	NOT-FOR-US: web management interface in 3Com Wireless
CVE-2008-6394
	NOT-FOR-US: CS-Cart
CVE-2008-6393
	{DSA-1741-1}
	- psi 0.12.1-1 (low; bug #518468)
	[etch] - psi <not-affected> (Vulnerable code not present)
CVE-2008-6392
	NOT-FOR-US: Z1Exchange
CVE-2008-6391
	NOT-FOR-US: Jbook
CVE-2008-6390
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2008-6389
	NOT-FOR-US: Rae Media Contact Management Software
CVE-2008-6388
	NOT-FOR-US: Rapid Classified
CVE-2008-6387
	NOT-FOR-US: Quick Tree View .NET
CVE-2008-6386
	NOT-FOR-US: Z1Exchange
CVE-2008-6385
	NOT-FOR-US: W3matter RevSense
CVE-2008-6384
	NOT-FOR-US: Comment Mail
CVE-2008-6383
	NOT-FOR-US: SpeedTech Organization and Resource Manager
CVE-2008-6382
	NOT-FOR-US: ASP Portal
CVE-2008-6381
	NOT-FOR-US: bcoos
CVE-2008-6380
	NOT-FOR-US: Active Web Helpdesk
CVE-2008-6379
	NOT-FOR-US: Gallery MX
CVE-2008-6378
	NOT-FOR-US: Calendar Mx Professional
CVE-2008-6377
	NOT-FOR-US: Multi SEO phpBB
CVE-2008-6376
	NOT-FOR-US: Jbook
CVE-2008-6375
	NOT-FOR-US: JBook
CVE-2008-6374
	NOT-FOR-US: MailingListPro Free Edition
CVE-2008-6373
	- nagios3 3.0.6-3
	[etch] - nagios2 <no-dsa> (Related to CVE-2008-5028, which has minimal attack vector)
CVE-2008-6372
	NOT-FOR-US: Ocean12 FAQ Manager Pro
CVE-2008-6371
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2008-6370
	NOT-FOR-US: Ocean12 Contact Manager Pro
CVE-2008-6369
	NOT-FOR-US: Ocean12 Contact Manager Pro
CVE-2008-6368
	NOT-FOR-US: Chipmunk Guestbook
CVE-2008-6367
	NOT-FOR-US: Social Groupie
CVE-2008-6366
	NOT-FOR-US: Ad Server Solutions Affiliate Software Java
CVE-2008-6365
	NOT-FOR-US: Ad Server Solutions Ad Management Software Java
CVE-2008-6364
	NOT-FOR-US: Ad Server Solutions Banner Exchange Solution Java
CVE-2008-6363
	NOT-FOR-US: DesignWorks Professional
CVE-2008-6362
	NOT-FOR-US: Multiple Membership Script
CVE-2008-6361
	NOT-FOR-US: InSun Feed CMS
CVE-2008-6360
	NOT-FOR-US: ImpressCMS
CVE-2008-6359
	NOT-FOR-US: Max's Guestbook
CVE-2008-6358
	NOT-FOR-US: Social Groupie
CVE-2008-6357
	NOT-FOR-US: MyCal Personal Events Calendar
CVE-2008-6356
	NOT-FOR-US: evCal Events Calendar
CVE-2008-6355
	NOT-FOR-US: ASPired2poll
CVE-2008-6354
	NOT-FOR-US: ASPired2poll
CVE-2008-6353
	NOT-FOR-US: ASP-CMS
CVE-2008-6352
	NOT-FOR-US: Xpoze Pro
CVE-2008-6351
	NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6350
	NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6349
	NOT-FOR-US: TurnkeyForms Business Survey Pro
CVE-2008-6348
	NOT-FOR-US: DevelopItEasy Photo Gallery
CVE-2008-6347
	NOT-FOR-US: Onguma Time Sheet component for Joomla!
CVE-2008-6346
	NOT-FOR-US: DR Wiki extension for TYPO3
CVE-2008-6345
	NOT-FOR-US: SolarCMS
CVE-2008-6344
	NOT-FOR-US: TU-Clausthal Staff extension for TYPO3
CVE-2008-6343
	NOT-FOR-US: TU-Clausthal ODIN extension for TYPO3
CVE-2008-6342
	NOT-FOR-US: Simple File Browser extension for TYPO3
CVE-2008-6341
	NOT-FOR-US: SB Universal Plugin extension for TYPO3
CVE-2008-6340
	NOT-FOR-US: Vox populi extension for TYPO3
CVE-2008-6338
	NOT-FOR-US: WEBERkommunal Facilities extension for TYPO3
CVE-2008-6337
	NOT-FOR-US: Volunteer Management System module for Joomla!
CVE-2008-6336
	NOT-FOR-US: Text Lines Rearrange Script
CVE-2008-6335
	NOT-FOR-US: eMetrix Online Keyword Research Tool
CVE-2008-6334
	NOT-FOR-US: eMetrix Extract Website
CVE-2008-6333
	NOT-FOR-US: RSS Simple News
CVE-2008-6332
	NOT-FOR-US: Simple Customer
CVE-2008-6331
	NOT-FOR-US: Streber
CVE-2008-6330
	NOT-FOR-US: MyTopix
CVE-2008-6329
	NOT-FOR-US: Pre ASP Job Board
CVE-2008-6328
	NOT-FOR-US: Butterfly Organizer
CVE-2008-6327
	NOT-FOR-US: ProQuiz
CVE-2008-6326
	NOT-FOR-US: Simple Customer
CVE-2008-6325
	NOT-FOR-US: Softbiz Classifieds Script
CVE-2008-6324
	NOT-FOR-US: CF_Forum
CVE-2008-6323
	NOT-FOR-US: CFMSource CF_Auction
CVE-2008-6322
	NOT-FOR-US: CFMSource CFMBlog
CVE-2008-6321
	NOT-FOR-US: CF Shopkart
CVE-2008-6320
	NOT-FOR-US: CF Shopkart
CVE-2008-6319
	NOT-FOR-US: CF_Calendar
CVE-2008-6318
	NOT-FOR-US: PHPmyGallery
CVE-2008-6317
	NOT-FOR-US: PHPmyGallery
CVE-2008-6316
	NOT-FOR-US: PHPmyGallery
CVE-2008-6315
	NOT-FOR-US: PHPmyGallery
CVE-2008-6314
	NOT-FOR-US: Tag Board module
CVE-2008-6313
	NOT-FOR-US: phpAddEdit
CVE-2008-6312
	NOT-FOR-US: ProQuiz
CVE-2008-6311
	NOT-FOR-US: Butterfly Organizer
CVE-2008-6310
	NOT-FOR-US: W3matter RevSense
CVE-2008-6309
	NOT-FOR-US: W3matter AskPert
CVE-2008-6308
	NOT-FOR-US: Private Messaging System
CVE-2008-6307
	NOT-FOR-US: E-topbiz Link Back Checker
CVE-2008-6306
	NOT-FOR-US: Softbiz Classifieds Script
CVE-2008-6305
	NOT-FOR-US: Free Directory Script
CVE-2008-6304
	NOT-FOR-US: xt:Commerce
CVE-2008-6303
	NOT-FOR-US: ToursManager
CVE-2008-6302
	NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6301
	NOT-FOR-US: Small ShoutBox module
CVE-2008-6300
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6299
	NOT-FOR-US: Joomla!
CVE-2008-6298
	NOT-FOR-US: sISAPILocation
CVE-2008-6297
	NOT-FOR-US: DHCart
CVE-2008-6296
	NOT-FOR-US: Maran PHP Shop
CVE-2008-6295
	NOT-FOR-US: Camera Life
CVE-2008-6294
	NOT-FOR-US: Acc Statistics
CVE-2008-6293
	NOT-FOR-US: Acc Real Estate
CVE-2008-6292
	NOT-FOR-US: Acc Autos
CVE-2008-6291
	NOT-FOR-US: Acc PHP eMail
CVE-2008-6290
	NOT-FOR-US: nicLOR Sito
CVE-2008-6289
	NOT-FOR-US: Tours Manager
CVE-2008-6288
	NOT-FOR-US: Interface Medien ibase
CVE-2008-6287
	NOT-FOR-US: Broadcast Machine
CVE-2008-6286
	NOT-FOR-US: Active Newsletter
CVE-2008-6285
	NOT-FOR-US: PHP TV Portal
CVE-2008-6284
	NOT-FOR-US: Z1Exchange
CVE-2008-6283
	NOT-FOR-US: Subtext
CVE-2008-6282
	NOT-FOR-US: CMS Ortus
CVE-2008-6281
	NOT-FOR-US: Bluo CMS
CVE-2008-6280
	NOT-FOR-US: Linksys WRT160N
CVE-2008-6279
	NOT-FOR-US: RakhiSoftware Price Comparison Script
CVE-2008-6278
	NOT-FOR-US: RakhiSoftware Price Comparison Script
CVE-2008-6277
	NOT-FOR-US: RakhiSoftware Price Comparison Script
CVE-2008-6276
	NOT-FOR-US: User Karma module for Drupal
CVE-2008-6275
	NOT-FOR-US: User Karma module for Drupal
CVE-2008-6274
	NOT-FOR-US: FamilyProject
CVE-2008-6273
	NOT-FOR-US: MyKtools
CVE-2008-6272
	NOT-FOR-US: Dragan Mitic Apoll
CVE-2008-6271
	NOT-FOR-US: TBmnetCMS
CVE-2008-6270
	NOT-FOR-US: Dragan Mitic Apoll
CVE-2008-6269
	NOT-FOR-US: Joovili
CVE-2008-6268
	NOT-FOR-US: Multi Languages WebShop Online
CVE-2008-6267
	NOT-FOR-US: Multi Languages WebShop Online
CVE-2008-6266
	NOT-FOR-US: phpWebSite
CVE-2008-6265
	NOT-FOR-US: Cyberfolio
CVE-2008-6264
	NOT-FOR-US: E-topbiz Slide Popups
CVE-2008-6263
	NOT-FOR-US: SaturnCMS
CVE-2008-6262
	NOT-FOR-US: SaturnCMS
CVE-2008-6261
	NOT-FOR-US: E-topbiz AdManager
CVE-2008-6260
	NOT-FOR-US: Ultrastats
CVE-2008-6259
	NOT-FOR-US: QuadComm Q-Shop
CVE-2008-6258
	NOT-FOR-US: QuadComm Q-Shop
CVE-2008-6257
	NOT-FOR-US: Openasp
CVE-2008-6256
	NOT-FOR-US: vBulletin
CVE-2008-6255
	NOT-FOR-US: vBulletin
CVE-2008-6254
	NOT-FOR-US: Jadu Galaxies
CVE-2008-6253
	NOT-FOR-US: Pluck CMS
CVE-2008-6252
	NOT-FOR-US: smcFanControl
CVE-2008-6251
	NOT-FOR-US: phpFan
CVE-2008-6250
	NOT-FOR-US: Comdev Web Blogger
CVE-2008-6249
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6248
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6247
	NOT-FOR-US: Scripts For Sites
CVE-2008-6246
	NOT-FOR-US: Scripts For Sites
CVE-2008-6245
	NOT-FOR-US: Scripts For Sites
CVE-2008-6244
	NOT-FOR-US: Scripts For Sites
CVE-2008-6243
	NOT-FOR-US: Scripts For Sites
CVE-2008-6242
	NOT-FOR-US: Scripts For Sites
CVE-2008-6241
	NOT-FOR-US: FlexPHPSite
CVE-2008-6240
	NOT-FOR-US: OpenEdit Digital Asset Management
CVE-2008-6239
	NOT-FOR-US: OpenEdit Digital Asset Management
CVE-2008-6238
	NOT-FOR-US: OpenEdit Digital Asset Management
CVE-2008-6237
	NOT-FOR-US: Scripts For Sites
CVE-2008-6236
	NOT-FOR-US: Simple Document Management System
CVE-2008-6235
	- vim 2:7.2.148-1 (low)
	[lenny] - vim <not-affected> (proof-of-concept does not work)
	[etch] - vim <no-dsa> (Minor issue)
CVE-2008-6234
	NOT-FOR-US: Joomla!
CVE-2008-6233
	NOT-FOR-US: Five Dollar Scripts Drinks script
CVE-2008-6232
	NOT-FOR-US: Pre Shopping Mall
CVE-2008-6231
	NOT-FOR-US: Pre Classified Listing PHP
CVE-2008-6230
	NOT-FOR-US: Pre Projects Pre Podcast Portal
CVE-2008-6229
	NOT-FOR-US: CCK module for Drupal
CVE-2008-6228
	NOT-FOR-US: Pre Multi-Vendor Shopping Malls
CVE-2008-6227
	NOT-FOR-US: Pre Multi-Vendor Shopping Malls
CVE-2008-6226
	NOT-FOR-US: Pre Projects PHP Auto Listings Script
CVE-2008-6225
	NOT-FOR-US: Mole Group Airline Ticket Sale Script
CVE-2008-6224
	NOT-FOR-US: Way Of The Warrior
CVE-2008-6223
	NOT-FOR-US: Way Of The Warrior
CVE-2008-6222
	NOT-FOR-US: Joomla!
CVE-2008-6221
	NOT-FOR-US: Joomla!
CVE-2008-6220
	NOT-FOR-US: Simple Document Management System
CVE-2008-6219
	NOT-FOR-US: EMC Networker products
CVE-2008-6218
	{DSA-1750-1}
	- libpng 1.2.33-1
CVE-2008-6217
	NOT-FOR-US: Extrakt Framework
CVE-2008-6216
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2008-6215
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2008-6214
	NOT-FOR-US: Harlandscripts Pro Traffic One
CVE-2008-6213
	NOT-FOR-US: Harlandscripts Pro Traffic One
CVE-2008-6212
	NOT-FOR-US: Php-Stats
CVE-2008-6211
	NOT-FOR-US: PhpForums.net mcGallery
CVE-2008-6210
	NOT-FOR-US: dream4 Koobi
CVE-2008-6209
	NOT-FOR-US: Vastal I-Tech Software Zone
CVE-2008-6208
	NOT-FOR-US: e107 CMS
CVE-2008-6207
	NOT-FOR-US: PHPG Upload
CVE-2008-6206
	NOT-FOR-US: RobotStats
CVE-2008-6205
	NOT-FOR-US: Xavier Flahaut URLStreet
CVE-2008-6204
	NOT-FOR-US: SuperNET Shop
CVE-2008-6203
	NOT-FOR-US: CoBaLT
CVE-2008-6202
	NOT-FOR-US: CoBaLT
CVE-2008-6201
	NOT-FOR-US: KwsPHP
CVE-2008-6200
	NOT-FOR-US: Swiki
CVE-2008-6199
	NOT-FOR-US: 2532designs 2532|Gigs
CVE-2008-6198
	NOT-FOR-US: Custom Pages 1.0 plugin for MyBulletinBoard
CVE-2008-6197
	NOT-FOR-US: KwsPHP
CVE-2008-6196
	NOT-FOR-US: Philippe CROCHAT EasySite
CVE-2008-6195
	NOT-FOR-US: LANDesk Management Suite
CVE-2008-6194
	NOT-FOR-US: Microsoft Windows
CVE-2008-6193
	NOT-FOR-US: Sam Crew MyBlog
CVE-2008-6192
	NOT-FOR-US: Sun Java System Portal Server
CVE-2008-6191
	NOT-FOR-US: Intrinsic Swimage Encore
CVE-2008-6190
	NOT-FOR-US: EEBCMS
CVE-2008-6189
	{DSA-1698-1}
	- gforge 4.7~rc2-5
CVE-2008-6188
	{DSA-1698-1}
	- gforge 4.7~rc2-5
CVE-2008-6187
	{DSA-1698-1}
	- gforge 4.7~rc2-5
CVE-2008-6186
	NOT-FOR-US: RaidenFTPD
CVE-2008-6185
	NOT-FOR-US: NoticeWare Email Server NG
CVE-2008-6184
	NOT-FOR-US: Joomla!
CVE-2008-6183
	NOT-FOR-US: My PHP Indexer
CVE-2008-6182
	NOT-FOR-US: Joomla!
CVE-2008-6181
	NOT-FOR-US: Joomla!
CVE-2008-6180
	NOT-FOR-US: NewLife Blogger
CVE-2008-6179
	NOT-FOR-US: IndexScript
CVE-2008-6178
	NOTE: Alleged exploit does not work.
CVE-2008-6177
	NOT-FOR-US: LightBlog
CVE-2008-6176
	REJECTED
CVE-2008-6175
	NOT-FOR-US: SilverSHielD
CVE-2008-6174
	NOT-FOR-US: Jetbox CMS
CVE-2008-6173
	NOT-FOR-US: ClipShare Pro
CVE-2008-6172
	NOT-FOR-US: Joomla!
CVE-2008-6171
	- drupal5 5.12-1 (low; bug #519114)
	- drupal6 6.6-1 (low; bug #519115)
CVE-2008-6170
	- drupal6 6.9-1 (low)
	[lenny] - drupal6 6.6-1.1
CVE-2008-6169
	NOT-FOR-US: Localization modules for Drupal
CVE-2008-6168
	NOT-FOR-US: miniPortail
CVE-2008-6167
	NOT-FOR-US: miniPortail
CVE-2008-6166
	NOT-FOR-US: Joomla!
CVE-2008-6165
	NOT-FOR-US: CSPartner
CVE-2008-6164
	NOT-FOR-US: DreamCost HostAdmin
CVE-2008-6163
	- openx <itp> (bug #513771)
CVE-2008-6162
	NOT-FOR-US: Bux.to Clone script
CVE-2008-6161
	NOT-FOR-US: WOW Raid Manager
CVE-2008-6160
	NOT-FOR-US: Semantically-Interconnected Online Communities
CVE-2008-6159
	NOT-FOR-US: Content Management Made Easy
CVE-2008-6158
	NOT-FOR-US: w3blabor CMS
CVE-2008-6157
	NOT-FOR-US: SepCity Classified Ads
CVE-2008-6156
	NOT-FOR-US: AdMan
CVE-2008-6155
	NOT-FOR-US: Hispah Text Links Ads
CVE-2008-6154
	NOT-FOR-US: Hispah Text Links Ads
CVE-2008-6153
	NOT-FOR-US: Jay Patel Pixel8 Web Photo
CVE-2008-6152
	NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6151
	NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6150
	NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6149
	NOT-FOR-US: Joomla!
CVE-2008-6148
	NOT-FOR-US: Joomla!
CVE-2008-6147
	NOT-FOR-US: ForumApp
CVE-2008-6146
	NOT-FOR-US: DeluxeBB
CVE-2008-6145
	NOT-FOR-US: WEC Discussion Forum (wec_discussion) extension TYPO3
CVE-2008-6144
	NOT-FOR-US: WEC Discussion Forum (wec_discussion) extension TYPO3
CVE-2008-6143
	NOT-FOR-US: OwenPoll
CVE-2008-6142
	NOT-FOR-US: FlexPHPic
CVE-2008-6141
	NOT-FOR-US: Avaya IP Softphone
CVE-2008-6140
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2008-6139
	NOT-FOR-US: WebBiscuits Modules Controller
CVE-2008-6138
	NOT-FOR-US: WebBiscuits Modules Controller
CVE-2008-6137
	NOT-FOR-US: EveryBlog
CVE-2008-6136
	NOT-FOR-US: EveryBlog
CVE-2008-6135
	NOT-FOR-US: EveryBlog
CVE-2008-6134
	NOT-FOR-US: EveryBlog
CVE-2008-6133
	NOT-FOR-US: Full PHP Emlak Script
CVE-2008-6132
	NOT-FOR-US: phpScheduleIt
CVE-2008-6131
	NOT-FOR-US: moziloWiki
CVE-2008-6130
	NOT-FOR-US: moziloWiki
CVE-2008-6129
	NOT-FOR-US: moziloWiki
CVE-2008-6128
	NOT-FOR-US: moziloCMS
CVE-2008-6127
	NOT-FOR-US: moziloCMS
CVE-2008-6126
	NOT-FOR-US: moziloCMS
CVE-2008-6125
	{DSA-1724-1}
	- moodle 1.8.2.dfsg-2
CVE-2008-6124
	{DSA-1691-1}
	- moodle 1.8.2.dfsg-2
CVE-2008-6123
	- net-snmp 5.4.3~dfsg-1 (low; bug #516801)
	[etch] - net-snmp <no-dsa> (Minor issue)
	[lenny] - net-snmp <no-dsa> (Minor issue)
CVE-2008-6122
	NOT-FOR-US: Netgear WGR614v9
CVE-2008-6121
	NOT-FOR-US: SocialEngine
CVE-2008-6120
	NOT-FOR-US: SocialEngine
CVE-2008-6119
	NOT-FOR-US: Goople CMS
CVE-2008-6118
	NOT-FOR-US: Goople CMS
CVE-2008-6117
	NOT-FOR-US: PG Job Site Pro
CVE-2008-6116
	NOT-FOR-US: Joomla!
CVE-2008-6115
	NOT-FOR-US: Prozilla Hosting Index
CVE-2008-6114
	NOT-FOR-US: Mytipper Zogo-shop
CVE-2008-6113
	NOT-FOR-US: SemanticScuttle
CVE-2008-6112
	NOT-FOR-US: Ez Ringtone Manager
CVE-2008-6111
	NOT-FOR-US: NetArt Media Vlog System
CVE-2008-6110
	NOT-FOR-US: SemanticScuttle
CVE-2008-6109
	NOT-FOR-US: Robin Rawson-Tetley Animal Shelter Manager
CVE-2008-6108
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6107
	- linux-2.6 2.6.25-4 (low)
	- linux-2.6.24 <removed>
CVE-2008-6106
	NOT-FOR-US: IBM Workplace for Business Controls
CVE-2008-6105
	NOT-FOR-US: IBM Workplace for Business Controls
CVE-2008-6104
	NOT-FOR-US: A4Desk PHP Event Calendar
CVE-2008-6103
	NOT-FOR-US: A4Desk PHP Event Calendar
CVE-2008-6102
	NOT-FOR-US: Link Trader Script
CVE-2008-6101
	NOT-FOR-US: Adult Banner Exchange Website
CVE-2008-6100
	NOT-FOR-US: Discussion Forums
CVE-2008-6099
	NOT-FOR-US: RPortal
CVE-2008-6098
	- bugzilla <unfixed> (unimportant)
CVE-2008-6097
	NOT-FOR-US: WikyBlog
CVE-2008-6096
	NOT-FOR-US: Juniper NetScreen ScreenOS
CVE-2008-6095
	NOT-FOR-US: OpenNMS
CVE-2008-6094
	NOT-FOR-US: Celoxis Technologies Celoxis
CVE-2008-6093
	NOT-FOR-US: Noname CMS
CVE-2008-6092
	NOT-FOR-US: phpscripts Ranking Script
CVE-2008-6091
	NOT-FOR-US: BMForum
CVE-2008-6090
	NOT-FOR-US: ScriptsEz Mini Hosting Panel
CVE-2008-6089
	NOT-FOR-US: ScriptsEz
CVE-2008-6088
	NOT-FOR-US: Joomla!
CVE-2008-6087
	NOT-FOR-US: Camera Life
CVE-2008-6086
	NOT-FOR-US: Camera Life
CVE-2008-6085
	NOT-FOR-US: F-Secure
CVE-2008-6084
	NOT-FOR-US: Iamma Simple Gallery
CVE-2008-6083
	NOT-FOR-US: TXTshop
CVE-2008-6082
	NOT-FOR-US: Titan FTP Server
CVE-2008-6081
	NOT-FOR-US: Simple Customer
CVE-2008-6080
	NOT-FOR-US: Joomla!
CVE-2008-6079
	{DSA-2029-1}
	- imlib2 1.4.2-1 (bug #576469)
	NOTE: poked upstream for more details
CVE-2008-6078
	NOT-FOR-US: Limbo CMS
CVE-2008-6077
	NOT-FOR-US: LoudBlog
CVE-2008-6076
	NOT-FOR-US: Joomla!
CVE-2008-6075
	NOT-FOR-US: Bahar Download Script
CVE-2008-6074
	NOT-FOR-US: phpcrs
CVE-2008-6073
	NOT-FOR-US: StorageCrypt
CVE-2008-6072
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6071
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6070
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6069
	NOT-FOR-US: eChat plugin
CVE-2008-6068
	NOT-FOR-US: Joomla!
CVE-2008-7272 [iceweasel-firegpg: Passphrase and Cleartext Recovery]
	RESERVED
	- iceweasel-firegpg <removed> (bug #514386)
CVE-2008-7273 [iceweasel-firegpg: Passphrase and Cleartext Recovery]
	RESERVED
	- iceweasel-firegpg <removed> (bug #514386)
CVE-2008-6067
	REJECTED
CVE-2008-6066
	NOT-FOR-US: Meet#Web
CVE-2008-6065
	NOT-FOR-US: Oracle Database Server
CVE-2008-6064
	NOT-FOR-US: DomPHP
CVE-2008-6063
	NOT-FOR-US: Microsoft
CVE-2008-6062
	NOT-FOR-US: Adobe Dreamweaver
CVE-2008-6061
	NOT-FOR-US: Techsmith Camtasia Studio
CVE-2008-6060
	NOT-FOR-US: InfoSoft FusionCharts
CVE-2008-6059
	- webkit <not-affected> (bug #516555; low)
	NOTE: webkit in linux needs libsoup for cookie support
CVE-2008-6058
	NOT-FOR-US: Syslserve
CVE-2008-6057
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2008-6056
	NOT-FOR-US: World Recipe
CVE-2008-6055
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6054
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6053
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6052
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6051
	NOT-FOR-US: MetaCart Free
CVE-2008-6050
	NOT-FOR-US: Tech Articles
CVE-2008-6049
	REJECTED
CVE-2008-6048
	NOT-FOR-US: TangoCMS
CVE-2008-6047
	NOT-FOR-US: ADbNewsSender
CVE-2008-6046
	NOT-FOR-US: ADbNewsSender
CVE-2008-6045
	NOT-FOR-US: xt:Commerce
CVE-2008-6044
	NOT-FOR-US: xt:Commerce
CVE-2008-6043
	NOT-FOR-US: PHP Pro Bid
CVE-2008-6042
	NOT-FOR-US: NetArtMedia Real Estate Portal
CVE-2008-6041
	NOT-FOR-US: Dataspade
CVE-2008-6040
	NOT-FOR-US: Arcadem Pro
CVE-2008-6039
	NOT-FOR-US: BLUEPAGE CMS
CVE-2008-6038
	NOT-FOR-US: MapCal
CVE-2008-6037
	NOT-FOR-US: AvailScript Article Script
CVE-2008-6036
	NOT-FOR-US: BaseBuilder
CVE-2008-6035
	NOT-FOR-US: Achievo
CVE-2008-6034
	NOT-FOR-US: Achievo
CVE-2008-6033
	NOT-FOR-US: WSN Links
CVE-2008-6032
	NOT-FOR-US: WSN Links
CVE-2008-6031
	NOT-FOR-US: WSN Links
CVE-2008-6030
	NOT-FOR-US: NetArtMedia Jobs Portal
CVE-2008-6029
	NOT-FOR-US: BuzzyWall
CVE-2008-6028
	NOT-FOR-US: Library Fez
CVE-2008-6027
	NOT-FOR-US: BLUEPAGE CMS
CVE-2008-6026
	NOT-FOR-US: BlueCUBE CMS
CVE-2008-6025
	NOT-FOR-US: openElec
CVE-2008-6024
	NOT-FOR-US: Sun Solaris
CVE-2008-6023
	NOT-FOR-US: Xnova
CVE-2008-6022
	NOT-FOR-US: Xnova
CVE-2008-6021
	NOT-FOR-US: Attachmate Reflection
CVE-2008-6020
	NOT-FOR-US: View module (drupal module)
CVE-2008-6019
	NOT-FOR-US: EACOMM DO-CMS
CVE-2008-6018
	NOT-FOR-US: MyPHPSite
CVE-2008-6017
	NOT-FOR-US: I-Rater Basic
CVE-2008-6016
	NOT-FOR-US: EsFaq
CVE-2008-6015
	NOT-FOR-US: EsFaq
CVE-2008-6014
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-6013
	NOT-FOR-US: Freeway
CVE-2008-6012
	NOT-FOR-US: Pritlog
CVE-2008-6011
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6010
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6009
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6008
	NOT-FOR-US: hyBook Guestbook Script
CVE-2008-6007
	NOT-FOR-US: QuidaScript BookMarks Favourites Script
CVE-2008-6006
	NOT-FOR-US: Micronation Banking System
CVE-2008-6004
	NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6003
	NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6002
	NOT-FOR-US: web-cp
CVE-2008-6001
	NOT-FOR-US: ADN Forum
CVE-2008-6000
	NOT-FOR-US: G DATA AntiVirus
CVE-2008-5999
	NOT-FOR-US: Ajax Checklist module for Drupal
CVE-2008-5998
	NOT-FOR-US: Ajax Checklist module for Drupal
CVE-2008-5997
	NOT-FOR-US: Omnicom Content Platform
CVE-2008-5996
	NOT-FOR-US: Simplenews module for Drupal
CVE-2008-5995
	NOT-FOR-US: freeCap CAPTCHA extension for Typo3
CVE-2008-5994
	NOT-FOR-US: Check Point Connectra
CVE-2008-5993
	NOT-FOR-US: Barcode Generator 1D
CVE-2008-5992
	NOT-FOR-US: Jetik Emlak Sistem
CVE-2008-5991
	NOT-FOR-US: MailWatch for MailScanner
CVE-2008-5990
	NOT-FOR-US: emergecolab
CVE-2008-5989
	NOT-FOR-US: PHPcounterJadu CMS
CVE-2008-5988
	NOT-FOR-US: Jadu CMS
CVE-2008-XXXX [minor cyrus sasl DoS]
	- cyrus-sasl2 2.1.22.dfsg1-18 (bug #465561)
	[etch] - cyrus-sasl2 <no-dsa> (Minor issue)
CVE-2008-5987
	- eog 2.22.3-2 (bug #504352; low)
	[etch] - eog <not-affected> (Vulnerable code not present)
CVE-2008-5986
	- csound 5.08.2~dfsg-1.1 (bug #504359; low)
	[lenny] - csound 1:5.08.0.dfsg2-8+lenny2 (bug #504359; low)
	[etch] - csound <not-affected> (Vulnerable code not present)
CVE-2008-5985
	- epiphany-browser 2.22.3-7 (bug #504363; low)
	[etch] - epiphany-browser <no-dsa> (Minor issue, only vulnerable when called from certain dir)
CVE-2008-5984
	- dia 0.96.1-7.1 (low; bug #504251)
	[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from certain dir)
CVE-2008-5983
	- python3.1 3.1.2+20100703-1 (low; bug #575780)
	- python2.6 2.6.5+20100529-1 (low; bug #572010)
	- python2.5 <unfixed> (low)
	[etch] - python2.5 <no-dsa> (Minor issue)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	[squeeze] - python2.5 <no-dsa> (Minor issue, patch only introduces a new, more secure API)
	- python2.4 <unfixed> (low)
	[etch] - python2.4 <no-dsa> (Minor issue)
	[lenny] - python2.4 <no-dsa> (Minor issue)
	NOTE: I suppose the behaviour will be changed in a future Python release, but
	NOTE: a backport has a significant risk of breakage for little gain. If a
	NOTE: proper upstream patch should be available, this can be re-evaluated
	NOTE: http://bugs.python.org/issue5753
CVE-2008-5982
	NOT-FOR-US: BMC PATROL Agent
CVE-2008-5968
	- phpicalendar <removed> (bug #513517)
CVE-2008-5967
	- phpicalendar <removed> (bug #513517)
CVE-2008-5981
	NOT-FOR-US: PacPoll
CVE-2008-5980
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5979
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5978
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5977
	NOT-FOR-US: PHP JOBWEBSITE PRO
CVE-2008-5976
	NOT-FOR-US: PHP JOBWEBSITE PRO
CVE-2008-5975
	NOT-FOR-US: Active Price Comparison
CVE-2008-5974
	NOT-FOR-US: Active Price Comparison
CVE-2008-5973
	NOT-FOR-US: Active Web Mail
CVE-2008-5972
	NOT-FOR-US: Active Business Directory
CVE-2008-5971
	NOT-FOR-US: i-Net Solution Orkut Clone
CVE-2008-5970
	NOT-FOR-US: i-Net Solution Orkut Clone
CVE-2008-5969
	NOT-FOR-US: Sunbyte e-Flower
CVE-2008-5966
	NOT-FOR-US: Globsy
CVE-2008-5965
	NOT-FOR-US: LokiCMS
CVE-2008-5964
	NOT-FOR-US: Social ImpressCMS
CVE-2008-5963
	NOT-FOR-US: Gravity Getting Things Done
CVE-2008-5962
	NOT-FOR-US: Gravity Getting Things Done
CVE-2008-5961
	NOT-FOR-US: Tribiq CMS Community
CVE-2008-5960
	NOT-FOR-US: Tribiq CMS Community
CVE-2008-5959
	NOT-FOR-US: Active Test
CVE-2008-5958
	NOT-FOR-US: Active Test
CVE-2008-5957
	NOT-FOR-US: Joomla!
CVE-2008-5956
	NOT-FOR-US: Wbstreet
CVE-2008-5955
	NOT-FOR-US: Wbstreet
CVE-2008-5954
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5953
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5952
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5951
	NOT-FOR-US: ASP Template Creature
CVE-2008-5950
	NOT-FOR-US: ASP Template Creature
CVE-2008-5949
	NOT-FOR-US: ccTiddly
CVE-2008-5948
	NOT-FOR-US: BNCwi
CVE-2008-5947
	NOT-FOR-US: YapBB
CVE-2008-5946
	NOT-FOR-US: PHP-Fusion
CVE-2008-5945
	NOT-FOR-US: Nukeviet
CVE-2008-5944
	NOT-FOR-US: NavBoard
CVE-2008-5943
	NOT-FOR-US: NavBoard
CVE-2008-5942
	NOT-FOR-US: MODx CMS
CVE-2008-5941
	NOT-FOR-US: MODx CMS
CVE-2008-5940
	NOT-FOR-US: MODx CMS
CVE-2008-5939
	NOT-FOR-US: MODx CMS
CVE-2008-5938
	NOT-FOR-US: MODx CMS
CVE-2008-5937
	NOT-FOR-US: AyeView
CVE-2008-5936
	NOT-FOR-US: mini-pub
CVE-2008-5935
	NOT-FOR-US: Facto
CVE-2008-5934
	NOT-FOR-US: CMS ISWEB
CVE-2008-5933
	NOT-FOR-US: CMS ISWEB
CVE-2008-5932
	NOT-FOR-US: CodeAvalanche FreeForum
CVE-2008-5931
	NOT-FOR-US: ASPired2Blog
CVE-2008-5930
	NOT-FOR-US: ASPired2Blog
CVE-2008-5929
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2008-5928
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5927
	NOT-FOR-US: FlexPHPNews
CVE-2008-5926
	NOT-FOR-US: ASP-DEv
CVE-2008-5925
	NOT-FOR-US: ASP-DEv
CVE-2008-5924
	NOT-FOR-US: ASP-DEv
CVE-2008-5923
	NOT-FOR-US: ASP-DEv
CVE-2008-5922
	NOT-FOR-US: Cant Find A Gaming CMS
CVE-2008-5921
	NOT-FOR-US: Umer Inc Songs Portal
CVE-2008-5920
	- websvn 1.61-21 (bug #503330)
CVE-2008-5917
	{DSA-1765-1}
	- horde3 3.2.2+debian0-2 (bug #512592)
CVE-2008-5916
	{DSA-1708-1}
	- git-core 1:1.5.6.5-2 (low)
CVE-2008-5915
	NOT-FOR-US: Google
CVE-2008-5914
	NOT-FOR-US: Apple
CVE-2008-5913
	- xulrunner 1.9.1.10-1 (unimportant; bug #559792; bug #532516)
	- iceape 2.0.5-1 (unimportant)
	[lenny] - iceape <not-affected> (Just a stub package)
	NOTE: Limited to browser life time
CVE-2008-5912
	NOT-FOR-US: Microsoft
CVE-2008-5911
	NOT-FOR-US: RealNetworks Helix
CVE-2008-5910
	NOT-FOR-US: txzonemgr in Sun OpenSolaris
CVE-2008-5909
	NOT-FOR-US: conv_lpd in Sun OpenSolaris
CVE-2008-5908
	NOT-FOR-US: root/boot archive tool in Sun OpenSolaris
CVE-2008-5907
	{DSA-1750-1}
	- libpng 1.2.35-1 (bug #512665)
	NOTE: Only an issues when using libpng to create out-of-spec images
CVE-2008-5906
	- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
	- ktorrent 3.1.4+dfsg.1-1
	[etch] - ktorrent <not-affected> (Doesn't include the web interface)
CVE-2008-5905
	- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
	- ktorrent 3.1.4+dfsg.1-1
	[etch] - ktorrent <not-affected> (Doesn't include the web interface)
CVE-2008-5901
	NOT-FOR-US: iyzi Forum
CVE-2008-5900
	NOT-FOR-US: CodeAvalanche Articles
CVE-2008-5899
	NOT-FOR-US: CodeAvalanche FreeForAll
CVE-2008-5898
	NOT-FOR-US: CodeAvalanche Directory
CVE-2008-5897
	NOT-FOR-US: CodeAvalanche FreeWallpaper
CVE-2008-5896
	NOT-FOR-US: CodeAvalanche RateMySite
CVE-2008-5895
	NOT-FOR-US: Mediatheka
CVE-2008-5894
	NOT-FOR-US: Mediatheka
CVE-2008-5893
	NOT-FOR-US: ClickAndEmail
CVE-2008-5892
	NOT-FOR-US: ClickAndEmail
CVE-2008-5891
	NOT-FOR-US: Injader
CVE-2008-5890
	NOT-FOR-US: Injader
CVE-2008-5889
	NOT-FOR-US: Click&Rank
CVE-2008-5888
	NOT-FOR-US: Click&Rank
CVE-2008-5887
	NOT-FOR-US: phplist
CVE-2008-5886
	NOT-FOR-US: TAKempis Discussion Web
CVE-2008-5885
	NOT-FOR-US: Net Guys ASPired2Quote
CVE-2008-5884
	NOT-FOR-US: AyeView
CVE-2008-5883
	NOT-FOR-US: mini-pub
CVE-2008-5904
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-5903
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-5902
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-6005
	- amaya <removed> (medium; bug #507587)
	NOTE: different vector than described in CVE-2008-5282, see 507587#15
CVE-2008-5882
	NOT-FOR-US: Citrix
CVE-2008-5881
	NOT-FOR-US: playSMS
CVE-2008-5880
	NOT-FOR-US: Gobbl CMS
CVE-2008-5879
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5878
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5877
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5876
	- irrlicht <not-affected> (package was first introduced in version 1.5)
CVE-2008-5875
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5874
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5873
	NOT-FOR-US: Yerba
CVE-2008-5872
	NOT-FOR-US: Nortel Multimedia Communication Server
CVE-2008-5871
	NOT-FOR-US: Nortel Multimedia Communication Server
CVE-2008-5870
	NOT-FOR-US: FastStone Image Viewer
CVE-2008-5869
	NOT-FOR-US: Proxim Wireless Tsunami
CVE-2008-5868
	NOT-FOR-US: IntelliTamper
CVE-2008-5867
	NOT-FOR-US: Yerba
CVE-2008-5866
	NOT-FOR-US: Proxim Wireless Tsunami
CVE-2008-5865
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5864
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5863
	NOT-FOR-US: Module for Woltlab Burning Board
CVE-2008-5862
	NOT-FOR-US: webcamXP
CVE-2008-5861
	NOT-FOR-US: FreeLyrics
CVE-2008-5860
	NOT-FOR-US: Constructr CMS
CVE-2008-5859
	NOT-FOR-US: Constructr CMS
CVE-2008-5858
	NOT-FOR-US: KnowledgeTree
CVE-2008-5857
	NOT-FOR-US: KnowledgeTree
CVE-2008-5856
	NOT-FOR-US: ClaSS
CVE-2008-5855
	NOT-FOR-US: myPHPscripts Login Session
CVE-2008-5854
	NOT-FOR-US: myPHPscripts Login Session
CVE-2008-5853
	NOT-FOR-US: ChoCoMaS
CVE-2008-5852
	NOT-FOR-US: Emefa Guestbook
CVE-2008-5851
	NOT-FOR-US: My PHP Baseball Stats
CVE-2008-5850
	REJECTED
CVE-2008-5849
	NOT-FOR-US: Check Point
CVE-2008-5848
	NOT-FOR-US: Advantech ADAM-6000 module
CVE-2008-5847
	NOT-FOR-US: Constructr CMS
CVE-2008-5846
	- movabletype-opensource 4.2.3-1 (low)
CVE-2008-5845
	- movabletype-opensource 4.2.3-1 (low)
CVE-2008-5844
	- php5 <not-affected> (vulnerable code introduced in 5.2.7, we have 5.2.6 and 5.2.8 was released in the meantime)
	[etch] - php4 <not-affected> (vulnerable code introduced in php5 5.2.7)
CVE-2008-5843
	- pdfjam <not-affected> (the debian package sets pdflatex and thus dirname can't result in returning .)
	NOTE: it is also not possible to include a crafted sed or pdflatex executable in the pdflatex call
	NOTE: as our version uses random names, see #510584
CVE-2008-5842
	NOT-FOR-US: Fujitsu-Siemens WebTransactions
CVE-2008-XXXX [auctex insecure temp file]
	- auctex 11.83-7.3 (low; bug #506961)
	[etch] - auctex <no-dsa> (Minor issue)
CVE-2008-5841
	NOT-FOR-US: iGaming
CVE-2008-5840
	- phpicalendar <removed> (bug #513517)
CVE-2008-5839
	NOT-FOR-US: Foxmail
CVE-2008-5838
	NOT-FOR-US: E-Php Scripts E-Shop Shopping Cart
CVE-2008-5837
	RESERVED
CVE-2008-5836
	RESERVED
CVE-2008-5835
	RESERVED
CVE-2008-5834
	RESERVED
CVE-2008-5833
	RESERVED
CVE-2008-5832
	RESERVED
CVE-2008-5831
	RESERVED
CVE-2008-5830
	RESERVED
CVE-2008-5829
	RESERVED
CVE-2008-5828
	NOT-FOR-US: Microsoft
CVE-2008-5827
	NOT-FOR-US: Nokia Firmware
CVE-2008-5826
	NOT-FOR-US: Nokia Firmware
CVE-2008-5825
	NOT-FOR-US: Nokia Firmware
CVE-2008-5823
	NOT-FOR-US: Microsoft Money
CVE-2008-5822
	- xulrunner <unfixed> (unimportant)
	NOTE: Just a crash, no security impact
CVE-2008-5821
	NOT-FOR-US: Webkit on Windows
CVE-2008-5820
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5819
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5818
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5817
	NOT-FOR-US: Web Scribble Solutions webClassifieds
CVE-2008-5816
	NOT-FOR-US: ILIAS
CVE-2008-5815
	NOT-FOR-US: phpAlumni
CVE-2008-5814
	{DSA-1789-1}
	- php5 5.2.11.dfsg.1-1 (low; bug #523028)
	NOTE: I don't know in which version this was fixed specifically, but
	NOTE: I've checked that the patch is present in this version
	- php4 <removed> (low; bug #523028)
CVE-2008-5813
	- spip 2.0.6-1
CVE-2008-5812
	- spip 2.0.6-1
CVE-2008-5811
	NOT-FOR-US: joomla
CVE-2008-5810
	NOT-FOR-US: Fujitsu-Siemens WebTransactions
CVE-2008-5809
	NOT-FOR-US: futomi CGI Cafe Access Analyzer CGI Standard
CVE-2008-5808
	NOT-FOR-US: Six Apart Movable Type Enterprise
CVE-2008-5807
	NOT-FOR-US: TestLink
CVE-2008-5806
	NOT-FOR-US: DeltaScripts PHP Classifieds
CVE-2008-5805
	NOT-FOR-US: DeltaScripts PHP Classifieds
CVE-2008-5804
	NOT-FOR-US: e-topbiz Number Links 1 Php Script
CVE-2008-5803
	NOT-FOR-US: E-topbiz
CVE-2008-5802
	NOT-FOR-US: E-topbiz
CVE-2008-5801
	NOT-FOR-US: Dictionary (rtgdictionary) extension for TYPO3
CVE-2008-5800
	NOT-FOR-US: fsmi_people extension for TYPO3
CVE-2008-5799
	NOT-FOR-US: fsmi_people extension for TYPO3
CVE-2008-5798
	NOT-FOR-US: CMS Poll system for TYPO3
CVE-2008-5797
	NOT-FOR-US: advCalendar extension for TYPO3
CVE-2008-5796
	NOT-FOR-US: Page Comments extension for TYPO3
CVE-2008-5795
	NOT-FOR-US: Page Comments extension for TYPO3
CVE-2008-5794
	NOT-FOR-US: LoveCMS
CVE-2008-5793
	NOT-FOR-US: Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla!
CVE-2008-5792
	NOT-FOR-US: Indiscripts Enthusiast
CVE-2008-5791
	NOT-FOR-US: PrestaShop e-Commerce Solution
CVE-2008-5790
	NOT-FOR-US: Recly!Competitions (com_competitions) component 1.0 for Joomla!
CVE-2008-5789
	NOT-FOR-US: Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla!
CVE-2008-5788
	NOT-FOR-US: Domain Seller
CVE-2008-5787
	NOT-FOR-US: Arab Portal
CVE-2008-5786
	NOT-FOR-US: Silva Find
CVE-2008-5785
	NOT-FOR-US: V3 Chat - Profiles/Dating Script
CVE-2008-5784
	NOT-FOR-US: V3 Chat - Profiles/Dating Script
CVE-2008-5783
	NOT-FOR-US: V3 Chat
CVE-2008-5782
	NOT-FOR-US: ZeeMatri
CVE-2008-5781
	NOT-FOR-US: Cant Find A Gaming CMS (CFAGCMS)
CVE-2008-5780
	NOT-FOR-US: Forest Blog
CVE-2008-5779
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5778
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5777
	NOT-FOR-US: CadeNix
CVE-2008-5776
	NOT-FOR-US: Aperto Blog
CVE-2008-5775
	NOT-FOR-US: Aperto Blog
CVE-2008-5774
	NOT-FOR-US: ASPSiteWare HomeBuilder
CVE-2008-5773
	NOT-FOR-US: Nukedit
CVE-2008-5772
	NOT-FOR-US: ASPSiteWare RealtyListings
CVE-2008-5771
	NOT-FOR-US: PHP Weather
CVE-2008-5770
	NOT-FOR-US: PHP Weather
CVE-2008-5769
	NOT-FOR-US: Kerio MailServer
CVE-2008-5768
	NOT-FOR-US: AM Events
CVE-2008-5767
	NOT-FOR-US: gNews Publisher
CVE-2008-5766
	NOT-FOR-US: Farsi Script Faupload
CVE-2008-5765
	NOT-FOR-US: WorkSimple
CVE-2008-5764
	NOT-FOR-US: WorkSimple
CVE-2008-5763
	NOT-FOR-US: Simple Text-File Login Script (SiTeFiLo)
CVE-2008-5762
	NOT-FOR-US: Simple Text-File Login Script (SiTeFiLo)
CVE-2008-5761
	NOT-FOR-US: FlatnuX CMS
CVE-2008-5760
	NOT-FOR-US: Kerio MailServer
CVE-2008-5759
	NOT-FOR-US: FlatnuX CMS
CVE-2008-5758
	NOT-FOR-US: PHParanoid
CVE-2008-5757
	- textpattern 4.0.6-1
CVE-2008-5756
	NOT-FOR-US: BreakPoint Software Hex Workshop
CVE-2008-5755
	NOT-FOR-US: IntelliTamper
CVE-2008-5754
	NOT-FOR-US: BulletProof FTP Client
CVE-2008-5753
	NOT-FOR-US: BulletProof FTP Client
CVE-2008-5752
	NOT-FOR-US: Page Flip Image Gallery plugin for WordPress
CVE-2008-5751
	NOT-FOR-US: AlstraSoft Web Email Script Enterprise
CVE-2008-5750
	NOT-FOR-US: Microsoft
CVE-2008-5749
	NOT-FOR-US: Unclear, historic Chrome issue
CVE-2008-5748
	NOT-FOR-US: BloofoxCMS
CVE-2008-5747
	NOT-FOR-US: F-Prot
CVE-2008-5746
	NOT-FOR-US: Sun SNMP Management Agent
CVE-2008-5745
	NOT-FOR-US: Microsoft
CVE-2008-5824
	{DSA-1972-1}
	- audiofile 0.2.6-7.1 (medium; bug #510205)
CVE-2008-5744
	{DSA-1699-1}
	- zaptel 1:1.4.11~dfsg-3 (bug #510583)
CVE-2008-5743
	- pdfjam 1.10-1 (low; bug #510584)
CVE-2008-5742
	NOT-FOR-US: AIST NetCat
CVE-2008-5741
	RESERVED
CVE-2008-5740
	RESERVED
CVE-2008-5739
	NOT-FOR-US: Pligg CMS
CVE-2008-5738
	NOT-FOR-US: Nodstrum MySQL Calendar
CVE-2008-5737
	NOT-FOR-US: Nodstrum MySQL Calendar
CVE-2008-5736
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.1-1
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-5735
	NOT-FOR-US: CoolPlayer
CVE-2008-5734
	NOT-FOR-US: IceWarp Software Merak Mail Server
CVE-2008-5733
	NOT-FOR-US: Team Impact TI Blog System mod for PHP-Fusion
CVE-2008-5732
	NOT-FOR-US: KafooeyBlog
CVE-2008-5731
	NOT-FOR-US: PGP Desktop
CVE-2008-5730
	NOT-FOR-US: AIST NetCat
CVE-2008-5729
	NOT-FOR-US: AIST NetCat
CVE-2008-5728
	NOT-FOR-US: AIST NetCat
CVE-2008-5727
	NOT-FOR-US: AIST NetCat
CVE-2008-5726
	NOT-FOR-US: stormBoards
CVE-2008-5725
	NOT-FOR-US: EnTech Taiwan PowerStrip
CVE-2008-5724
	NOT-FOR-US: ESET Smart Security
CVE-2008-5723
	NOT-FOR-US: CGI RESCUE KanniBBS2000
CVE-2008-5722
	NOT-FOR-US: SAWStudio
CVE-2008-5721
	NOT-FOR-US: BlackJumboDog
CVE-2008-5720
	NOT-FOR-US: Mayaa
CVE-2008-5719
	NOT-FOR-US: Hitachi
CVE-2008-5718
	{DSA-1705-1 DTSA-183-1}
	- netatalk 2.0.4~beta2-1 (medium; bug #510585)
CVE-2008-5717
	NOT-FOR-US: Hitachi
CVE-2008-5716
	- xen-3 <not-affected> (Vulnerable code never entered Debian)
	- xen-unstable <not-affected> (Vulnerable code never entered Debian)
	NOTE: this issue was introduced as a fix to CVE-2008-4405, which has not
	NOTE: yet been fixed in Debian
CVE-2008-5715
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2008-5714
	{DSA-1907-1 DTSA-203-1}
	- qemu 0.9.1-10 (low; bug #509882)
	[etch] - qemu <not-affected> (Vulnerable code not present)
	- kvm 82-1 (low; bug #509997)
	[lenny] - kvm <no-dsa> (Minor issue)
CVE-2008-5713
	{DSA-1794-1}
	- linux-2.6 2.6.25-1
	- linux-2.6.24 <removed>
CVE-2008-5712
	- kdebase <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2008-5711
	NOT-FOR-US: Facebook PhotoUploader ActiveX
CVE-2008-5710
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-5709
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-5708
	NOT-FOR-US: SlimCMS
CVE-2008-5707
	NOT-FOR-US: Iltaweb Alisveris Sistemi
CVE-2008-5704
	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597)
	[etch] - gpsdrive <no-dsa> (Minor issue)
	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5703
	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597)
	[etch] - gpsdrive <no-dsa> (Minor issue)
	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5702
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5701
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5700
	{DSA-1787-1}
	- linux-2.6 2.6.26-13
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present, was introduced later)
	- linux-2.6.24 <removed>
CVE-2008-5699
	NOT-FOR-US: Solaris
CVE-2008-5698
	- kdebase <unfixed> (unimportant)
	NOTE: browser crashes not treated as security issues
CVE-2008-5697
	NOT-FOR-US: Skype extension
CVE-2008-5696
	NOT-FOR-US: Novell NetWare
CVE-2008-5695
	- wordpress 2.3.2 (low; bug #510786; bug #513959)
	[etch] - wordpress <no-dsa> (Minor issue)
	NOTE: only the admin has manage_options capabilities by default and only editors
	NOTE: have upload_files capabilities
	NOTE: Only versions prior to 2.3.2 are affected according to the Debian maintainer
CVE-2008-5694
	NOT-FOR-US: Sandbox
CVE-2008-5693
	NOT-FOR-US: Ipswitch WS_FTP Server Manager
CVE-2008-5692
	NOT-FOR-US: Ipswitch WS_FTP Server Manager
CVE-2008-5691
	NOT-FOR-US: Phoenician Casino FlashAX ActiveX
CVE-2008-5690
	NOT-FOR-US: Solaris
CVE-2008-5689
	NOT-FOR-US: Solaris
CVE-2008-5688
	- mediawiki 1:1.13.3-1 (unimportant)
	- mediawiki1.7 <removed> (unimportant)
	NOTE: Installation path disclosure not treated as a security issue
CVE-2008-5687
	{DTSA-186-1}
	- mediawiki 1:1.13.3-1 (low)
	- mediawiki1.7 <removed>
	[etch] - mediawiki1.7 <not-affected> (The backup feature was introduced in 1.11)
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5686
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2008-5685
	NOT-FOR-US: Sun ScApp firmware
CVE-2008-5684
	NOT-FOR-US: Solaris
CVE-2008-5683
	NOT-FOR-US: Opera
CVE-2008-5682
	NOT-FOR-US: Opera
CVE-2008-5681
	NOT-FOR-US: Opera
CVE-2008-5680
	NOT-FOR-US: Opera
CVE-2008-5679
	NOT-FOR-US: Opera
CVE-2008-5678
	NOT-FOR-US: OLIB7 WebView
CVE-2008-5677
	NOT-FOR-US: Kwalbum
CVE-2008-5676
	- libapache-mod-security 2.5.6-1
CVE-2008-5675
	NOT-FOR-US: IBM WebSphere Portal
CVE-2008-5674
	NOT-FOR-US: Darkwet Network webcamXP
CVE-2008-5673
	NOT-FOR-US: PHParanoid
CVE-2008-5672
	NOT-FOR-US: PHParanoid
CVE-2008-5671
	NOT-FOR-US: Joomla!
CVE-2008-5670
	- textpattern 4.0.6-1 (low)
CVE-2008-5669
	- textpattern 4.0.6-1 (low)
CVE-2008-5668
	- textpattern 4.0.6-1 (low)
CVE-2008-5667
	NOT-FOR-US: VBA32 Personal Antivirus
CVE-2008-5666
	NOT-FOR-US: WinFTP
CVE-2008-5665
	NOT-FOR-US: XOOPS
CVE-2008-5664
	NOT-FOR-US: Realtek Media Player
CVE-2008-5663
	NOT-FOR-US: Kusaba
CVE-2008-5662
	NOT-FOR-US: Sun Java Wireless Toolkit
CVE-2008-5661
	NOT-FOR-US: Sun Solaris
CVE-2008-5659
	- classpath 2:0.98-1 (bug #512532; low)
	[lenny] - classpath <no-dsa> (Minor issue)
	- libgnucrypto-java <removed> (low; bug #559789)
	[lenny] - libgnucrypto-java <no-dsa> (Minor issue)
CVE-2008-5657
	- quassel 0.2~rc1-1.1 (bug #506550)
CVE-2008-5656
	- typo3-src 4.2.3-1 (bug #505325)
	[etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected)
CVE-2008-5655
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5654
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5653
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5652
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5651
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5650
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2008-5649
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2008-5648
	NOT-FOR-US: DeltaScripts PHP Shop
CVE-2008-5647
	- trac 0.11.1-2.1 (low; bug #509342; bug #505197)
	[etch] - trac <no-dsa> (Minor issue)
CVE-2008-5646
	- trac 0.11.1-2.1 (low; bug #509342; bug #505197)
	[etch] - trac <no-dsa> (Minor issue)
CVE-2008-5645
	NOT-FOR-US: Orb Networks Orb
CVE-2008-5644
	- typo3-src 4.2.3-1 (bug #505324)
	[etch] - typo3-src <not-affected> (Only Typo3 4.2.2 is affected)
CVE-2008-5643
	NOT-FOR-US: Joomla!
CVE-2008-5642
	NOT-FOR-US: CMS Made Simple
CVE-2008-5641
	NOT-FOR-US: Active Photo Gallery
CVE-2008-5640
	NOT-FOR-US: Active Bids
CVE-2008-5639
	NOT-FOR-US: TxtBlog
CVE-2008-5638
	NOT-FOR-US: Active Price Comparison
CVE-2008-5637
	NOT-FOR-US: ParsBlogger
CVE-2008-5636
	NOT-FOR-US: Lito Lite CMS
CVE-2008-5635
	NOT-FOR-US: Active Membership
CVE-2008-5634
	NOT-FOR-US: Active Force Matrix
CVE-2008-5633
	NOT-FOR-US: ActiveVotes
CVE-2008-5632
	NOT-FOR-US: Active Time Billing
CVE-2008-5631
	NOT-FOR-US: Active eWebquiz
CVE-2008-5630
	NOT-FOR-US: Post Affiliate
CVE-2008-5629
	NOT-FOR-US: Turnkey Arcade Script
CVE-2008-5628
	NOT-FOR-US: CMS little
CVE-2008-5627
	NOT-FOR-US: Active Trade
CVE-2008-5626
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2008-5623
	RESERVED
CVE-2008-5620
	- roundcube 0.1.1-10 (low; bug #509596)
CVE-2008-5618
	- rsyslog 3.18.6-1 (low; bug #510906)
CVE-2008-5615
	RESERVED
CVE-2008-5614
	RESERVED
CVE-2008-5613
	RESERVED
CVE-2008-5612
	RESERVED
CVE-2008-5611
	RESERVED
CVE-2008-5610
	RESERVED
CVE-2008-5609
	NOT-FOR-US: Commerce extension
CVE-2008-5608
	NOT-FOR-US: AutoDealer
CVE-2008-5607
	NOT-FOR-US: joomla
CVE-2008-5606
	NOT-FOR-US: Gazatem QMail Mailing List Manager
CVE-2008-5605
	NOT-FOR-US: ASP Portal
CVE-2008-5604
	NOT-FOR-US: My Simple Forum
CVE-2008-5603
	NOT-FOR-US: ASPTicker
CVE-2008-5602
	NOT-FOR-US: Natterchat
CVE-2008-5601
	NOT-FOR-US: User Engine Lite ASP
CVE-2008-5600
	NOT-FOR-US: Merlix Teamworx Server
CVE-2008-5599
	NOT-FOR-US: Merlix Teamworx Server
CVE-2008-5598
	NOT-FOR-US: PHPmyGallery
CVE-2008-5597
	NOT-FOR-US: Cold BBS
CVE-2008-5596
	NOT-FOR-US: Ikon AdManager
CVE-2008-5595
	NOT-FOR-US: ASP AutoDealer
CVE-2008-5594
	NOT-FOR-US: Mini Blog
CVE-2008-5593
	NOT-FOR-US: Mini CMS
CVE-2008-5592
	NOT-FOR-US: Nightfall Personal Diary
CVE-2008-5591
	NOT-FOR-US: Nightfall Personal Diary
CVE-2008-5590
	NOT-FOR-US: Kalptaru Infotech Product Sale Framework
CVE-2008-5589
	NOT-FOR-US: Katy Whitton RankEm
CVE-2008-5588
	NOT-FOR-US: Katy Whitton RankEm
CVE-2008-5587
	{DSA-1693-1}
	- phppgadmin 4.2.1-1.1 (low; bug #508026)
	NOTE: register_globals=on is required
	NOTE: http://www.milw0rm.com/exploits/7363
CVE-2008-5586
	NOT-FOR-US: Check Up New Generation
CVE-2008-5585
	NOT-FOR-US: lcxBBportal
CVE-2008-5622
	REJECTED
CVE-2008-5621
	{DSA-1723-1}
	- phpmyadmin 4:2.11.8.1-5
CVE-2008-5584
	NOT-FOR-US: ProjectPier
CVE-2008-5583
	NOT-FOR-US: ProjectPier
CVE-2008-5582
	NOT-FOR-US: Nukedit
CVE-2008-5581
	NOT-FOR-US: mini-pub
CVE-2008-5580
	NOT-FOR-US: mini-pub
CVE-2008-5579
	NOT-FOR-US: mini-pub
CVE-2008-5578
	NOT-FOR-US: sCssBoard
CVE-2008-5577
	NOT-FOR-US: sCssBoard
CVE-2008-5576
	NOT-FOR-US: sCssBoard
CVE-2008-5575
	NOT-FOR-US: Pro Clan Manager
CVE-2008-5574
	NOT-FOR-US: Webmaster Marketplace
CVE-2008-5573
	NOT-FOR-US: Poll Pro
CVE-2008-5572
	NOT-FOR-US: Professional Download Assistant
CVE-2008-5571
	NOT-FOR-US: Professional Download Assistant
CVE-2008-5570
	NOT-FOR-US: Multiple Newsletters
CVE-2008-5569
	NOT-FOR-US: PHPepperShop
CVE-2008-5568
	NOT-FOR-US: IPN Pro
CVE-2008-5567
	NOT-FOR-US: Bonza Cart
CVE-2008-5566
	NOT-FOR-US: Multiple Newsletters
CVE-2008-5565
	NOT-FOR-US: DL PayCart
CVE-2008-5564
	NOT-FOR-US: Orb Networks Orb
CVE-2008-5563
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-5562
	NOT-FOR-US: ASPPortal
CVE-2008-5561
	NOT-FOR-US: Netref
CVE-2008-5560
	NOT-FOR-US: PostEcards
CVE-2008-5559
	NOT-FOR-US: PostEcards
CVE-2008-5558
	- asterisk 1:1.4.0~dfsg-1 (bug #509686)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-5557
	{DSA-1789-1 DTSA-188-1}
	- php5 5.2.6.dfsg.1-1 (bug #511493)
	[lenny] - php5 5.2.6.dfsg.1-1+lenny1
	NOTE: according to bug report, this was fixed in lenny prior to the release, but was not marked as such at the time
CVE-2008-6506
	- phpbb3 3.0.2-4 (low; bug #508872)
CVE-2008-5556
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5555
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5554
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5553
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5552
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5551
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5550
	NOT-FOR-US: Sun Java Web Console
CVE-2008-5549
	NOT-FOR-US: Sun Java Web Console
CVE-2008-5548
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5547
	NOT-FOR-US: HAURI ViRobot
CVE-2008-5546
	NOT-FOR-US: VirusBlokAda VBA32
CVE-2008-5545
	NOT-FOR-US: Trend Micro VSAPI
CVE-2008-5544
	NOT-FOR-US: Hacksoft The Hacker
CVE-2008-5543
	NOT-FOR-US: Symantec AntiVirus
CVE-2008-5542
	NOT-FOR-US: Sunbelt VIPRE
CVE-2008-5541
	NOT-FOR-US: Sophos Anti-Virus
CVE-2008-5540
	NOT-FOR-US: Webwasher
CVE-2008-5539
	NOT-FOR-US: RISING Antivirus
CVE-2008-5538
	NOT-FOR-US: Prevx Prevx1 2
CVE-2008-5537
	NOT-FOR-US: PC Tools AntiVirus
CVE-2008-5536
	NOT-FOR-US: Panda Antivirus
CVE-2008-5535
	NOT-FOR-US: Norman Antivirus
CVE-2008-5534
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2008-5533
	NOT-FOR-US: K7AntiVirus
CVE-2008-5532
	NOT-FOR-US: Ikarus Virus Utilities
CVE-2008-5531
	NOT-FOR-US: Fortinet Antivirus
CVE-2008-5530
	NOT-FOR-US: Ewido Security Suite
CVE-2008-5529
	NOT-FOR-US: CA eTrust Antivirus
CVE-2008-5528
	NOT-FOR-US: Aladdin eSafe
CVE-2008-5527
	NOT-FOR-US: ESET Smart Security
CVE-2008-5526
	NOT-FOR-US: DrWeb Anti-virus
CVE-2008-5525
	- clamav <not-affected> (medium; bug #526041)
	NOTE: this issue refers to a clamav antivirus bypass that occurs when the user
	NOTE: is using IE6 or IE7 to open a malicious page with an MZ header
	NOTE: - all other browsers are not vulnerable
	NOTE: - see http://xforce.iss.net/xforce/xfdb/47435 and bug report for details
CVE-2008-5524
	NOT-FOR-US: CAT-QuickHeal
CVE-2008-5523
	NOT-FOR-US: avast! antivirus
CVE-2008-5522
	NOT-FOR-US: AVG Anti-Virus
CVE-2008-5521
	NOT-FOR-US: Avira AntiVir
CVE-2008-5520
	NOT-FOR-US: AhnLab V3
CVE-2008-5519
	{DSA-1810-1}
	- libapache-mod-jk 1:1.2.26-2.1 (bug #523054)
CVE-2008-5518
	- geronimo <itp> (bug #481869)
CVE-2008-5517
	{DSA-1708-1}
	- git-core 1:1.5.6.5-2 (low; bug #512330)
CVE-2008-5516
	{DSA-1708-1}
	- git-core 1:1.5.6-1
CVE-2008-5515
	{DSA-2207-1}
	- tomcat5 <removed> (bug #532363)
	- tomcat5.5 <removed> (bug #532366)
	- tomcat6 6.0.20-1 (bug #532362)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2008-5514
	{DTSA-174-2}
	- uw-imap 2007b~dfsg-1.1 (medium; bug #510918)
	[etch] - uw-imap <not-affected> (Vulnerable code not present)
	- alpine 2.02-3.1 (low)
	[lenny] - alpine <no-dsa> (Minor issue)
	[squeeze] - alpine  2.00+dfsg-6+squeeze1
CVE-2008-5513
	{DSA-1707-1}
	- iceweasel 3.0.5-1
CVE-2008-5512
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5511
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5510
	{DSA-1707-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: patch will be checked for icedove/iceape/xulrunner by Alexander for next round
CVE-2008-5509
	RESERVED
CVE-2008-5508
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5507
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5506
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5505
	- iceweasel 3.0.5-1
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: patch now available and will be checked for next patch round
CVE-2008-5504
	{DSA-1707-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	[etch] - xulrunner <not-affected> (The vulnerable feature is only included in 1.8.1 branch)
	NOTE: Original fix for CVE-2008-3836 was incomplete
CVE-2008-5503
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceape 1.1.13-1
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.19-1 (low)
	NOTE: JavaScript for mails is disabled by default and if users enable it ...
CVE-2008-5502
	- iceweasel 3.0.5-1
	[etch] - iceweasel <not-affected> (Firefox 2.x not affected)
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Xulrunner 1.8 not affected)
	- icedove <not-affected> (This issue was FF3 only, CVE-2008-5500 affects icedove)
CVE-2008-5501
	- iceweasel 3.0.5-1
	[etch] - iceweasel <not-affected> (Firefox 2.x not affected)
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Xulrunner 1.8 not affected)
	- icedove <not-affected> (This issue was FF3 only, CVE-2008-5500 affects icedove)
CVE-2008-5500
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5499
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5498
	- php5 <not-affected> (php5 links to the shared lib)
	- libgd2 <not-affected> (code is specific to php's libgd)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361
CVE-2008-5497
	NOT-FOR-US: BandSite CMS
CVE-2008-5496
	NOT-FOR-US: PozScripts Business Directory Script
CVE-2008-5495
	NOT-FOR-US: GungHo LoadPrgAx
CVE-2008-5494
	NOT-FOR-US: Contact Information Module (com_contactinfo) component for Joomla!
CVE-2008-5493
	NOT-FOR-US: PHPStore Wholesales
CVE-2008-5492
	NOT-FOR-US: PDFVIEW.PdfviewCtrl.1
CVE-2008-5491
	NOT-FOR-US: SlimCMS
CVE-2008-5490
	NOT-FOR-US: PHPStore Yahoo Answers
CVE-2008-5489
	NOT-FOR-US: ClipShare
CVE-2008-5488
	NOT-FOR-US: E-topbiz Domain Shop
CVE-2008-5487
	NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-5486
	NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-5616
	{DSA-1782-1 DTSA-181-1}
	- mplayer 1.0~rc2-19 (low; bug #508803)
CVE-2008-XXXX [axel URL parser buffer overflow]
	- axel 2.2 (unimportant)
	[etch] - axel <no-dsa> (Minor issue)
	NOTE: http://alioth.debian.org/forum/forum.php?forum_id=2846
	NOTE: this only work for non-interactive sessions which is a quite exotic usecase
CVE-2008-5619
	- roundcube 0.1.1-9 (high; bug #508628; bug #536498)
	NOTE: According to the bug report, this is being exploited.
	- moodle 1.8.2.dfsg-2 (bug #508909)
	[etch] - moodle <not-affected> (Vulnerable code not present)
	NOTE: moodle recently copied roundcube's html2text due to their copy being non-free
	- mahara 1.1.3-1 (high; bug #524778)
	[lenny] - mahara <not-affected> (html2text.php wasn't yet included)
	- atmailopen <removed>
CVE-2008-5485
	REJECTED
CVE-2008-5484
	REJECTED
CVE-2008-5483
	REJECTED
CVE-2008-5482
	REJECTED
CVE-2008-5481
	REJECTED
CVE-2008-5480
	REJECTED
CVE-2008-5479
	REJECTED
CVE-2008-5478
	REJECTED
CVE-2008-5477
	REJECTED
CVE-2008-5476
	REJECTED
CVE-2008-5475
	REJECTED
CVE-2008-5474
	REJECTED
CVE-2008-5473
	REJECTED
CVE-2008-5472
	REJECTED
CVE-2008-5471
	REJECTED
CVE-2008-5470
	REJECTED
CVE-2008-5469
	REJECTED
CVE-2008-5468
	REJECTED
CVE-2008-5467
	REJECTED
CVE-2008-5466
	REJECTED
CVE-2008-5465
	REJECTED
CVE-2008-5464
	REJECTED
CVE-2008-5463
	NOT-FOR-US: BEA WebLogic
CVE-2008-5462
	NOT-FOR-US: BEA WebLogic
CVE-2008-5461
	NOT-FOR-US: BEA WebLogic
CVE-2008-5460
	NOT-FOR-US: BEA WebLogic
CVE-2008-5459
	NOT-FOR-US: BEA WebLogic
CVE-2008-5458
	NOT-FOR-US: Oracle
CVE-2008-5457
	NOT-FOR-US: Oracle
CVE-2008-5456
	NOT-FOR-US: Oracle
CVE-2008-5455
	NOT-FOR-US: Oracle
CVE-2008-5454
	NOT-FOR-US: Oracle
CVE-2008-5453
	REJECTED
CVE-2008-5452
	NOT-FOR-US: Oracle
CVE-2008-5451
	NOT-FOR-US: Oracle
CVE-2008-5450
	NOT-FOR-US: Oracle
CVE-2008-5449
	NOT-FOR-US: Oracle
CVE-2008-5448
	NOT-FOR-US: Oracle
CVE-2008-5447
	NOT-FOR-US: Oracle
CVE-2008-5446
	NOT-FOR-US: Oracle
CVE-2008-5445
	NOT-FOR-US: Oracle
CVE-2008-5444
	NOT-FOR-US: Oracle
CVE-2008-5443
	NOT-FOR-US: Oracle
CVE-2008-5442
	NOT-FOR-US: Oracle
CVE-2008-5441
	NOT-FOR-US: Oracle
CVE-2008-5440
	NOT-FOR-US: Oracle
CVE-2008-5439
	NOT-FOR-US: Oracle
CVE-2008-5438
	NOT-FOR-US: Oracle
CVE-2008-5437
	NOT-FOR-US: Oracle
CVE-2008-5436
	NOT-FOR-US: Oracle
CVE-2008-5435
	NOT-FOR-US: PunBB
CVE-2008-5434
	NOT-FOR-US: PunBB
CVE-2008-5433
	NOT-FOR-US: PunBB
CVE-2008-5432
	{DSA-1691-1}
	- moodle 1.8.2.dfsg-1 (bug #508593)
CVE-2008-5431
	NOT-FOR-US: Teamtek Universal FTP Server
CVE-2008-5430
	- icedove <unfixed> (unimportant)
	NOTE: crashes icedove, but no security impact
CVE-2008-5429
	NOT-FOR-US: Incredimail
CVE-2008-5428
	NOT-FOR-US: Opera
CVE-2008-5427
	NOT-FOR-US: Norton Internet Security
CVE-2008-5426
	NOT-FOR-US: Kaspersky Internet Security Suite
CVE-2008-5425
	NOT-FOR-US: NOD32
CVE-2008-5424
	NOT-FOR-US: Microsoft Outlook Express
CVE-2008-5423
	NOT-FOR-US: Sun Ray Software
CVE-2008-5422
	NOT-FOR-US: Sun Sun Ray Server Software
CVE-2008-5421
	NOT-FOR-US: NetWin SmsGate
CVE-2008-5420
	NOT-FOR-US: SAN Manager Master Agent
CVE-2008-5419
	NOT-FOR-US: SAN Manager Master Agent
CVE-2008-5418
	NOT-FOR-US: PunBB
CVE-2008-5417
	NOT-FOR-US: HP DECnet-Plus
CVE-2008-5416
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-5415
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-5414
	NOT-FOR-US: IBM WebSphere
CVE-2008-5413
	NOT-FOR-US: IBM WebSphere
CVE-2008-5412
	NOT-FOR-US: IBM WebSphere
CVE-2008-5411
	NOT-FOR-US: IBM WebSphere
CVE-2008-5410
	NOT-FOR-US: Solaris
CVE-2008-5409
	NOT-FOR-US: itDefender Free Edition and Antivirus Standard, BullGuard Internet Security and Software602 Groupware Server
CVE-2008-5408
	NOT-FOR-US: Symantec Backup Exec
CVE-2008-5407
	NOT-FOR-US: Symantec Backup Exec
CVE-2008-5406
	NOT-FOR-US: Apple QuickTime Player and iTunes
CVE-2008-5405
	NOT-FOR-US: Cain & Abel
CVE-2008-5404
	NOT-FOR-US: FlexCell
CVE-2008-5403
	NOT-FOR-US: Trillian
CVE-2008-5402
	NOT-FOR-US: Trillian
CVE-2008-5401
	NOT-FOR-US: Trillian
CVE-2008-5400
	NOT-FOR-US: mvnForum
CVE-2008-5399
	NOT-FOR-US: mvnForum
CVE-2008-5398
	- tor 0.2.0.32-1
CVE-2008-5397
	- tor 0.2.0.32-1 (bug #505178)
CVE-2008-5396
	{DSA-1699-1}
	- zaptel 1:1.4.11~dfsg-3
CVE-2008-5395
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5393
	NOT-FOR-US: Ubuntu Privacy Remix
CVE-2008-5392
	REJECTED
CVE-2008-5391
	REJECTED
CVE-2008-5390
	REJECTED
CVE-2008-5389
	REJECTED
CVE-2008-5388
	REJECTED
CVE-2008-5387
	NOT-FOR-US: IBM AIX
CVE-2008-5386
	NOT-FOR-US: IBM AIX
CVE-2008-5385
	NOT-FOR-US: IBM AIX
CVE-2008-5384
	NOT-FOR-US: IBM AIX
CVE-2008-5383
	NOT-FOR-US: National Instruments Electronics Workbench
CVE-2008-5382
	NOT-FOR-US: I-O firmware
CVE-2008-5381
	NOT-FOR-US: ffdshow
CVE-2008-5380
	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508595)
	[etch] - gpsdrive <no-dsa> (Minor issue)
	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5379
	- netdisco-mibs-installer 1.4 (low; bug #508940)
	[lenny] - netdisco-mibs-installer <no-dsa> (Contrib not supported)
CVE-2008-5378
	- arb 0.0.20071207.1-6 (low; bug #508942)
CVE-2008-5377
	- cups 1.3.8-1lenny1 (low)
	- cupsys <removed>
	[etch] - cupsys <no-dsa> (Example script)
CVE-2008-5376
	- crip 3.7-5 (low; bug #509275)
	[etch] - crip 3.7-3+etch1
CVE-2008-5375
	- cmus 2.2.0-1.1 (unimportant; bug #509277)
	NOTE: Just an example script
CVE-2008-5374
	- bash 4.0-2 (unimportant; bug #509279)
	NOTE: scripts are examples
CVE-2008-5373
	- bacula 2.4.0-1 (unimportant; bug #509301)
	NOTE: script is an example
CVE-2008-5372
	- sdm 0.4.1-1 (unimportant; bug #509331)
	NOTE: Not really a bug since only "touch" is used on the temp file
CVE-2008-5371
	- screenie 1.30.0-5.1 (low; bug #509332)
CVE-2008-5370
	- pvpgn 1.8.1-2 (low; bug #509336)
	[etch] - pvpgn <no-dsa> (Contrib not supported)
CVE-2008-5369
	- no-ip 2.1.9-1 (unimportant; bug #509348)
	NOTE: original issue doesn't seem to be present, however there is a tmprace in the init
	NOTE: script if it is used to debug with strace and a missing check for mkstemp failing
	NOTE: but these situations are really corner cases
CVE-2008-5368
	- muttprint 0.72d-10 (low; bug #509487)
	[etch] - muttprint 0.72d-8etch1
CVE-2008-5367
	- ppp <unfixed> (unimportant)
	NOTE: insecure temp file handling in udeb is not an issue, since it is during the installation
CVE-2008-5366
	- ppp <unfixed> (unimportant; bug #509488)
	NOTE: Package postinst isn't vulnerable, only .tmp files in /etc
CVE-2008-5365
	NOT-FOR-US: ActiveWebSoftwares
CVE-2008-5364
	NOT-FOR-US: getPlus
CVE-2008-5363
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5362
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5361
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5617
	- rsyslog 3.18.6-1 (bug #508027)
CVE-2008-5624
	{DSA-1789-1 DTSA-188-1}
	- php5 5.2.6.dfsg.1-1 (medium; bug #508021)
	- php4 <removed> (medium; bug #559787)
CVE-2008-5660
	- vinagre 0.5.1-2
CVE-2008-5360
	- sun-java5 1.5.0-17-0.1 (low; bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (low; bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5359
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5358
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5357
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (uses system's freetype library)
CVE-2008-5356
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (uses system's freetype library)
CVE-2008-5355
	- sun-java5 <not-affected> (Java update not used in Debian)
	- sun-java6 <not-affected> (Java update not used in Debian)
	- openjdk-6 <not-affected> (Java update not used in Debian)
CVE-2008-5354
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5353
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5352
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5351
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5350
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5349
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5348
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5347
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5346
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2008-5345
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (bug in plugin code)
	NOTE: For OpenJDK, see: http://mail.openjdk.java.net/pipermail/core-libs-dev/2009-June/001784.html
CVE-2008-5344
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5343
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5342
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5341
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5340
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5339
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5338
	NOT-FOR-US: Bandwebsite
CVE-2008-5337
	NOT-FOR-US: Bandwebsite
CVE-2008-5336
	NOT-FOR-US: WebStudio CMS
CVE-2008-5335
	NOT-FOR-US: PHP-Fusion
CVE-2008-5334
	NOT-FOR-US: NitroTech
CVE-2008-5333
	NOT-FOR-US: NitroTech
CVE-2008-5332
	NOT-FOR-US: Pie Web M{a,e}sher
CVE-2008-5331
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-5330
	NOT-FOR-US: ClearCase RWP IBM
CVE-2008-5329
	NOT-FOR-US: IBM
CVE-2008-5328
	NOT-FOR-US: IBM
CVE-2008-5327
	NOT-FOR-US: IBM
CVE-2008-5326
	NOT-FOR-US: IBM
CVE-2008-5325
	NOT-FOR-US: IBM
CVE-2008-5324
	NOT-FOR-US: IBM
CVE-2008-5658
	{DSA-1789-1 DTSA-188-1}
	- php5 5.2.6.dfsg.1-3 (bug #507857)
	- php4 <removed>
CVE-2008-5323
	NOT-FOR-US: Wysi Wiki Wyg
CVE-2008-5322
	NOT-FOR-US: Wysi Wiki Wyg
CVE-2008-5321
	NOT-FOR-US: XOOPS module
CVE-2008-5320
	NOT-FOR-US: e107
CVE-2008-5319
	- tikiwiki <removed>
CVE-2008-5318
	- tikiwiki <removed>
CVE-2008-5317
	{DSA-1684-1}
	- lcms 1.17-1
	- openjdk-6 6b16-1 (medium; bug #542210)
CVE-2008-5316
	{DSA-1684-1}
	- lcms 1.16-1
CVE-2008-5315
	NOT-FOR-US: Apple iPhone Configuration Web Utility
CVE-2008-XXXX [Insecure tmpdir creation]
	[lenny] - devscripts 2.10.35lenny1 (low)
	- devscripts 2.10.42 (low; bug #507482)
	[etch] - devscripts 2.9.26etch2
CVE-2008-XXXX [Insecure tempfile creation]
	- devscripts 2.10.42 (low; bug #508111)
	[etch] - devscripts <not-affected> (vulnerable code not present)
	[lenny] - devscripts 2.10.35lenny1 (low)
CVE-2008-5314
	{DSA-1680-1}
	- clamav 0.94.dfsg.2-1 (medium; bug #507624)
CVE-2008-5311
	NOT-FOR-US: NetArt Media Blog System
CVE-2008-5310
	NOT-FOR-US: NetArt Media Car Portal
CVE-2008-5309
	NOT-FOR-US: NetArt Media Real Estate Portal
CVE-2008-5308
	NOT-FOR-US: LoveCMS
CVE-2008-5307
	NOT-FOR-US: PG Roommate Finder Solution
CVE-2008-5306
	NOT-FOR-US: PG Real Estate Solution
CVE-2008-5305
	- twiki <removed> (medium; bug #508257)
CVE-2008-5304
	- twiki <removed> (low; bug #508256)
CVE-2008-5303
	{DSA-1678-1}
	- perl 5.10.0-18
CVE-2008-5302
	{DSA-1678-1}
	- perl 5.10.0-18
CVE-2008-5301
	- dovecot 1:1.0.15-2.3 (bug #506031)
CVE-2008-5300
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5296
	- gallery 1.5.9-1.2 (low; bug #506824)
	[etch] - gallery <not-affected> (vulnerable code introduced in 1.5.8-svn-b34)
CVE-2008-5295
	NOT-FOR-US: Jamit Job Board
CVE-2008-5294
	NOT-FOR-US: WebStudio eCatalogue
CVE-2008-5293
	NOT-FOR-US: WebStudio eHotel
CVE-2008-5292
	NOT-FOR-US: VideoGirls
CVE-2008-5291
	NOT-FOR-US: FuzzyLime
CVE-2008-5290
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5289
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5288
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5287
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5284
	NOT-FOR-US: IEA Software RadiusNT and RadiusX
CVE-2008-5283
	NOT-FOR-US: File Upload Manager
CVE-2008-5282
	NOTE: neither in Etch nor Lenny, removal has been proposed
	- amaya <removed> (bug #507587)
CVE-2008-5281
	NOT-FOR-US: Titan FTP Server
CVE-2008-5280
	NOT-FOR-US: Zilab Chat and Instant Messaging
CVE-2008-5279
	NOT-FOR-US: Zilab Chat and Instant Messaging
CVE-2008-5277
	- pdns 2.9.21.2-1 (low)
	[etch] - pdns <not-affected> (old version of HINFO parser)
CVE-2008-5275
	NOT-FOR-US: net2ftp
CVE-2008-5274
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-5273
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-5272
	NOT-FOR-US: SyndeoCMS
CVE-2008-5271
	NOT-FOR-US: SyndeoCMS
CVE-2008-5270
	NOT-FOR-US: Yuhhu Superstar
CVE-2008-5269
	NOT-FOR-US: pSys
CVE-2008-5268
	NOT-FOR-US: ASPPortal
CVE-2008-5267
	NOT-FOR-US: Experts
CVE-2008-5266
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-5265
	NOT-FOR-US: TNT Forum
CVE-2008-5264
	NOT-FOR-US: Tornado Knowledge Retrieval System
CVE-2008-5263
	NOT-FOR-US: ksquirrel
CVE-2008-5262
	{DSA-1717-1 DTSA-184-1}
	- devil 1.7.5-4 (low; bug #511844; bug #512122)
	NOTE: fix for 1.7.5-3 incomplete, see #512122
CVE-2008-5261
	RESERVED
CVE-2008-5260
	NOT-FOR-US: ActiveX
CVE-2008-5259
	NOT-FOR-US: DivX Web Player
CVE-2008-5258
	RESERVED
CVE-2008-5257
	NOT-FOR-US: WebSEAL
CVE-2008-5255
	RESERVED
CVE-2008-5254
	RESERVED
CVE-2008-5253
	RESERVED
CVE-2008-5252
	{DSA-1901-1 DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508870)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5251
	RESERVED
CVE-2008-5250
	{DSA-1901-1 DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508869)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5249
	{DSA-1901-1 DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508868)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5276
	- vlc 0.9.8a-1 (low)
	[etch] - vlc <not-affected> (vulnerable code not present)
	[lenny] - vlc <not-affected> (vulnerable code not present)
CVE-2008-7068
	{DTSA-188-1}
	- php5 5.2.6.dfsg.1-3 (bug #507101)
	[lenny] - php5 5.2.6.dfsg.1-1+lenny2
	- php4 <removed>
	NOTE: if a user has write access to a file he simply can use fopen()
CVE-2008-5278
	- wordpress 2.5.1-11 (low; bug #507193)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: introduced in 2.5
CVE-2008-5286
	{DSA-1677-1}
	- cups 1.3.8-1lenny4 (bug #507183; medium)
CVE-2008-XXXX [geda-gnetlist: sch2eaglepos.sh has insecure temp file handling ]
	- geda-gnetlist 1:1.4.0-3 (bug #506625; unimportant)
	NOTE: sch2eaglepos.sh only used as example script
CVE-2008-5248
	- xine-lib 1.1.14-3
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5247
	- xine-lib <unfixed> (unimportant; bug #508715)
	NOTE: a devide by 0 because of a crafted media file is hardly a security issue,
	NOTE: the integer overflows covered by the ocert advisory in the same code snippet
	NOTE: got an own identifier
CVE-2008-5246
	- xine-lib 1.1.14-3 (low; bug #507184; bug #498243)
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5245
	- xine-lib 1.1.14-3 (low)
	[etch] - xine-lib <not-affected> (The version from Etch doesn't yet perform pre-allocation)
CVE-2008-5244
	- xine-lib 1.1.14-3 (unimportant)
	- faad2 2.6.1-1 (unimportant)
	- mplayer 1.0~rc2-20 (unimportant; bug #407010)
	NOTE: overlaps with CVE-2008-4610, same aac issue
	NOTE: just a crasher, no security implications known so far
CVE-2008-5243
	- xine-lib 1.1.16-1 (bug #508716)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
	NOTE: these are just invalid reads that result in segfaults, denial of service doesnt
	NOTE: apply here as xine reading a file is no service -> application bug
CVE-2008-5242
	- xine-lib 1.1.16-1 (medium; bug #507165; bug #498243)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5241
	- xine-lib 1.1.16-1 (low; bug #509008)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5240
	- xine-lib 1.1.16-2 (low; bug #509352)
	[lenny] - xine-lib 1.1.14-5
	[squeeze] - xine-lib 1.1.14-5
CVE-2008-5239
	- xine-lib 1.1.16-2 (medium; bug #509353)
	[lenny] - xine-lib 1.1.14-5
	[squeeze] - xine-lib 1.1.14-5
CVE-2008-5238
	- xine-lib 1.1.14-3 (low)
	NOTE: code execution shouldn't work here as if 0xff will be extended to 0xffffffff
	NOTE: memcpy fails for copying from the complete addressable address space long before any code is executed
	NOTE: the malloc check for type_specific_data is missing, minor issue filed as #508065
CVE-2008-5237
	- xine-lib 1.1.16-1 (bug #509265; low)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5236
	- xine-lib 1.1.16-1 (bug #509521)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5235
	- xine-lib 1.1.14-3
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5234
	- xine-lib 1.1.16-1 (medium; bug #508313; bug #498243)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5233
	- xine-lib 1.1.14-3 (low)
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5232
	NOT-FOR-US: Microsoft Windows Media Services
CVE-2008-5231
	NOT-FOR-US: Novell iPrint
CVE-2008-5230
	NOT-FOR-US: WPA weakness
CVE-2008-5229
	NOT-FOR-US: Microsoft Device IO Control
CVE-2008-5228
	NOT-FOR-US: IBM Workplace Content Management
CVE-2008-5227
	NOT-FOR-US: PHPCow
CVE-2008-5226
	NOT-FOR-US: com_mambads component for Mambo
CVE-2008-5225
	NOT-FOR-US: Xerox DocuShare
CVE-2008-5224
	NOT-FOR-US: Kent Web Mart
CVE-2008-5223
	NOT-FOR-US: Airvae Commerce
CVE-2008-5222
	NOT-FOR-US: Dvbbs
CVE-2008-5221
	NOT-FOR-US: wPortfolio
CVE-2008-5220
	NOT-FOR-US: wPortfolio
CVE-2008-5219
	NOT-FOR-US: VideoScript
CVE-2008-5218
	NOT-FOR-US: ScriptsEz FREEze Greetings
CVE-2008-5217
	NOT-FOR-US: textCMS
CVE-2008-5216
	NOT-FOR-US: AJ Square ZeusCart
CVE-2008-5215
	NOT-FOR-US: ClanLite
CVE-2008-5214
	NOT-FOR-US: ClanLite
CVE-2008-5213
	NOT-FOR-US: AJ Article
CVE-2008-5212
	NOT-FOR-US: AJ Auction
CVE-2008-5211
	NOT-FOR-US: Sphider
CVE-2008-5210
	NOT-FOR-US: PhpBlock
CVE-2008-5209
	NOT-FOR-US: Admidio
CVE-2008-5208
	NOT-FOR-US: Datsogallery joomla module
CVE-2008-5207
	NOT-FOR-US: Jonascms
CVE-2008-5206
	NOT-FOR-US: MosXML
CVE-2008-5205
	NOT-FOR-US: wellyblog
CVE-2008-5204
	NOT-FOR-US: PowerAward
CVE-2008-5203
	NOT-FOR-US: PowerAward
CVE-2008-5202
	NOT-FOR-US: OTManager CMS
CVE-2008-5201
	NOT-FOR-US: OTManager CMS
CVE-2008-5200
	NOT-FOR-US: Xe webtv
CVE-2008-5199
	NOT-FOR-US: PHPOutsourcing IdeaBox
CVE-2008-5198
	NOT-FOR-US: Acmlmboard
CVE-2008-5197
	NOT-FOR-US: PHP-Fusion
CVE-2008-5196
	NOT-FOR-US: Kroax
CVE-2008-5195
	NOT-FOR-US: SebracCMS
CVE-2008-5194
	NOT-FOR-US: SoftVisions Software Online Booking Manager
CVE-2008-5193
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-5192
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-5191
	NOT-FOR-US: SePortal
CVE-2008-5190
	NOT-FOR-US: eSHOP100
CVE-2008-5285
	[lenny] - wireshark 1.0.2-3+lenny3
	- wireshark 1.0.5-1 (low; bug #506741)
CVE-2008-5394
	{DSA-1709-1}
	- shadow 1:4.1.1-6 (bug #505271)
CVE-2008-5706
	- verlihub <removed> (low; bug #506530)
CVE-2008-5705
	- verlihub <removed> (low; bug #506530)
CVE-2008-5189
	- rails 2.1.0-6 (low)
CVE-2008-5188
	- ecryptfs-utils 66-1 (low)
	[lenny] - ecryptfs-utils <no-dsa> (Minor issue)
CVE-2008-5184
	- cups 1.3.8-1
	[etch] - cupsys <not-affected> (cupsys doesn't crash, code base changed, guest username not submitted)
CVE-2008-5182
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5181
	NOT-FOR-US: Microsoft Communicator
CVE-2008-5180
	NOT-FOR-US: Microsoft Communicator
CVE-2008-5179
	NOT-FOR-US: Microsoft Office Communications Server
CVE-2008-5178
	NOT-FOR-US: Opera on Windows
CVE-2008-5177
	NOT-FOR-US: Yosemite Backup
CVE-2008-5176
	NOT-FOR-US: WinCom LPD
CVE-2008-5187
	{DSA-1672-1}
	- imlib2 1.4.0-1.2 (bug #505714)
CVE-2008-5625
	- php5 <removed> (unimportant)
	NOTE: http://securityreason.com/achievement_securityalert/57
CVE-2008-5312
	- mailscanner 4.74.16-1 (bug #506353)
	[etch] - mailscanner <no-dsa> (Minor issue)
	NOTE: there is no difference apart from the versions to CVE-2008-5313
CVE-2008-5313
	- mailscanner 4.74.16-1 (bug #506353)
	[etch] - mailscanner <no-dsa> (Minor issue)
	NOTE: there is no difference apart from the versions to CVE-2008-5312
CVE-2008-5175
	NOT-FOR-US: AceFTP
CVE-2008-5174
	NOT-FOR-US: Jokes Complete Website
CVE-2008-5173
	NOT-FOR-US: testMaker
CVE-2008-5172
	NOT-FOR-US: Yazd Forum Software
CVE-2008-5171
	NOT-FOR-US: phpBLASTER CMS
CVE-2008-5170
	NOT-FOR-US: Cheats Complete Website
CVE-2008-5169
	NOT-FOR-US: Drinks Complete Website
CVE-2008-5168
	NOT-FOR-US: Tips Complete Website
CVE-2008-5167
	NOT-FOR-US: Orca Interactive Forum Script
CVE-2008-5166
	NOT-FOR-US: Riddles Website
CVE-2008-5165
	NOT-FOR-US: eTicket
CVE-2008-5164
	NOT-FOR-US: The Rat CMS
CVE-2008-5163
	NOT-FOR-US: The Rat CMS
CVE-2008-5162
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.1-1
	[lenny] - kfreebsd-7 7.0-7lenny1
CVE-2008-5161
	- openssh 1:5.1p1-5 (low; bug #506115)
	[etch] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv)
CVE-2008-5185
	{DTSA-179-1}
	- geshi 1.0.8.1-1 (medium)
CVE-2008-5160
	- msp-webserver <removed> (bug #506268)
CVE-2008-5159
	NOT-FOR-US: WinCom LPD
CVE-2008-5158
	NOT-FOR-US: WinCom LPD
CVE-2008-5157
	- tau 2.16.4-1.3 (bug #506348)
	[etch] - tau <no-dsa> (Minor issue)
CVE-2008-5156
	- systemimager <removed> (bug #506269)
	[etch] - systemimager <no-dsa> (Minor issue)
CVE-2008-5155
	- smsclient <unfixed> (unimportant; bug #498901)
CVE-2008-5154
	- p3nfs 5.19-1.2 (low; bug #506270)
	[etch] - p3nfs <no-dsa> (Minor issue)
CVE-2008-5153
	{DSA-1724-1}
	- moodle 1.8.2.2dfsg-4
	[lenny] - moodle 1.8.2.dfsg-3+lenny1
	NOTE: manual editing of file is required to run the unsafe code
CVE-2008-5152
	- mh-book <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5151
	- mayavi <unfixed> (unimportant)
	NOTE: just a comment, not code
CVE-2008-5150
	- maildirsync <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5149
	- ncbi-tools6 6.1.20080302-4 (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5148
	- geda-gnetlist <unfixed> (unimportant)
	NOTE: unsafe code is an example script
CVE-2008-5147
	- docvert 3.4-7 (unimportant)
	NOTE: unsafe code is in test script with multiple hardcoded files
CVE-2008-5146
	- ctn <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5145
	- ltp 20060918-3 (low; bug #506272)
	[etch] - ltp <no-dsa> (Minor issue)
	NOTE: this is not the same as CVE-2008-4969
CVE-2008-5144
	- nvidia-cg-toolkit <unfixed> (unimportant)
	NOTE: -installer can be run from postinst but unsafe code is only executed when a special option is used when manually running the installer
CVE-2008-5143
	[etch] - multi-gnome-terminal <no-dsa> (Symlink issue not run as root)
	- multi-gnome-terminal <removed>
CVE-2008-5142
	- freebsd-sendpr <unfixed> (unimportant)
	NOTE: code is only executed when the script to send bug reports fails
CVE-2008-5141
	{DSA-1676-1}
	- flamethrower 0.1.8-2 (low; bug #506350)
CVE-2008-5140
	- mailscanner 4.57.6-1 (unimportant)
	NOTE: script should only be used when the private Trend Micro antivirus is installed
CVE-2008-5139
	{DSA-1674-1}
	- jailer 0.4-10 (bug #410548; low)
CVE-2008-5138
	- libpam-mount 1.2+gitaa4791f-1 (low)
	[lenny] - libpam-mount 0.44-1+lenny2
CVE-2008-5137
	- tkman 2.2-4 (low; bug #506496)
	[etch] - tkman 2.2-2etch1
CVE-2008-5136
	[etch] - tkusr <no-dsa> (Minor issue)
	- tkusr <removed> (low)
CVE-2008-5135
	- os-prober <unfixed> (unimportant)
CVE-2008-5134
	{DSA-1681-1}
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5133
	NOT-FOR-US: ipnat
CVE-2008-5183
	{DSA-2176-1}
	- cups 1.3.9-13 (low; bug #506180)
	[lenny] - cups <no-dsa> (Minor issue)
	[etch] - cupsys <not-affected> (RSS subscription code not yet present)
CVE-2008-5297
	{DSA-1686-1}
	- no-ip 2.1.7-11 (bug #506179)
CVE-2008-5132
	NOT-FOR-US: MemHT Portal
CVE-2008-5131
	NOT-FOR-US: Develop It Easy News And Article System
CVE-2008-5130
	NOT-FOR-US: Ocean12 software
CVE-2008-5129
	NOT-FOR-US: Ocean12 software
CVE-2008-5128
	NOT-FOR-US: Ocean12 software
CVE-2008-5127
	NOT-FOR-US: Ocean12 software
CVE-2008-5126
	NOT-FOR-US: BoutikOne
CVE-2008-5125
	NOT-FOR-US: CCleague Pro
CVE-2008-5124
	NOT-FOR-US: JSCAPE Secure FTP Applet
CVE-2008-5123
	NOT-FOR-US: CCleague Pro
CVE-2008-5122
	NOT-FOR-US: Ektron CMS400.NET
CVE-2008-5121
	NOT-FOR-US: Citrix Deterministic Network Enhancer
CVE-2008-5120
	NOT-FOR-US: MultiNet finger service
CVE-2008-5119
	NOT-FOR-US: Scripts4Profit DXShopCart
CVE-2008-5118
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5117
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5116
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5115
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5114
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5112
	NOT-FOR-US: Microsoft
CVE-2008-5111
	NOT-FOR-US: Solaris
CVE-2008-5109
	NOT-FOR-US: Adobe Flash Media Server
CVE-2008-5108
	NOT-FOR-US: Adobe AIR
CVE-2008-5107
	NOT-FOR-US: Citrix PS
CVE-2008-5106
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2008-5105
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2008-5104
	NOT-FOR-US: VMBuilder
CVE-2008-5103
	NOT-FOR-US: VMBuilder
CVE-2008-5102
	- zope2.10 <unfixed> (unimportant)
	NOTE: this only affects installations in which users have unrestricted access to the management
	NOTE: interface. On Debian there one admin user is added for this at installation time and
	NOTE: non-trustworthy users shouldn't have access to the interface.
	- zope3 <not-affected> (Vulnerable code not present)
CVE-2008-5100
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-5099
	NOT-FOR-US: Sun Logical Domain Manager
CVE-2008-5098
	NOT-FOR-US: Sun Java System Messaging Serve
CVE-2008-5110
	- syslog-ng 2.0.9-4.1 (unimportant; bug #505791)
	NOTE: no security flaw by itself, still it should be fixed
CVE-2008-5097
	NOT-FOR-US: MyFWB
CVE-2008-5096
	NOT-FOR-US: Typo3 third party extension "file_list"
CVE-2008-5095
	NOT-FOR-US: Novell User Application
CVE-2008-5094
	NOT-FOR-US: eDirectory
CVE-2008-5093
	NOT-FOR-US: eDirectory
CVE-2008-5092
	NOT-FOR-US: eDirectory
CVE-2008-5091
	NOT-FOR-US: eDirectory
CVE-2008-5090
	NOT-FOR-US: Advanced Electron Forum
CVE-2008-5089
	NOT-FOR-US: Data Dynamics ActiveReports ActiveX control
CVE-2008-5088
	NOT-FOR-US: PHPKB
CVE-2008-5087
	NOT-FOR-US: wrg_anotherbelogin extension for typo3
CVE-2008-5086
	- libvirt 0.4.6-10
CVE-2008-5085
	RESERVED
CVE-2008-5084
	RESERVED
CVE-2008-5083
	RESERVED
	NOT-FOR-US: Red Hat JBoss Operations Network
CVE-2008-5082
	NOT-FOR-US: Red Hat Certificate System
CVE-2008-5081
	{DSA-1690-1 DTSA-189-1}
	- avahi 0.6.23-3 (bug #508700; low)
CVE-2008-5080
	{DSA-1679-1}
	- awstats 6.7.dfsg-5.1 (bug #495432; low)
CVE-2008-5079
	{DSA-1787-1 DSA-1687-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 <removed>
	NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
CVE-2008-5078
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-5077
	{DSA-1701-1}
	- openssl 0.9.8g-15
CVE-2008-5075
	NOT-FOR-US: E-Uploader Pro
CVE-2008-5074
	NOT-FOR-US: Freshlinks module for PHP-Fusion
CVE-2008-5073
	NOT-FOR-US: Novell ZENworks ActiveX control
CVE-2008-5072
	NOT-FOR-US: K-Lite Mega Codec Pack
CVE-2008-5071
	NOT-FOR-US: Yoxel
CVE-2008-5070
	NOT-FOR-US: Pro Chat Rooms
CVE-2008-5069
	NOT-FOR-US: Panuwat PromoteWeb MySQL
CVE-2008-5068
	NOT-FOR-US: Kmita Gallery
CVE-2008-5067
	NOT-FOR-US: Kmita Catalogue
CVE-2008-5066
	NOT-FOR-US: Agares Media ThemeSiteScript
CVE-2008-5065
	NOT-FOR-US: TlGuestBook
CVE-2008-5064
	NOT-FOR-US: H&H WebSoccer
CVE-2008-5063
	NOT-FOR-US: OTManager
CVE-2008-5062
	NOT-FOR-US: Mini Web Calendar
CVE-2008-5061
	NOT-FOR-US: Mini Web Calendar
CVE-2008-5060
	NOT-FOR-US: ModernBill
CVE-2008-5059
	NOT-FOR-US: ModernBill
CVE-2008-5058
	NOT-FOR-US: Pre Simple CMS
CVE-2008-5057
	NOT-FOR-US: Yigit Aybuga Dizi Portali
CVE-2008-5056
	NOT-FOR-US: ActiveCampaign TrioLive
CVE-2008-5055
	NOT-FOR-US: ActiveCampaign TrioLive
CVE-2008-5054
	NOT-FOR-US: Develop It Easy Membership System
CVE-2008-5053
	NOT-FOR-US: com_rssreader component for Joomla!
CVE-2008-5052
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5051
	NOT-FOR-US: joomla
CVE-2008-5049
	NOT-FOR-US: ISecSoft Anti-Keylogger
CVE-2008-5048
	NOT-FOR-US: ISecSoft Anti-Trojan
CVE-2008-5047
	NOT-FOR-US: Mole Group Rental Script
CVE-2008-5046
	NOT-FOR-US: Mole Group Pizza Script
CVE-2008-5045
	NOT-FOR-US: Network-Client FTP Now
CVE-2008-5044
	NOT-FOR-US: Microsoft Windows
CVE-2008-5043
	NOT-FOR-US: IBM Metrica Service Assurance Framework
CVE-2008-5042
	NOT-FOR-US: Zeeways PhotoVideoTube
CVE-2008-5041
	NOT-FOR-US: Sweex RO002 Router
CVE-2008-5040
	NOT-FOR-US: Graphiks MyForum
CVE-2008-5039
	NOT-FOR-US: PHP-Nuke
CVE-2008-5038
	NOT-FOR-US: Novell eDirectory
CVE-2008-5037
	NOT-FOR-US: ElkaGroup Image Gallery
CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend]
	- typo3-src 4.2.3-1 (bug #505326)
	[etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected)
CVE-2008-5919
	- websvn 2.0-4 (bug #503330)
	[etch] - websvn <not-affected> (vulnerable code not present)
CVE-2008-5918
	- websvn 2.0-4 (bug #503330)
	[etch] - websvn <not-affected> (vulnerable code not present)
CVE-2008-5033
	- linux-2.6 2.6.26-11
	- linux-2.6.24 <not-affected> (Vulnerable code not present; different ioctls3B)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present; different ioctls)
CVE-2008-5031
	- python2.5 2.5.2-11.1
	[etch] - python2.5 <no-dsa> (Minor issue)
	[etch] - python2.4 <no-dsa> (Minor issue)
	- python2.4 2.4.5-6 (low; bug #507317; bug #504620)
	NOTE: definitely fixed in 2.5.2-11.1 for lenny/unstable (svn-updates.dpatch)
	NOTE: maybe fixed earlier, doko is not able to tell the exact version atm
CVE-2008-5030
	{DSA-1665-1}
	- libcdaudio 0.99.12p2-7 (bug #505478)
CVE-2008-5024
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5023
	{DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- iceape 1.1.13-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-5022
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- xulrunner 1.9.0.4-1
	- iceweasel 3.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5021
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5020
	REJECTED
CVE-2008-5019
	{DSA-1671-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: patch for xulrunner currently not suitable, Alexander will check this further
CVE-2008-5018
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5017
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5016
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
	[etch] - iceweasel <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - xulrunner <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - iceape <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - icedove <not-affected> (Doesn't affect Firefox 2.x et al)
CVE-2008-5015
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	[etch] - iceweasel <not-affected> (Doesn't affect Firefox 2.x)
	[etch] - xulrunner <not-affected> (Doesn't affect Firefox 2.x)
CVE-2008-5014
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5013
	{DSA-1697-1 DSA-1671-1 DSA-1669-1}
	- iceape 1.1.13-1
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
CVE-2008-5012
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceape 1.1.13-1
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.19-1
CVE-2008-5010
	NOT-FOR-US: in.dhcpd
CVE-2008-5101
	- optipng 0.6.1.1-1 (bug #505399)
	[etch] - optipng <not-affected> (Vulnerable code not present referring to upstream)
CVE-2008-5035
	NOT-FOR-US: IBM Hardware Management Console
CVE-2008-5026
	NOT-FOR-US: Microsoft
CVE-2008-5011
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-5009
	NOT-FOR-US: Sun Solstice X.25
CVE-2008-5025
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5029
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5008
	- libsamplerate 0.1.4-1 (low)
	[etch] - libsamplerate <no-dsa> (Minor issue)
CVE-2008-5006
	{DSA-1685-1 DTSA-174-1 DTSA-174-2}
	- uw-imap 7:2007d~dfsg-1
CVE-2008-5005
	{DSA-1685-1 DTSA-174-1 DTSA-174-2}
	[lenny] - uw-imap 2007b~dfsg-4+lenny1
	- uw-imap 7:2007d~dfsg-1
	- alpine <not-affected> (vulnerable code present but tmail/dmail wont be installed)
CVE-2008-5004
	NOT-FOR-US: myWebland Bloggie Lite
CVE-2008-5003
	NOT-FOR-US: Shahrood
CVE-2008-5002
	NOT-FOR-US: ActiveX
CVE-2008-5001
	NOT-FOR-US: UltraVNC
CVE-2008-5000
	NOT-FOR-US: PHPX
CVE-2008-4999
	NOT-FOR-US: Nortel Networks UNIStim IP Phone
CVE-2008-4997
	- pilot-qof <unfixed> (unimportant; bug #496429)
CVE-2008-4996
	- initramfs-tools <unfixed> (unimportant; bug #496386)
CVE-2008-4992
	NOT-FOR-US: Sun System Firmware
CVE-2008-5050
	{DSA-1680-1}
	- clamav 0.94.dfsg.1-1 (bug #505134)
CVE-2008-4991
	NOT-FOR-US: LOCKON CO.,LTD. EC-CUBE
CVE-2008-XXXX [yzis insecure temp file]
	- yzis 1.0~alpha1-2 (bug #504680)
CVE-2008-5113
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.5.1-10 (bug #504771)
CVE-2008-4990
	NOT-FOR-US: Enomalism
CVE-2008-4989
	{DSA-1719-1}
	- gnutls26 2.4.2-3 (bug #505360)
	- gnutls13 <removed>
CVE-2008-4963
	NOT-FOR-US: Cisco IOS and CatOS
CVE-2008-4962
	RESERVED
CVE-2008-4961
	RESERVED
CVE-2008-4953
	- firehol <unfixed> (unimportant; bug #496424)
	NOTE: attack unfeasible because of $$-${RANDOM}-${RANDOM}
CVE-2008-4950
	- dpkg-cross <unfixed> (unimportant; bug #496413)
	NOTE: executed under a chroot when a package failed to cross-build
CVE-2008-4938
	- aegis 4.24-3.1 (low; bug #496400)
	[etch] - aegis <no-dsa> (Minor issue)
CVE-2008-4934
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4933
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4932
	NOT-FOR-US: U-Mail Webmail server
CVE-2008-XXXX [universalindentgui insecure usage of temp files]
	- universalindentgui 0.8.1-1.2 (low; bug #504726)
CVE-2008-5032
	{DSA-1819-1 DTSA-176-1}
	- vlc 0.8.6.h-5 (medium; bug #504639)
CVE-2008-5036
	- vlc 1.0.3-1 (low)
	[etch] - vlc <not-affected> (Vulnerable code not present in 0.8.x)
	[lenny] - vlc <not-affected> (Vulnerable code not present in 0.8.x)
CVE-2008-4931
	NOT-FOR-US: firmCHANNEL Digital Signage
CVE-2008-4930
	NOT-FOR-US: MyBB
CVE-2008-4929
	NOT-FOR-US: MyBB
CVE-2008-4928
	NOT-FOR-US: MyBB
CVE-2008-4927
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-4926
	NOT-FOR-US: MW6 Technologies PDF417 ActiveX
CVE-2008-4925
	NOT-FOR-US: MW6 Technologies DataMatrix ActiveX
CVE-2008-4924
	NOT-FOR-US: MW6 Technologies 1D Barcode ActiveX
CVE-2008-4923
	NOT-FOR-US: MW6 Technologies Aztec ActiveX
CVE-2008-4922
	NOT-FOR-US: DjVu ActiveX
CVE-2008-4921
	NOT-FOR-US: Chipmunk CMS
CVE-2008-4920
	REJECTED
CVE-2008-4919
	NOT-FOR-US: eXPert PDF Viewer X ActiveX
CVE-2008-4918
	NOT-FOR-US: SonicOS Enhanced
CVE-2008-5027
	- nagios3 <removed> (unimportant)
	NOTE: the nagios process shouldnt have rights to execute important commands and non-trusted
	NOTE: users shouldn't have access to nagios anyway
CVE-2008-5028
	- nagios3 3.0.6-1 (low; bug #504894)
	[etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs admin's browser)
CVE-2008-4917
	NOT-FOR-US: VMware Workstation
CVE-2008-4916
	NOT-FOR-US: VMWare
CVE-2008-4915
	NOT-FOR-US: VMware Workstation
CVE-2008-4914
	NOT-FOR-US: VMware
CVE-2008-4913
	NOT-FOR-US: LokiCMS
CVE-2008-4912
	NOT-FOR-US: RS MAXSOFT
CVE-2008-4911
	NOT-FOR-US: Chattaitaliano Istant-Replay
CVE-2008-4910
	NOT-FOR-US: Sun Java Web Start
CVE-2008-4909
	NOT-FOR-US: CompactCMS
CVE-2008-4908
	- crossfire-maps 1.11.0-2 (low; bug #496358; bug #504561)
	[etch] - crossfire-maps <no-dsa> (Minor issue)
CVE-2008-4906
	NOT-FOR-US: Lyrics (lyrics_menu) plugin for e107
CVE-2008-4905
	- typo <itp> (bug #379399)
CVE-2008-4904
	- typo <itp> (bug #379399)
CVE-2008-4903
	- typo <itp> (bug #379399)
CVE-2008-4902
	NOT-FOR-US: Article Publisher
CVE-2008-4901
	NOT-FOR-US: Article Publisher
CVE-2008-4900
	NOT-FOR-US: YourFreeWorld Classifieds
CVE-2008-4899
	NOT-FOR-US: Planetluc RateMe
CVE-2008-4898
	NOT-FOR-US: Planetluc RateMe
CVE-2008-4897
	NOT-FOR-US: Logz podcast CMS
CVE-2008-4896
	NOT-FOR-US: Logz CMS
CVE-2008-4895
	NOT-FOR-US: YourFreeWorld Downline
CVE-2008-4894
	NOT-FOR-US: Tribiq CMS
CVE-2008-4893
	NOT-FOR-US: Tribiq CMS
CVE-2008-4892
	NOT-FOR-US: Planetluc MyGallery
CVE-2008-4891
	NOT-FOR-US: SignMe
CVE-2008-4890
	NOT-FOR-US: 1st News 4 Professional
CVE-2008-4889
	NOT-FOR-US: deV!L'z Clanportal
CVE-2008-4888
	NOT-FOR-US: NetRisk 2.0
CVE-2008-4887
	NOT-FOR-US: NetRisk 2.0
CVE-2008-4886
	NOT-FOR-US: YourFreeWorld Shopping
CVE-2008-4885
	NOT-FOR-US: YourFreeWorld Scrolling Text
CVE-2008-4884
	NOT-FOR-US: YourFreeWorld Classifieds
CVE-2008-4883
	NOT-FOR-US: YourFreeWorld Blog Blaster
CVE-2008-4882
	NOT-FOR-US: YourFreeWorld Autoresponder
CVE-2008-4881
	NOT-FOR-US: YourFreeWorld Reminder
CVE-2008-4880
	NOT-FOR-US: Maran PHP Shop
CVE-2008-4879
	NOT-FOR-US: Maran PHP Shop
CVE-2008-4907
	- dovecot 1:1.1.7-1 (low)
	[etch] - dovecot <not-affected> (Vulnerable code not present prior to 1.1.4)
	[lenny] - dovecot <not-affected> (Vulnerable code not present prior to 1.1.4)
CVE-2008-5186
	{DTSA-179-1}
	- geshi 1.0.8.1-1 (bug #504445)
	NOTE: its rather an application bug if the input to set_language_path is unfiltered user input
	NOTE: http://comments.gmane.org/gmane.comp.security.oss.general/1152
	- dokuwiki 0.0.20080505-3.1 (unimportant; bug #504682)
	NOTE: DokuWiki passes a static string to $path parameter
	- pgfouine 1.0-1.1 (unimportant; bug #504681)
	NOTE: pgfouine too does not override default language files path
CVE-2008-6432
	REJECTED
CVE-2008-4878
	NOT-FOR-US: WebCards
CVE-2008-4877
	NOT-FOR-US: WebCards
CVE-2008-4876
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4875
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4874
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4873
	NOT-FOR-US: Sepal SPBOARD
CVE-2008-4872
	NOT-FOR-US: iTechBids Gold
CVE-2008-4871
	NOT-FOR-US: My Little Forum
CVE-2008-4870
	- dovecot <unfixed> (unimportant)
	NOTE: by default this file doesnt containt sensitive information and administrator
	NOTE: changing this should ensure on its own that the mode is secure
CVE-2008-4869
	- ffmpeg-debian 0.svn20080206-15 (unimportant; bug #504977)
	NOTE: A regular bug, but hardly a security issue
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
CVE-2008-4868
	- ffmpeg <not-affected> (Vulnerable code not present)
	- ffmpeg-debian <not-affected> (Vulnerable code not present)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	[etch] - mplayer <not-affected> (Vulnerable code not present)
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4867
	- ffmpeg 0.svn20080206-14
	- ffmpeg-debian 0.svn20080206-14 (bug #504977)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	[etch] - mplayer <not-affected> (Vulnerable code not present)
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4866
	{DSA-1782-1}
	- ffmpeg 0.svn20080206-14
	- ffmpeg-debian 0.svn20080206-14 (bug #504977)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4865
	- valgrind 1:3.3.1-3 (unimportant; bug #507312)
	NOTE: That's hardly an issue
CVE-2008-4864
	- python2.5 2.5.2-12 (low; bug #504619)
	[etch] - python2.5 <no-dsa> (Minor issue)
	- python2.4 2.4.5-6 (low; bug #504620)
	[etch] - python2.4 <no-dsa> (Minor issue)
CVE-2008-4863
	- blender 2.46+dfsg-5 (bug #503632; low)
	[etch] - blender 2.42a-8
	NOTE: minor issue fixed in etch r6 point update
CVE-2008-4862
	REJECTED
CVE-2008-4861
	REJECTED
CVE-2008-4860
	REJECTED
CVE-2008-4859
	REJECTED
CVE-2008-4858
	REJECTED
CVE-2008-4857
	REJECTED
CVE-2008-4856
	REJECTED
CVE-2008-4855
	REJECTED
CVE-2008-4854
	REJECTED
CVE-2008-4853
	REJECTED
CVE-2008-4852
	REJECTED
CVE-2008-4851
	REJECTED
CVE-2008-4850
	REJECTED
CVE-2008-4849
	REJECTED
CVE-2008-4848
	REJECTED
CVE-2008-4847
	REJECTED
CVE-2008-4846
	REJECTED
CVE-2008-4845
	REJECTED
CVE-2008-4844
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4843
	REJECTED
CVE-2008-4842
	REJECTED
CVE-2008-4841
	NOT-FOR-US: Microsoft Windows
CVE-2008-4840
	REJECTED
CVE-2008-4839
	REJECTED
CVE-2008-4838
	REJECTED
CVE-2008-4837
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4836
	REJECTED
CVE-2008-4835
	NOT-FOR-US: Windows
CVE-2008-4834
	NOT-FOR-US: Windows
CVE-2008-4833
	REJECTED
CVE-2008-4832
	NOT-FOR-US: rPath
CVE-2008-4831
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-4830
	NOT-FOR-US: KWEdit ActiveX control
CVE-2008-4829
	{DSA-1683-1}
	- streamripper 1.63.5-2 (bug #506377)
CVE-2008-4828
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2008-4827
	NOT-FOR-US: ComponentOne SizerOne
CVE-2008-4826
	REJECTED
CVE-2008-4825
	NOT-FOR-US: UltraISO
CVE-2008-4824
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4823
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4822
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4821
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4820
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4819
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4818
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4817
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4816
	NOT-FOR-US: Adobe Reader on Windows
CVE-2008-4815
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4814
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4813
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4812
	NOT-FOR-US: Adobe Reader Explorer extension
CVE-2008-4811
	{DSA-1691-1}
	- smarty 2.6.26-0.1 (bug #504328)
	[lenny] - smarty <no-dsa> (Minor issue, fix will change behaviour)
	[etch] - smarty <no-dsa> (Minor issue, fix will change behaviour)
	- moodle 1.8.2-2 (bug #504345)
	- gallery2 2.2.5-2
	NOTE: This attack vector is *not* fixed in r2797
CVE-2008-4810
	{DSA-1919-1 DSA-1691-1}
	- smarty 2.6.26-0.1 (bug #504328)
	- moodle 1.8.2-2 (bug #504345)
	- gallery2 2.2.5-2
	NOTE: This attack vector is fixed in r2797
CVE-2008-4809
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4808
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4807
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4806
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4805
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4804
	NOT-FOR-US: NFU Gallery module 1.3 for PHP-Nuke
CVE-2008-4803
	NOT-FOR-US: Simple PHP Scripts gallery
CVE-2008-4802
	NOT-FOR-US: Simple PHP Scripts blog
CVE-2008-5076
	- htop 0.8.1-2 (unimportant; bug #504144)
	NOTE: That scenario is too constructed to call it a security issue, especially
	NOTE: given that the standard top will display the maliciously hidden processes
	NOTE: just fine.
CVE-2008-5256
	- virtualbox-ose 1.6.6-dfsg-3 (low; bug #504149)
CVE-2008-4801
	NOT-FOR-US: SQL CAD service
CVE-2008-4800
	NOT-FOR-US: ActiveX control
CVE-2008-4799
	- netpbm-free <not-affected> (Vulnerable code not present)
CVE-2008-4798
	NOT-FOR-US: WebGUI
CVE-2008-4797
	NOT-FOR-US: Arihiro Kurata Kantan WEB Server
CVE-2008-4796
	{DSA-1871-2 DSA-1871-1 DSA-1691-1}
	- libphp-snoopy 1.2.4-1 (bug #504168; medium)
	- ampache 3.4.1-2 (bug #504169)
	- mahara 1.0.5-2 (bug #504170)
	[lenny] - mahara 1.0.4-3
	- pixelpost 1.7.1-5 (bug #504171)
	- mediamate 0.9.3.6-5 (bug #504172; unimportant)
	NOTE: mediamate does not use snoopy in https requests
	- opendb <removed> (unimportant; bug #504173)
	- wordpress 2.5.1-9 (bug #504234)
	- moodle 1.8.2-2 (bug #504235)
	- gforge-plugin-scmcvs <removed>
	[etch] - gforge-plugin-scmcvs <not-affected> (Snoopy function not used on URLs that come from user input)
	- magpierss <not-affected> (Fixed in all supported distributions)
CVE-2008-4795
	NOT-FOR-US: Opera
CVE-2008-4794
	NOT-FOR-US: Opera
CVE-2008-4793
	- drupal5 5.10-3 (low)
	- drupal6 <not-affected> (Vulnerable code not present)
CVE-2008-4792
	- drupal5 5.10-3 (low)
	- drupal6 6.4-2 (low)
CVE-2008-4791
	- drupal5 5.10-3 (low)
	- drupal6 6.4-2 (low)
CVE-2008-4790
	- drupal5 5.10-3 (low)
CVE-2008-4789
	- drupal6 6.4-2 (low)
CVE-2008-4788
	NOT-FOR-US: Microsoft Internet Explorer 6
CVE-2008-4787
	NOT-FOR-US: Microsoft Internet Explorer 6
CVE-2008-4786
	NOT-FOR-US: EasyShop plugin for e107
CVE-2008-4785
	NOT-FOR-US: e107
CVE-2008-4784
	NOT-FOR-US: aflog
CVE-2008-4783
	NOT-FOR-US: tlAds
CVE-2008-4782
	NOT-FOR-US: AIOCP
CVE-2008-4781
	NOT-FOR-US: MyKtools
CVE-2008-4780
	NOT-FOR-US: MyForum
CVE-2008-4779
	NOT-FOR-US: TUGzip
CVE-2008-4778
	NOT-FOR-US: Koobi CMS
CVE-2008-4777
	NOT-FOR-US: Showroom Joomlearn LMS
CVE-2008-4774
	NOT-FOR-US: QuestCMS
CVE-2008-4773
	NOT-FOR-US: QuestCMS
CVE-2008-4772
	NOT-FOR-US: QuestCMS
CVE-2008-4771
	NOT-FOR-US: ActiveX
CVE-2008-4770
	{DSA-1716-1}
	- vnc4 4.1.1+X4.3.0-31 (medium; bug #513531)
CVE-2008-4776
	{DSA-1664-1}
	- libgadu 1:1.8.0+r592-3 (low; bug #503916)
	- kadu 0.6.0.2-3 (low; bug #504429)
	- ekg 1:1.8~rc0-1 (low)
	- centerim 4.22.9-1 (low; bug #559782)
	[lenny] - centerim <no-dsa> (Minor issue)
	NOTE: claimed to be fixed in point update but is not: [lenny] - centerim 4.22.5-1+lenny1
	- qutecom <not-affected> (does not use libgadu embed; bug #559784)
CVE-2008-4769
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.5.1-1
CVE-2008-4768
	NOT-FOR-US: TLM CMS
CVE-2008-4767
	NOT-FOR-US: PHP-Nuke
CVE-2008-4766
	NOT-FOR-US: Oxygen Bulletin Board
CVE-2008-4765
	NOT-FOR-US: osCommerce Poll Booth Add-On
CVE-2008-4764
	NOT-FOR-US: eXtplorer module in Joomla!
CVE-2008-4763
	NOT-FOR-US: WiKID wClient-PHP
CVE-2008-4762
	NOT-FOR-US: freeSSHd
CVE-2008-4761
	NOT-FOR-US: Kayako eSupport
CVE-2008-4760
	NOT-FOR-US: Graphiks MyForum
CVE-2008-4759
	NOT-FOR-US: BuzzyWall
CVE-2008-4758
	NOT-FOR-US: PHPdaily
CVE-2008-4757
	NOT-FOR-US: PHPdaily
CVE-2008-4756
	NOT-FOR-US: PHPdaily
CVE-2008-4755
	NOT-FOR-US: PozScripts Classified Auctions Script
CVE-2008-4754
	NOT-FOR-US: Scripts for Sites Ez Forum
CVE-2008-4753
	NOT-FOR-US: AJ Square RSS Reader
CVE-2008-4752
	NOT-FOR-US: TlNews
CVE-2008-4751
	NOT-FOR-US: iPei Guestbook
CVE-2008-4750
	NOT-FOR-US: ActiveX
CVE-2008-4749
	NOT-FOR-US: ActiveX
CVE-2008-4747
	NOT-FOR-US: Sun Java System LDAP JDK
CVE-2008-4746
	NOT-FOR-US: Uniwin eCart Professional
CVE-2008-4745
	NOT-FOR-US: Uniwin eCart Professional
CVE-2008-4744
	NOT-FOR-US: DXShopCart
CVE-2008-4743
	NOT-FOR-US: QuidaScript FAQ Management Script
CVE-2008-4742
	NOT-FOR-US: TimeTrex
CVE-2008-4741
	NOT-FOR-US: FAR-PHP
CVE-2008-4740
	NOT-FOR-US: ZZ_Templater module in TinyCMS
CVE-2008-4748
	- kvirc <not-affected> (Windows-specific vulnerability)
CVE-2008-XXXX [balazar3: insecure temp file handling]
	- balazar3 0.1-2 (bug #503750)
CVE-2008-4775
	- phpmyadmin 4:2.11.8.1-4 (low)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: http://www.securityfocus.com/archive/1/497815
CVE-2008-4739
	NOT-FOR-US: PlugSpace
CVE-2008-4738
	NOT-FOR-US: MyCard
CVE-2008-4737
	NOT-FOR-US: WhoDomLite
CVE-2008-4736
	NOT-FOR-US: RPG.Board
CVE-2008-4735
	NOT-FOR-US: Concord software
CVE-2008-4734
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4733
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4732
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4731
	- yacy <itp> (bug #452422)
CVE-2008-4730
	- phpmyid <itp> (bug #492325)
CVE-2008-4729
	NOT-FOR-US: Hummingbird Xweb
CVE-2008-4728
	NOT-FOR-US: Hummingbird Deployment Wizard
CVE-2008-4727
	NOT-FOR-US: SunGard Banner Student
CVE-2008-4726
	NOT-FOR-US: GoodTech SSH
CVE-2008-4725
	NOT-FOR-US: Opera
CVE-2008-4724
	- webkit 1.1.7-1 (low; bug #520052)
	[lenny] - webkit <no-dsa> (Minor issue)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
CVE-2008-4723
	- iceweasel <not-affected>
	NOTE: firefox not affected, see https://bugzilla.redhat.com/468397
CVE-2008-4722
	NOT-FOR-US: Sun ILOM
CVE-2008-4721
	NOT-FOR-US: PHP Jabbers
CVE-2008-4720
	NOT-FOR-US: The Gemini Portal
CVE-2008-4719
	NOT-FOR-US: openEngine
CVE-2008-4718
	NOT-FOR-US: X7 Chat
CVE-2008-4717
	NOT-FOR-US: ZEELYRICS
CVE-2008-4716
	NOT-FOR-US: PHP-Lance
CVE-2008-4715
	NOT-FOR-US: com_jpad for Joomla!
CVE-2008-4714
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4713
	NOT-FOR-US: 212cafe Board
CVE-2008-4712
	NOT-FOR-US: LnBlog
CVE-2008-4711
	NOT-FOR-US: Joovili
CVE-2008-4710
	NOT-FOR-US: Stock module for Drupal
CVE-2008-4709
	NOT-FOR-US: PG eTraining
CVE-2008-4708
	NOT-FOR-US: BbZL.PhP
CVE-2008-4707
	NOT-FOR-US: BbZL.PhP
CVE-2008-4706
	NOT-FOR-US: VBGooglemap Hotspot Edition
CVE-2008-4705
	NOT-FOR-US: MyPHPDating
CVE-2008-4704
	NOT-FOR-US: SezHoo
CVE-2008-4703
	NOT-FOR-US: BosDev BosNews
CVE-2008-4702
	NOT-FOR-US: PhpWebGallery
CVE-2008-4701
	NOT-FOR-US: Libera CMS
CVE-2008-4700
	NOT-FOR-US: Libera CMS
CVE-2008-4699
	NOT-FOR-US: Peachtree Accounting
CVE-2008-4698
	NOT-FOR-US: Opera
CVE-2008-4697
	NOT-FOR-US: Opera
CVE-2008-4696
	NOT-FOR-US: Opera
CVE-2008-4695
	NOT-FOR-US: Opera
CVE-2008-4694
	NOT-FOR-US: Opera
CVE-2008-4693
	NOT-FOR-US: IBM DB2
CVE-2008-4692
	NOT-FOR-US: IBM DB2
CVE-2008-4691
	NOT-FOR-US: IBM DB2
CVE-2008-4690
	- lynx <not-affected> (advanced mode is not switched on in Debian configurations and lynxcgi handlers are really unlikely)
CVE-2008-4689
	- mantis 1.1.2+dfsg-9 (low; bug #503588)
CVE-2008-4688
	- mantis 1.1.2+dfsg-9 (low; bug #503588)
CVE-2008-4685
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4684
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4683
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4682
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4681
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4680
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4679
	NOT-FOR-US: IBM Websphere
CVE-2008-4678
	NOT-FOR-US: IBM Websphere
CVE-2008-4677
	- vim <unfixed> (unimportant)
	NOTE: documented in netrw documentation
CVE-2008-XXXX [local file inclusion in drupal]
	- drupal6 6.6-1 (low; bug #503222)
	- drupal5 5.10-3 (low; bug #503217)
CVE-2008-XXXX [XSS in book module in drupal]
	- drupal6 6.6-1 (low; bug #503222)
	- drupal5 <not-affected> (vulnerable code not present)
CVE-2008-4676
	NOT-FOR-US: Citrix XenApp
CVE-2008-4675
	NOT-FOR-US: PHPcounter
CVE-2008-4674
	NOT-FOR-US: Conkurent Real Estate Manager
CVE-2008-4673
	NOT-FOR-US: WebBiscuits Software Events Calendar
CVE-2008-4672
	NOT-FOR-US: buymyscripts Lyrics Script
CVE-2008-4671
	- wordpress <not-affected> (Vulnerable code only in mulitiuser wordpress)
CVE-2008-4670
	NOT-FOR-US: Ed Pudol Clickbank Portal
CVE-2008-4669
	NOT-FOR-US: Dan Fletcher Recipe Script
CVE-2008-4668
	NOT-FOR-US: com_imagebrowser for Joomla!
CVE-2008-4667
	NOT-FOR-US: ArabCMS
CVE-2008-4666
	NOT-FOR-US: Ultimate Webboard
CVE-2008-4665
	NOT-FOR-US: PG Matchmaking
CVE-2008-4664
	NOT-FOR-US: QvodInsert
CVE-2008-4663
	NOT-FOR-US: K's CGI Access Log Kaiseki
CVE-2008-4662
	NOT-FOR-US: LokiCMS
CVE-2008-4661
	NOT-FOR-US: sm_pageimprovements for Typo3
CVE-2008-4660
	NOT-FOR-US: m1_intern for Typo3
CVE-2008-4659
	NOT-FOR-US: kiddog_playerlist for Typo3
CVE-2008-4658
	NOT-FOR-US: dmmjobcontrol for Typo3
CVE-2008-4657
	NOT-FOR-US: econda for Typo3
CVE-2008-4656
	NOT-FOR-US: fersview for Typo3
CVE-2008-4655
	NOT-FOR-US: simplesurvey for Typo3
CVE-2008-4653
	NOT-FOR-US: Makale module for XOOPS
CVE-2008-4652
	NOT-FOR-US: Dart Communications PowerTCP FTP
CVE-2008-4651
	NOT-FOR-US: Jetbox CMS
CVE-2008-4650
	NOT-FOR-US: myEvent
CVE-2008-4649
	NOT-FOR-US: Elxis
CVE-2008-4648
	NOT-FOR-US: Elxis
CVE-2008-4647
	NOT-FOR-US: sweetCMS
CVE-2008-4646
	NOT-FOR-US: Websense Enterprise
CVE-2008-4645
	NOT-FOR-US: PhpWebGallery
CVE-2008-4644
	NOT-FOR-US: myWebland myStats
CVE-2008-4643
	NOT-FOR-US: myWebland myStats
CVE-2008-4642
	NOT-FOR-US: AstroSPACES
CVE-2008-4641
	- jhead 2.84-2 (low; bug #503645)
CVE-2008-4640
	- jhead 2.85-1 (unimportant; bug #504194)
	NOTE: no issue, jhead is just unlinking the output file if it already exists, this is not following symlinks
CVE-2008-4639
	- jhead 2.84-1 (low)
CVE-2008-4638
	NOT-FOR-US: Symantec VxFS
CVE-2008-4637
	NOT-FOR-US: cpCommerce
CVE-2008-4636
	NOT-FOR-US: SUSE Linux and Novell Linux (yast2-backup)
CVE-2008-4635
	NOT-FOR-US: XOOPS module
CVE-2008-4634
	- movabletype-opensource 4.2.1-3 (low; bug #503114)
CVE-2008-4633
	NOT-FOR-US: Node Vote
CVE-2008-4632
	NOT-FOR-US: Kure
CVE-2008-4631
	NOT-FOR-US: MUSCLE, NOTE this is not the multiple alignment program for protein sequences in Debian
CVE-2008-4630
	NOT-FOR-US: Midgard Components Framework
CVE-2008-4629
	NOT-FOR-US: Usagi Project MyNETS
CVE-2008-4628
	NOT-FOR-US: myWebland miniBloggie
CVE-2008-4627
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-4626
	NOT-FOR-US: yappa-ng
CVE-2008-4625
	NOT-FOR-US: st_newsletter plugin for WordPress
CVE-2008-4624
	NOT-FOR-US: Fast Click SQL Lite
CVE-2008-4623
	NOT-FOR-US: DS-Syndicate
CVE-2008-4622
	NOT-FOR-US: phpFastNews
CVE-2008-4621
	NOT-FOR-US: ZeeScripts Zeeproperty
CVE-2008-4620
	NOT-FOR-US: Meeting Room Booking System
CVE-2008-4619
	NOT-FOR-US: Sun Solaris
CVE-2008-4618
	{DSA-1681-1}
	- linux-2.6 2.6.26-10
	[etch] - linux-2.6 <not-affected>
	- linux-2.6.24 2.6.24-6~etchnhalf.7
	NOTE: ba0166708ef4da7eeb61dd92bbba4d5a749d6561
CVE-2008-4617
	NOT-FOR-US: actualite module for Joomla!
CVE-2008-4616
	NOT-FOR-US: SpamBam plugin for WordPress
CVE-2008-4615
	NOT-FOR-US: PortalApp
CVE-2008-4614
	NOT-FOR-US: PortalApp
CVE-2008-4613
	NOT-FOR-US: PortalApp
CVE-2008-4612
	NOT-FOR-US: PortalApp
CVE-2008-4611
	NOT-FOR-US: PHP Arsivimiz Php Ziyaretci Defteri
CVE-2008-4610
	{DTSA-181-1}
	- mplayer 1.0~rc2-20 (bug #407010)
	NOTE: only the aac issue affected mplayer because it built against a copy of faad
	NOTE: the ogm issue is a problem in ffmpeg
	- ffmpeg-debian <unfixed> (unimportant; bug #509616)
	- ffmpeg 7:2.4.1-1 (unimportant)
	- xmovie <removed> (unimportant)
	NOTE: just a crasher, no security implications known so far
	NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
CVE-2008-4609
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	- linux-2.6.24 <removed> (unimportant)
	NOTE: this is a design flaw in TCP itself; maximum impact is a denial-of-service
	NOTE: there is no upstream solution
	NOTE: see http://kbase.redhat.com/faq/docs/DOC-18730 for possible mitigation via iptables
	NOTE: also see usage of ipt_connlimit as a mitigation strategy
CVE-2008-4608
	REJECTED
CVE-2008-4607
	REJECTED
CVE-2008-4606
	NOT-FOR-US: IP Reg
CVE-2008-4605
	NOT-FOR-US: CafeEngine
CVE-2008-4604
	NOT-FOR-US: CafeEngine
CVE-2008-4603
	NOT-FOR-US: iGaming CM
CVE-2008-4602
	NOT-FOR-US: Post Affiliate Pro
CVE-2008-4601
	NOT-FOR-US: Habari CMS
CVE-2008-4600
	NOT-FOR-US: PokerMax Poker League Tournament Script
CVE-2008-4599
	NOT-FOR-US: Mosaic Commerce
CVE-2008-4598
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4597
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4596
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4595
	NOT-FOR-US: Slaytanic Scripts Content Plus
CVE-2008-4594
	NOT-FOR-US: Linksys WAP4400N firmware
CVE-2008-4593
	NOT-FOR-US: Apple iPhone 2.1 with firmware 5F136
CVE-2008-4654
	- vlc 1.0.3-1 (low; bug #502726)
	[etch] - vlc <not-affected> (introduced in 0.9.0)
	[lenny] - vlc <not-affected> (introduced in 0.9.0)
CVE-2008-4686
	{DSA-1819-1 DTSA-175-1}
	- vlc 0.8.6.h-4.1 (medium; bug #503118)
CVE-2008-4687
	- mantis 1.1.2+dfsg-7 (medium; bug #502728)
	NOTE: only registered users can perform this
CVE-2008-4592
	NOT-FOR-US: Sports Clubs Web Panel
CVE-2008-4591
	NOT-FOR-US: PhpWebGallery
CVE-2008-4590
	NOT-FOR-US: Stash
CVE-2008-4589
	NOT-FOR-US: Lenovo Rescue and Recovery
CVE-2008-4588
	NOT-FOR-US: Etype Eserv
CVE-2008-4587
	NOT-FOR-US: Macrovision FLEXnet Connect
CVE-2008-4586
	NOT-FOR-US: Macrovision FLEXnet Connect
CVE-2008-4585
	NOT-FOR-US: Software Site Builder
CVE-2008-4584
	NOT-FOR-US: Chilkat Mail
CVE-2008-4583
	NOT-FOR-US: Chilkat FTP
CVE-2008-4582
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- xulrunner 1.9.0.4-1
	- iceweasel 3.0.4-1
	- iceape 1.1.13-1
	- icedove 2.0.0.19-1
CVE-2008-4581
	NOT-FOR-US: IBM ENOVIA SmarTeam
CVE-2008-4580
	- redhat-cluster 2.20080801-1 (low; bug #496410)
	[etch] - redhat-cluster <no-dsa> (Minor issue)
	NOTE: already fixed in lenny
CVE-2008-4579
	- redhat-cluster 2.20081102-1 (low; bug #496410)
	[lenny] - redhat-cluster 2.20080801-4+lenny1
	[etch] - redhat-cluster <no-dsa> (Minor issue)
CVE-2008-4578
	- dovecot 1:1.1.9-1 (low; bug #502967)
	[etch] - dovecot <no-dsa> (Minor issue)
	[lenny] - dovecot <no-dsa> (Minor issue)
CVE-2008-4577
	- dovecot 1:1.0.15-2.2 (low; bug #502967)
	[etch] - dovecot <no-dsa> (Minor issue)
CVE-2008-4576
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-9
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4575
	- jhead 2.84-1 (bug #502353; low)
CVE-2008-4571
	- plone3 3.0.4-1 (low)
CVE-2008-4569
	NOT-FOR-US: XIGLA Software Absolute Poll Manager
CVE-2008-4574
	NOT-FOR-US: Ayco Okul Portali
CVE-2008-4573
	NOT-FOR-US: MunzurSoft Wep Portal W3
CVE-2008-4572
	NOT-FOR-US: GuildFTPd
CVE-2008-4570
	NOT-FOR-US: Real Estate Classifieds
CVE-2008-4568
	RESERVED
CVE-2008-4567
	RESERVED
CVE-2008-4566
	RESERVED
CVE-2008-4565
	RESERVED
CVE-2008-4564
	NOT-FOR-US: Autonomy KeyView SDK
CVE-2008-4563
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2008-4562
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4561
	RESERVED
CVE-2008-4560
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4559
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4557
	NOT-FOR-US: CuteNews.ru
CVE-2008-4556
	NOT-FOR-US: Sun Solstice AdminSuite
CVE-2008-4555
	- graphviz 2.20.2-3 (low)
	[etch] - graphviz 2.8-3+etch1
	NOTE: minor issue fixed in etch r6 point update
CVE-2008-4554
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-9
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4553
	{DSA-1657-1}
	- qemu 0.9.1-6 (low; bug #496394)
CVE-2008-4552
	- nfs-utils 1:1.1.3-1
	[lenny] - nfs-utils 1:1.1.2-6lenny1
	[etch] - nfs-utils <no-dsa> (Minor issue)
CVE-2008-4551
	- strongswan 4.2.4-5 (bug #502676)
	[etch] - strongswan <not-affected> (Vulnerable code not present)
CVE-2008-4550
	RESERVED
CVE-2008-4549
	NOT-FOR-US: ImageShack Toolbar ActiveX control
CVE-2008-4548
	NOT-FOR-US: PTZCamPanelCtrl ActiveX control
CVE-2008-4547
	NOT-FOR-US: DVRHOST Web CMS
CVE-2008-4546
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4558
	- vlc 0.9.3-1 (medium; bug #502314)
	[etch] - vlc <not-affected> (introduced in 0.9.0)
	[lenny] - vlc <not-affected> (introduced in 0.9.0)
CVE-2008-4545
	NOT-FOR-US: Cisco
CVE-2008-4544
	NOT-FOR-US: Microsoft
CVE-2008-4543
	NOT-FOR-US: Cisco
CVE-2008-4542
	NOT-FOR-US: Cisco
CVE-2008-4541
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2008-4540
	NOT-FOR-US: Windows Mobile
CVE-2008-4539
	{DSA-1799-1}
	- qemu 0.9.1+svn20081101-1 (low; bug #526040)
	[etch] - qemu <not-affected> (Vulnerable code not present)
CVE-2008-4538
	RESERVED
CVE-2008-4537
	NOT-FOR-US: EC-CUBE
CVE-2008-4536
	NOT-FOR-US: EC-CUBE
CVE-2008-4535
	NOT-FOR-US: EC-CUBE
CVE-2008-4534
	NOT-FOR-US: EC-CUBE
CVE-2008-5299
	- chm2pdf 0.9.1-1.1 (low; bug #501959)
CVE-2008-5298
	- chm2pdf 0.9.1-1.1 (low; bug #501959)
CVE-2008-4533
	NOT-FOR-US: Kantan WEB Server
CVE-2008-4532
	NOT-FOR-US: MaxiScript Website Directory
CVE-2008-4531
	NOT-FOR-US: Brilliant Gallery (drupal module)
CVE-2008-4530
	NOT-FOR-US: Brilliant Gallery (drupal module)
CVE-2008-4529
	NOT-FOR-US: asiCMS
CVE-2008-4528
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4527
	NOT-FOR-US: PHP-Fusion
CVE-2008-4526
	NOT-FOR-US: CCMS
CVE-2008-4525
	NOT-FOR-US: AmpJuke
CVE-2008-4524
	NOT-FOR-US: AdaptCMS
CVE-2008-4523
	NOT-FOR-US: IP Reg
CVE-2008-4522
	NOT-FOR-US: JMweb MP3 Music Audio Search and Download Script
CVE-2008-4521
	NOT-FOR-US: World of Warcraft tracker
CVE-2008-4520
	NOT-FOR-US: AutoNessus
CVE-2008-4519
	NOT-FOR-US: Fastpublish CMS
CVE-2008-4518
	NOT-FOR-US: Fastpublish CMS
CVE-2008-4517
	NOT-FOR-US: geccBBlite
CVE-2008-4516
	NOT-FOR-US: Galerie
CVE-2008-4515
	NOT-FOR-US: Blue Coat K9 Web Protection
CVE-2008-4514
	- kdebase <unfixed> (unimportant)
	NOTE: browser crash is a non-issue
CVE-2008-4513
	NOT-FOR-US: Phorum
CVE-2008-4512
	NOT-FOR-US: ASP/MS Access Shoutbox
CVE-2008-4511
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-4510
	NOT-FOR-US: Microsoft
CVE-2008-4509
	NOT-FOR-US: FOSS Gallery
CVE-2008-4508
	NOT-FOR-US: Tonec Internet Download Manager
CVE-2008-4507
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4506
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4505
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4504
	NOT-FOR-US: Herosoft Inc. Hero DVD Player
CVE-2008-4503
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4482
	- xerces-c2 <unfixed> (unimportant; bug #502102)
	NOTE: Hardly a security issue, anyone who's concerned about this should use Xerces 3
CVE-2008-4480
	NOT-FOR-US: Novell eDirectory
CVE-2008-4479
	NOT-FOR-US: Novell eDirectory
CVE-2008-4478
	NOT-FOR-US: Novell eDirectory
CVE-2008-4473
	NOT-FOR-US: Flash CS3 Professional
CVE-2008-4502
	NOT-FOR-US: DataFeedFile PHP Framework API
CVE-2008-4501
	NOT-FOR-US: Serv-U
CVE-2008-4500
	NOT-FOR-US: Serv-U
CVE-2008-4499
	NOT-FOR-US: PHP Web Explorer
CVE-2008-4498
	NOT-FOR-US: PHP Autos
CVE-2008-4497
	NOT-FOR-US: Built2Go Real Estate Listings
CVE-2008-4496
	NOT-FOR-US: PHP Realtor
CVE-2008-4495
	NOT-FOR-US: PHP Auto Dealer
CVE-2008-4494
	NOT-FOR-US: TorrentTrader Classic
CVE-2008-4493
	NOT-FOR-US: PicturePusher ActiveX
CVE-2008-4492
	NOT-FOR-US: YourOwnBux
CVE-2008-4491
	NOT-FOR-US: Mac OS
CVE-2008-4490
	NOT-FOR-US: phpAbook
CVE-2008-4489
	NOT-FOR-US: Atarone CMS
CVE-2008-4488
	NOT-FOR-US: Atarone CMS
CVE-2008-4487
	NOT-FOR-US: Atarone CMS
CVE-2008-4486
	NOT-FOR-US: SACphp
CVE-2008-4485
	NOT-FOR-US: Blue Coat Security Gateway OS
CVE-2008-4484
	NOT-FOR-US: Crux Gallery
CVE-2008-4483
	NOT-FOR-US: Crux Gallery
CVE-2008-4481
	NOT-FOR-US: Redmine
CVE-2008-4472
	NOT-FOR-US: LiveUpdate ActiveX
CVE-2008-4471
	NOT-FOR-US: DWF Viewer ActiveX
CVE-2008-4470
	NOT-FOR-US: Numark
CVE-2008-4469
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4468
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4467
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4466
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4465
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4464
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4463
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4462
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4461
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4460
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4459
	NOT-FOR-US: eXtrovert Thyme
CVE-2008-4458
	NOT-FOR-US: E-Php B2B Trading Marketplace Script
CVE-2008-4457
	NOT-FOR-US: MemHT Portal
CVE-2008-4456
	{DSA-1783-1}
	- mysql-dfsg-5.0 5.0.51-1 (low; bug #526254)
CVE-2008-4455
	NOT-FOR-US: EKINdesigns MySQL Quick Admin
CVE-2008-4454
	NOT-FOR-US: EKINdesigns MySQL Quick Admin
CVE-2008-4453
	NOT-FOR-US: ActiveX control
CVE-2008-4452
	NOT-FOR-US: Cambridge Computer Corporation vxFtpSrv
CVE-2008-4451
	NOT-FOR-US: ESET System Analyzer Tool
CVE-2008-4450
	NOT-FOR-US: XAMPP
CVE-2008-4449
	NOT-FOR-US: mIRC
CVE-2008-4448
	NOT-FOR-US: Positive Software H-Sphere WebShell
CVE-2008-4447
	NOT-FOR-US: Positive Software H-Sphere WebShell
CVE-2008-4446
	NOT-FOR-US: Nucleus EUC-JP
CVE-2008-4445
	{DSA-1655-1}
	- linux-2.6 2.6.26-5
	- linux-2.6.24 2.6.24-6~etchnhalf.6
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-4444
	NOT-FOR-US: Cisco Unified IP Phone
CVE-2008-4443
	RESERVED
CVE-2008-4442
	RESERVED
CVE-2008-4441
	NOT-FOR-US: Linksys
CVE-2008-4439
	NOT-FOR-US: MartinWood Datafeed Studio
CVE-2008-4438
	NOT-FOR-US: Datafeed Studio
CVE-2008-4437
	{DTSA-170-1}
	- bugzilla 3.0.5.0-1 (low; bug #502019)
	[etch] - bugzilla <no-dsa> (Minor issue)
CVE-2008-4436
	NOT-FOR-US: bBlog
CVE-2008-4435
	NOT-FOR-US: RMSOFT Downloads Plus
CVE-2008-4434
	NOT-FOR-US: uTorrent/Bittorrent
CVE-2008-4433
	NOT-FOR-US: RMSOFT MiniShop (xoops)
CVE-2008-4432
	NOT-FOR-US: RMSOFT MiniShop (xoops)
CVE-2008-4431
	NOT-FOR-US: IceBB
CVE-2008-4430
	REJECTED
CVE-2008-4429
	NOT-FOR-US: SOURCENEXT Virus Security ZERO
CVE-2008-4428
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4427
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4426
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4425
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4424
	NOT-FOR-US: Domain Group Network GooCMS
CVE-2008-4423
	NOT-FOR-US: Ovidentia
CVE-2008-4422
	REJECTED
CVE-2008-4421
	NOT-FOR-US: MetaGauge
CVE-2008-4420
	NOT-FOR-US: DynaZip Max
CVE-2008-4419
	NOT-FOR-US: HP-ChaiSOE
CVE-2008-4418
	NOT-FOR-US: HP-UX
CVE-2008-4417
	REJECTED
CVE-2008-4416
	NOT-FOR-US: HP-UX
CVE-2008-4415
	NOT-FOR-US: HP Service Manager (HPSM)
CVE-2008-4414
	NOT-FOR-US: HP Tru64 UNIX
CVE-2008-4413
	NOT-FOR-US: HP System Management Homepage
CVE-2008-4412
	NOT-FOR-US: HP Systems Insight Manager
CVE-2008-4411
	NOT-FOR-US: HP System Management Homepage
CVE-2008-4410
	- linux-2.6 2.6.26-8
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2008-4409
	- libxml2 <not-affected>
	[lenny] - libxml2 <not-affected> (Vulnerable code not present)
	[etch] - libxml2 <not-affected> (Vulnerable code not present)
	NOTE: The bug affects only to 2.7.0 and 2.7.1
CVE-2008-4406
	- sabre 0.2.4b-25 (low; bug #433996)
	[etch] - sabre <no-dsa> (Game not qualified as multi-user system, thus minor issue)
CVE-2008-4405
	- xen-3 3.4.0-1 (bug #503811)
	- xen-unstable <removed>
	NOTE: a proposed patch leads to new problems, see CVE-2008-5716
CVE-2008-4404
	NOT-FOR-US: IPv6 NDP on IBM zSeries
CVE-2008-4403
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-4402
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-4408
	{DTSA-171-1}
	- mediawiki 1:1.13.2-1 (low; bug #501115)
	[etch] - mediawiki <not-affected> (Vulnerable code not present)
CVE-2008-4475
	- ibackup <removed> (low; bug #496432)
	[etch] - ibackup <no-dsa> (Minor issues)
CVE-2008-4401
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4400
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4399
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4398
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4397
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4396
	NOT-FOR-US: Safer Networking FileAlyzer
CVE-2008-4969
	- ltp 20060918-3 (low; bug #496411)
	[etch] - ltp <no-dsa> (Documented to be only suitable for single user setups currently)
CVE-2008-4954
	- fml <removed> (low; bug #496370)
	[etch] - fml <no-dsa> (Minor issue)
CVE-2008-4957
	- gccxml 0.9.0+cvs20100501-1 (unimportant; bug #496391)
	NOTE: Only applies to a script used for an obscure SGI compiler
CVE-2008-4943
	- bulmages <removed> (unimportant; bug #496382)
	NOTE: Only present in example scripts
CVE-2008-5034
	- printfilters-ppd <unfixed> (unimportant; bug #496417)
	NOTE: Only exploitable when modifying master-filter by hand
CVE-2008-4955
	- freevo <unfixed> (unimportant; bug #496373)
	NOTE: Only exploitable when modifying script by hand
CVE-2008-4974
	- netmrg 0.20-2 (low; bug #496384)
	[etch] - netmrg <no-dsa> (Minor issue)
CVE-2008-4960
	- impose+ 0.2-11.1 (low; bug #496435)
	[etch] - impose+ <no-dsa> (Minor issue)
CVE-2008-4964
	- konwert 1.8-11.2 (low; bug #496379)
	[etch] - konwert <no-dsa> (Minor issue)
CVE-2008-4986
	- wims 3.62-13.1 (low; bug #496387)
	[etch] - wims <no-dsa> (Minor issue)
CVE-2008-4474
	- freeradius 2.0.4+dfsg-6 (low; bug #496389)
	[etch] - freeradius <no-dsa> (Minor issue)
CVE-2008-4995
	- bk2site <removed> (unimportant; bug #496430)
	NOTE: Only debug code, script needs to be edited to exploit this
CVE-2008-4983
	- scilab 4.1.2-6 (low; bug #496414)
	[etch] - scilab <no-dsa> (Non-free not supported)
CVE-2008-4395
	{DSA-1731-1}
	- ndiswrapper 1.53-2 (medium; bug #504696)
CVE-2008-4394
	NOT-FOR-US: Gentoo package manager Portage
CVE-2008-4393
	NOT-FOR-US: VeriSign Kontiki
CVE-2008-4392
	- djbdns <removed> (high; bug #516394)
CVE-2008-4391
	NOT-FOR-US: Cisco Linksys WVC54GC
CVE-2008-4390
	NOT-FOR-US: Cisco Linksys WVC54GC
CVE-2008-4389
	NOT-FOR-US: Symantec AppStream
CVE-2008-4388
	NOT-FOR-US: LaunchObj ActiveX
CVE-2008-4387
	NOT-FOR-US: ActiveX
CVE-2008-4386
	RESERVED
CVE-2008-4385
	NOT-FOR-US: LLC Systems Requirements Lab
CVE-2008-4384
	NOT-FOR-US: LPViewer ActiveX
CVE-2008-4383
	NOT-FOR-US: Agranet-Emweb
CVE-2008-4382
	- kdebase <unfixed> (unimportant)
	NOTE: browser dos not treated as security issue. This is the same like CVE-2008-4381
	NOTE: which will work in every JS browser as the PoC just creates a large string passing
	NOTE: it to alert and thus eating memory, no security issue.
CVE-2008-4381
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4380
	NOT-FOR-US: Samsung DVR SHR2040
CVE-2008-4379
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-4378
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-4377
	NOT-FOR-US: Creative Mind Creator CMS
CVE-2008-4376
	NOT-FOR-US: Live TV Script
CVE-2008-4375
	NOT-FOR-US: Availscript
CVE-2008-4374
	NOT-FOR-US: CMS Buzz
CVE-2008-4373
	NOT-FOR-US: Availscript
CVE-2008-4372
	NOT-FOR-US: Availscript
CVE-2008-4371
	NOT-FOR-US: Availscript
CVE-2008-4370
	NOT-FOR-US: Availscript
CVE-2008-4369
	NOT-FOR-US: Availscript
CVE-2008-4368
	NOT-FOR-US: Java on OSX
CVE-2008-4367
	RESERVED
CVE-2008-4965
	{DTSA-177-1 DTSA-178-1}
	- liquidsoap 0.3.8.1+2-2 (low; bug #496360)
	[lenny] - liquidsoap 0.3.6-4+lenny1
CVE-2008-4966
	- openswan 1:2.6.21+dfsg-2 (unimportant; bug #496376)
	NOTE: Only unused packaging bits
CVE-2008-4941
	- arb 0.0.20071207.1-5 (low; bug #496396)
CVE-2008-4940
	- aptoncd 0.1-1.2 (bug #496390; low)
CVE-2008-4947
	- dhis-server 5.3-1.2 (bug #496388; unimportant)
CVE-2008-4967
	- linuxtrade <removed> (unimportant; bug #496372)
	NOTE: unimportant since the program is dysfunctional with the current
	NOTE: trading website and thus not exploitable for practical purposes
CVE-2008-4980
	- rccp 0.9-2.1 (low; bug #496364)
	[etch] - rccp <no-dsa> (Minor issue)
CVE-2008-4948
	- digitaldj 0.7.5-6.1 (low; bug #496399)
	[etch] - digitaldj <no-dsa> (Minor issue)
CVE-2008-4945
	- cdrw-taper 0.4-2.1 (low; bug #496380)
	[etch] - cdrw-taper <no-dsa> (Minor issue)
CVE-2008-4958
	- gdrae 0.1-1.1 (low; bug #496378)
	[etch] - gdrae <no-dsa> (Minor issue)
CVE-2008-4407
	- sabre 0.2.4b-25 (low; bug #433996)
	[etch] - sabre <no-dsa> (Game not qualified as multi-user system, thus minor issue)
CVE-2008-4366
	NOT-FOR-US: Camera Life
CVE-2008-4365
	NOT-FOR-US: Siteman
CVE-2008-4364
	NOT-FOR-US: ParsaGostar ParsaWeb CMS
CVE-2008-4363
	NOT-FOR-US: DESlock
CVE-2008-4362
	NOT-FOR-US: DESlock
CVE-2008-4361
	NOT-FOR-US: PowerPortal
CVE-2008-4360
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (low)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
CVE-2008-4359
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (low)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
CVE-2008-4358
	NOT-FOR-US: SPAW Editor PHP
CVE-2008-4357
	NOT-FOR-US: Powie pLink
CVE-2008-4356
	NOT-FOR-US: Kasseler CMS
CVE-2008-4355
	NOT-FOR-US: Powie PSCRIPT Forum
CVE-2008-4354
	NOT-FOR-US: NetArt Media iBoutique
CVE-2008-4353
	NOT-FOR-US: Linkarity
CVE-2008-4352
	NOT-FOR-US: phpSmartCom
CVE-2008-4351
	NOT-FOR-US: phpSmartCom
CVE-2008-4350
	NOT-FOR-US: vbLOGIX Tutorial Script
CVE-2008-4349
	NOT-FOR-US: s0nic Paranews
CVE-2008-4348
	NOT-FOR-US: PHPortfolio
CVE-2008-4347
	NOT-FOR-US: Powie pNews
CVE-2008-4346
	NOT-FOR-US: TalkBack
CVE-2008-4345
	NOT-FOR-US: WebPortal CMS
CVE-2008-4344
	NOT-FOR-US: 6rbScript
CVE-2008-4343
	NOT-FOR-US: Chilkat XML ChilkatUtil.CkData.1 ActiveX control
CVE-2008-4342
	NOT-FOR-US: ActiveX
CVE-2008-4341
	NOT-FOR-US: MyBlog
CVE-2008-4340
	- chromium-browser <not-affected> (only 0.x is affected)
	- webkit <not-affected> (poc not effective)
CVE-2008-4339
	NOT-FOR-US: Symantec Veritas NetBackup Server
CVE-2008-4338
	NOT-FOR-US: drupal brilliant gallery 3rd party module
CVE-2008-4337
	NOT-FOR-US: Bitweaver
CVE-2008-4336
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4335
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4334
	NOT-FOR-US: PHP infoBoard
CVE-2008-4333
	NOT-FOR-US: PHP infoBoard
CVE-2008-4332
	NOT-FOR-US: PHP infoBoard
CVE-2008-4331
	NOT-FOR-US: phpOCS
CVE-2008-4330
	NOT-FOR-US: LanSuite
CVE-2008-4329
	NOT-FOR-US: openEngine
CVE-2008-4328
	NOT-FOR-US: EasyRealtorPRO
CVE-2008-4327
	NOT-FOR-US: Microsoft
CVE-2008-4326
	{DSA-1675-1}
	- phpmyadmin 4:2.11.8.1-3
CVE-2008-4325
	- viewvc 1.0.9-1 (bug #500779; unimportant)
CVE-2008-4324
	- iceweasel <removed> (unimportant)
	NOTE: reproducible but browser DoS not treated as security issue
CVE-2008-4323
	NOT-FOR-US: Windows Explorer
CVE-2008-4322
	NOT-FOR-US: Microsoft
CVE-2008-4321
	NOT-FOR-US: FlashGet FTP
CVE-2008-4320
	NOT-FOR-US: OpenNMS
CVE-2008-4319
	NOT-FOR-US: Libra File Manager
CVE-2008-4318
	NOT-FOR-US: Observer
CVE-2008-4317
	REJECTED
CVE-2008-4316
	{DSA-1747-1}
	- glib2.0 2.20.0-1 (medium; bug #520046)
CVE-2008-4315
	NOT-FOR-US: OpenPegasus
CVE-2008-4314
	- samba 2:3.2.5-1
	[etch] - samba <not-affected> (Vulnerable code not present)
CVE-2008-4313
	NOT-FOR-US: OpenPegasus
CVE-2008-4312
	REJECTED
CVE-2008-4311
	- dbus 1.2.1-5 (low; bug #508032)
	[etch] - dbus <no-dsa> (Backport for Etch too risky for regressions for too little gain)
CVE-2008-4310
	- ruby <not-affected> (bug #508030)
	NOTE: Red Hat-specific
CVE-2008-4309
	{DSA-1663-1}
	- net-snmp 5.4.1~dfsg-11 (bug #504150)
CVE-2008-4308
	- tomcat5.5 5.5.23-1 (low)
CVE-2008-4307
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-1
	- linux-2.6.24 <removed>
CVE-2008-4306
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-4305
	NOT-FOR-US: phpCollab
CVE-2008-4304
	NOT-FOR-US: phpCollab
CVE-2008-4303
	NOT-FOR-US: phpCollab
CVE-2008-4302
	{DSA-1653-1}
	- linux-2.6 2.6.22-4 (low)
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
CVE-2008-4301
	NOT-FOR-US: Microsoft
CVE-2008-4300
	NOT-FOR-US: Microsoft
CVE-2008-4299
	NOT-FOR-US: Microsoft
CVE-2008-4297
	- mercurial 1.0.1-5.1 (low; bug #500781)
	NOTE: the package doesnt install this script by default but ships it with the examples
	[etch] - mercurial <no-dsa> (Only shipped in examples)
CVE-2008-4296
	NOT-FOR-US: Cisco Linksys WRT350N
CVE-2008-4295
	NOT-FOR-US: Microsoft
CVE-2008-4294
	NOT-FOR-US: IBM Tivoli Netcool/Webtop
CVE-2008-4293
	NOT-FOR-US: Opera
CVE-2008-4292
	NOT-FOR-US: Opera
CVE-2008-4291
	RESERVED
CVE-2008-4290
	RESERVED
CVE-2008-4289
	RESERVED
CVE-2008-4288
	RESERVED
CVE-2008-4287
	RESERVED
CVE-2008-4286
	RESERVED
CVE-2008-4285
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4284
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4283
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4282
	RESERVED
CVE-2008-4281
	NOT-FOR-US: VMWare ESXi
CVE-2008-4280
	RESERVED
CVE-2008-4279
	NOT-FOR-US: VMware Workstation
CVE-2008-4278
	NOT-FOR-US: VMWare VirtualCenter
CVE-2008-4277
	REJECTED
CVE-2008-4276
	REJECTED
CVE-2008-4275
	REJECTED
CVE-2008-4274
	REJECTED
CVE-2008-4273
	REJECTED
CVE-2008-4272
	REJECTED
CVE-2008-4271
	REJECTED
CVE-2008-4270
	REJECTED
CVE-2008-4269
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2008-4268
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4267
	REJECTED
CVE-2008-4266
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4265
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4264
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4263
	REJECTED
CVE-2008-4262
	REJECTED
CVE-2008-4261
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4260
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4259
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4258
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4257
	REJECTED
CVE-2008-4256
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4255
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4254
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4253
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4252
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4251
	REJECTED
CVE-2008-4250
	NOT-FOR-US: Microsoft Windows
CVE-2008-4249
	REJECTED
CVE-2008-4248
	REJECTED
CVE-2008-4246
	NOT-FOR-US: Denora IRC Stats Server
CVE-2008-4245
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-4244
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-4243
	NOT-FOR-US: Epic Games Unreal Tournament
CVE-2008-4242
	{DSA-1689-1}
	- proftpd-dfsg 1.3.1-15 (low; bug #502674)
CVE-2008-4241
	NOT-FOR-US: CJ Ultra Plus
CVE-2008-4240
	RESERVED
CVE-2008-4239
	RESERVED
CVE-2008-4238
	RESERVED
CVE-2008-4237
	NOT-FOR-US: Managed Client Mac OS X
CVE-2008-4236
	NOT-FOR-US: Apple Type Services
CVE-2008-4235
	RESERVED
CVE-2008-4234
	NOT-FOR-US: CoreTypes Apple Mac OS X
CVE-2008-4233
	NOT-FOR-US: Apple
CVE-2008-4232
	NOT-FOR-US: Safari
CVE-2008-4231
	NOT-FOR-US: Apple
CVE-2008-4230
	NOT-FOR-US: Apple
CVE-2008-4229
	NOT-FOR-US: Apple
CVE-2008-4228
	NOT-FOR-US: Apple
CVE-2008-4227
	NOT-FOR-US: Apple
CVE-2008-4226
	{DSA-1666-1}
	- libxml2 2.6.32.dfsg-5
	- chromium-browser 5.0.375.29~r46008-1
CVE-2008-4225
	{DSA-1666-1}
	- libxml2 2.6.32.dfsg-5
	- chromium-browser 5.0.375.29~r46008-1
CVE-2008-4224
	NOT-FOR-US: UDF Mac OS X
CVE-2008-4223
	NOT-FOR-US: Podcast Producer Mac OS X
CVE-2008-4222
	NOT-FOR-US: natd Mac OS X
CVE-2008-4221
	NOT-FOR-US: Libsystem Mac OS X
CVE-2008-4220
	NOT-FOR-US: Libsystem Mac OS X
CVE-2008-4219
	NOT-FOR-US: kernel Mac OS X
CVE-2008-4218
	NOT-FOR-US: kernel Mac OS X
CVE-2008-4217
	NOT-FOR-US: BOM Apple Mac OS X
CVE-2008-4216
	NOT-FOR-US: Safari
CVE-2008-4215
	NOT-FOR-US: Weblog Mac OS X
CVE-2008-4214
	NOT-FOR-US: Script Editor in Mac OS X
CVE-2008-4213
	RESERVED
CVE-2008-4212
	NOT-FOR-US: MacOS-only issue
CVE-2008-4211
	NOT-FOR-US: QuickLook Mac OS X
CVE-2008-4210
	{DSA-1653-1}
	- linux-2.6 2.6.22-1
	- linux-2.6.24 <not-affected> (Vulnerable code not prsent)
	NOTE: easily exploitable but of limited use as the attacker already needs access to a
	NOTE: directory that is setgid to the group he wants to get privileges for
CVE-2008-4209
	RESERVED
CVE-2008-4208
	NOT-FOR-US: OSADS Alliance Database
CVE-2008-4207
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4206
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4205
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4204
	NOT-FOR-US: SoftAcid Hotel Reservation System
CVE-2008-4203
	NOT-FOR-US: CzarNews
CVE-2008-4202
	NOT-FOR-US: Gonafish LinksCaffePRO
CVE-2008-4200
	NOT-FOR-US: Opera
CVE-2008-4199
	NOT-FOR-US: Opera
CVE-2008-4198
	NOT-FOR-US: Opera
CVE-2008-4197
	NOT-FOR-US: Opera
CVE-2008-4196
	NOT-FOR-US: Opera
CVE-2008-4195
	NOT-FOR-US: Opera
CVE-2008-4194
	- pdnsd 1.2.6-par-10 (bug #500910)
CVE-2008-4193
	NOT-FOR-US: Alt-N Technologies SecurityGateway
CVE-2008-4192
	- redhat-cluster 2.20081102-1 (bug #496410; low)
	[lenny] - redhat-cluster 2.20080801-4+lenny1
CVE-2008-4191
	- emacspeak 28.0-2 (bug #496431; low)
	[lenny] - emacspeak 26.0-3+lenny1
	[etch] - emacspeak <no-dsa> (Minor issue)
CVE-2008-4190
	{DSA-1760-1}
	- openswan 1:2.4.12+dfsg-1.3 (bug #496374; low)
	[etch] - openswan <no-dsa> (Vulnerable code only in example script)
CVE-2008-XXXX [jumpnbump: insecure temp file]
	- jumpnbump 1.50+dfsg1-1 (low; bug #500611)
	[etch] - jumpnbump 1.50-6+etch1
CVE-2008-4959
	- gpsdrive 2.10~pre4-6.dfsg-1 (low; bug #496436)
	[etch] - gpsdrive <no-dsa> (Minor issue)
CVE-2008-4949
	- dist 1:3.5-17-2 (low; bug #496412)
	[etch] - dist 3.70-31etch1
CVE-2008-4970
	- lustre 1.6.5.1-1 (low; bug #496371)
CVE-2008-4247
	- linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518)
	[etch] - linux-ftpd-ssl 0.17.18+0.3-6etch1
	- linux-ftpd 0.17-29 (bug #500278)
	[etch] - linux-ftpd <no-dsa> (Minor issue)
CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php]
	- wordpress 2.8.4-1 (bug #500295; unimportant)
	NOTE: bigger problems, if attacker has access to /etc/wordpress/*
CVE-2008-4298
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (medium)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
CVE-2008-XXXX [unsafe usage of temp file]
	- chillispot 1.0-10 (low; bug #500181)
	NOTE: the changelog doesn't mention the fix but its included in -10
	[etch] - chillispot <no-dsa> (minor issue)
CVE-2008-XXXX [unsafe usage of temp file]
	- debtorrent 0.1.10 (unimportant; bug #500180)
	NOTE: Only exploitable when upgrading from an ancient version, package also not in Etch
CVE-2008-4189
	REJECTED
CVE-2008-4188
	NOT-FOR-US: kw_secdir extension for TYPO3
CVE-2008-4187
	NOT-FOR-US: ProActive CMS
CVE-2008-4186
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4185
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4184
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4183
	NOT-FOR-US: IntegraMOD
CVE-2008-4182
	{DSA-1770-1}
	- turba2 2.2.1-2 (bug #500114; low)
	[etch] - turba2 <no-dsa> (Minor issue)
	- imp4 4.2-3 (bug #500553; low)
CVE-2008-4181
	NOT-FOR-US: Netenberg Fantastico De Luxe module for cPanel
CVE-2008-4180
	NOT-FOR-US: NooMS
CVE-2008-4179
	NOT-FOR-US: NooMS
CVE-2008-4178
	NOT-FOR-US: DownlineGoldmine, etc.
CVE-2008-4177
	NOT-FOR-US: Pre Real Estate Listings
CVE-2008-4176
	NOT-FOR-US: FoT Video scripti
CVE-2008-4175
	NOT-FOR-US: Link Bid Script
CVE-2008-4174
	NOT-FOR-US: Dynamic MP3 Lister
CVE-2008-4173
	NOT-FOR-US: ProArcadeScript
CVE-2008-4172
	NOT-FOR-US: Cars & Vehicle
CVE-2008-4171
	NOT-FOR-US: Invision Power Board
CVE-2008-4170
	NOT-FOR-US: osCommerce
CVE-2008-4169
	NOT-FOR-US: iScripts EasyIndex
CVE-2008-4168
	NOT-FOR-US: Pro2col Stingray FTS
CVE-2008-4167
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-4166
	NOT-FOR-US: Avant Browser
CVE-2008-4165
	NOT-FOR-US: Kolab Groupware Server 1.0.0
	NOTE: Debian has kolabd and kolab-webadmin, but neither has the file create_user.php.
	NOTE: But we have only 0.4 (in etch) and 2.1 (in lenny+sid), maybe 1.0 is different.
CVE-2008-4164
	NOT-FOR-US: MemHT Portal
CVE-2008-4163
	- bind9 <not-affected> (windows specific issue)
CVE-2008-4162
	NOT-FOR-US: NooMS
CVE-2008-4161
	NOT-FOR-US: Assetman
CVE-2008-4160
	NOT-FOR-US: Sun Solaris
CVE-2008-4159
	NOT-FOR-US: Jaw Portal and Zanfi CMS
CVE-2008-4158
	NOT-FOR-US: Zanfi CMS
CVE-2008-4157
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2008-4156
	NOT-FOR-US: CustomCms (CCMS) Gaming Portal
CVE-2008-4155
	NOT-FOR-US: EasySite
CVE-2008-4154
	NOT-FOR-US: living-e webEdition CMS
CVE-2008-4153
	NOT-FOR-US: Talk module for Drupal
CVE-2008-4152
	NOT-FOR-US: Talk module for Drupal
CVE-2008-4151
	NOT-FOR-US: CYASK
CVE-2008-4150
	NOT-FOR-US: Diesel Joke Site
CVE-2008-4149
	NOT-FOR-US: Greg Holsclaw Link to Us module for Drupal
CVE-2008-4148
	NOT-FOR-US: Mailhandler module for Drupal
CVE-2008-4147
	NOT-FOR-US: Mailsave module for Drupal
CVE-2008-4146
	NOT-FOR-US: Addalink
CVE-2008-4145
	NOT-FOR-US: Addalink
CVE-2008-4144
	NOT-FOR-US: ACG-ScriptShop E-Gold Script Shop
CVE-2008-4143
	NOT-FOR-US: RazorCommerce Shopping Cart
CVE-2008-4142
	NOT-FOR-US: E-Php CMS
CVE-2008-4141
	NOT-FOR-US: x10Media x10 Automatic MP3 Script
CVE-2008-4140
	NOT-FOR-US: Quick.Cart
CVE-2008-4139
	NOT-FOR-US: OpenSolution Quick.Cms.Lite
CVE-2008-4138
	NOT-FOR-US: Technote
CVE-2008-4137
	NOT-FOR-US: PHP-Crawler
CVE-2008-4136
	NOT-FOR-US: Michael Roth Software Personal FTP Server (PFT)
CVE-2008-4135
	NOT-FOR-US: Symbian
CVE-2008-4134
	NOT-FOR-US: phpRealty
CVE-2008-4133
	NOT-FOR-US: D-Link
CVE-2008-4132
	NOT-FOR-US: SFlexGrid.VSFlexGridL ActiveX
CVE-2008-4131
	NOT-FOR-US: Sun Solaris
CVE-2008-4130
	- gallery2 2.2.6-1
CVE-2008-4129
	- gallery 1.5.9-1 (medium)
	- gallery2 2.2.6-1 (medium)
CVE-2008-4128
	NOT-FOR-US: Cisco
CVE-2008-4127
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4126
	{DSA-1619-1}
	- python-dns 2.3.1-5 (bug #490217)
CVE-2008-4125
	- phpbb2 2.0.23+repack-3 (low; bug #500086)
	[etch] - phpbb2 <no-dsa> (Minor issue)
	- phpbb3 <not-affected> (vulnerable code not present)
	NOTE: this is actually a bug in the seeding by PHP, not phpBB per se, but
	NOTE: fixing it nonetheless as a workaround.
CVE-2008-4124
	RESERVED
CVE-2008-4123
	RESERVED
CVE-2008-4122
	NOT-FOR-US: Joomla!
CVE-2008-4121
	NOT-FOR-US: cpCommerce
CVE-2008-4120
	NOT-FOR-US: FlatPress
CVE-2008-4119
	NOT-FOR-US: CA Service Desk
CVE-2008-4118
	NOT-FOR-US: High Norm Sound Master
CVE-2008-4117
	NOT-FOR-US: Sun Management Center (SunMC)
CVE-2008-4116
	NOT-FOR-US: Apple
CVE-2008-4201
	- faad2 2.6.1-3.1 (bug #499899)
	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=238445
	NOTE: http://www.audiocoding.com/
	NOTE: http://www.audiocoding.com/patch/main_overflow.diff
CVE-2008-4115
	NOT-FOR-US: TalkBack
CVE-2008-4114
	NOT-FOR-US: Microsoft Windows
CVE-2008-4113
	{DSA-1655-1}
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.6
CVE-2008-4112
	REJECTED
CVE-2008-4111
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4110
	NOT-FOR-US: Microsoft
CVE-2008-4107
	- php5 <removed> (unimportant; bug #500087)
	NOTE: the rand() and mt_rand() functions were never said to be cryptographically strong
	NOTE: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html
CVE-2008-4106
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.5.1-8 (bug #500115)
CVE-2008-4105
	NOT-FOR-US: Joomla!
CVE-2008-4104
	NOT-FOR-US: Joomla!
CVE-2008-4103
	NOT-FOR-US: Joomla!
CVE-2008-4102
	NOT-FOR-US: Joomla!
CVE-2008-4101
	{DSA-1733-1}
	- vim 2:7.2.010-1 (low; bug #500381)
	[lenny] - vim 1:7.1.314-3+lenny1
	[squeeze] - vim 1:7.1.314-3+lenny1
CVE-2008-4098
	{DSA-1662-1}
	- mysql-dfsg-5.0 5.0.67-1
	[lenny] - mysql-dfsg-5.0 5.0.51a-18
	[squeeze] - mysql-dfsg-5.0 5.0.51a-18
CVE-2008-4097
	{DSA-1608-1}
	- mysql-dfsg-5.0 5.0.51a-10
CVE-2008-4095
	NOT-FOR-US: Flip4Mac WMV
CVE-2008-4094
	- rails 2.1.0-1 (medium; bug #500791)
	NOTE: in mysql this only allows information disclosure as multiline statements are
	NOTE: not allowed by default
CVE-2008-4093
	NOT-FOR-US: YourOwnBux
CVE-2008-4092
	NOT-FOR-US: myPHPNuke
CVE-2008-4091
	NOT-FOR-US: Web Directory Script
CVE-2008-4090
	NOT-FOR-US: PHP Coupon Script
CVE-2008-4089
	NOT-FOR-US: myPHPNuke
CVE-2008-4088
	NOT-FOR-US: myPHPNuke
CVE-2008-4087
	NOT-FOR-US: Acoustica Beatcraft
CVE-2008-4086
	NOT-FOR-US: Reciprocal Links Manager
CVE-2008-4085
	- plait 1.5.2-2 (low; bug #496381)
CVE-2008-4084
	NOT-FOR-US: MyioSoft EasyClassifields
CVE-2008-4083
	NOT-FOR-US: Brim
CVE-2008-4082
	NOT-FOR-US: Brim
CVE-2008-4081
	NOT-FOR-US: Stash
CVE-2008-4080
	NOT-FOR-US: Stash
CVE-2008-4079
	- movabletype-opensource 4.2~rc5-1 (low; bug #499252)
CVE-2008-4078
	- sql-ledger <unfixed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2008-4077
	- sql-ledger <unfixed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2008-4076
	NOT-FOR-US: Tor World Software
CVE-2008-4075
	NOT-FOR-US: D-iscussion Board
CVE-2008-4074
	NOT-FOR-US: Zanfi Autodealers CMS
CVE-2008-4073
	NOT-FOR-US: Zanfi Autodealers CMS
CVE-2008-4072
	NOT-FOR-US: phsBlog
CVE-2008-4071
	NOT-FOR-US: Microsoft
CVE-2008-4070
	{DSA-1697-1 DSA-1696-1}
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-4069
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
CVE-2008-4068
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4067
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4066
	{DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.17-1
CVE-2008-4065
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4064
	{DSA-1669-1}
	- xulrunner 1.9.0.3-1
	- iceweasel 3.0.3-1
	[etch] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2008-4063
	{DSA-1669-1}
	- xulrunner 1.9.0.3-1
	- iceweasel 3.0.3-1
	[etch] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2008-4062
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4061
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4060
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4059
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4058
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4057
	NOT-FOR-US: Objective Development Sharity
CVE-2008-4056
	NOT-FOR-US: Matterdaddy Market
CVE-2008-4055
	NOT-FOR-US: Million Pixel Ad Script
CVE-2008-4054
	NOT-FOR-US: Kolifa.net Download Script
CVE-2008-4053
	NOT-FOR-US: Bluemoon PopnupBLOG
CVE-2008-4052
	NOT-FOR-US: OpenVMS for Integrity Servers
CVE-2008-4051
	NOT-FOR-US: Smart Survey
CVE-2008-4050
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4049
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4048
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4047
	NOT-FOR-US: Novell Forum
CVE-2008-4046
	NOT-FOR-US: eliteCMS
CVE-2008-4045
	NOT-FOR-US: @Mail
CVE-2008-4044
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-4043
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-4042
	REJECTED
CVE-2008-4041
	NOT-FOR-US: Softalk Mail Server
CVE-2008-4040
	NOT-FOR-US: Kyocera FS-118MFP
CVE-2008-4039
	NOT-FOR-US: Spice Classifieds
CVE-2008-4038
	NOT-FOR-US: Microsoft Windows
CVE-2008-4037
	NOT-FOR-US: Microsoft Windows
CVE-2008-4036
	NOT-FOR-US: Microsoft Windows
CVE-2008-4035
	REJECTED
CVE-2008-4034
	REJECTED
CVE-2008-4033
	NOT-FOR-US: Microsoft XML Core
CVE-2008-4032
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4031
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4030
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4029
	NOT-FOR-US: Microsoft XML Core
CVE-2008-4028
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4027
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4026
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4025
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4024
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4023
	NOT-FOR-US: Microsoft Windows
CVE-2008-4022
	REJECTED
CVE-2008-4021
	REJECTED
CVE-2008-4020
	NOT-FOR-US: Microsoft Office
CVE-2008-4019
	NOT-FOR-US: Microsoft Office
CVE-2008-4109
	{DSA-1638-1 CVE-2006-5051}
	- openssh 1:4.6p1-1 (low)
	NOTE: The patch backported for CVE-2006-5051 was incorrect and did not
	NOTE: fully address the issue. The upstream fix in 4.4p1 was
	NOTE: right, and it the next unstable upload after that was 4.6p1.
CVE-2008-4100
	- adns 1.4-2 (unimportant; bug #492698)
	NOTE: adns is not supported in untrusted contexts, fix documents this in README.Debian
CVE-2008-4099
	{DSA-1619-1}
	- python-dns 2.3.1-5 (low; bug #490217)
CVE-2008-4096
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8.1-2 (medium)
CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
	- smsclient <unfixed> (unimportant; bug #498901)
	NOTE: script is not in use and only a suggestion for users
CVE-2008-4108
	- python-defaults <unfixed> (unimportant; bug #498899)
	NOTE: script is an example, which can be used by users
CVE-2008-4018
	NOT-FOR-US: IBM AIX
CVE-2008-4017
	NOT-FOR-US: Oracle
CVE-2008-4016
	NOT-FOR-US: Oracle
CVE-2008-4015
	NOT-FOR-US: Oracle
CVE-2008-4014
	NOT-FOR-US: Oracle
CVE-2008-4013
	NOT-FOR-US: BEA WebLogic
CVE-2008-4012
	NOT-FOR-US: BEA WebLogic
CVE-2008-4011
	NOT-FOR-US: BEA WebLogic
CVE-2008-4010
	NOT-FOR-US: BEA WebLogic
CVE-2008-4009
	NOT-FOR-US: BEA WebLogic
CVE-2008-4008
	NOT-FOR-US: BEA WebLogic
CVE-2008-4007
	NOT-FOR-US: Oracle
CVE-2008-4006
	NOT-FOR-US: Oracle
CVE-2008-4005
	NOT-FOR-US: Oracle
CVE-2008-4004
	NOT-FOR-US: Oracle
CVE-2008-4003
	NOT-FOR-US: Oracle
CVE-2008-4002
	NOT-FOR-US: Oracle
CVE-2008-4001
	NOT-FOR-US: Oracle
CVE-2008-4000
	NOT-FOR-US: Oracle
CVE-2008-3999
	NOT-FOR-US: Oracle
CVE-2008-3998
	NOT-FOR-US: Oracle
CVE-2008-3997
	NOT-FOR-US: Oracle
CVE-2008-3996
	NOT-FOR-US: Oracle
CVE-2008-3995
	NOT-FOR-US: Oracle
CVE-2008-3994
	NOT-FOR-US: Oracle
CVE-2008-3993
	NOT-FOR-US: Oracle
CVE-2008-3992
	NOT-FOR-US: Oracle
CVE-2008-3991
	NOT-FOR-US: Oracle
CVE-2008-3990
	NOT-FOR-US: Oracle
CVE-2008-3989
	NOT-FOR-US: Oracle
CVE-2008-3988
	NOT-FOR-US: Oracle
CVE-2008-3987
	NOT-FOR-US: Oracle
CVE-2008-3986
	NOT-FOR-US: Oracle
CVE-2008-3985
	NOT-FOR-US: Oracle
CVE-2008-3984
	NOT-FOR-US: Oracle
CVE-2008-3983
	NOT-FOR-US: Oracle
CVE-2008-3982
	NOT-FOR-US: Oracle
CVE-2008-3981
	NOT-FOR-US: Oracle
CVE-2008-3980
	NOT-FOR-US: Oracle
CVE-2008-3979
	NOT-FOR-US: Oracle
CVE-2008-3978
	NOT-FOR-US: Oracle
CVE-2008-3977
	NOT-FOR-US: Oracle
CVE-2008-3976
	NOT-FOR-US: Oracle
CVE-2008-3975
	NOT-FOR-US: Oracle
CVE-2008-3974
	NOT-FOR-US: Oracle
CVE-2008-3973
	NOT-FOR-US: Oracle
CVE-2008-3972
	{DSA-1627-2}
	- opensc 0.11.4-5
CVE-2008-3971
	- gmanedit 0.4.1-1.1 (low; bug #497835)
	[etch] - gmanedit <no-dsa> (Minor issue)
CVE-2008-3970
	{DTSA-169-1}
	- libpam-mount 0.48-1 (low; bug #499841)
CVE-2008-3969
	- bitlbee 1.2.3-1 (bug #498159)
	[etch] - bitlbee <not-affected> (1.0.x not affected)
CVE-2008-3968
	NOT-FOR-US: PunBB
CVE-2008-3967
	NOT-FOR-US: MyBB
CVE-2008-3966
	NOT-FOR-US: MyBB
CVE-2008-3965
	NOT-FOR-US: MyBB
CVE-2008-3961
	NOT-FOR-US: Adobe Illustrator
CVE-2008-3960
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3959
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3958
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3957
	NOT-FOR-US: Microsoft
CVE-2008-3956
	NOT-FOR-US: Microsoft
CVE-2008-3955
	NOT-FOR-US: Masir Camp E-Shop Module
CVE-2008-3954
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-3953
	NOT-FOR-US: Vastal I-Tech Shaadi Zone
CVE-2008-3952
	NOT-FOR-US: EsFaq
CVE-2008-3951
	NOT-FOR-US: The Real Estate Script
CVE-2008-3950
	- webkit <not-affected> (Vulnerable code not present)
	NOTE: bug #500306
CVE-2008-3949
	- emacs22 22.2+2-4 (low; bug #499568)
	- emacs21 <not-affected> (doesn't provide the python functionality)
	- xemacs21 <not-affected> (doesn't provide the python functionality)
	NOTE: This can happen with any Python script, just because Emacs autoloads one
	NOTE: doesn't make it much worse
CVE-2008-3948
	NOT-FOR-US: XRMS CRM
CVE-2008-3947
	NOT-FOR-US: OpenVMS
CVE-2008-3946
	NOT-FOR-US: OpenVMS
CVE-2008-3945
	NOT-FOR-US: Words tag
CVE-2008-3944
	NOT-FOR-US: ACG-PTP
CVE-2008-3943
	NOT-FOR-US: eZoneScripts Living Local
CVE-2008-3942
	NOT-FOR-US: Full PHP Emlak Script
CVE-2008-3941
	NOT-FOR-US: BizDirectory
CVE-2008-3940
	NOT-FOR-US: OpenVMS
CVE-2008-3939
	NOT-FOR-US: AVTECH PageR Enterprise
CVE-2008-3938
	NOT-FOR-US: Open Media Collectors Database
CVE-2008-3937
	NOT-FOR-US: Open Media Collectors Database
CVE-2008-3936
	NOT-FOR-US: Dreambox DM500C
CVE-2008-3935
	NOT-FOR-US: DIC shop_v50
CVE-2008-3931
	- r-base-core-ra 1.1.1-2 (low; bug #496363)
	- r-base 2.7.2-1 (low; bug #496418)
	[etch] - r-base <no-dsa> (Minor issue)
	[lenny] - r-base 2.7.1-1+lenny1
CVE-2008-3930
	- citadel 7.37-3 (low; bug #496359)
CVE-2008-3929
	- ampache 3.4.1-2 (unimportant; bug #496369)
	NOTE: Tracking as unimportant, since the script is only used
	NOTE: when translating ampache to a new language
CVE-2008-3928
	- honeyd 1.5c-5 (unimportant; bug #496365)
	NOTE: Script not used by package, only a manual test script
CVE-2008-3927
	- tiger 1:3.2.2-4 (unimportant; bug #496415)
	NOTE: Tracking as unimportant, since the script is only used
	NOTE: during build time
CVE-2008-3926
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3925
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3924
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3923
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3922
	NOT-FOR-US: AWStats Totals
CVE-2008-3921
	NOT-FOR-US: AWStats Totals
CVE-2008-3919
	NOT-FOR-US: JustSystems Ichitaro
CVE-2008-3918
	NOT-FOR-US: Ovidentia
CVE-2008-3917
	NOT-FOR-US: Ovidentia
CVE-2008-3916
	- ed 0.7-2 (low)
	[etch] - ed <no-dsa> (Minor issue)
CVE-2008-3915
	{DSA-1636-1}
	- linux-2.6 2.6.26-5
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.19)
	NOTE: 91b80969ba466ba4b915a4a1d03add8c297add3f
CVE-2008-3911
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
CVE-2008-3906
	- mono 1.9.1+dfsg-4 (low; bug #498894)
CVE-2008-3905
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #498978)
	- ruby1.9 1.9.0.2-6 (bug #498977)
CVE-2008-3903
	{DSA-1952-1}
	- asterisk 1:1.6.1.0~dfsg-1 (low; bug #522528)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - asterisk <no-dsa> (Minor issue)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2009-003.html
CVE-2008-3902
	NOT-FOR-US: HP firmware 68DTT
CVE-2008-3962
	- ssmtp 2.62-1.1 (low; bug #498366)
	[etch] - ssmtp <no-dsa> (Minor issue, only affects rare corner cases)
CVE-2008-3963
	{DSA-1783-1}
	- mysql-dfsg-5.0 5.0.51a-15 (low; bug #498362)
CVE-2008-3964
	- libpng 1.2.27-2 (low; bug #501109)
	[etch] - libpng <not-affected> (Vulnerable code not present)
	NOTE: off-by-one error in pngpread.c is not present, must have
	NOTE: been introduced later, but pngtest.c is affected. However, there
	NOTE: is no known exploit.
CVE-2008-3912
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-3913
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-3914
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-3934
	{DTSA-167-1}
	- wireshark 1.0.3-1 (bug #497878)
	[etch] - wireshark <not-affected> (Only >= 0.99.6)
CVE-2008-3933
	{DSA-1673-1 DTSA-167-1}
	- wireshark 1.0.3-1 (low; bug #497878)
CVE-2008-3932
	{DTSA-167-1}
	- wireshark 1.0.3-1 (low; bug #497878)
CVE-2008-3904
	- gpicview 0.1.9-2 (low; bug #498022)
CVE-2008-3909
	{DSA-1640-1}
	- python-django 1.0-1
	NOTE: http://www.djangoproject.com/weblog/2008/sep/02/security/
CVE-2008-3910
	- dns2tcp 0.4.dfsg-2 (medium; bug #497730)
CVE-2008-3901
	- linux-patch-tuxonice <not-affected> (Fixed before initial upload)
CVE-2008-3900
	NOT-FOR-US: Intel firmware
CVE-2008-3899
	NOT-FOR-US: TrueCrypt
CVE-2008-3898
	NOT-FOR-US: Secu Star DriveCrypt
CVE-2008-3897
	NOT-FOR-US: DiskCryptor
CVE-2008-3896
	- grub <unfixed> (unimportant)
	NOTE: you need to be root on linux to do this, root can easily edit menu.lst anyway
CVE-2008-3895
	- lilo <unfixed> (unimportant)
	NOTE: you need to be root on linux to do this, root can edit the configuration anyway
CVE-2008-3894
	NOT-FOR-US: IBM Lenovo firmware
CVE-2008-3893
	NOT-FOR-US: Bitlocker
CVE-2008-3892
	NOT-FOR-US: VMware COM API
CVE-2008-3891
	NOT-FOR-US: SAML Service for Google Apps
CVE-2008-3890
	- kfreebsd-6 6.3-7
	- kfreebsd-7 7.0-5
CVE-2008-3888
	NOT-FOR-US: Mini-NUKE Freehost
CVE-2008-3887
	NOT-FOR-US: dotProject
CVE-2008-3886
	NOT-FOR-US: dotProject
CVE-2008-3885
	NOT-FOR-US: Blogn
CVE-2008-3884
	NOT-FOR-US: Blogn
CVE-2008-3883
	- caudium 1.4.12-11.1 (low; bug #496404)
CVE-2008-3882
	- zoneminder 1.24.1-1 (bug #497640)
CVE-2008-3881
	- zoneminder 1.24.1-1 (low; bug #497640)
CVE-2008-3880
	- zoneminder 1.24.1-1 (bug #497640)
CVE-2008-3879
	NOT-FOR-US: ActiveX control in OfficeCtrl.ocx
CVE-2008-3878
	NOT-FOR-US: ActiveX control in OfficeCtrl.ocx
CVE-2008-3877
	NOT-FOR-US: Acoustica Mixcraft
CVE-2008-3876
	NOT-FOR-US: Apple iPhone
CVE-2008-3875
	NOT-FOR-US: Sun Solaris 8
CVE-2008-3874
	NOT-FOR-US: Lussumo Vanilla
CVE-2008-3873
	NOT-FOR-US: Adobe Flash Player
CVE-2008-3872
	NOT-FOR-US: Adobe Flash Player
CVE-2008-3871
	NOT-FOR-US: UltraISO
CVE-2008-3870
	NOT-FOR-US: Sun Solaris
CVE-2008-3869
	NOT-FOR-US: Sun Solaris
CVE-2008-3868
	NOT-FOR-US: Interact
CVE-2008-3867
	NOT-FOR-US: Interact
CVE-2008-3866
	NOT-FOR-US: Trend Micro Personal Firewall
CVE-2008-3865
	NOT-FOR-US: Trend Micro Network Security Component
CVE-2008-3864
	NOT-FOR-US: Trend Micro Network Security Component
CVE-2008-3863
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-3862
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-3861
	NOT-FOR-US: phpMyRealty
CVE-2008-3860
	NOT-FOR-US: IBM, Lotus Quickr 8.1
CVE-2008-3859
	NOT-FOR-US: Davlin Thickbox Gallery
CVE-2008-3858
	NOT-FOR-US: IBM DB2
CVE-2008-3857
	NOT-FOR-US: IBM DB2
CVE-2008-3856
	NOT-FOR-US: IBM DB2
CVE-2008-3855
	NOT-FOR-US: IBM DB2
CVE-2008-3854
	NOT-FOR-US: IBM DB2
CVE-2008-3853
	NOT-FOR-US: IBM DB2
CVE-2008-3852
	NOT-FOR-US: IBM DB2
CVE-2008-3851
	NOT-FOR-US: Pluck CMS
CVE-2008-3850
	NOT-FOR-US: Accellion File Transfer
CVE-2008-3849
	NOT-FOR-US: Civic Website Manager
CVE-2008-3848
	NOT-FOR-US: Z-Breaknews
CVE-2008-3847
	NOT-FOR-US: AN Guestbook
CVE-2008-3846
	NOT-FOR-US: mysql-lists
CVE-2008-3845
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2008-XXXX [nfdump vulnerable to symlink attacks]
	- nfdump 1.5.7-5 (bug #497452)
CVE-2008-3889
	- postfix 2.5.5-1 (low)
	[etch] - postfix <not-affected> (Vulnerable code not present)
	NOTE: http://www.postfix.org/announcements/20080902.html
CVE-2008-3908
	{DSA-1634-1 DTSA-163-1}
	- wordnet 1:3.0-12 (medium; bug #497441)
	[lenny] - wordnet 3.0-11+lenny1
	[etch] - wordnet 1:2.1-4+etch1
	NOTE: 1:3.0-12 had a regression and the patch was slightly updated
	NOTE: by 1:3.0-13 to fix this bug
CVE-2008-3907
	{DTSA-164-1 DTSA-164-2}
	[lenny] - newsbeuter 0.9.1-1+lenny3
	- newsbeuter 1.2-1 (medium)
	NOTE: medium as versions < 1.0-1 didn't include a patch to wrap long article URLs so the
	NOTE: crafted part of the URL can be hidden. This of course only affects people not reading
	NOTE: articles in the built-in reader.
CVE-2008-3920
	- bitlbee 1.2.2-1
	[etch] - bitlbee <not-affected> (1.0.x not affected)
CVE-2008-4978
	- radiance 3R9+20080530-4 (low; bug #496423)
CVE-2008-3844
	NOT-FOR-US: Red Hat services issue
CVE-2008-3843
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-3842
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-3841
	NOT-FOR-US: Freeway eCommerce
CVE-2008-3840
	NOT-FOR-US: Crafty Syntax Live Help (CSLH)
CVE-2008-3839
	NOT-FOR-US: Solaris
CVE-2008-3838
	NOT-FOR-US: Solaris
CVE-2008-3837
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.3-1 (low)
	- xulrunner 1.9.0.3-1 (low)
	- iceape 1.1.12-1 (low)
CVE-2008-3836
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
CVE-2008-3835
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.1-1
	- iceweasel 3.0.1-1
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-3834
	{DSA-1658-1}
	- dbus 1.2.1-4 (bug #501443)
CVE-2008-3833
	{DSA-1653-1}
	- linux-2.6 2.6.19-1
	- linux-2.6.24 <not-affected> (Fixed in upstream before 2.6.24)
CVE-2008-3832
	- linux-2.6 <not-affected> (Fedora-specific patch)
	- linux-2.6.24 <not-affected> (Fedora-specific patch)
CVE-2008-3831
	{DSA-1655-1}
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6 2.6.26-9
CVE-2008-3830
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3829
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3828
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3827
	{DSA-1644-1 DTSA-168-1}
	- mplayer 1.0~rc2-18 (medium; bug #500683)
	NOTE: http://www.ocert.org/advisories/ocert-2008-013.html
CVE-2008-3826
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3825
	NOT-FOR-US: Different code base than Debian's libpam-krb5
CVE-2008-3824
	{DSA-1642-1 DTSA-165-1}
	- horde3 3.2.2+debian0-1 (low; bug #499579)
CVE-2008-3823
	{DSA-1642-1 DTSA-165-1}
	- horde3 3.2.2+debian0-1 (low; bug #499579)
CVE-2008-3822
	REJECTED
CVE-2008-3821
	NOT-FOR-US: Cisco IOS
CVE-2008-3820
	NOT-FOR-US: Cisco Security Manager
CVE-2008-3819
	NOT-FOR-US: Cisco Application Control Engine Global Site Selector (GSS)
CVE-2008-3818
	NOT-FOR-US: Cisco ONS
CVE-2008-3817
	NOT-FOR-US: Cisco
CVE-2008-3816
	NOT-FOR-US: Cisco
CVE-2008-3815
	NOT-FOR-US: Cisco
CVE-2008-3814
	NOT-FOR-US: Cisco
CVE-2008-3813
	NOT-FOR-US: Cisco IOS
CVE-2008-3812
	NOT-FOR-US: Cisco IOS
CVE-2008-3811
	NOT-FOR-US: Cisco IOS
CVE-2008-3810
	NOT-FOR-US: Cisco IOS
CVE-2008-3809
	NOT-FOR-US: Cisco IOS
CVE-2008-3808
	NOT-FOR-US: Cisco IOS
CVE-2008-3807
	NOT-FOR-US: Cisco IOS
CVE-2008-3806
	NOT-FOR-US: Cisco IOS
CVE-2008-3805
	NOT-FOR-US: Cisco IOS
CVE-2008-3804
	NOT-FOR-US: Cisco IOS
CVE-2008-3803
	NOT-FOR-US: Cisco IOS
CVE-2008-3802
	NOT-FOR-US: Cisco IOS
CVE-2008-3801
	NOT-FOR-US: Cisco IOS
CVE-2008-3800
	NOT-FOR-US: Cisco IOS
CVE-2008-3799
	NOT-FOR-US: Cisco IOS
CVE-2008-3798
	NOT-FOR-US: Cisco IOS
CVE-2008-3797
	RESERVED
CVE-2008-3796
	- swfdec0.6 0.6.8-1
CVE-2008-3795
	NOT-FOR-US: WS_FTP Home
CVE-2008-3793
	RESERVED
	NOT-FOR-US: Adobe Flash Player
CVE-2008-3792
	{DSA-1636-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-4
	[etch] - linux-2.6 <not-affected>
CVE-2008-3788
	NOT-FOR-US: PICTURESPRO Photo Cart 3.9
CVE-2008-3787
	NOT-FOR-US: Web Directory Script
CVE-2008-3786
	NOT-FOR-US: PICTURESPRO Photo Cart 3.9
CVE-2008-3785
	NOT-FOR-US: MiaCMS
CVE-2008-3784
	NOT-FOR-US: BtiTracker
CVE-2008-3783
	NOT-FOR-US: Matterdaddy Market
CVE-2008-3782
	NOT-FOR-US: ACG-PTP
CVE-2008-3781
	NOT-FOR-US: GMOD GBrowse
CVE-2008-3780
	NOT-FOR-US: Five Star Review Script
CVE-2008-3779
	NOT-FOR-US: Five Star Review Script
CVE-2008-3778
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-3777
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-3776
	NOT-FOR-US: Fujitsu Web-Based Admin View
CVE-2008-3775
	NOT-FOR-US: Folder Lock
CVE-2008-3774
	NOT-FOR-US: Simasy CMS
CVE-2008-3773
	NOT-FOR-US: vBulletin
CVE-2008-3772
	NOT-FOR-US: Pars4u Videosharing
CVE-2008-3771
	NOT-FOR-US: Pars4u Videosharing
CVE-2008-3770
	NOT-FOR-US: Freeway
CVE-2008-3769
	NOT-FOR-US: Freeway
CVE-2008-3768
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2008-3767
	NOT-FOR-US: phpBazar
CVE-2008-3766
	NOT-FOR-US: Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon)
CVE-2008-3765
	NOT-FOR-US: Quick Poll Script
CVE-2008-3764
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3763
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3762
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3761
	NOT-FOR-US: VMware Workstation
	NOTE: we only share a package to build VMware
CVE-2008-3760
	NOT-FOR-US: Vanilla
CVE-2008-3759
	NOT-FOR-US: Vanilla
CVE-2008-3758
	NOT-FOR-US: Vanilla
CVE-2008-3757
	NOT-FOR-US: YourFreeWorld
CVE-2008-3756
	NOT-FOR-US: YourFreeWorld
CVE-2008-3755
	NOT-FOR-US: YourFreeWorld
CVE-2008-3754
	NOT-FOR-US: YourFreeWorld
CVE-2008-3753
	NOT-FOR-US: YourFreeWorld
CVE-2008-3752
	NOT-FOR-US: YourFreeWorld
CVE-2008-3751
	NOT-FOR-US: YourFreeWorld
CVE-2008-3750
	NOT-FOR-US: YourFreeWorld
CVE-2008-3749
	NOT-FOR-US: Banner Management Script
CVE-2008-3748
	NOT-FOR-US: Active PHP Bookmarks
CVE-2008-4952
	- emacs-jabber 0.7.91-2 (low; bug #496428)
	[etch] - emacs-jabber <no-dsa> (Minor issue)
CVE-2008-4987
	- xastir 1.9.2-1.1 (low; bug #496383)
	[etch] - xastir <no-dsa> (Minor issue)
CVE-2008-4477
	{DSA-1648-1}
	- mon 0.99.2-13 (medium; bug #496398)
CVE-2008-3790
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #496808)
	- ruby1.9 1.9.0.2-6 (bug #497610)
CVE-2008-4939
	- apertium 3.0.7+1-1.1 (low; bug #496395)
	[etch] - apertium <no-dsa> (Minor issue)
CVE-2008-4946
	- convirt 0.9.6-1 (medium; bug #496419)
CVE-2008-4942
	- audiolink 0.05-1.1 (low; bug #496433)
	[etch] - audiolink <no-dsa> (Minor issue)
CVE-2008-4968
	- lmbench 3.0-a9-1 (low; bug #496427)
	[etch] - lmbench <no-dsa> (Non-free not supported)
CVE-2008-4975
	- newsgate <removed> (low; bug #496437)
	[etch] - newsgate <no-dsa> (Non-free not supported)
CVE-2008-4973
	- myspell 1:3.0+pre3.1-21 (low; bug #496392)
	[etch] - myspell <no-dsa> (Minor issue)
CVE-2008-4976
	- ogle <removed> (unimportant; bug #496420; bug #496425)
	NOTE: This only affects debugging scripts not present in standard path
CVE-2008-3789
	{DTSA-161-1}
	- samba 2:3.2.3-1 (bug #496073; medium)
	[etch] - samba <not-affected> (Only affects Samba 3.2.x)
CVE-2008-XXXX [insecure temp file in nvi]
	- nvi 1.81.6-4 (low; bug #496462)
	[etch] - nvi <no-dsa> (Minor issue, only exploitable in postinst)
CVE-2008-4982
	- rkhunter 1.3.2-6 (low; bug #496375)
	[etch] - rkhunter <no-dsa> (Minor issue, only in debug mode)
CVE-2008-4984
	- scratchbox2 1.99.0.24-2 (low; bug #496409)
CVE-2008-4981
	- realtimebattle 1.0.8-8 (low; bug #496385)
	[etch] - realtimebattle <no-dsa> (Minor issue)
CVE-2008-4972
	- mgt 2.31-6 (low; bug #496434)
	[etch] - mgt <no-dsa> (Minor issue)
CVE-2008-4998
	- twiki 1:4.1.2-4 (low; bug #494648)
CVE-2008-4971
	- mafft 6.240-2 (low; bug #496366)
CVE-2008-4993
	- xen-3 3.4.0-1 (low; bug #496367)
	[etch] - xen-3 <no-dsa> (Minor issue)
CVE-2008-4936
	- mgetty 1.1.36-1.3 (low; bug #496403)
	[etch] - mgetty <no-dsa> (Minor issue)
CVE-2008-4476
	- sympa 5.3.4-5.1 (low; bug #496405; bug #494969)
	[etch] - sympa <no-dsa> (Minor issues)
CVE-2008-4935
	- aview 1.3.0rc1-8.1 (low; bug #496422)
	[etch] - aview <no-dsa> (Minor issue)
CVE-2008-4956
	- fwbuilder 2.1.19-5 (low; bug #496406)
	[etch] - fwbuilder <no-dsa> (Minor issue)
CVE-2008-4440
	{DSA-1643-1}
	- feta 1.4.16+nmu1 (low; bug #496397)
CVE-2008-4977
	- postfix <unfixed> (unimportant; bug #496401)
	NOTE: Not enabled by default, needs manual modification of a script
CVE-2008-4944
	- cdcontrol <removed> (low; bug #496438)
	[etch] - cdcontrol <no-dsa> (Minor issue)
CVE-2008-4951
	- dtc 0.29.10-1 (low; bug #496362)
CVE-2008-4994
	- xmcd 2.6-21 (low; bug #496416)
	[etch] - xmcd <no-dsa> (Minor issue)
CVE-2008-4988
	- xcal 4.1-19 (low; bug #496393)
	[etch] - xcal <no-dsa> (Minor issue)
CVE-2008-3791
	- gpicview 0.1.9-2 (low; bug #495968)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869
CVE-2008-XXXX [Overwrite symlink without check]
	- gpicview 0.1.10-1 (unimportant; bug #497005)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019485&group_id=180858&atid=894869
	NOTE: CVE id requested
	NOTE: non-issue, not exploitable by other users
CVE-2008-XXXX [Overwrite certain images without notice]
	- gpicview 0.1.10-1 (unimportant; bug #497005)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869
	NOTE: non-issue, not exploitable by other users
	NOTE: CVE id requested
CVE-2008-4937
	- openoffice.org 1:2.4.1-8 (low; bug #496361)
	[etch] - openoffice.org <not-affected> (Vulnerable code not present)
	NOTE: also not present in 3.0.0, only in 2.4.1. Fix pending upload.
CVE-2008-4979
	- rancid 2.3.2~a8-2 (low; bug #496426)
	[etch] - rancid <no-dsa> (Minor issue)
CVE-2008-4985
	- vdr 1.6.0-6 (low; bug #496421)
	[etch] - vdr <not-affected> (Vulnerable code not present)
CVE-2008-5007
	- lazarus 0.9.24-0-11 (unimportant; bug #496377)
	NOTE: vulnerable script only called when updating the source
	NOTE: thus neither actively used nor invoked automatically
CVE-2008-3794
	{DSA-1819-1 DTSA-166-1}
	- vlc 0.8.6.h-4 (medium; bug #496265)
CVE-2008-3747
	- wordpress 2.5.1-6 (low; bug #497216)
	[etch] - wordpress <not-affected> (Does not have force-sll mechanism)
CVE-2008-3746
	- neon27 0.28.2-4
	- neon26 <not-affected> (Issue was introduced in 0.28)
CVE-2008-3739
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3738
	NOT-FOR-US: SpaceTag LacoodaST
CVE-2008-3737
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3736
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3735
	NOT-FOR-US: PHPizabi
CVE-2008-3734
	NOT-FOR-US: WS_FTP Home
CVE-2008-3733
	NOT-FOR-US: EO Video
CVE-2008-3732
	{DTSA-166-1}
	- vlc 0.8.6.h-2
	[etch] - vlc <not-affected> (TTA module not present)
CVE-2008-3731
	NOT-FOR-US: Serv-U File
CVE-2008-3730
	NOT-FOR-US: NOAH
CVE-2008-3729
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3728
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3727
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3726
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3725
	NOT-FOR-US: YourFreeWorld Ad Board Script
CVE-2008-3724
	NOT-FOR-US: Papoo
CVE-2008-3723
	NOT-FOR-US: PHPizabi
CVE-2008-3722
	NOT-FOR-US: fipsCMS
CVE-2008-3721
	NOT-FOR-US: DeeEmm CMS
CVE-2008-3720
	NOT-FOR-US: DeeEmm CMS
CVE-2008-3719
	NOT-FOR-US: SFS Affiliate Directory
CVE-2008-3718
	NOT-FOR-US: cyberBB
CVE-2008-3717
	NOT-FOR-US: Harmoni
CVE-2008-3716
	NOT-FOR-US: Harmoni
CVE-2008-3715
	NOT-FOR-US: FlexCMS
CVE-2008-3714
	{DSA-1679-1}
	- awstats 6.7.dfsg-5.1 (bug #495432; low)
	NOTE: upstream bug 2001151
CVE-2008-3713
	NOT-FOR-US: PHPBasket
CVE-2008-3712
	NOT-FOR-US: Mambo
CVE-2008-3711
	NOT-FOR-US: PHPArcadeScript
CVE-2008-3710
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3709
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3708
	NOT-FOR-US: dotCMS
CVE-2008-3707
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3706
	NOT-FOR-US: ZEEJOBSITE
CVE-2008-3705
	NOT-FOR-US: EchoVNC Linux
CVE-2008-3704
	NOT-FOR-US: Msmask32.ocx
CVE-2008-3703
	NOT-FOR-US: Symantec Veritas Storage Foundation
CVE-2008-3702
	NOT-FOR-US: SpeedBit Download Accelerator Plus
CVE-2008-3701
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-3700
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-3698
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3697
	NOT-FOR-US: VMware Server on Windows
CVE-2008-3696
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3695
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3694
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3693
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3692
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3691
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3690
	RESERVED
CVE-2008-3689
	RESERVED
CVE-2008-3688
	{DTSA-159-1}
	- havp 0.88-1.1 (bug #496034)
CVE-2008-3687
	- xen-3 <not-affected> (Not compiled with XSM:FLASK)
CVE-2008-3686
	- linux-2.6.24 <not-affected> (Vulnerable code was introduced in 2.6.26)
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.26)
CVE-2008-3685
	NOT-FOR-US: EMC Documentum ApplicationXtender Workflow
CVE-2008-3684
	NOT-FOR-US: EMC Documentum ApplicationXtender Workflow
CVE-2008-3683
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2008-3682
	NOT-FOR-US: YPN PHP Realty
CVE-2008-3681
	NOT-FOR-US: Joomla!
CVE-2008-3680
	NOT-FOR-US: Flagship Industries Ventrilo
CVE-2008-3679
	NOT-FOR-US: IDevSpot PhpLinkExchange
CVE-2008-3678
	NOT-FOR-US: Freeway
CVE-2008-3677
	NOT-FOR-US: Freeway
CVE-2008-3676
	NOT-FOR-US: hMailServer
CVE-2008-3675
	NOT-FOR-US: Gelato
CVE-2008-3674
	NOT-FOR-US: PozScripts TubeGuru Video Sharing Script
CVE-2008-3673
	NOT-FOR-US: PozScripts Classified Ads
CVE-2008-3672
	NOT-FOR-US: PozScripts Classified Ads
CVE-2008-3671
	NOT-FOR-US: Echo Server
CVE-2008-3670
	NOT-FOR-US: Article Friendly Pro
CVE-2008-3669
	NOT-FOR-US: ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP
CVE-2008-3668
	NOT-FOR-US: XOOPS
CVE-2008-3667
	NOT-FOR-US: Maxthon Browser
CVE-2008-3699
	- amarok 1.4.10-1 (unimportant; bug #494765)
	[etch] - amarok <not-affected>
	NOTE: The code in question doesn't dereference the symlink, tested with Etch
	NOTE: and Lenny. Given that it only takes a minute to test this, it's surprising
	NOTE: that at least one vendor issued an advisory and upstream pushed a new release...
CVE-2008-3740
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3741
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3742
	{DTSA-156-1}
	- drupal5 5.10-1 (medium; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3743
	{DTSA-156-1}
	- drupal5 <not-affected> (Vulnerable code not present)
	- drupal-4.7 <removed>
CVE-2008-3744
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3745
	{DTSA-156-1}
	- drupal5 <not-affected> (Vulnerable code only present in 6.x)
	- drupal-4.7 <removed>
CVE-2008-3666
	NOT-FOR-US: Sun Solaris 10
CVE-2008-3665
	RESERVED
CVE-2008-3664
	NOT-FOR-US: XRMS CRM
CVE-2008-3663
	- squirrelmail 2:1.4.15-3 (low; bug #499942)
	[etch] - squirrelmail <no-dsa> (less important and fix changes behaviour)
	NOTE: only relevant for installations that are also offered over http
	NOTE: which isn't normally a good idea anyway. Fixing in stable will
	NOTE: change behaviour so not really suited for DSA.
CVE-2008-3662
	- gallery 1.5.9-1
	- gallery2 2.2.6-1
CVE-2008-3661
	- drupal5 5.10-2 (low; bug #501063)
	- drupal6 6.4-2 (low; bug #501058)
	NOTE: drupal upstreams advise the users to set session.cookie_secure in the php configuration
	NOTE: to fix this has been documented in README.Debian
CVE-2008-3660
	{DSA-1647-1}
	- php5 5.2.6-4 (medium)
	- php4 <removed>
	NOTE: *not* duplicate after all, needs review
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.57&r2=1.267.2.15.2.58&view=patch
CVE-2008-3659
	{DSA-1647-1}
	- php4 <removed>
	- php5 5.2.6-4 (medium)
	NOTE: php5 -d memory_limit=256M -r '$res = explode(str_repeat("A",145999999),1);'
	NOTE: (From upstream's ext/standard/tests/strings/explode_bug.phpt)
	NOTE: could not reproduce locally
	NOTE: fix in pkg-php svn for both etch and sid
CVE-2008-3658
	{DSA-1647-1}
	- php4 <removed>
	- php5 5.2.6-4 (medium)
	NOTE: fix in pkg-php svn for both etch and sid
CVE-2008-3657
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3656
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3655
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3654
	- tikiwiki <removed>
CVE-2008-3653
	- tikiwiki <removed>
CVE-2008-3652
	- ipsec-tools 0.7.1-1.2 (low; bug #501026)
	[etch] - ipsec-tools <no-dsa> (Minor issue)
	NOTE: attacker needs to be authenticated, see https://bugzilla.redhat.com/show_bug.cgi?id=456660
CVE-2008-3651
	- ipsec-tools 1:0.7.1-1 (low; bug #495214)
	[etch] - ipsec-tools <no-dsa> (Minor issue)
CVE-2008-3650
	- horde3 3.2.1+debian0-1 (low; bug #495332)
	- turba2 2.2.1-1
	[etch] - turba2 <not-affected> (Vulnerable code not present)
	[etch] - horde3 <not-affected> (dup of CVE-2008-3330)
	NOTE: this is actually two issues:
	NOTE: - one a dup of CVE-2008-3330 in horde3
	NOTE: - another an issue in turba2
CVE-2008-3649
	NOT-FOR-US: Article Friendly Standard
CVE-2008-3648
	NOT-FOR-US: Microsoft Windows
CVE-2008-3647
	NOT-FOR-US: Mac OS
CVE-2008-3646
	NOT-FOR-US: MacOS-only problem
CVE-2008-3645
	NOT-FOR-US: Mac OS
CVE-2008-3644
	NOT-FOR-US: Apple Safari
CVE-2008-3643
	NOT-FOR-US: Mac OS
CVE-2008-3642
	NOT-FOR-US: Mac OS
CVE-2008-3641
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3640
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3639
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3638
	NOT-FOR-US: Mac OSX
CVE-2008-3637
	NOT-FOR-US: Mac OSX
CVE-2008-3636
	NOT-FOR-US: Apple iTunes
CVE-2008-3635
	NOT-FOR-US: Apple Quick Times
CVE-2008-3634
	NOT-FOR-US: Apple iTunes
CVE-2008-3633
	RESERVED
CVE-2008-3632
	- webkit 1.0.1-4 (bug #499771)
	- qt4-x11 4:4.6.2-4 (bug #561760)
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
	NOTE: http://trac.webkit.org/changeset/34815
CVE-2008-3631
	NOT-FOR-US: Apple iPod
CVE-2008-3630
	NOT-FOR-US: Apple Bonjour
CVE-2008-3629
	NOT-FOR-US: Apple QuickTime
CVE-2008-3628
	NOT-FOR-US: Apple QuickTime
CVE-2008-3627
	NOT-FOR-US: Apple QuickTime
CVE-2008-3626
	NOT-FOR-US: Apple QuickTime
CVE-2008-3625
	NOT-FOR-US: Apple QuickTime
CVE-2008-3624
	NOT-FOR-US: Apple QuickTime
CVE-2008-3623
	NOT-FOR-US: Apple Safari on Windows
CVE-2008-3622
	NOT-FOR-US: Mac OS X
CVE-2008-3621
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3620
	RESERVED
CVE-2008-3619
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3618
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3617
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3616
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3615
	NOT-FOR-US: Apple QuickTime
CVE-2008-3614
	NOT-FOR-US: Apple QuickTime
CVE-2008-3613
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3612
	NOT-FOR-US: Apple iPod
CVE-2008-3611
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3610
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3609
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3608
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3607
	NOT-FOR-US: NoticeWare Email Server NG
CVE-2008-3606
	NOT-FOR-US: Qbik WinGate
CVE-2008-3605
	NOT-FOR-US: McAfee Encrypted USB Manager
CVE-2008-3604
	NOT-FOR-US: ZeeBuddy
CVE-2008-3603
	NOT-FOR-US: Vacation Rental Script
CVE-2008-3602
	NOT-FOR-US: PHP-Ring Webring System
CVE-2008-3601
	NOT-FOR-US: Quicksilver Forums
CVE-2008-3600
	- gallery <removed> (unimportant)
	- gallery2 <not-affected> (Vulnerable code not present)
	NOTE: We haven't supported installations with register_globals enabled since a long time
CVE-2008-3599
	NOT-FOR-US: OpenImpro
CVE-2008-3598
	NOT-FOR-US: psipuss
CVE-2008-3597
	NOT-FOR-US: Skulltag
CVE-2008-3596
	NOT-FOR-US: Harmoni
CVE-2008-3595
	NOT-FOR-US: txtSQL
CVE-2008-3594
	NOT-FOR-US: MagicScripts E-Store
CVE-2008-3593
	NOT-FOR-US: SyzygyCMS
CVE-2008-3592
	NOT-FOR-US: Twentyone Degrees Symphony 1.7.01
CVE-2008-3591
	NOT-FOR-US: Twentyone Degrees Symphony 1.7.01
CVE-2008-3590
	NOT-FOR-US: E. Z. Poll 2
CVE-2008-3589
	NOT-FOR-US: mozilo CMS 1.10.1
CVE-2008-3588
	NOT-FOR-US: phsBlog 0.1.1
CVE-2008-3587
	NOT-FOR-US: Homes 4 Sale
CVE-2008-3586
	NOT-FOR-US: EZ Store (com_ezstore) component for Joomla!
CVE-2008-3585
	NOT-FOR-US: PozScripts GreenCart PHP Shopping Cart
CVE-2008-3584
	NOT-FOR-US: NetBSD
CVE-2008-3583
	NOT-FOR-US: IntelliTamper 2.07
CVE-2008-3582
	NOT-FOR-US: Keld PHP-MySQL News Script 0.7.1
CVE-2008-3581
	NOT-FOR-US: Qsoft K-Links
CVE-2008-3580
	NOT-FOR-US: Qsoft K-Links
CVE-2008-3579
	NOT-FOR-US: Calacode Atmail
CVE-2008-3578
	NOT-FOR-US: HydraIRC
CVE-2008-3577
	- openttd 0.6.2-1 (unimportant)
	NOTE: no vulnerability at all, not exploitable remote or local, openttd
CVE-2008-3576
	- openttd 0.6.2-1
CVE-2008-3575
	NOT-FOR-US: ezContents CMS
CVE-2008-3574
	NOT-FOR-US: Pluck CMS
CVE-2008-3573
	NOT-FOR-US: Pligg
CVE-2008-3572
	NOT-FOR-US: Pligg
CVE-2008-3571
	NOT-FOR-US: Xerox Phaser 8400
CVE-2008-3570
	NOT-FOR-US: Africa Be Gone
CVE-2008-3569
	NOT-FOR-US: XAMPP
CVE-2008-3568
	- fckeditor <not-affected> (Vulnerable code not present)
	NOTE: unak specific change, see fckeditor/unak_changes.txt in source
CVE-2008-3567
	NOT-FOR-US: NullSoft Winamp
CVE-2008-3566
	NOT-FOR-US: ZoneO-soft freeForum
CVE-2008-3565
	NOT-FOR-US: Meeting Room Booking System (MRBS)
CVE-2008-3564
	NOT-FOR-US: Dayfox Blog
CVE-2008-3563
	NOT-FOR-US: Plogger
CVE-2008-3562
	NOT-FOR-US: Chupix CMS
CVE-2008-3561
	NOT-FOR-US: Powergap Shopsystem
CVE-2008-3560
	NOT-FOR-US: Kshop module for Xoops
CVE-2008-3559
	NOT-FOR-US: KAPhotoservice
CVE-2008-3558
	NOT-FOR-US: Webex Meeting Manager (Windows)
CVE-2008-3557
	NOT-FOR-US: Free Hosting Manager
CVE-2008-3556
	NOT-FOR-US: Battle.net Clan Script
CVE-2008-3555
	NOT-FOR-US: Wsn Knowledge Base
CVE-2008-3554
	NOT-FOR-US: Discuz!
CVE-2008-3553
	NOT-FOR-US: Nokia Series 40 3rd edition devices
CVE-2008-3552
	NOT-FOR-US: Nokia Series 40 3rd edition devices
CVE-2008-3551
	NOT-FOR-US: Sun Java Platform Micro Edition
CVE-2008-3550
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-3549
	NOT-FOR-US: Sun Solaris 10 and OpenSolaris
CVE-2008-3548
	NOT-FOR-US: Sun Netra T5220 Server
CVE-2008-3545
	NOT-FOR-US: HP OpenView
CVE-2008-3544
	NOT-FOR-US: HP OpenView
CVE-2008-3543
	NOT-FOR-US: HP-UX
CVE-2008-3542
	NOT-FOR-US: HP Insight Diagnostics
CVE-2008-3541
	REJECTED
CVE-2008-3540
	RESERVED
CVE-2008-3539
	NOT-FOR-US: HP OpenView Select Identity (HPSI)
CVE-2008-3538
	NOT-FOR-US: HP Enterprise Discovery
CVE-2008-3537
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-3536
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-3535
	{DSA-1636-1}
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	NOTE: 94ad374a0751f40d25e22e036c37f7263569d24c
	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
CVE-2008-3534
	{DSA-1636-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: 14fcc23fdc78e9d32372553ccf21758a9bd56fa1
	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
CVE-2008-3533
	{DTSA-154-1}
	- yelp 2.22.1-4 (low)
	[etch] - yelp <not-affected> (Vulnerable code not present)
CVE-2008-3531
	- kfreebsd-7 7.0-5
CVE-2008-3530
	- kfreebsd-6 6.3-7
	- kfreebsd-7 7.0-5
CVE-2008-3529
	{DSA-1654-1}
	- libxml2 2.6.32.dfsg-4 (bug #498768)
CVE-2008-3528
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
	NOTE: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
	NOTE: bd39597cbd42a784105a04010100e27267481c67 (ext2)
	NOTE: 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
	NOTE: Comment from tytso:
	NOTE: Note: some people thinks this represents a security bug, since it
	NOTE: might make the system go away while it is printing a large number of
	NOTE: console messages, especially if a serial console is involved. Hence,
	NOTE: it has been assigned CVE-2008-3528, but it requires that the attacker
	NOTE: either has physical access to your machine to insert a USB disk with a
	NOTE: corrupted filesystem image (at which point why not just hit the power
	NOTE: button), or is otherwise able to convince the system administrator to
	NOTE: mount an arbitrary filesystem image (at which point why not just
	NOTE: include a setuid shell or world-writable hard disk device file or some
	NOTE: such). Me, I think they're just being silly.
CVE-2008-3527
	{DSA-1687-1}
	- linux-2.6 2.6.21-1
CVE-2008-3526
	{DSA-1636-1}
	- linux-2.6 2.6.26-4
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	[etch] - linux-2.6 <not-affected>
CVE-2008-3525
	{DSA-1655-1 DSA-1653-1}
	- linux-2.6 2.6.26-7
	- linux-2.6.24 2.6.24-6~etchnhalf.6
CVE-2008-3524
	NOT-FOR-US: rc.sysinit on Fedora
CVE-2008-3523
	RESERVED
CVE-2008-3522
	{DSA-2080-1}
	- jasper 1.900.1-5.1 (medium; bug #501021)
	- ghostscript 8.64~dfsg-2 (medium; bug #559778)
	- gs-gpl <removed> (medium; bug #561717)
	- netpbm-free <not-affected> (dynamically links to ghostscript if available)
CVE-2008-3521
	- jasper 1.900.1-5.1 (unimportant; bug #501021)
	NOTE: file is opened with O_EXCL even if tmpnam is used in this case
CVE-2008-3520
	- jasper 1.900.1-5.1 (medium; bug #501021)
	- ghostscript 8.64~dfsg-2 (low; bug #559778)
	[lenny] - ghostscript <not-affected> (Too intrusive to backport)
	- gs-gpl <removed> (low; bug #561717)
	- netpbm-free <not-affected> (dynamically links to ghostscript if available)
CVE-2008-3519
	- jbossas4 <not-affected> (configuration not yet included in Debian package)
CVE-2008-3518
	REJECTED
CVE-2008-3517
	REJECTED
CVE-2008-3516
	NOT-FOR-US: Adobe Presenter
CVE-2008-3515
	NOT-FOR-US: Adobe Presenter
CVE-2008-3514
	NOT-FOR-US: VMware VirtualCenter
CVE-2008-3513
	NOT-FOR-US: PHP-Nuke
CVE-2008-3512
	NOT-FOR-US: PHP-Nuke
CVE-2008-3511
	NOT-FOR-US: Softbiz Image Gallery
CVE-2008-3510
	NOT-FOR-US: Crafty Syntax Live Help (CSLH)
CVE-2008-3509
	NOT-FOR-US: LoveCMS
CVE-2008-3508
	NOT-FOR-US: LiteNews
CVE-2008-3507
	NOT-FOR-US: LiteNews
CVE-2008-3506
	NOT-FOR-US: PolyPager
CVE-2008-3505
	NOT-FOR-US: PolyPager
CVE-2008-3504
	NOT-FOR-US: mask PHP File Manager (mPFM)
CVE-2008-3503
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-3502
	NOT-FOR-US: Best Practical Solutions RT
CVE-2008-3501
	NOT-FOR-US: Novell Groupwise
CVE-2008-3500
	NOT-FOR-US: suggested terms, additional drupal module
CVE-2008-3499
	NOT-FOR-US: Ektron CMS400.NET
CVE-2008-3498
	NOT-FOR-US: nBill, joomla component
CVE-2008-3497
	NOT-FOR-US: MyPHP CMS
CVE-2008-3496
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (code not present)
	- linux-2.6.24 <not-affected> (code not present)
CVE-2008-3495
	NOT-FOR-US: Pcshey Portal
CVE-2008-3494
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2008-3493
	NOT-FOR-US: RealVNC Windows Client
CVE-2008-3492
	NOT-FOR-US: America's Army (aka AA or Army Game Project)
CVE-2008-3491
	NOT-FOR-US: Scripts24 iPost
CVE-2008-3490
	NOT-FOR-US: E-topbiz Online Dating 3
CVE-2008-3489
	NOT-FOR-US: PHPX
CVE-2008-3488
	NOT-FOR-US: Novell iManager
CVE-2008-3487
	NOT-FOR-US: PHPAuction GPL Enhanced
CVE-2008-3486
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-3485
	NOT-FOR-US: Citrix MetaFrame Presentation Server
CVE-2008-3532
	- pidgin 2.4.3-2 (bug #492434)
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
	NOTE: http://developer.pidgin.im/ticket/6500
CVE-2008-3546
	{DSA-1637-1 DTSA-153-1 DTSA-153-2}
	- git-core 1:1.5.6.5 (medium; bug #494097)
CVE-2008-3484
	NOT-FOR-US: eStoreAff
CVE-2008-3483
	NOT-FOR-US: ScrewTurn Wiki
CVE-2008-3482
	NOT-FOR-US: Panasonic Network Camera
CVE-2008-3481
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-3480
	NOT-FOR-US: Anzio Web Print Object
CVE-2008-3479
	NOT-FOR-US: Microsoft Windows
CVE-2008-3478
	REJECTED
CVE-2008-3477
	NOT-FOR-US: Microsoft Excel
CVE-2008-3476
	NOT-FOR-US: Microsoft
CVE-2008-3475
	NOT-FOR-US: Microsoft
CVE-2008-3474
	NOT-FOR-US: Microsoft
CVE-2008-3473
	NOT-FOR-US: Microsoft
CVE-2008-3472
	NOT-FOR-US: Microsoft
CVE-2008-3471
	NOT-FOR-US: Microsoft
CVE-2008-3470
	REJECTED
CVE-2008-3469
	REJECTED
CVE-2008-3468
	REJECTED
CVE-2008-3467
	REJECTED
CVE-2008-3466
	NOT-FOR-US: Microsoft
CVE-2008-3465
	NOT-FOR-US: Microsoft Windows
CVE-2008-3464
	NOT-FOR-US: Microsoft
CVE-2008-3463
	REJECTED
CVE-2008-3462
	REJECTED
CVE-2008-3461
	REJECTED
CVE-2008-3460
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3459
	- openvpn 2.1~rc9-1 (low; bug #493488)
	NOTE: pull/push needs to be allowed, successful authentication, compromised or malicious server
	[etch] - openvpn <not-affected> (Upstream states that the 2.0.x versions are unaffected)
CVE-2008-3458
	NOT-FOR-US: Vtiger CRM
CVE-2008-3457
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8~rc1-1
	NOTE: if an attacker can write arbitrary content to config/config.php you have way more problems than this XSS
CVE-2008-3455
	NOT-FOR-US: JnSHosts PHP Hosting Directory
CVE-2008-3454
	NOT-FOR-US: JnSHosts PHP Hosting Directory
CVE-2008-3453
	NOT-FOR-US: ImpressCMS
CVE-2008-3452
	NOT-FOR-US: eNdonesia
CVE-2008-3451
	NOT-FOR-US: PhpWebGallery
CVE-2008-3450
	NOT-FOR-US: Solaris
CVE-2008-3449
	NOT-FOR-US: MailEnable
CVE-2008-3448
	NOT-FOR-US: csphonebook
CVE-2008-3447
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3446
	NOT-FOR-US: LetterIt
CVE-2008-3445
	NOT-FOR-US: phpMyRealty
CVE-2008-3444
	- iceweasel <removed> (unimportant)
	NOTE: browser dos not treated as security issues
CVE-2008-3443
	{DSA-1695-1}
	- ruby1.8 1.8.7.72-1 (low; bug #494401)
	- ruby1.9 1.9.0.2-9 (low)
	NOTE: Upstream commits 18212 (for 1.8) and 18213 (for 1.9).
	NOTE: this specific problem does not exist in ruby1.9 but a very similar problem
	NOTE: that has been fixed in this version (308_regexp_segv.dpatch)
CVE-2008-3442
	NOT-FOR-US: WinZip
CVE-2008-3441
	NOT-FOR-US: Nullsoft Winamp
CVE-2008-3440
	- sun-java5 <not-affected> (only java updater for windows affected)
	- sun-java6 <not-affected> (only java updater for windows affected)
CVE-2008-3439
	NOT-FOR-US: SpeedBit Video Acceleration
CVE-2008-3438
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3437
	- openoffice.org <not-affected> (update feature disabled)
CVE-2008-3436
	NOT-FOR-US: Notepad++
CVE-2008-3435
	NOT-FOR-US: LinkedIn
CVE-2008-3434
	NOT-FOR-US: Apple iTunes
CVE-2008-3433
	NOT-FOR-US: SpeedBit Download Accelerator Plus
CVE-2008-3432
	- vim <not-affected> (Vulnerable code only present in 6.2 and 6.3, none of them in the archive anymore)
CVE-2008-3430
	NOT-FOR-US: Eyeball MessengerSDK
CVE-2008-3428
	NOT-FOR-US: phpFreeChat
CVE-2008-3427
	REJECTED
CVE-2008-3426
	NOT-FOR-US: Solaris
CVE-2008-3425
	NOT-FOR-US: Sun Java System Web Server
CVE-2008-3424
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3423
	NOT-FOR-US: IBM WebSphere Portal
CVE-2008-3422
	- mono 1.9.1+dfsg-4 (low; bug #494406)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=413534
	NOTE: http://n2.nabble.com/-PATCH--HTML-encode-attributes-that-might-need-encoding-td584193.html
CVE-2008-3431
	- virtualbox-ose <not-affected> (affects only windows host systems)
	NOTE: CORE-2008-0716
CVE-2008-3456
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8~rc1-1 (low)
	NOTE: exploitation circumstances are rare or require other vulnerabilities to be present already. may fix combined with another issue but doesn't warrant DSA on its own
CVE-2008-3547
	- openttd 0.6.2-1 (medium; bug #493714)
CVE-2008-3421
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-3420
	NOT-FOR-US: Mobius Web Publishing Software
CVE-2008-3419
	NOT-FOR-US: Youtuber Clone
CVE-2008-3418
	NOT-FOR-US: TriO
CVE-2008-3417
	NOT-FOR-US: fipsCMS
CVE-2008-3416
	NOT-FOR-US: IceBB
CVE-2008-3415
	NOT-FOR-US: CMScout
CVE-2008-3414
	NOT-FOR-US: SiteAdmin
CVE-2008-3413
	NOT-FOR-US: Greatclone GC Auction Platinum
CVE-2008-3412
	NOT-FOR-US: Comsenz EPShop
CVE-2008-3411
	NOT-FOR-US: The Axesstel AXW-D800 modem
CVE-2008-3410
	NOT-FOR-US: Unreal Tournament
CVE-2008-3409
	NOT-FOR-US: Unreal Tournament
CVE-2008-3408
	NOT-FOR-US: CoolPlayer
CVE-2008-3407
	NOT-FOR-US: phpLinkat
CVE-2008-3406
	NOT-FOR-US: phpLinkat
CVE-2008-3405
	NOT-FOR-US: Ricardo Amaral nzFotolog
CVE-2008-3404
	NOT-FOR-US: MJGuest
CVE-2008-3403
	NOT-FOR-US: MojoPersonals
CVE-2008-3402
	NOT-FOR-US: HIOX Browser Statistics
CVE-2008-3401
	NOT-FOR-US: HIOX Random Ad
CVE-2008-3400
	NOT-FOR-US: XRMS CRM
CVE-2008-3399
	NOT-FOR-US: XRMS CRM
CVE-2008-3398
	NOT-FOR-US: XRMS CRM
CVE-2008-3397
	NOT-FOR-US: Runesoft Cerberus CMS
CVE-2008-3396
	NOT-FOR-US: Unreal Tournament
CVE-2008-3395
	NOT-FOR-US: Calacode
CVE-2008-3394
	NOT-FOR-US: BookMine
CVE-2008-3393
	NOT-FOR-US: BookMine
CVE-2008-3392
	NOT-FOR-US: Web Wiz Forum
CVE-2008-3391
	NOT-FOR-US: Web Wiz Forum
CVE-2008-3390
	NOT-FOR-US: Minishowcase Image Gallery
CVE-2008-3389
	NOT-FOR-US: Ingres
CVE-2008-3388
	NOT-FOR-US: Def-Blog
CVE-2008-3387
	NOT-FOR-US: PHPFootball
CVE-2008-3386
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2008-3385
	NOT-FOR-US: Help Agent
CVE-2008-3384
	NOT-FOR-US: Interact Learning Community Environment Interact
CVE-2008-3383
	NOT-FOR-US: MojoAuto
CVE-2008-3382
	NOT-FOR-US: MojoClassifieds
CVE-2008-3381
	- moin 1.7.1-1 (low)
	[etch] - moin <not-affected> (Vulnerable macro not present)
CVE-2008-3380
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-3379
	NOT-FOR-US: Snark VisualPic
CVE-2008-3378
	NOT-FOR-US: Fizzmedia
CVE-2008-3377
	NOT-FOR-US: phpTest
CVE-2008-3376
	NOT-FOR-US: JamRoom
CVE-2008-3375
	NOT-FOR-US: JamRoom
CVE-2008-3374
	NOT-FOR-US: Gregarius
CVE-2008-3373
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2008-3372
	NOT-FOR-US: Getacoder Clone
CVE-2008-3371
	NOT-FOR-US: TalkBack
CVE-2008-3370
	NOT-FOR-US: CUA Login Module in EMC Centera Universal Access
CVE-2008-3369
	NOT-FOR-US: ViArt Shop
CVE-2008-3368
	NOT-FOR-US: ATutor
CVE-2008-3367
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-3366
	NOT-FOR-US: Pligg CMS
CVE-2008-3365
	- pixelpost <not-affected> (Exploit relies on register_globals to be on)
CVE-2008-3364
	NOT-FOR-US: Trend Micro OfficeScan Corp Edition Web-Deployment
CVE-2008-3363
	NOT-FOR-US: Dokeos E-Learning System
CVE-2008-3362
	NOT-FOR-US: Giulio Ganci Wp Downloads Manager module
CVE-2008-3361
	NOT-FOR-US: IntelliTamper
CVE-2008-3360
	NOT-FOR-US: IntelliTamper
CVE-2008-3359
	- owl-dms 0.95-1.1 (bug #493372)
CVE-2008-3358
	NOT-FOR-US: SAP NetWeaver portal
CVE-2008-3357
	NOT-FOR-US: Ingres
CVE-2008-3356
	NOT-FOR-US: Ingres
CVE-2008-3355
	NOT-FOR-US: Camera Life
CVE-2008-3354
	NOT-FOR-US: Newbb Plus
CVE-2008-3353
	NOT-FOR-US: Pure Software Lore
CVE-2008-3352
	NOT-FOR-US: Live Music Plus
CVE-2008-3351
	NOT-FOR-US: Atom PhotoBlog
CVE-2008-3350
	- dnsmasq 2.44-1 (low)
	[etch] - dnsmasq <not-affected> (Issue was introduced in 2.43)
CVE-2008-3349
	NOT-FOR-US: NetApp Data ONTAP
CVE-2008-3348
	NOT-FOR-US: MyioSoft EasyDynamicPages
CVE-2008-3347
	NOT-FOR-US: MyioSoft EasyDynamicPages
CVE-2008-3346
	NOT-FOR-US: ShopCart DX
CVE-2008-3345
	NOT-FOR-US: MyioSoft EasyE-Cards
CVE-2008-3344
	NOT-FOR-US: MyioSoft EasyE-Cards
CVE-2008-3343
	NOT-FOR-US: MyioSoft EasyPublish
CVE-2008-3342
	NOT-FOR-US: MyioSoft EasyPublish
CVE-2008-3341
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3340
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3339
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3429
	{DSA-1626-1}
	- httrack 3.42.3-1 (low)
CVE-2008-3338
	NOT-FOR-US: TIBCO Hawk
CVE-2008-3337
	{DSA-1628-1}
	- pdns 2.9.21.1-1 (low)
CVE-2008-3336
	NOT-FOR-US: PunBB
CVE-2008-3335
	NOT-FOR-US: PunBB
CVE-2008-3334
	NOT-FOR-US: MyBB
CVE-2008-3333
	- mantis 1.1.2+dfsg-2
	NOTE: I've marked the above version as fixed, however I am not sure if it wasn't fixed
	NOTE: earlier. However, lenny is fixed and it is not in etch and sarge is not supported anymore.
CVE-2008-3332
	- mantis 1.1.2+dfsg-2
CVE-2008-3331
	- mantis 1.1.2+dfsg-2
CVE-2008-3329
	- links2 2.1pre37-1.1 (low; bug #492744)
	[etch] - links2 <no-dsa> (Minor information leak)
CVE-2008-3328
	- trac 0.11-1
	[etch] - trac 0.10.3-1etch4
CVE-2008-3324
	NOT-FOR-US: PartyGaming PartyPoker
CVE-2008-3323
	NOT-FOR-US: Cygwin
CVE-2008-3322
	NOT-FOR-US: Maian *
CVE-2008-3321
	NOT-FOR-US: Maian *
CVE-2008-3320
	NOT-FOR-US: Maian *
CVE-2008-3319
	NOT-FOR-US: Maian *
CVE-2008-3318
	NOT-FOR-US: Maian *
CVE-2008-3317
	NOT-FOR-US: Maian *
CVE-2008-3316
	NOT-FOR-US: Geeklog
CVE-2008-3315
	NOT-FOR-US: Claroline
CVE-2008-3314
	NOT-FOR-US: ZDaemon
CVE-2008-3313
	NOT-FOR-US: CreaCMS
CVE-2008-3312
	- fckeditor <not-affected> (Vulnerable code not present)
	NOTE: lemon cms patched sources, vulnerable code not present in plain fckeditor in no version.
	NOTE: if in doubt contact the fsckeditor people.
CVE-2008-3311
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2008-3310
	NOT-FOR-US: Pre Survey Poll
CVE-2008-3309
	NOT-FOR-US: DigiLeave
CVE-2008-3308
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3307
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3306
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3305
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3304
	NOT-FOR-US: BilboBlog
CVE-2008-3303
	NOT-FOR-US: BilboBlog
CVE-2008-3302
	NOT-FOR-US: BilboBlog
CVE-2008-3301
	NOT-FOR-US: BilboBlog
CVE-2008-3300
	NOT-FOR-US: AlphAdmin CMS
CVE-2008-3299
	NOT-FOR-US: eSyndiCat
CVE-2008-3298
	NOT-FOR-US: SocialEngine
CVE-2008-3297
	NOT-FOR-US: SocialEngine
CVE-2008-3296
	NOT-FOR-US: XOOPS
CVE-2008-3295
	NOT-FOR-US: XOOPS
CVE-2008-3294
	- vim <not-affected> (Build issue)
	NOTE: It looks like the vulnerability only occurs during build, so it shouldn't be an issue for Debian
CVE-2008-3293
	NOT-FOR-US: EZWebAlbum
CVE-2008-3292
	NOT-FOR-US: EZWebAlbum
CVE-2008-3291
	NOT-FOR-US: AproxEngine
CVE-2008-3290
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3289
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3288
	NOT-FOR-US: EMC Dantz Retrospect Backup Server
CVE-2008-3287
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3286
	NOT-FOR-US: SWAT 4
CVE-2008-3285
	NOT-FOR-US: Filesys::SmbClientParser
CVE-2008-3284
	REJECTED
CVE-2008-3283
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-3282
	- openoffice.org <not-affected> (openoffice in Debian does not use the custom allocations but g/malloc)
	NOTE: see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using
	NOTE: --with-alloc=system which causes the build scripts to use the system allocators instead of the
	NOTE: custom ones
CVE-2008-3281
	{DSA-1631-1 DTSA-158-1}
	- libxml2 2.6.32.dfsg-3 (medium)
	- chromium-browser 5.0.375.29~r46008-1
CVE-2008-3280
	RESERVED
CVE-2008-3279
	- brltty <not-affected> (RedHat-specific)
CVE-2008-3278
	RESERVED
	- frysk <removed>
CVE-2008-3277
	- ibutils <not-affected> (RedHat-specific)
CVE-2008-3276
	{DSA-1653-1 DSA-1636-1}
	- linux-2.6 2.6.26-4
	- linux-2.6.24 2.6.24-6~etchnhalf.5
CVE-2008-3275
	{DSA-1636-1 DSA-1630-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77
CVE-2008-3274
	NOT-FOR-US: FreeIPA
CVE-2008-3273
	- jbossas4 <not-affected> (Only provides a few class libs)
CVE-2008-3272
	{DSA-1636-1 DSA-1630-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	NOTE: 82e68f7ffec3800425f2391c8c86277606860442
CVE-2008-3271
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.1
	- tomcat6 <not-affected>
	NOTE: It is unlikely that this is exploitable in real world scenarios.
CVE-2008-3270
	NOT-FOR-US: Red Hat
CVE-2008-3269
	NOT-FOR-US: WinRemotePC
CVE-2008-3268
	NOT-FOR-US: phpScheduleIt
CVE-2008-3267
	NOT-FOR-US: MojoJobs
CVE-2008-3266
	NOT-FOR-US: SoftAcid Hotel Reservation System
CVE-2008-3265
	NOT-FOR-US: DT Register
CVE-2008-3264
	- asterisk 1:1.4.21.2~dfsg-1
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: http://downloads.digium.com/pub/security/AST-2008-011.html
CVE-2008-3263
	- asterisk 1:1.4.21.2~dfsg-1
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: http://downloads.digium.com/pub/security/AST-2008-010.html
CVE-2008-3262
	NOT-FOR-US: Claroline
CVE-2008-3261
	NOT-FOR-US: Claroline
CVE-2008-3260
	NOT-FOR-US: Claroline
CVE-2008-3259
	- openssh <not-affected> (linux check that the effective userid matches or that bind addresses dont overlap on rebind)
CVE-2008-3258
	- zoph 0.7.1-1
	NOTE: http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=614672
CVE-2008-3257
	NOT-FOR-US: Oracle
CVE-2008-3256
	NOT-FOR-US: Siteframe CMS
CVE-2008-3255
	NOT-FOR-US: LunarNight Laboratory WebProxy
CVE-2008-3254
	NOT-FOR-US: preCMS
CVE-2008-3253
	NOT-FOR-US: Citrix XenServer Express
CVE-2008-3252
	{DSA-1622-1}
	- newsx 1.6-3 (bug #492742)
CVE-2008-3251
	NOT-FOR-US: tplSoccerSite
CVE-2008-3250
	NOT-FOR-US: Arctic Issue Tracker
CVE-2008-3249
	NOT-FOR-US: Lenovo System Update
CVE-2008-3248
	NOT-FOR-US: Symantec Veritas File System on HP-UX
CVE-2008-3247
	- linux-2.6 2.6.25-7
	[etch] - linux-2.6 <not-affected> (2.6.25-only issue)
	- linux-2.6.24 <not-affected> (2.6.25-only issue)
CVE-2008-3246
	NOT-FOR-US: BlackBerry Attachment Service
CVE-2008-3245
	NOT-FOR-US: phpHoo3
CVE-2008-3244
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3243
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3242
	NOT-FOR-US: PPMate
CVE-2008-3241
	NOT-FOR-US: UltraStats
CVE-2008-3240
	NOT-FOR-US: AlstraSoft Affiliate Network Pro
CVE-2008-3239
	NOT-FOR-US: PHPizabi
CVE-2008-3238
	NOT-FOR-US: ITechBids
CVE-2008-3237
	NOT-FOR-US: ITechBids
CVE-2008-3236
	NOT-FOR-US: Wsadmin
CVE-2008-3235
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-3234
	- openssh <unfixed> (unimportant)
	NOTE: this is by design
CVE-2008-3233
	- wordpress <not-affected> (Code was only present in svn versions)
CVE-2008-3232
	NOT-FOR-US: dotclear
CVE-2008-3231
	- xine-lib 1.1.14-2 (bug #492870; unimportant)
	NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3230
	- ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764; bug #498766)
	- ffmpeg 0.svn20080206-16 (unimportant)
	- xmovie <removed> (unimportant)
	NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3228
	NOT-FOR-US: Joomla!
CVE-2008-3227
	NOT-FOR-US: Joomla!
CVE-2008-3226
	NOT-FOR-US: Joomla!
CVE-2008-3225
	NOT-FOR-US: Joomla!
CVE-2008-3217
	{DSA-1544-2}
	- pdns-recursor 3.1.7-1 (low; bug #493576)
CVE-2008-3215
	{DSA-1616-2}
	- clamav 0.93.1.dfsg-1.1 (medium)
CVE-2008-3214
	- dnsmasq 2.26-1 (medium)
CVE-2008-3213
	NOT-FOR-US: WebCMS
CVE-2008-3212
	NOT-FOR-US: Scripteen Free Image Hosting
CVE-2008-3211
	NOT-FOR-US: Scripteen Free Image Hosting
CVE-2008-3210
	NOT-FOR-US: ReSIProcate
CVE-2008-3209
	NOT-FOR-US: Black Ice Document Imaging SDK
CVE-2008-3208
	NOT-FOR-US: Simple DNS Plus
CVE-2008-3207
	NOT-FOR-US: Pragyan CMS
CVE-2008-3206
	NOT-FOR-US: Yuhhu Pubs Black Cat
CVE-2008-3205
	NOT-FOR-US: Easy-Script Wysi Wiki Wyg
CVE-2008-3204
	NOT-FOR-US: E-topbiz Million Pixels
CVE-2008-3203
	NOT-FOR-US: AuraCMS
CVE-2008-3202
	NOT-FOR-US: Xomol
CVE-2008-3201
	NOT-FOR-US: Pagefusion
CVE-2008-3200
	NOT-FOR-US: Avlc Forum
CVE-2008-3199
	NOT-FOR-US: ReSIProcate
CVE-2008-3198
	{DSA-1614-1}
	- iceweasel 3.0.1-1 (low)
	NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
CVE-2008-3195
	{DSA-1639-1}
	- twiki 1:4.1.2-5 (low; bug #499534)
	NOTE: access to configure script is restricted to localhost on Debian
CVE-2008-3194
	NOT-FOR-US: pluck CMS
CVE-2008-3193
	NOT-FOR-US: jSite
CVE-2008-3192
	NOT-FOR-US: jSite
CVE-2008-3191
	NOT-FOR-US: mForum
CVE-2008-3190
	NOT-FOR-US: CodeDB
CVE-2008-3189
	NOT-FOR-US: DreamNews Manager
CVE-2008-3188
	- libxcrypt <not-affected> (Suse issue)
CVE-2008-3187
	NOT-FOR-US: SUSE Zypper
CVE-2008-3330
	{DSA-1765-1}
	- horde3 3.2.1+debian0-1 (low; bug #492578)
	- turba2 2.2.1-1 (low)
	[etch] - turba2 <not-affected> (only version 2.2 contains vulnerable code, etch has 2.1)
CVE-2008-3325
	{DSA-1691-1}
	- moodle 1.8.1-1 (low)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101405
CVE-2008-3326
	{DSA-1691-1}
	- moodle 1.8.2-2 (low; bug #492492)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101401
CVE-2008-3327
	- moodle <removed> (unimportant)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101403
	NOTE: Does not allow any attack vectors, apart from gaining non-sensible information
CVE-2008-XXXX [mantis multiple issues]
	- mantis 1.1.2+dfsg-1 (low)
	NOTE: http://www.mantisbt.org/bugs/changelog_page.php
	NOTE: CVE id requested by redhat
	NOTE: 0008975 (CSRF) covered by CVE-2008-2276
	NOTE: 0008976 remote code execution only possible with valid administrator account
CVE-2008-3196
	- byacc 20070509-1.1 (low; bug #491182)
	[etch] - byacc <no-dsa> (Minor issue)
CVE-2008-XXXX [libetpan NULL deref]
	- libetpan 0.54-3 (low)
	[etch] - libetpan <no-dsa> (Minor issue)
	NOTE: http://lwn.net/Alerts/287640/
	NOTE: http://libetpan.cvs.sourceforge.net/libetpan/libetpan/src/low-level/imf/mailimf.c?view=diff&r1=1.46&r2=1.47
CVE-2008-XXXX [XSS in press-this of wordpress]
	- wordpress <not-affected> (Vulnerable code not present)
	NOTE: this code was never present in a released wordpress version
	NOTE: http://www.openwall.com/lists/oss-security/2008/07/15/5
CVE-2008-3224
	- phpbb3 3.0.2-1 (low)
	- phpbb2 <not-affected> (Vulnerable code not present)
CVE-2008-3197
	{DSA-1641-1}
	- phpmyadmin 4:2.11.7.1-1 (low)
	NOTE: this only allows via csrf to create an empty database.
	NOTE: this would take a lot of work to get it only to the 'annoying' level, let alone a DoS
CVE-2008-3186
	NOT-FOR-US: Chipmunk Blog
CVE-2008-3185
	NOT-FOR-US: Relative Real Estate Systems
CVE-2008-3184
	NOT-FOR-US: vBulletin
CVE-2008-3183
	NOT-FOR-US: gapicms
CVE-2008-3182
	NOT-FOR-US: Download Accelerator Plus
CVE-2008-3181
	NOT-FOR-US: ContentNow CMS
CVE-2008-3180
	NOT-FOR-US: ContentNow CMS
CVE-2008-3179
	NOT-FOR-US: phpDatingClub
CVE-2008-3178
	NOT-FOR-US: WebXell Editor
CVE-2008-3177
	NOT-FOR-US: Sophos virus detection engine
CVE-2008-3176
	RESERVED
CVE-2008-3175
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-3174
	NOT-FOR-US: r8 (Host-Based Intrusion Prevention System (HIPS))
CVE-2008-3173
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3172
	NOT-FOR-US: Opera
CVE-2008-3171
	NOT-FOR-US: Apple Safari
CVE-2008-3170
	NOT-FOR-US: Apple Safari
CVE-2008-3169
	NOT-FOR-US: Empire Server
CVE-2008-3168
	NOT-FOR-US: Empire Server
CVE-2008-3167
	NOT-FOR-US: BoonEx Dolphin
CVE-2008-3166
	NOT-FOR-US: BoonEx Ray
CVE-2008-3165
	NOT-FOR-US: fuzzylime
CVE-2008-3164
	NOT-FOR-US: fuzzylime
CVE-2008-3163
	NOT-FOR-US: DodosMail
CVE-2008-3162
	{DSA-1781-1}
	- ffmpeg-debian 0.svn20080206-10 (bug #489965; low)
	- ffmpeg 0.svn20080206-10
	- xmovie <removed>
CVE-2008-3161
	NOT-FOR-US: IBM Maximo
CVE-2008-3160
	NOT-FOR-US: IBM Data ONTAP
CVE-2008-3159
	NOT-FOR-US: eDirectory
CVE-2008-3158
	NOT-FOR-US: Novell Client for Windows
CVE-2008-3157
	NOT-FOR-US: Nortel SIP Multimedia PC Client
CVE-2008-3156
	NOT-FOR-US: Panda ActiveScan
CVE-2008-3155
	NOT-FOR-US: Panda ActiveScan
CVE-2008-3154
	NOT-FOR-US: WebBlizzard CMS
CVE-2008-3153
	NOT-FOR-US: Triton CMS Pro
CVE-2008-3152
	NOT-FOR-US: SmartPPC
CVE-2008-3151
	NOT-FOR-US: PHP-NUke
CVE-2008-3150
	NOT-FOR-US: Neutrino Atomic Edition
CVE-2008-3149
	NOT-FOR-US: F5 FirePass
CVE-2008-3148
	NOT-FOR-US: OllyDBG/ImpREC
CVE-2008-3147
	NOT-FOR-US: WeFi
CVE-2008-3146
	{DTSA-167-1}
	- wireshark 1.0.3-1 (medium; bug #497878)
CVE-2008-3144
	{DSA-1667-1 DTSA-157-1}
	- python2.4 2.4.5-5
	- python2.5 2.5.2-7
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
CVE-2008-3143
	{DSA-1667-1}
	- python2.4 2.4.5-1
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.5 2.5.2-1
CVE-2008-3142
	{DSA-1667-1 DTSA-157-1}
	- python2.5 2.5.2-10
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.4 2.4.5-5
CVE-2008-3136
	NOT-FOR-US: AShop Delux
CVE-2008-3135
	NOT-FOR-US: Soldner Secret Wars
CVE-2008-3134
	{DSA-1903-1}
	- graphicsmagick 1.2.4-1 (bug #491439)
	- imagemagick <unfixed> (unimportant; bug #559775)
	NOTE: several DoS fixed in 1.2.4 according to upstream
	NOTE: http://sourceforge.net/project/shownotes.php?release_id=610253
CVE-2008-3133
	NOT-FOR-US: BareNuked CMS
CVE-2008-3132
	NOT-FOR-US: Joomla component
CVE-2008-3131
	NOT-FOR-US: PSys
CVE-2008-3130
	NOT-FOR-US: OpenCart
CVE-2008-3129
	NOT-FOR-US: Catviz
CVE-2008-3128
	NOT-FOR-US: Pivot
CVE-2008-3127
	NOT-FOR-US: HIOX Banner Rotator
CVE-2008-3126
	NOT-FOR-US: Fujitsu Siemens Computers ServerView
CVE-2008-3125
	NOT-FOR-US: Mole Group Lastminute Script
CVE-2008-3124
	NOT-FOR-US: Mole Group
CVE-2008-3123
	NOT-FOR-US: Mole Group
CVE-2008-3122
	NOT-FOR-US: Xerox CentreWare Web
CVE-2008-3121
	NOT-FOR-US: Xerox CentreWare Web
CVE-2008-3120
	REJECTED
CVE-2008-3119
	NOT-FOR-US: DreamPics Builder
CVE-2008-3118
	NOT-FOR-US: PHPmotion
CVE-2008-3117
	NOT-FOR-US: PHPmotion
CVE-2008-3116
	NOT-FOR-US: Snail Game
CVE-2008-3229
	- op <not-affected> (not configured with xauth support)
CVE-2008-3218
	- drupal5 <not-affected> (Vulnerable code not present, feature introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, feature introduced in 6.0)
CVE-2008-3219
	- drupal5 5.8-1 (low; bug #490559)
	- drupal-4.7 <removed>
CVE-2008-3220
	- drupal5 5.8-1 (low; bug #490559)
	- drupal-4.7 <not-affected> (Vulnerable code not present)
	NOTE: drupal-4.7 uses the locale_admin_string_delete callback which returns a confirmation dialog
CVE-2008-3221
	- drupal5 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
CVE-2008-3222
	- drupal5 5.9-1 (low; bug #490559)
	- drupal-4.7 <removed>
CVE-2008-3223
	- drupal5 <not-affected> (Vulnerable code not present, introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, introduced in 6.0)
CVE-2008-3145
	{DSA-1673-1}
	- wireshark 1.0.2-1 (low)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-04.html
CVE-2008-3115
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3114
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3113
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <not-affected> (Only for sun-java5)
CVE-2008-3112
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
	- openjdk-6 <undetermined> (bug #566770)
	[wheezy] - openjdk-6 <end-of-life>
CVE-2008-3111
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-04-1 (bug #490260)
CVE-2008-3110
	- sun-java5 <not-affected> (Only for sun-java6)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3109
	- sun-java5 <not-affected> (Only for sun-java6)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3108
	- sun-java5 1.5.0-10-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <not-affected> (Only for sun-java5)
CVE-2008-3107
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3106
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3105
	- sun-java5 <not-affected> (Only for sun-java6)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3104
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java5 1.5.0-16-1 (bug #490260)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3103
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java5 1.5.0-16-1 (bug #490260)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3102
	- mantis 1.1.2+dfsg-6 (low; bug #501179)
CVE-2008-3101
	NOT-FOR-US: vtiger CRM
CVE-2008-3100
	- owl-dms 0.95-1.1 (low; bug #493579)
CVE-2008-3099
	RESERVED
CVE-2008-3098
	NOT-FOR-US: fuzzylime
CVE-2008-3097
	NOT-FOR-US: additional drupal module Tinytax
CVE-2008-3096
	NOT-FOR-US: additional drupal module Outline Designer
CVE-2008-3095
	NOT-FOR-US: additional drupal module Organic Groups
CVE-2008-3094
	NOT-FOR-US: additional drupal module Organic Groups
CVE-2008-3093
	NOT-FOR-US: ImperialBB
CVE-2008-3092
	NOT-FOR-US: additional drupal module Taxonomy Autotagger
CVE-2008-3091
	NOT-FOR-US: additional drupal module Taxonomy Autotagger
CVE-2008-3090
	NOT-FOR-US: BlognPlus
CVE-2008-3089
	NOT-FOR-US: ImperialBB
CVE-2008-3088
	NOT-FOR-US: Kasseler CMS
CVE-2008-3087
	NOT-FOR-US: Kasseler CMS
CVE-2008-3086
	REJECTED
CVE-2008-3085
	REJECTED
CVE-2008-3084
	REJECTED
CVE-2008-3216
	- projectl 1.001.dfsg1-2 (low; bug #489988)
	[etch] - projectl <no-dsa> (Minor issue)
CVE-2008-3083
	NOT-FOR-US: com_brightweblinks omponent for Joomla!
CVE-2008-3082
	NOT-FOR-US: Commtouch Enterprise Anti-Spam Gateway
CVE-2008-3081
	NOT-FOR-US: Avaya Message Storage Server
CVE-2008-3080
	NOT-FOR-US: myBloggie
CVE-2008-3079
	NOT-FOR-US: Opera
CVE-2008-3078
	NOT-FOR-US: Opera
CVE-2008-3077
	- linux-2.6 2.6.25-7
	- linux-2.6.24 <not-affected> (Vulnerable code added later)
	[etch] - linux-2.6 <not-affected> (Vulnerable code added later)
	NOTE: 1e9a615bfce7996ea4d815d45d364b47ac6a74e8
CVE-2008-3076
	{DSA-1733-1}
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
	[squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3075
	{DSA-1733-1}
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
	[squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3074
	{DSA-1733-1}
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
	[squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3073
	NOT-FOR-US: Simple Machines Forum
CVE-2008-3072
	NOT-FOR-US: Simple Machines Forum
CVE-2008-3071
	NOT-FOR-US: MyBB
CVE-2008-3070
	NOT-FOR-US: MyBB
CVE-2008-3069
	NOT-FOR-US: MyBB
CVE-2008-3068
	NOT-FOR-US: Microsoft Crypto API
CVE-2008-3067
	- sudo 1.6.9p12-1
	[etch] - sudo <not-affected> (Issue was introduced in 1.6.9)
CVE-2008-3066
	NOT-FOR-US: RealNetworks RealPlayer Enterprise
CVE-2008-3065
	RESERVED
CVE-2008-3064
	NOT-FOR-US: RealNetworks RealPlayer Enterprise
CVE-2008-3063
	NOT-FOR-US: V-webmail
CVE-2008-3062
	RESERVED
CVE-2008-3061
	NOT-FOR-US: V-webmail
CVE-2008-3060
	NOT-FOR-US: V-webmail
CVE-2008-3059
	NOT-FOR-US: Octeth Oempro
CVE-2008-3058
	NOT-FOR-US: Octeth Oempro
CVE-2008-3057
	NOT-FOR-US: Octeth Oempro
CVE-2008-3056
	NOT-FOR-US: cd_petition extension for TYPO3
CVE-2008-3055
	NOT-FOR-US: ext_tbl extension for TYPO3
CVE-2008-3054
	NOT-FOR-US: mh_branchenbuch extension for TYPO3
CVE-2008-3053
	NOT-FOR-US: mh_omsqlio extension for TYPO3
CVE-2008-3052
	NOT-FOR-US: mh_omsqlio extension for TYPO3
CVE-2008-3051
	NOT-FOR-US: Pinboard extension for TYPO3
CVE-2008-3050
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3049
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3048
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3047
	NOT-FOR-US: kb_unpack extension for TYPO3
CVE-2008-3046
	NOT-FOR-US: kb_packman extension for TYPO3
CVE-2008-3045
	NOT-FOR-US: pro_industrydb extension for TYPO3
CVE-2008-3044
	NOT-FOR-US: newscalendar extension for TYPO3
CVE-2008-3043
	NOT-FOR-US: wec_discussion extension for TYPO3
CVE-2008-3042
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3041
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3040
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3039
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3038
	NOT-FOR-US: sp_directory extension for TYPO3
CVE-2008-3037
	NOT-FOR-US: sp_directory extension for TYPO3
CVE-2008-3036
	NOT-FOR-US: CMS little
CVE-2008-3035
	NOT-FOR-US: XchangeBoard
CVE-2008-3034
	NOT-FOR-US: RSS-aggregator
CVE-2008-3033
	NOT-FOR-US: RSS-aggregator
CVE-2008-3032
	NOT-FOR-US: phpmyadmin extension for TYPO3
CVE-2008-3031
	NOT-FOR-US: Simple PHP Agenda
CVE-2008-3030
	NOT-FOR-US: EfesTECH Shop
CVE-2008-3029
	NOT-FOR-US: WEC Discussion Forum
CVE-2008-3028
	NOT-FOR-US: sr_sendcard extension for TYPO3
CVE-2008-3027
	NOT-FOR-US: VanGogh Web CMS
CVE-2008-3026
	NOT-FOR-US: OneClick CMS
CVE-2008-3025
	NOT-FOR-US: plx Ad Trader
CVE-2008-3024
	NOT-FOR-US: phgrafx in QNX Momentics
CVE-2008-3023
	NOT-FOR-US: FreeStyle Wiki
CVE-2008-3022
	NOT-FOR-US: PHPortal
CVE-2008-3021
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3020
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3019
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3018
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3017
	REJECTED
CVE-2008-3016
	REJECTED
CVE-2008-3015
	NOT-FOR-US: Microsoft Office XP
CVE-2008-3014
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3013
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3012
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3011
	REJECTED
CVE-2008-3010
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-3009
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-3008
	NOT-FOR-US: Microsoft Windows Media Encoder
CVE-2008-3007
	NOT-FOR-US: Microsoft Office XP
CVE-2008-3006
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3005
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3004
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3003
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3002
	REJECTED
CVE-2008-3001
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-3000
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2999
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2998
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2997
	NOT-FOR-US: Gravity Board
CVE-2008-2996
	NOT-FOR-US: Gravity Board
CVE-2008-2995
	NOT-FOR-US: PHPEasyData
CVE-2008-2994
	NOT-FOR-US: PHPEasyData
CVE-2008-2993
	NOT-FOR-US: FOG Forum
CVE-2008-2992
	NOT-FOR-US: Adobe Acrobat
CVE-2008-2991
	NOT-FOR-US: Adobe RoboHelp Server 7
CVE-2008-2990
	NOT-FOR-US: FacileForms
CVE-2008-2989
	NOT-FOR-US: HoMaP-CMS
CVE-2008-2988
	NOT-FOR-US: Benja CMS
CVE-2008-2987
	NOT-FOR-US: Benja CMS
CVE-2008-2986
	NOT-FOR-US: phpDMCA
CVE-2008-2985
	NOT-FOR-US: CMReams CMS
CVE-2008-2984
	NOT-FOR-US: CMReams CMS
CVE-2008-2983
	NOT-FOR-US: Demo4 CMS
CVE-2008-2982
	NOT-FOR-US: HomePH
CVE-2008-2981
	NOT-FOR-US: HomePH
CVE-2008-2980
	NOT-FOR-US: HomePH
CVE-2008-2979
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2978
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2977
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2976
	NOT-FOR-US: TinX/cms
CVE-2008-2975
	NOT-FOR-US: TinX/cms
CVE-2008-2974
	NOT-FOR-US: MM Chat
CVE-2008-2973
	NOT-FOR-US: MM Chat
CVE-2008-2972
	NOT-FOR-US: KbLance
CVE-2008-2971
	NOT-FOR-US: CiBlog
CVE-2008-2970
	NOT-FOR-US: Academic Web Tools
CVE-2008-2969
	NOT-FOR-US: Academic Web Tools
CVE-2008-2968
	NOT-FOR-US: Academic Web Tools
CVE-2008-2967
	NOT-FOR-US: Academic Web Tools
CVE-2008-2966
	NOT-FOR-US: JaxUltraBB
CVE-2008-2965
	NOT-FOR-US: JaxUltraBB
CVE-2008-2964
	NOT-FOR-US: ResearchGuide
CVE-2008-2963
	NOT-FOR-US: MyBlog
CVE-2008-2962
	NOT-FOR-US: MyBlog
CVE-2008-2961
	NOT-FOR-US: CMS Mini
CVE-2008-2959
	NOT-FOR-US: ActiveX control
CVE-2008-2951
	- trac 0.11-1
	[etch] - trac 0.10.3-1etch4
CVE-2008-2949
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2948
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2947
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2946
	NOT-FOR-US: Solstice Enterprise Agents in Sun Solaris
CVE-2008-2945
	NOT-FOR-US: Sun Java System Access Manager
CVE-2008-2944
	- linux-2.6 <not-affected>
	[etch] - linux-2.6 <not-affected>
	- linux-2.6.24 <not-affected>
CVE-2008-2943
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2008-2941
	- hplip 2.8.6-1 (low; bug #499842)
	[etch] - hplip <no-dsa> (Minor issue)
	NOTE: Does not affect current version in lenny, marking as fixed in current upstream release
CVE-2008-2940
	- hplip 2.8.6-1 (low; bug #499842)
	[etch] - hplip <no-dsa> (Minor issue)
	NOTE: Does not affect current version in lenny, marking as fixed in current upstream release
CVE-2008-2939
	- apache2 2.2.9-7 (low)
	[etch] - apache2 2.2.3-4+etch6
	- apache <not-affected> (vulnerable code not present)
CVE-2008-2938
	NOTE: This is an issue in the respective JVMs, Tomcat only includes a workaround
	NOTE: Check status of free JVMs
	- tomcat5.5 5.5.26-5 (unimportant; bug #496309)
CVE-2008-2937
	- postfix 2.5.4-1 (low)
	[etch] - postfix <no-dsa> (minor issue)
CVE-2008-2936
	{DSA-1629-2 DSA-1629-1 DTSA-155-1}
	- postfix 2.5.4-1
CVE-2008-2935
	{DSA-1624-1 DTSA-152-1}
	- libxslt 1.1.24-2 (bug #493162)
	NOTE: http://www.ocert.org/advisories/ocert-2008-009.html
CVE-2008-2934
	- iceweasel <not-affected> (MacOS-specific)
CVE-2008-2933
	{DSA-1697-1 DSA-1615-1 DSA-1614-1}
	- iceweasel 3.0.1-1 (low)
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
CVE-2008-2932
	NOT-FOR-US: Red Hat adminutil
CVE-2008-2931
	{DSA-1630-1}
	- linux-2.6 2.6.22
	NOTE: ee6f958291e2a768fd727e7a67badfff0b67711a
CVE-2008-2930
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2929
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2928
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2926
	NOT-FOR-US: r8 (Host-Based Intrusion Prevention System)
CVE-2008-2925
	NOT-FOR-US: Webmatic
CVE-2008-2924
	NOT-FOR-US: Webmatic
CVE-2008-2923
	NOT-FOR-US: Lyris ListManager
CVE-2008-2922
	NOT-FOR-US: Dana IRC client
CVE-2008-2921
	NOT-FOR-US: EZTechhelp
CVE-2008-2920
	NOT-FOR-US: EZTechhelp
CVE-2008-2919
	NOT-FOR-US: Gryphon
CVE-2008-2918
	NOT-FOR-US: Application Dynamics Cartweaver
CVE-2008-2917
	NOT-FOR-US: E-SMART CART
CVE-2008-2916
	NOT-FOR-US: Pre ADS Portal
CVE-2008-2915
	NOT-FOR-US: Pre Job Board
CVE-2008-2914
	NOT-FOR-US: Pre Job Board
CVE-2008-2913
	NOT-FOR-US: Devalcms
CVE-2008-2912
	NOT-FOR-US: Contenido CMS
CVE-2008-2911
	NOT-FOR-US: Contenido CMS
CVE-2008-2910
	NOT-FOR-US: ActiveX control
CVE-2008-2909
	NOT-FOR-US: Clever Copy
CVE-2008-2908
	NOT-FOR-US: ActiveX control
CVE-2008-2907
	NOT-FOR-US: WebChamado
CVE-2008-2906
	NOT-FOR-US: WebChamado
CVE-2008-2905
	NOT-FOR-US: Mambo
	NOTE: Mambo is only in experimental
	NOTE: filed removal bug for Mambo from experimental #490291
CVE-2008-2904
	NOT-FOR-US: Conkurent PHPMyCart
CVE-2008-2903
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2008-2902
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2008-2901
	NOT-FOR-US: Haudenschilt Family Connections CMS
CVE-2008-2900
	NOT-FOR-US: PHPAuction
CVE-2008-2899
	NOT-FOR-US: j00lean-CMS
CVE-2008-2898
	NOT-FOR-US: Hedgehog-CMS
CVE-2008-2897
	NOT-FOR-US: PageSquid
CVE-2008-2896
	NOT-FOR-US: FireAnt
CVE-2008-2895
	NOT-FOR-US: AproxEngine
CVE-2008-2894
	NOT-FOR-US: NCH Software Classic FTP Windows
CVE-2008-2893
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-2892
	NOT-FOR-US: Joomla!
CVE-2008-2891
	NOT-FOR-US: emuCMS
CVE-2008-2890
	NOT-FOR-US: Online Fantasy Football League
CVE-2008-2889
	NOT-FOR-US: AceBIT WISE-FTP
CVE-2008-2888
	NOT-FOR-US: MiGCMS
CVE-2008-2887
	NOT-FOR-US: FubarForum
CVE-2008-2886
	NOT-FOR-US: Jamroom
CVE-2008-2885
	NOT-FOR-US: Open Digital Assets Repository System
CVE-2008-2884
	NOT-FOR-US: RSS-aggregator
CVE-2008-2883
	NOT-FOR-US: Jamroom
CVE-2008-2882
	NOT-FOR-US: sHibby sHop
CVE-2008-2881
	NOT-FOR-US: Relative Real Estate Systems
CVE-2008-2880
	NOT-FOR-US: IBM AFP Viewer Plug-in
CVE-2008-2879
	NOT-FOR-US: Benja CMS
CVE-2008-2878
	NOT-FOR-US: Academic Web Tools
CVE-2008-2877
	NOT-FOR-US: cmsWorks
CVE-2008-2876
	NOT-FOR-US: mUnky
CVE-2008-2875
	NOT-FOR-US: Webdevindo-CMS
CVE-2008-2874
	NOT-FOR-US: Softbiz Jokes & Funny Pics
CVE-2008-2873
	NOT-FOR-US: sHibby sHop
CVE-2008-2872
	NOT-FOR-US: sHibby sHop
CVE-2008-2871
	NOT-FOR-US: PEGames
CVE-2008-2870
	NOT-FOR-US: ShareCMS
CVE-2008-2869
	NOT-FOR-US: E-topbiz Link ADS
CVE-2008-2868
	NOT-FOR-US: ware DUcalendar
CVE-2008-2867
	NOT-FOR-US: E-topbiz Viral
CVE-2008-2866
	NOT-FOR-US: CaupoShop Classic
CVE-2008-2865
	NOT-FOR-US: Kalptaru Infotech PHP Site
CVE-2008-2864
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2863
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2862
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2861
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2860
	NOT-FOR-US: AJSquare AJ Auction Pro Web
CVE-2008-2859
	NOT-FOR-US: NetWin SurgeMail
CVE-2008-2858
	NOT-FOR-US: WebChamado
CVE-2008-2857
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2008-2856
	NOT-FOR-US: OwnRS
CVE-2008-2855
	NOT-FOR-US: OwnRS
CVE-2008-2854
	NOT-FOR-US: Orlando CMS
CVE-2008-2853
	NOT-FOR-US: Easy Webstore
CVE-2008-2852
	- cgiwrap <removed> (low; bug #497761)
	[etch] - cgiwrap <no-dsa> (Minor issue)
	NOTE: only applies to certain character sets and only works with
	NOTE: browsers. There isn't a good solution available, the patch uses
	NOTE: a compile-time charset specification. All in all not a real
	NOTE: priority to fix in etch.
CVE-2008-2851
	NOT-FOR-US: OFF System
CVE-2008-2850
	NOT-FOR-US: additional drupal module TrailScout
CVE-2008-2849
	NOT-FOR-US: additional drupal module TrailScout
CVE-2008-2848
	NOT-FOR-US: MindTouch DekiWiki
CVE-2008-2847
	NOT-FOR-US: Maxtrade
CVE-2008-2846
	NOT-FOR-US: BoatScripts Classifieds
CVE-2008-2845
	NOT-FOR-US: MyBizz-Classifieds
CVE-2008-2844
	NOT-FOR-US: Carscripts Classifieds
CVE-2008-2843
	NOT-FOR-US: doITLive CMS
CVE-2008-2842
	NOT-FOR-US: doITLive CMS
CVE-2008-2950
	{DTSA-146-1}
	- poppler 0.8.4-1.1 (medium; bug #489756)
	[etch] - poppler <not-affected> (Vulnerable code not present)
	- xpdf <not-affected> (Page.cc is not allocating the widget and therefore not vulnerable in the destructor, attrs initialized)
CVE-2008-2927
	{DSA-1805-1 DSA-1610-1}
	- pidgin 2.4.3-1
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=453764
CVE-2008-3137
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3138
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3139
	- wireshark 1.0.1-1 (low; bug #488834)
	[etch] - wireshark <not-affected> (Only affects 0.99.8 to 1.0.0)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3140
	- wireshark 1.0.1-1 (low; bug #488834)
	[etch] - wireshark <not-affected> (Only affects 1.0.0)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3141
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-2952
	{DSA-1650-1 DTSA-151-1}
	- openldap2.3 <removed> (low; bug #488710)
	- openldap 2.4.10-3 (low; bug #488710)
CVE-2008-2955
	- pidgin 2.4.3-1 (low; bug #488632)
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
CVE-2008-2956
	- pidgin <unfixed> (unimportant; bug #488632)
	NOTE: Non-issue per analysis of Pidgin upstream developers, should be rejected
CVE-2008-2957
	- pidgin 2.4.3-4 (low; bug #488632)
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
	NOTE: probably only a bandwidth issue
CVE-2008-2942
	- mercurial 1.0.1-2 (low; bug #488628)
	[etch] - mercurial <not-affected> (Vulnerable functionality not present)
CVE-2008-2953
	- linuxdcpp 1.0.1-2 (low; bug #488630)
	[etch] - linuxdcpp <no-dsa> (Minor issue)
CVE-2008-2954
	- linuxdcpp 1.0.1-2 (low; bug #488630)
	[etch] - linuxdcpp <no-dsa> (Minor issue)
CVE-2008-2958
	- checkinstall 1.6.1-7 (low; bug #488140)
CVE-2008-XXXX [werkzeug hashes its secret instead of using hmac]
	- python-werkzeug 0.3.1-1
	NOTE: http://web.archive.org/web/20081229140824/http://lucumr.pocoo.org:80/cogitations/2008/06/24/werkzeug-031-released/
CVE-2008-2841
	- xchat <not-affected> (Windows specific problem)
CVE-2008-2840
	NOT-FOR-US: Exero CMS
CVE-2008-2839
	NOT-FOR-US: Traindepot
CVE-2008-2838
	NOT-FOR-US: Traindepot
CVE-2008-2837
	NOT-FOR-US: CMS-BRD
CVE-2008-2836
	- webcalendar 1.0.5-1 (low)
	- gforge <not-affected> (code in lenny internally sets its own path)
CVE-2008-2835
	NOT-FOR-US: IGSuite
CVE-2008-2834
	NOT-FOR-US: Scientific Image DataBase
CVE-2008-2833
	NOT-FOR-US: le.cms
CVE-2008-2832
	NOT-FOR-US: aspWebCalendar 2008
CVE-2008-2831
	NOT-FOR-US: MailMarshal
CVE-2008-2830
	NOT-FOR-US: Apple Mac OS
CVE-2008-2829
	{DTSA-144-1}
	- php5 5.2.6-2 (low)
	[etch] - php5 <no-dsa> (Fix not feasible for etch, low priority issue)
	NOTE: the fix sent to t-s and unstable does not seem possible in etch due to
	NOTE: missing api features from the version of libc-client in etch.
CVE-2008-2826
	{DSA-1630-1}
	- linux-2.6 2.6.25-6 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.4 (low)
	NOTE: 735ce972fbc8a65fb17788debd7bbe7b4383cc62, present in 2.6.25.9
CVE-2008-2825
	NOT-FOR-US: Xerox WorkCentre
CVE-2008-2824
	NOT-FOR-US: Xerox WorkCentre
CVE-2008-2823
	NOT-FOR-US: PHPeasyblog
CVE-2008-2822
	NOT-FOR-US: 3D-FTP Client
CVE-2008-2821
	NOT-FOR-US: Glub Tech Secure FTP
CVE-2008-2820
	NOT-FOR-US: Open Azimyt CMS
CVE-2008-2819
	NOT-FOR-US: BlognPlus
CVE-2008-2818
	NOT-FOR-US: Easy-Clanpage
CVE-2008-2817
	NOT-FOR-US: NiTrO Web Gallery
CVE-2008-2816
	NOT-FOR-US: Oxygen
CVE-2008-2815
	NOT-FOR-US: MyMarket
CVE-2008-2814
	NOT-FOR-US: WallCity-Server
CVE-2008-2813
	NOT-FOR-US: WallCity-Server
CVE-2008-2812
	{DSA-1630-1}
	- linux-2.6 2.6.25-7
	- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-2811
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2810
	- iceweasel <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
CVE-2008-2809
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2808
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2807
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2806
	- iceweasel <not-affected> (MacOS-specific)
	- iceape <not-affected> (MacOS-specific)
CVE-2008-2805
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10
	- xulrunner 1.9.0.1-1
CVE-2008-2804
	REJECTED
CVE-2008-2803
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2802
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- icedove 2.0.0.16-1
	- xulrunner 1.9.0.1-1
CVE-2008-2801
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2800
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2799
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2798
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2797
	NOT-FOR-US: ManageEngine OpUtils
CVE-2008-2796
	NOT-FOR-US: FreeCMS
CVE-2008-2795
	NOT-FOR-US: IDM Computer Solutions Inc UltraEdit
CVE-2008-2794
	NOT-FOR-US: Symantec Altiris Notification
CVE-2008-2793
	NOT-FOR-US: ClipShare
CVE-2008-2792
	NOT-FOR-US: eroCMS
CVE-2008-2791
	NOT-FOR-US: Kalptaru Infotech
CVE-2008-2790
	NOT-FOR-US: MountainGrafix easyTrade
CVE-2008-2789
	NOT-FOR-US: BASIC-CMS
CVE-2008-2788
	NOT-FOR-US: OpenDocMan
CVE-2008-2787
	NOT-FOR-US: OpenDocMan
CVE-2008-2960
	- phpmyadmin 4:2.11.7~rc2-1 (unimportant)
	NOTE: We haven't supported installations with register_globals enabled since a long time
CVE-2008-2827
	{DTSA-142-1}
	- perl 5.10.0-11 (bug #487319; medium)
	[etch] - perl <not-affected> (doesn't change link target permissions)
	NOTE: affects other packages like debsums, see bugreport
CVE-2008-2828
	- tmsnc 0.3.2-1.1 (low; bug #487222)
CVE-2008-2786
	NOT-FOR-US: Just hashes posted to full-disclosure, no specific information
	NOTE: Unless more specific information pops up, this can be considered covered by
	NOTE: CVE-2008-2785
CVE-2008-2785
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1614-1}
	- iceweasel 3.0 (medium; bug #488358)
	- icedove 2.0.0.16-1
	- iceape 1.1.11-1 (bug #491163)
	- xulrunner 1.9.0.1-1 (bug #491161)
	NOTE: Since 3.0 iceweasel links against xulrunner, marking it as fixed, since also need to track etch
	NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
CVE-2008-2784
	NOT-FOR-US: spamdyke
CVE-2008-2783
	- kronolith2 <not-affected> (unimportant; Nonreproducable 'issue')
	- horde3 <not-affected> (unimportant; Nonreproducable 'issue')
	NOTE: not reproducible, redhat also seems to have problems reproducing this https://bugzilla.redhat.com/show_bug.cgi?id=452209
CVE-2008-2782
	NOT-FOR-US: OtomiGenX
CVE-2008-2781
	NOT-FOR-US: DZOIC Handshakes
CVE-2008-2780
	NOT-FOR-US: Anubis
CVE-2008-2779
	NOT-FOR-US: GlobalSCAPE CuteFTP Home
CVE-2008-2778
	NOT-FOR-US: RevokeBB
CVE-2008-2777
	NOT-FOR-US: Ortro
CVE-2008-2776
	NOT-FOR-US: DT Centrepiece
CVE-2008-2775
	NOT-FOR-US: DT Centrepiece
CVE-2008-2774
	NOT-FOR-US: CartKeeper CKGold Shopping Cart
CVE-2008-2773
	NOT-FOR-US: Taxonomy Image module for Drupal
CVE-2008-2772
	NOT-FOR-US: Magic Tabs module for Drupal
CVE-2008-2771
	NOT-FOR-US: Node Hierarchy module for Drupal
CVE-2008-2770
	NOT-FOR-US: MycroCMS
CVE-2008-2769
	NOT-FOR-US: phpRaider
CVE-2008-2768
	NOT-FOR-US: Xigla Poll Manager XE
CVE-2008-2767
	NOT-FOR-US: Xigla Poll Manager XE
CVE-2008-2766
	NOT-FOR-US: Xigla Absolute Image Gallery XE
CVE-2008-2765
	NOT-FOR-US: Xigla Absolute Image Gallery XE
CVE-2008-2764
	NOT-FOR-US: Xigla Absolute Live Support XE
CVE-2008-2763
	NOT-FOR-US: Xigla Absolute Live Support XE
CVE-2008-2762
	NOT-FOR-US: Xigla Absolute Form Processor XE
CVE-2008-2761
	NOT-FOR-US: Xigla Absolute Banner Manager XE
CVE-2008-2760
	NOT-FOR-US: Xigla Absolute Banner Manager XE
CVE-2008-2759
	NOT-FOR-US: Xigla Absolute Form Processor XE
CVE-2008-2758
	NOT-FOR-US: Xigla Absolute News Manager XE
CVE-2008-2757
	NOT-FOR-US: Xigla Absolute News Manager XE
CVE-2008-2756
	NOT-FOR-US: Xigla Absolute Control Panel XE
CVE-2008-2755
	NOT-FOR-US: JAMM CMS
CVE-2008-2754
	NOT-FOR-US: eFiction
CVE-2008-2753
	NOT-FOR-US: Pooya Site Builder
CVE-2008-2752
	NOT-FOR-US: Microsoft Word
CVE-2008-2751
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2750
	- linux-2.6 2.6.26
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.23)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: 6b6707a50c7598a83820077393f8823ab791abf8
CVE-2008-2749
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2748
	NOT-FOR-US: Skulltag
CVE-2008-2747
	NOT-FOR-US: Windows
CVE-2008-2746
	NOT-FOR-US: Gryphon gllcTS2
CVE-2008-2745
	NOT-FOR-US: BiAnno ActiveX Control
CVE-2008-2744
	NOT-FOR-US: vBulletin
CVE-2008-2743
	NOT-FOR-US: web server Xerox
CVE-2008-2742
	NOT-FOR-US: Achievo
CVE-2008-2741
	RESERVED
CVE-2008-2740
	RESERVED
CVE-2008-2739
	NOT-FOR-US: Cisco IOS
CVE-2008-2738
	RESERVED
CVE-2008-2737
	REJECTED
CVE-2008-2736
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2735
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2734
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2733
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2732
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2731
	RESERVED
CVE-2008-2730
	NOT-FOR-US: cisco
CVE-2008-2729
	{DSA-1630-1}
	- linux-2.6 2.6.19-1
	NOTE: 3022d734a54cbd2b65eea9a024564821101b4a9a
CVE-2008-2728
	REJECTED
CVE-2008-2727
	REJECTED
CVE-2008-2726
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2725
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2718
	{DSA-1596-1}
	- typo3-src 4.1.7-1 (bug #485814)
CVE-2008-2716
	NOT-FOR-US: Opera
CVE-2008-2715
	NOT-FOR-US: Opera
CVE-2008-2714
	NOT-FOR-US: Opera
CVE-2008-2710
	NOT-FOR-US: Solaris
CVE-2008-2709
	NOT-FOR-US: Solaris
CVE-2008-2708
	NOT-FOR-US: Solaris
CVE-2008-2707
	NOT-FOR-US: Solaris
CVE-2008-2706
	NOT-FOR-US: Sun Solaris
CVE-2008-2705
	NOT-FOR-US: Sun Java System Access Manager
CVE-2008-2704
	NOT-FOR-US: Novell GroupWise
CVE-2008-2703
	NOT-FOR-US: Novell GroupWise
CVE-2008-2702
	NOT-FOR-US: ALTools ESTsoft ALFTP
CVE-2008-2701
	NOT-FOR-US: joomla extension
CVE-2008-2700
	NOT-FOR-US: Galatolo WebManager
CVE-2008-2699
	NOT-FOR-US: Galatolo WebManager
CVE-2008-2698
	NOT-FOR-US: WEBalbum
CVE-2008-2697
	NOT-FOR-US: joomla extension
CVE-2008-2695
	NOT-FOR-US: phpInv
CVE-2008-2694
	NOT-FOR-US: phpInv
CVE-2008-2693
	NOT-FOR-US: ActiveX control
CVE-2008-2692
	NOT-FOR-US: Joomla!
CVE-2008-2691
	NOT-FOR-US: JiRo's FAQ Manager eXperience
CVE-2008-2690
	NOT-FOR-US: BrowserCRM
CVE-2008-2689
	NOT-FOR-US: BrowserCRM
CVE-2008-2688
	NOT-FOR-US: ASPilot Pilot Cart
CVE-2008-2687
	NOT-FOR-US: ProManager
CVE-2008-2686
	NOT-FOR-US: Flux CMS
CVE-2008-XXXX [insecure tempfile in wdiff]
	- wdiff 0.5-18 (low; bug #425254)
	[etch] - wdiff  <no-dsa> (Minor issue)
CVE-2008-2719
	- nasm 2.03.01-1 (low; bug #486715)
	[etch] - nasm <not-affected> (vulnerable code not present)
CVE-2008-2712
	{DSA-1733-1 DTSA-143-1}
	- vim 1:7.1.314-3 (low; bug #486502)
CVE-2008-2696
	- exiv2 0.17-1 (low; bug #486328)
	[etch] - exiv2 <no-dsa> (Minor issue)
	NOTE: http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
CVE-2008-2713
	{DSA-1616-2 DTSA-138-1}
	- clamav 0.93.1.dfsg-1.1 (low; bug #490925)
CVE-2008-2711
	- fetchmail 6.3.9~rc2-1 (unimportant)
	[etch] - fetchmail 6.3.6-1etch3
	NOTE: http://www.openwall.com/lists/oss-security/2008/06/13/1
	NOTE: -vv is only used for debugging purposes so this does not
	NOTE: prevent a victim from getting mails. -vv is not used in non-interactive
	NOTE: use.
CVE-2008-2720
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2721
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2722
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2723
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2724
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2717
	{DSA-1596-1}
	- typo3-src 4.1.7-1 (bug #485814)
CVE-2008-2685
	NOT-FOR-US: Battle Blog
CVE-2008-2684
	NOT-FOR-US: Black Ice Barcode
CVE-2008-2683
	NOT-FOR-US: Black Ice Barcode
CVE-2008-2682
	NOT-FOR-US: Realm CMS
CVE-2008-2681
	NOT-FOR-US: Realm CMS
CVE-2008-2680
	NOT-FOR-US: Realm CMS
CVE-2008-2679
	NOT-FOR-US: Realm CMS
CVE-2008-2678
	NOT-FOR-US: Telephone Directory 2008
CVE-2008-2677
	NOT-FOR-US: Telephone Directory 2008
CVE-2008-2676
	NOT-FOR-US: com_news_portal component for Joomla!
CVE-2008-2675
	NOT-FOR-US: PHP Image Gallery
CVE-2008-2674
	NOT-FOR-US: Interstage Management Console
CVE-2008-2673
	NOT-FOR-US: pNews
CVE-2008-2672
	- ewiki <removed> (unimportant)
	NOTE: register_globals is not supported
CVE-2008-2671
	NOT-FOR-US: DCFM Blog
CVE-2008-2670
	NOT-FOR-US: Insanely Simple Blog
CVE-2008-2669
	NOT-FOR-US: yBlog
CVE-2008-2668
	NOT-FOR-US: yBlog
CVE-2008-2666
	- php5 <removed> (unimportant)
	NOTE: safe mode not supported
CVE-2008-2665
	- php5 5.2.6.dfsg.1-3 (unimportant)
	NOTE: safe mode not supported
CVE-2008-2664
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2663
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2662
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2661
	RESERVED
CVE-2008-2660
	RESERVED
CVE-2008-2659
	RESERVED
CVE-2008-2658
	RESERVED
CVE-2008-2657
	RESERVED
CVE-2008-2656
	RESERVED
CVE-2008-2655
	RESERVED
CVE-2008-2653
	RESERVED
CVE-2008-2652
	NOT-FOR-US: SMEWeb
CVE-2008-2651
	NOT-FOR-US: com_joobb component for Joomla!
CVE-2008-2650
	NOT-FOR-US: CMSimple
CVE-2008-2649
	NOT-FOR-US: DesktopOnNet
CVE-2008-2648
	NOT-FOR-US: meBiblio
CVE-2008-2647
	NOT-FOR-US: meBiblio
CVE-2008-2646
	NOT-FOR-US: meBiblio
CVE-2008-2645
	NOT-FOR-US: Brim
CVE-2008-2644
	NOT-FOR-US: SMEWeb
CVE-2008-2643
	NOT-FOR-US: com_biblestudy component for Joomla!
CVE-2008-2642
	NOT-FOR-US: OtomiGenX
CVE-2008-2641
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2008-2640
	NOT-FOR-US: Adobe Flex
CVE-2008-2639
	NOT-FOR-US: Citect CitectSCADA
CVE-2008-2638
	NOT-FOR-US: 1Book
CVE-2008-2637
	NOT-FOR-US: F5 FirePass SSL VPN
CVE-2008-2636
	NOT-FOR-US: Cisco firmware
CVE-2008-2635
	NOT-FOR-US: BitKinex
CVE-2008-2634
	NOT-FOR-US: I-Pos Internet Pay Online Store
CVE-2008-2633
	NOT-FOR-US: com_joomradio component for Joomla!
CVE-2008-2632
	NOT-FOR-US: com_acctexp component for Joomla!
CVE-2008-2631
	NOT-FOR-US: MDaemon
CVE-2008-2630
	NOT-FOR-US: com_jb2 component for Joomla!
CVE-2008-2629
	NOT-FOR-US: LifeType module for Drupal
CVE-2008-2628
	NOT-FOR-US: com_equotes component for Joomla!
CVE-2008-2627
	NOT-FOR-US: com_idoblog for Joomla!
CVE-2008-2626
	NOT-FOR-US: Battle Blog
CVE-2008-2625
	NOT-FOR-US: Oracle
CVE-2008-2624
	NOT-FOR-US: Oracle
CVE-2008-2623
	NOT-FOR-US: Oracle Application Server
CVE-2008-2622
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2621
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2620
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2619
	NOT-FOR-US: Oracle
CVE-2008-2618
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2617
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2616
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2615
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2614
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2613
	NOT-FOR-US: Oracle database
CVE-2008-2612
	NOT-FOR-US: Oracle database
CVE-2008-2611
	NOT-FOR-US: Oracle database
CVE-2008-2610
	NOT-FOR-US: Oracle database
CVE-2008-2609
	NOT-FOR-US: Oracle database
CVE-2008-2608
	NOT-FOR-US: Oracle database
CVE-2008-2607
	NOT-FOR-US: Oracle database
CVE-2008-2606
	NOT-FOR-US: Oracle database
CVE-2008-2605
	NOT-FOR-US: Oracle database
CVE-2008-2604
	NOT-FOR-US: Oracle database
CVE-2008-2603
	NOT-FOR-US: Oracle database
CVE-2008-2602
	NOT-FOR-US: Oracle database
CVE-2008-2601
	NOT-FOR-US: Oracle database
CVE-2008-2600
	NOT-FOR-US: Oracle database
CVE-2008-2599
	NOT-FOR-US: Oracle database
CVE-2008-2598
	NOT-FOR-US: Oracle database
CVE-2008-2597
	NOT-FOR-US: Oracle database
CVE-2008-2596
	NOT-FOR-US: Oracle database
CVE-2008-2595
	NOT-FOR-US: Oracle database
CVE-2008-2594
	NOT-FOR-US: Oracle database
CVE-2008-2593
	NOT-FOR-US: Oracle database
CVE-2008-2592
	NOT-FOR-US: Oracle database
CVE-2008-2591
	NOT-FOR-US: Oracle database
CVE-2008-2590
	NOT-FOR-US: Oracle database
CVE-2008-2589
	NOT-FOR-US: Oracle database
CVE-2008-2588
	NOT-FOR-US: Oracle
CVE-2008-2587
	NOT-FOR-US: Oracle database
CVE-2008-2586
	NOT-FOR-US: Oracle database
CVE-2008-2585
	NOT-FOR-US: Oracle database
CVE-2008-2584
	REJECTED
CVE-2008-2583
	NOT-FOR-US: Oracle database
CVE-2008-2582
	NOT-FOR-US: BEA Product Suite
CVE-2008-2581
	NOT-FOR-US: BEA Product Suite
CVE-2008-2580
	NOT-FOR-US: BEA Product Suite
CVE-2008-2579
	NOT-FOR-US: BEA Product Suite
CVE-2008-2578
	NOT-FOR-US: BEA Product Suite
CVE-2008-2577
	NOT-FOR-US: BEA Product Suite
CVE-2008-2576
	NOT-FOR-US: BEA Product Suite
CVE-2008-2574
	NOT-FOR-US: FlashBlog
CVE-2008-2573
	NOT-FOR-US: freeSSHd
CVE-2008-2572
	NOT-FOR-US: FlashBlog
CVE-2008-2571
	- limesurvey <itp> (bug #472802)
CVE-2008-2570
	- limesurvey <itp> (bug #472802)
CVE-2008-2569
	NOT-FOR-US: com_easybook component for Joomla!
CVE-2008-2568
	NOT-FOR-US: com_simpleshop component for Joomla!
CVE-2008-2567
	NOT-FOR-US: Fenriru Sleipnir
CVE-2008-2566
	NOT-FOR-US: PHP Address Book
CVE-2008-2565
	NOT-FOR-US: PHP Address Book
CVE-2008-2564
	NOT-FOR-US: com_jotloader component for Joomla!
CVE-2008-2563
	NOT-FOR-US: SamTodo
CVE-2008-2562
	NOT-FOR-US: PowerPhlogger
CVE-2008-2561
	NOT-FOR-US: 427BB
CVE-2008-2560
	NOT-FOR-US: 427BB
CVE-2008-2654
	- motion 3.2.9-3 (low; bug #484572)
	[etch] - motion <no-dsa> (minor issue)
CVE-2008-2667
	{DSA-1688-1}
	- courier-authlib 0.60.1-2.1 (bug #485424)
CVE-2008-XXXX [missing sanity checks allow DoS via mis-formated timestamp]
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
CVE-2008-2559
	NOT-FOR-US: Borland Interbase
CVE-2008-2558
	NOT-FOR-US: CRE Loaded
CVE-2008-2557
	NOT-FOR-US: CRE Loaded
CVE-2008-2556
	NOT-FOR-US: PHP Visit Counter
CVE-2008-2555
	NOT-FOR-US: EasyWay CMS
CVE-2008-2554
	NOT-FOR-US: BP Blog
CVE-2008-2553
	{DSA-1633-1}
	- slash 2.2.6-8etch1 (low; bug #484499)
	NOTE: See CVE-2008-2231
	NOTE: maintainer wants to remove package from unstable and move to experimental
CVE-2008-2552
	NOT-FOR-US: Sun Solaris
CVE-2008-2551
	NOT-FOR-US: DownloaderActiveX Control
CVE-2008-2550
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-2549
	NOT-FOR-US: Acrobat Reader
CVE-2008-2548
	NOT-FOR-US: JPEG thumbprint component in the EXIF parser on Motorola cell phones
CVE-2008-2547
	NOT-FOR-US: Microsoft Windows Installer
CVE-2008-2546
	REJECTED
CVE-2008-2545
	NOT-FOR-US: Skype
CVE-2008-2544
	RESERVED
	- linux <unfixed> (unimportant)
	NOTE: non-issue, cf. https://bugzilla.redhat.com/show_bug.cgi?id=449089#c22
CVE-2008-2543
	- asterisk-addons 1.4.7-1 (bug #484796)
CVE-2008-2542
	NOT-FOR-US: NASA Ames Research Center BigView
CVE-2008-2541
	NOT-FOR-US: CA eTrust
CVE-2008-2540
	NOT-FOR-US: Apple Safari
CVE-2008-2539
	NOT-FOR-US: Sun Solaris 8
CVE-2008-2538
	NOT-FOR-US: Sun Solaris 8
CVE-2008-2537
	NOT-FOR-US: HispaH Model Search
CVE-2008-2536
	NOT-FOR-US: YABSoft Advanced Image
CVE-2008-2535
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2534
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2533
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2532
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-2531
	NOT-FOR-US: Build A Niche Store
CVE-2008-2530
	NOT-FOR-US: Concepts & Solutions QuickUpCMS
CVE-2008-2529
	NOT-FOR-US: Advanced Links Management
CVE-2008-2528
	NOT-FOR-US: Citrix Access Gateway Standard Edition
CVE-2008-2527
	NOT-FOR-US: ActualScripts ActualAnalyzer Server
CVE-2008-2526
	NOT-FOR-US: WT Gallery
CVE-2008-2525
	NOT-FOR-US: typo3 extension Event Database
CVE-2008-2524
	NOT-FOR-US: BlogPHP
CVE-2008-2523
	NOT-FOR-US: RakNet
CVE-2008-2522
	NOT-FOR-US: Battle.net Clan Script
CVE-2008-2521
	NOT-FOR-US: YABSoft Mega File
CVE-2008-2520
	NOT-FOR-US: BigACE
CVE-2008-2519
	NOT-FOR-US: Core FTP client
CVE-2008-2518
	NOT-FOR-US: Sun Java System Web Server
CVE-2008-2517
	NOT-FOR-US: SaraB
CVE-2008-2515
	NOT-FOR-US: IBM AIX
CVE-2008-2514
	NOT-FOR-US: IBM AIX
CVE-2008-2513
	NOT-FOR-US: IBM AIX
CVE-2008-2512
	NOT-FOR-US: Symantec Backup Exec System Recovery Manager
CVE-2008-2511
	NOT-FOR-US: CA Internet Security Suite
CVE-2008-2510
	NOT-FOR-US: Upload File plugin for WordPress
CVE-2008-2509
	NOT-FOR-US: Excuse Online
CVE-2008-2508
	NOT-FOR-US: Tr Script News
CVE-2008-2507
	NOT-FOR-US: Brown Bear Software Calcium
CVE-2008-2506
	NOT-FOR-US: Simpel Side Weblosning
CVE-2008-2505
	NOT-FOR-US: Simpel Side Weblosning
CVE-2008-2504
	NOT-FOR-US: Simpel Side Netbutik
CVE-2008-2503
	NOT-FOR-US: eMule X-Ray
CVE-2008-2502
	NOT-FOR-US: eMule X-Ray
CVE-2008-2501
	NOT-FOR-US: PHPhotoalbum
CVE-2008-2500
	NOT-FOR-US: MOStlyContent Editor
CVE-2008-2499
	NOT-FOR-US: Community Services Multiplexer
CVE-2008-2498
	NOT-FOR-US: Mambo
CVE-2008-2497
	NOT-FOR-US: Mambo
CVE-2008-2496
	NOT-FOR-US: Quate CMS
CVE-2008-2495
	NOT-FOR-US: Zina
CVE-2008-2494
	NOT-FOR-US: Zina
CVE-2008-2493
	NOT-FOR-US: Campus Bulletin Board
CVE-2008-2492
	NOT-FOR-US: Campus Bulletin Board
CVE-2008-2491
	NOT-FOR-US: AbleSpace
CVE-2008-2490
	NOT-FOR-US: KJ Image Lightbox 2
CVE-2008-2489
	NOT-FOR-US: Library for Frontend Plugins sg_zfelib
CVE-2008-2488
	NOT-FOR-US: RoomPHPlanning
CVE-2008-2487
	NOT-FOR-US: MAXSITE
CVE-2008-2486
	- amule <not-affected> (Different code)
CVE-2008-2485
	NOT-FOR-US: PCPIN chat
CVE-2008-2484
	NOT-FOR-US: Xomol CMS
CVE-2008-2483
	NOT-FOR-US: Xomol CMS
CVE-2008-2482
	NOT-FOR-US: OneCMS
CVE-2008-2481
	NOT-FOR-US: phpRaider
CVE-2008-2480
	NOT-FOR-US: plusPHP
CVE-2008-2479
	NOT-FOR-US: phpFix
CVE-2008-2478
	NOT-FOR-US: cPanel
CVE-2008-2477
	NOT-FOR-US: MxBB (MX-System)
CVE-2008-2476
	- kfreebsd-7 7.0-6
	NOTE: IPv6 NDP flaw not affecting Linux
CVE-2008-2475
	NOT-FOR-US: eBay Enhanced Picture Uploader ActiveX control
CVE-2008-2474
	NOT-FOR-US: ABB Process Communication Unit
CVE-2008-2473
	RESERVED
CVE-2008-2472
	RESERVED
CVE-2008-2471
	RESERVED
CVE-2008-2470
	NOT-FOR-US: InstallShield
CVE-2008-2469
	{DSA-1659-1 DTSA-172-1}
	- libspf2 1.2.9-1 (high)
CVE-2008-2468
	NOT-FOR-US: LANDesk Management Suite
CVE-2008-2467
	RESERVED
CVE-2008-2466
	RESERVED
CVE-2008-2465
	RESERVED
CVE-2008-2464
	NOT-FOR-US: NetBSD
CVE-2008-2463
	NOT-FOR-US: Microsoft Office Snapshot Viewer ActiveX
CVE-2008-2462
	NOT-FOR-US: Caucho Resin
CVE-2008-2461
	NOT-FOR-US: Netious
CVE-2008-2460
	NOT-FOR-US: vBulletin
CVE-2008-2459
	NOT-FOR-US: EntertainmentScript
CVE-2008-2458
	NOT-FOR-US: Starsgames
CVE-2008-2457
	NOT-FOR-US: PHP-Jokesite
CVE-2008-2456
	NOT-FOR-US: ComicShout
CVE-2008-2455
	NOT-FOR-US: MacGuru BLOG Engine
CVE-2008-2454
	NOT-FOR-US: xsstream-dm
CVE-2008-2453
	NOT-FOR-US: PHP Classifieds Script
CVE-2008-2452
	NOT-FOR-US: Questionaire pbsurvey
CVE-2008-2451
	NOT-FOR-US: Statistics ke_stats
CVE-2008-2450
	NOT-FOR-US: Statistics ke_stats
CVE-2008-2449
	NOT-FOR-US: phpInstantGallery
CVE-2008-2448
	NOT-FOR-US: Meto Forum
CVE-2008-2447
	NOT-FOR-US: Mytipper ZoGo-shop
CVE-2008-2446
	NOT-FOR-US: Web Group Communication Center
CVE-2008-2445
	NOT-FOR-US: Web Group Communication Center
CVE-2008-2444
	NOT-FOR-US: CaLogic Calendars
CVE-2008-2443
	NOT-FOR-US: Real Estate Script
CVE-2008-2442
	RESERVED
CVE-2008-2441
	NOT-FOR-US: Cisco Secure ACS
CVE-2008-2440
	RESERVED
CVE-2008-2439
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2438
	NOT-FOR-US: HP OpenView
CVE-2008-2437
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2436
	NOT-FOR-US: Novell iPrint Client
CVE-2008-2435
	NOT-FOR-US: ActiveX
CVE-2008-2434
	NOT-FOR-US: ActiveX
CVE-2008-2433
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2432
	NOT-FOR-US: Novell iPrint
CVE-2008-2431
	NOT-FOR-US: Novell iPrint
CVE-2008-2430
	{DSA-1819-1 DTSA-148-1}
	- vlc 0.8.6.h-1 (medium; bug #489004)
CVE-2008-2429
	NOT-FOR-US: Calendarix
CVE-2008-2428
	NOT-FOR-US: TorrentTrader
CVE-2008-2427
	NOT-FOR-US: NConvert, GFL SDK, XnView
CVE-2008-2426
	{DSA-1594-1}
	- imlib2 1.4.0-1.1 (medium; bug #483816)
	- imlib <not-affected> (Partly not present / partly fixed)
CVE-2008-2425
	NOT-FOR-US: FicHive
CVE-2008-2422
	NOT-FOR-US: Web Slider
CVE-2008-2421
	NOT-FOR-US: Web GUI in SAP Web Application Server (WAS)
CVE-2008-2419
	NOTE: Mozilla bug 435130, not reproducible by upstream, Debian bug #484484
CVE-2008-2418
	NOT-FOR-US: STREAMS Administrative Driver SUN
CVE-2008-2417
	NOT-FOR-US: Webboard
CVE-2008-2416
	NOT-FOR-US: FicHive
CVE-2008-2415
	NOT-FOR-US: DigitalHive
CVE-2008-2414
	NOT-FOR-US: AN Guestbook
CVE-2008-2413
	NOT-FOR-US: ACGV News
CVE-2008-2412
	NOT-FOR-US: ACGV News
CVE-2008-2411
	NOT-FOR-US: SazCart
CVE-2008-2410
	NOT-FOR-US: Web Server service in IBM Lotus Domino
CVE-2008-2409
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2408
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2407
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2406
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2405
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2404
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2403
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2402
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2401
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2400
	- stunnel4 <not-affected> (Windows specific issue)
CVE-2008-2399
	NOT-FOR-US: FireFTP
CVE-2008-2575
	- cbrpager 0.9.17-1 (low; bug #482853)
	[etch] - cbrpager 0.9.14-3+etch1
	NOTE: Minor issue fixed in 4.0r4 point release
CVE-2008-XXXX [resizing the monitor with xrandr can crash xscreensaver]
	- xscreensaver 5.05-3 (unimportant; bug #482385)
CVE-2008-2516
	- pam-pgsql 0.6.3-2 (medium; bug #481970)
	[etch] - pam-pgsql <not-affected> (Vulnerable code not present)
	NOTE: pam_pgsql is not configured as "sufficient" in Debian default configuration
CVE-2008-2424
	- interchange 5.5.1 (low; bug #482636)
CVE-2008-2423
	- interchange 5.5.1 (low; bug #482636)
CVE-2008-2420
	- stunnel4 3:4.22-1.1 (low; bug #482644)
CVE-2008-2398
	NOT-FOR-US: AppServ Open Project
CVE-2008-2397
	NOT-FOR-US: dotCMS
CVE-2008-2396
	NOT-FOR-US: microSSys
CVE-2008-2395
	NOT-FOR-US: AlkalinePHP
CVE-2008-2394
	NOT-FOR-US: TAGWORX.CMS
CVE-2008-2393
	NOT-FOR-US: EntertainmentScript
CVE-2008-2392
	- wordpress 2.5.1-4 (low; bug #485807)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: Unrestricted file upload vulnerability was introduced in 2.3.0
CVE-2008-2391
	NOT-FOR-US: SubSonic
CVE-2008-2390
	NOT-FOR-US: HP Software Update
CVE-2008-2389
	NOT-FOR-US: opensuse-updater
CVE-2008-2388
	NOT-FOR-US: opensuse-updater
CVE-2008-2387
	RESERVED
CVE-2008-2386
	RESERVED
CVE-2008-2385
	RESERVED
CVE-2008-2384
	- mod-auth-mysql 4.3.9-11 (medium)
CVE-2008-2383
	{DSA-1694-1 DTSA-182-1}
	- xterm 238-2 (medium; bug #510030)
CVE-2008-2382
	- qemu 0.9.1-9
	[etch] - qemu <not-affected> (Tested by maintainer)
	- kvm 72+dfsg-4
	- xen-unstable <not-affected> (Vulnerable code not present)
	- xen-3 <not-affected> (Vulnerable code not present)
CVE-2008-2381
	{DSA-1698-1}
	- gforge 4.7~rc2-7
CVE-2008-2380
	{DSA-1688-1 DTSA-180-1}
	- courier-authlib 0.61.0-1+lenny1
CVE-2008-2379
	{DSA-1682-1}
	- squirrelmail 2:1.4.15-4
CVE-2008-2378
	{DSA-1668-1}
	- hf 0.8-8.1 (medium; bug #504182)
CVE-2008-2377
	- gnutls26 2.4.1-1 (medium)
	- gnutls13 <not-affected> (Problem was introduced in 2.3.5)
CVE-2008-2376
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-2
	- ruby1.8 1.8.7.22-2
	NOTE: http://www.openwall.com/lists/oss-security/2008/07/02/3
CVE-2008-2375
	- vsftpd <not-affected> (debian versions all include the fix)
CVE-2008-2374
	- bluez-libs 3.34 (low)
	[etch] - bluez-libs <no-dsa> (Minor issue)
	- bluez-utils 3.34 (low)
	[etch] - bluez-utils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
CVE-2008-2373
	REJECTED
CVE-2008-2372
	- linux-2.6 2.6.26-1
	[etch] - linux-2.6 <not-affected> (Introduced between 2.6.23 and 2.6.24)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: IMO this is a lack of optimisation, not a security issue? - jmm
	NOTE: 89f5b7da2a6bad2e84670422ab8192382a5aeb9f
CVE-2008-2371
	{DSA-1602-1 DTSA-145-1}
	- pcre3 7.6-2.1 (medium; bug #488919)
CVE-2008-2370
	- tomcat5.5 5.5.26-4 (bug #494504)
CVE-2008-2369
	NOT-FOR-US: Red Hat Network Satellite Server
CVE-2008-2368
	NOT-FOR-US: Red Hat Certificate System
CVE-2008-2367
	NOT-FOR-US: Red Hat Certificate System
CVE-2008-2366
	- openoffice.org <not-affected> (RedHat-specific packaging flaw)
CVE-2008-2365
	- linux-2.6 2.6.17
	NOTE: 5ecfbae093f0c37311e89b29bfc0c9d586eace87 f5b40e363ad6041a96e3da32281d8faa191597b9
	NOTE: f358166a9405e4f1d8e50d8f415c26d95505b6de
CVE-2008-2364
	- apache2 2.2.9-1 (low)
	[etch] - apache2 2.2.3-4+etch6
	- apache <not-affected> (vulnerable code not present)
CVE-2008-2363
	- pan 0.132-3.1 (bug #483562)
	[etch] - pan <not-affected> (Vulnerable code not added until 0.130)
	NOTE: see http://svn.gnome.org/viewvc/pan2/trunk/pan/data/parts.cc?view=log&pathrev=286
CVE-2008-2362
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2361
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2360
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2359
	NOT-FOR-US: system-config-network Fedora
CVE-2008-2358
	{DSA-1592-1}
	- linux-2.6 2.6.20-1
	NOTE: DCCP feature sanitising was introduced in 2.6.20
	NOTE: this version casts sizeof to int. This is a module, not a compiled in feature in Debian
CVE-2008-2357
	{DSA-1587-1}
	- mtr 0.73-1
CVE-2008-2356
	NOT-FOR-US: Archangel Weblog
CVE-2008-2355
	NOT-FOR-US: WR-Meeting
CVE-2008-2354
	NOT-FOR-US: testMaker
CVE-2008-2353
	NOT-FOR-US: GNU/Gallery
CVE-2008-2352
	NOT-FOR-US: Smeego
CVE-2008-2351
	NOT-FOR-US: WebManager-Pro
CVE-2008-2350
	NOT-FOR-US: bcoos
CVE-2008-2349
	NOT-FOR-US: Zomplog
CVE-2008-2348
	NOT-FOR-US: MeltingIce File System
CVE-2008-2347
	NOT-FOR-US: MyPicGallery
CVE-2008-2346
	NOT-FOR-US: AlkalinePHP
CVE-2008-2345
	NOT-FOR-US: air_filemanager extension for typo3
CVE-2008-2344
	NOT-FOR-US: air_filemanager extension for typo3
CVE-2008-2343
	NOT-FOR-US: News Manager
CVE-2008-2342
	NOT-FOR-US: News Manager
CVE-2008-2341
	NOT-FOR-US: News Manager
CVE-2008-2340
	NOT-FOR-US: News Manager
CVE-2008-2339
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2008-2338
	NOT-FOR-US: Interspire ActiveKB
CVE-2008-2337
	NOT-FOR-US: IMGallery
CVE-2008-2336
	NOT-FOR-US: 68 Classifieds
CVE-2008-2335
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2008-2334
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-2333
	NOT-FOR-US: Barracuda
CVE-2008-2332
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2331
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2330
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2329
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2328
	RESERVED
CVE-2008-2327
	{DSA-1632-1 DTSA-160-1}
	- tiff 3.8.2-11 (medium)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2008-2326
	NOT-FOR-US: Apple Bonjour for Windows
CVE-2008-2325
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2324
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2323
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2322
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2321
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2320
	NOT-FOR-US: Apple Mac OS X
	NOTE: the original apple advisory (HT3613) is completely different from the current CVE
	NOTE: description. it claims that this is a webkit issue, which is completely wrong
CVE-2008-2319
	RESERVED
CVE-2008-2318
	NOT-FOR-US: Apple Xcode
CVE-2008-2317
	NOT-FOR-US: Safari
CVE-2008-2316
	{DSA-1977-1 DTSA-157-1}
	- python2.5 2.5.2-11 (low; bug #493797)
	- python2.4 <not-affected> (hashlib module introduced in python2.5)
CVE-2008-2315
	{DSA-1667-1 DTSA-157-1}
	- python2.5 2.5.2-10
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.4 2.4.5-5
CVE-2008-2314
	NOT-FOR-US: Mac OS X
CVE-2008-2313
	NOT-FOR-US: Mac OS X
CVE-2008-2312
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2311
	NOT-FOR-US: Mac OS X
CVE-2008-2310
	- binutils 2.18.1~cvs20080103-1 (low)
	[etch] - binutils <no-dsa> (Minor issue)
CVE-2008-2309
	NOT-FOR-US: CoreTypes in Apple Mac OS X
CVE-2008-2308
	NOT-FOR-US: Alias Manager in Apple Mac OS X
CVE-2008-2307
	- webkit 1.0.1-1
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/34204
CVE-2008-2306
	NOT-FOR-US: Windows issue
CVE-2008-2305
	NOT-FOR-US: Apple Type Services (ATS)
CVE-2008-2304
	NOT-FOR-US: Apple Core Image Fun House
CVE-2008-2303
	NOT-FOR-US: Safari
CVE-2008-2301
	NOT-FOR-US: Kostenloses Linkmanagementscript
CVE-2008-2300
	NOT-FOR-US: Citrix Software
CVE-2008-2299
	NOT-FOR-US: Citrix Software
CVE-2008-2298
	NOT-FOR-US: Web Slider
CVE-2008-2297
	NOT-FOR-US: Rantx
CVE-2008-2296
	NOT-FOR-US: Rgboard
CVE-2008-2295
	NOT-FOR-US: Rgboard
CVE-2008-2294
	NOT-FOR-US: Pet Grooming Management System
CVE-2008-2293
	NOT-FOR-US: Multi-Page Comment System
CVE-2008-2292
	{DSA-1663-1 DTSA-134-1}
	- net-snmp 5.4.1~dfsg-8 (medium; bug #482333)
CVE-2008-2291
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2290
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2289
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2288
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2287
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2286
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2285
	{DSA-1576-1}
	- openssh 1:4.7p1-10
CVE-2008-2284
	NOT-FOR-US: Fusebox
CVE-2008-2283
	NOT-FOR-US: IDAutomation
CVE-2008-2282
	NOT-FOR-US: Internet Photoshow
CVE-2008-2281
	NOT-FOR-US: Internet Explorer
CVE-2008-2280
	NOT-FOR-US: PHP PicEngine
CVE-2008-2279
	NOT-FOR-US: Freelance Auction Script
CVE-2008-2278
	NOT-FOR-US: Freelance Auction Script
CVE-2008-2277
	NOT-FOR-US: Feedback and Rating Script
CVE-2008-2275
	NOT-FOR-US: sr_feuser_register extension for TYPO3
CVE-2008-2274
	NOT-FOR-US: sr_feuser_register extension for TYPO3
CVE-2008-2273
	NOT-FOR-US: TACACS authentication component in Aruba Mobility Controller
CVE-2008-2272
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-2271
	NOT-FOR-US: Site Documentation Drupal module
CVE-2008-2270
	NOT-FOR-US: PHPWAY Linkmanagementscript
CVE-2008-2269
	NOT-FOR-US: GasTracker
CVE-2008-2268
	NOT-FOR-US: Mjguest
CVE-2008-2267
	NOT-FOR-US: Postlet
CVE-2008-2265
	NOT-FOR-US: EMO Realty Manager
CVE-2008-2264
	NOT-FOR-US: CyrixMED
CVE-2008-2263
	NOT-FOR-US: Automated Link Exchange Portal
CVE-2008-2262
	REJECTED
CVE-2008-2261
	REJECTED
CVE-2008-2260
	REJECTED
CVE-2008-2259
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2258
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2257
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2256
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2255
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2254
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2253
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-2252
	NOT-FOR-US: Microsoft
CVE-2008-2251
	NOT-FOR-US: Microsoft
CVE-2008-2250
	NOT-FOR-US: Microsoft
CVE-2008-2249
	NOT-FOR-US: Microsoft Windows
CVE-2008-2248
	NOT-FOR-US: Exchange Server
CVE-2008-2247
	NOT-FOR-US: Exchange Server
CVE-2008-2246
	NOT-FOR-US: Microsoft Windows Vista
CVE-2008-2245
	NOT-FOR-US: Microsoft Windows Image Color Management System (MSCMS)
CVE-2008-2244
	NOT-FOR-US: Microsoft Office Word
CVE-2008-2243
	REJECTED
CVE-2008-2242
	NOT-FOR-US: CA BrightStor ARCServe Backup
CVE-2008-2241
	NOT-FOR-US: CA BrightStor ARCServe Backup
CVE-2008-2240
	NOT-FOR-US: IBM Lotus Domino
CVE-2008-2239
	RESERVED
CVE-2008-2238
	{DSA-1661-1}
	- openoffice.org 1:2.4.1-12
CVE-2008-2237
	{DSA-1661-1}
	- openoffice.org 1:2.4.1-12
CVE-2008-2236
	- blosxom 2.1.2-1 (low; bug #500873)
	[etch] - blosxom 2.0-14+etch1 (low; bug #500873)
CVE-2008-2235
	{DSA-1627-2}
	- opensc 0.11.4-4
	NOTE: https://web.archive.org/web/20081222095654/http://www.opensc-project.org/security.html
CVE-2008-2234
	- openwsman <itp> (bug #754501)
CVE-2008-2233
	- openwsman <itp> (bug #754501)
CVE-2008-2232
	{DSA-1611-1 DTSA-149-1}
	- afuse 0.2-3 (bug #490921; medium)
CVE-2008-2231
	{DSA-1633-1}
	- slash <removed> (medium; bug #484499)
	NOTE: See CVE-2008-2553
	NOTE: maintainer wants to remove package from unstable and move to experimental
CVE-2008-2230
	- reportbug 3.41 (low; bug #484311)
	- reportbug-ng 0.2008.03.28 (low; bug #484474)
	[etch] - reportbug <no-dsa> (Unlikely attack scenario)
CVE-2008-2229
	RESERVED
CVE-2008-2228
	NOT-FOR-US: Cyberfolio
CVE-2008-2227
	NOT-FOR-US: PHP-Fusion
CVE-2008-2226
	NOT-FOR-US: OpenKM
CVE-2008-2225
	NOT-FOR-US: gameCMS
CVE-2008-2224
	NOT-FOR-US: SazCart
CVE-2008-2223
	NOT-FOR-US: vShare YouTube Clone
CVE-2008-2222
	NOT-FOR-US: EQdkp
CVE-2008-2221
	NOT-FOR-US: IBM WebSphere
CVE-2008-2220
	NOT-FOR-US: Interact Learning Community Environment
CVE-2008-2219
	NOT-FOR-US: C-News.fr
CVE-2008-2218
	NOT-FOR-US: Nortel Multimedia
CVE-2008-2217
	NOT-FOR-US: CMS Phprojekt
CVE-2008-2216
	NOT-FOR-US: PBCS
CVE-2008-2215
	NOT-FOR-US: PBCS
CVE-2008-2214
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2008-2213
	NOT-FOR-US: Maian Links
CVE-2008-2212
	NOT-FOR-US: Maian Cart
CVE-2008-2211
	NOT-FOR-US: Maian Guestbook
CVE-2008-2210
	NOT-FOR-US: Maian Support
CVE-2008-2209
	NOT-FOR-US: Maian Greeting
CVE-2008-2208
	NOT-FOR-US: Maian Greeting
CVE-2008-2207
	NOT-FOR-US: Maian Gallery
CVE-2008-2206
	NOT-FOR-US: Maian Music
CVE-2008-2205
	NOT-FOR-US: Maian Music
CVE-2008-2204
	NOT-FOR-US: Maian Search
CVE-2008-2203
	NOT-FOR-US: Maian Search
CVE-2008-2202
	NOT-FOR-US: Maian Uploader
CVE-2008-2201
	NOT-FOR-US: Maian Recipe
CVE-2008-2200
	NOT-FOR-US: Maian Weblog
CVE-2008-2199
	NOT-FOR-US: Kmita Mail
CVE-2008-2198
	NOT-FOR-US: Kmita Tellfriend
CVE-2008-2197
	NOT-FOR-US: Miniweb
CVE-2008-2196
	NOT-FOR-US: LifeType
CVE-2008-2195
	NOT-FOR-US: DeluxeBB
CVE-2008-2194
	NOT-FOR-US: DeluxeBB
CVE-2008-2193
	NOT-FOR-US: ScorpNews
CVE-2008-2192
	NOT-FOR-US: itcms
CVE-2008-2191
	NOT-FOR-US: pnEncyclopedia
CVE-2008-2190
	NOT-FOR-US: Online Rental Property Script
CVE-2008-2189
	NOT-FOR-US: Online AnServ Auction XL
CVE-2008-2188
	NOT-FOR-US: EJ3 BlackBook
CVE-2008-2187
	NOT-FOR-US: Mjguest
CVE-2008-2186
	NOT-FOR-US: Chilek CMS
CVE-2008-2185
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2184
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2183
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2182
	NOT-FOR-US: powermail extension for TYPO3
CVE-2008-2181
	NOT-FOR-US: cpLinks
CVE-2008-2180
	NOT-FOR-US: cpLinks
CVE-2008-2179
	NOT-FOR-US: SysAid
CVE-2008-2178
	NOT-FOR-US: LifeType
CVE-2008-2177
	NOT-FOR-US: phpDirectorySource
CVE-2008-2176
	NOT-FOR-US: Zomplog
CVE-2008-2175
	NOT-FOR-US: Gamma Scripts BlogMe PHP
CVE-2008-2174
	NOT-FOR-US: Animal Shelter Manager
CVE-2008-2173
	NOT-FOR-US: Yamaha routers
CVE-2008-2172
	NOT-FOR-US: Hitachi GR routers
CVE-2008-2171
	NOT-FOR-US: AlaxalA AX routers
CVE-2008-2170
	NOT-FOR-US: Century routers
CVE-2008-2169
	NOT-FOR-US: Avici routers
CVE-2008-2168
	- apache2 2.2.8-1 (low)
	[etch] - apache2 2.2.3-4+etch4 (low)
	NOTE: This is really a browser issue. Recent apache versions add a workaround.
CVE-2008-2167
	NOT-FOR-US: ZyXEL ZyWALL
CVE-2008-2166
	NOT-FOR-US: Sun Java System
CVE-2008-2165
	NOT-FOR-US: Cisco Building Broadband Service Manager (BBSM) Captive Portal
CVE-2008-2164
	RESERVED
CVE-2008-2163
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-2276
	- mantis 1.0.8-4.1 (bug #481504)
CVE-2008-2266
	- uudeview 0.5.20-3.1 (low; bug #480972)
	[etch] - uudeview <no-dsa> (Minor issue)
	- libconvert-uulib-perl <not-affected> (Code patched by libconver-uulib upstream to use mkstemp)
	- pan <not-affected> (Code patched to use g_mkstemp)
	NOTE: See CVE-2004-2265, where the problem occured as well
CVE-2008-2302
	- python-django 0.96.2-1 (bug #481164; low)
	[etch] - python-django 0.95.1-1etch1
	NOTE: Minor issue fixed in 4.0r4 point release
CVE-2008-2162
	NOT-FOR-US: SonicWall Email Security
CVE-2008-2161
	NOT-FOR-US: TFTP Server SP 1.4 and 1.5 on Windows
CVE-2008-2160
	NOT-FOR-US: Microsoft Windows CE 5.0
CVE-2008-2159
	NOT-FOR-US: Microsoft Internet Explorer 7
CVE-2008-2158
	NOT-FOR-US: AlphaStor
CVE-2008-2157
	NOT-FOR-US: AlphaStor
CVE-2008-2156
	RESERVED
CVE-2008-2155
	RESERVED
CVE-2008-2154
	NOT-FOR-US: IBM DB2
CVE-2008-2153
	RESERVED
CVE-2008-2152
	- openoffice.org <not-affected> (openoffice in Debian does not use the custom allocations but g/malloc)
	NOTE: see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using
	NOTE: --with-alloc=system which causes the build scripts to use the system allocators instead of the
	NOTE: custom ones
CVE-2008-2151
	RESERVED
CVE-2008-2150
	RESERVED
CVE-2008-2149
	{DSA-1634-1}
	- wordnet 1:3.0-10 (bug #481186)
	NOTE: wordnet can be used as a backend to web applications
CVE-2008-2148
	- linux-2.6 2.6.25-3 (bug #481195)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: utimensat() was introduced in 2.6.22 and sched_slice() in 2.6.24
CVE-2008-2145
	NOT-FOR-US: Novell Client 4.91 SP4
CVE-2008-2144
	NOT-FOR-US: Solaris print service
CVE-2008-2143
	NOT-FOR-US: Microsoft Outlook Web Access (OWA)
CVE-2008-2141
	RESERVED
CVE-2008-2140
	NOT-FOR-US: rpath Appliance Platform Agent
CVE-2008-2139
	NOT-FOR-US: rpath Appliance Platform Agent
CVE-2008-2138
	NOT-FOR-US: Oracle Application Server (OracleAS) Portal 10g
CVE-2008-2137
	{DSA-1588-1}
	- linux-2.6 2.6.25-3
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: Upstream commit: 5816339310b2d9623cf413d33e538b45e815da5d, part of 2.6.25.3
CVE-2008-2136
	{DSA-1588-1}
	- linux-2.6 2.6.25-3
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: Upstream commit: 36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02, part of 2.6.25.3
CVE-2008-2135
	NOT-FOR-US: VisualShapers ezContents
CVE-2008-2134
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2008-2133
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2008-2132
	NOT-FOR-US: Systementor PostcardMentor
CVE-2008-2131
	NOT-FOR-US: mvnForum
CVE-2008-2130
	NOT-FOR-US: iGaming
CVE-2008-2129
	NOT-FOR-US: Galleristic
CVE-2008-2128
	NOT-FOR-US: Faethon
CVE-2008-2127
	NOT-FOR-US: Faethon
CVE-2008-2126
	NOT-FOR-US: Tux CMS
CVE-2008-2125
	NOT-FOR-US: Musicbox
CVE-2008-2124
	NOT-FOR-US: fipsASP
CVE-2008-2123
	NOT-FOR-US: WGate
CVE-2008-2122
	NOT-FOR-US: IBM Rational Build Forge
CVE-2008-2121
	NOT-FOR-US: Sun Solaris
CVE-2008-2120
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2119
	- asterisk 1.4
	NOTE: http://downloads.digium.com/pub/security/AST-2008-008.html
CVE-2008-2118
	NOT-FOR-US: Project Alumni
CVE-2008-2117
	NOT-FOR-US: Project Alumni
CVE-2008-2116
	NOT-FOR-US: ScriptsEZ.net Power Editor
CVE-2008-2115
	NOT-FOR-US: ScriptsEZ.net Power Editor
CVE-2008-2114
	NOT-FOR-US: Pre Shopping Mall
CVE-2008-2113
	NOT-FOR-US: PHPEasyData
CVE-2008-2142
	- emacs22 22.2+2-3 (low; bug #480885)
	- xemacs21-packages 2009.02.17-1 (low; bug #480886)
	[etch] - xemacs21-packages <no-dsa> (Minor issue)
	[lenny] - xemacs21-packages <no-dsa> (Minor issue)
	[etch] - xemacs21 <no-dsa> (Minor issue)
	[lenny] - xemacs21 <no-dsa> (Minor issue)
	- emacs21 21.4a+1-5.5 (low; bug #480877)
	[etch] - emacs21 <no-dsa> (Minor issue)
CVE-2008-2147
	{DSA-1819-1 DTSA-132-1}
	- vlc 0.8.6.e-2.2 (low; bug #480724)
	NOTE: https://trac.videolan.org/vlc/ticket/1578
	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
CVE-2008-6339
	REJECTED
CVE-2008-2112
	NOT-FOR-US: Sun Ray Kiosk Mode
CVE-2008-2111
	NOT-FOR-US: Yahoo Assistant
CVE-2008-2110
	NOT-FOR-US: QTOFileManager
CVE-2008-2109
	- libid3tag 0.15.1b-8 (low; bug #480187)
	[etch] - libid3tag <no-dsa> (Minor issue)
	NOTE: totally different approach to fix the bug, see Kurts comments in the bug report
CVE-2008-2108
	{DSA-1789-1}
	- php5 5.2.2-1 (low)
	NOTE: http://web.archive.org/web/20120118120046/http://www.sektioneins.de/advisories/SE-2008-02.txt
CVE-2008-2107
	{DSA-1789-1}
	- php5 5.2.2-1 (low)
	NOTE: closely related to CVE-2008-2108
CVE-2008-2106
	NOT-FOR-US: Call of Duty
CVE-2008-2105
	- bugzilla 3.0.4-1 (low)
	[etch] - bugzilla <not-affected> (vulnerable code introduced in 2.23.4)
CVE-2008-2104
	- bugzilla <not-affected> (regression introduced in 3.1.3 referring to upstream)
CVE-2008-2103
	- bugzilla 3.0.4-1 (low; bug #480190)
	[etch] - bugzilla <no-dsa> (Minor issue)
CVE-2008-2102
	RESERVED
CVE-2008-2101
	NOT-FOR-US: VMware ESX
CVE-2008-2100
	- vmware-package <removed> (low; bug #485919)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-2099
	- vmware-package <not-affected> (Windows issue according to CVE)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
CVE-2008-2098
	- vmware-package <removed> (low; bug #484491)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-2097
	NOT-FOR-US: Vmware ESX/i
CVE-2008-2096
	NOT-FOR-US: BackLinkSpider
CVE-2008-2095
	NOT-FOR-US: FlippingBook
CVE-2008-2094
	NOT-FOR-US: XOOPS
CVE-2008-2093
	NOT-FOR-US: JOOMLA extra component
CVE-2008-2092
	NOT-FOR-US: Linksys SPA-2102 Phone Adapter
CVE-2008-2091
	NOT-FOR-US: Kubelance
CVE-2008-2090
	NOT-FOR-US: Sun Solaris
CVE-2008-2089
	NOT-FOR-US: Sun Solaris
CVE-2008-2088
	NOT-FOR-US: PHP Forge
CVE-2008-2087
	NOT-FOR-US: Softbiz Web Host Directory Script
CVE-2008-2086
	- openjdk-6 <not-affected> (browser plugin is different code base)
	- sun-java5 <removed>
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-10-1
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2008-2084
	NOT-FOR-US: MyArticles
CVE-2008-2083
	NOT-FOR-US: Prozilla Hosting
CVE-2008-2082
	NOT-FOR-US: Siteman
CVE-2008-2081
	NOT-FOR-US: Siteman
CVE-2008-2080
	NOT-FOR-US: NASA Goddard Space Flight Center Common Data Format (CDF) library
CVE-2008-2079
	{DSA-1608-1 DTSA-150-1}
	- mysql-dfsg-5.0 5.0.51a-10 (low; bug #480292)
CVE-2008-2078
	- robocode 1.6.0~beta2-1 (low)
CVE-2008-2077
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-2076
	NOT-FOR-US: ActualScripts
CVE-2008-2075
	NOT-FOR-US: AstroCam
CVE-2008-2074
	NOT-FOR-US: Harris Yusuf Arifin Harris Wap Chat 1.0
CVE-2008-2073
	NOT-FOR-US: vlbook
CVE-2008-2072
	NOT-FOR-US: vlbook
CVE-2008-2071
	NOT-FOR-US: cPanel
CVE-2008-2070
	NOT-FOR-US: cPanel
CVE-2008-2069
	NOT-FOR-US: Novell GroupWise
CVE-2008-2068
	- wordpress 2.5.1-1
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2008-2067
	NOT-FOR-US: miniBB
CVE-2008-2066
	NOT-FOR-US: miniBB
CVE-2008-2065
	NOT-FOR-US: YourFreeWorld
CVE-2008-2064
	{DSA-1580-1}
	- phpgedview 4.1.e+4.1.5-1
CVE-2008-2063
	NOT-FOR-US: Joovili
CVE-2008-2062
	NOT-FOR-US: Cisco Real-Time Information Server (RIS) Data Collector service
CVE-2008-2061
	NOT-FOR-US: Cisco Computer Telephony Integration (CTI) Manager service
CVE-2008-2060
	NOT-FOR-US: Cisco
CVE-2008-2059
	NOT-FOR-US: Cisco
CVE-2008-2058
	NOT-FOR-US: Cisco
CVE-2008-2057
	NOT-FOR-US: Cisco
CVE-2008-2056
	NOT-FOR-US: Cisco
CVE-2008-2055
	NOT-FOR-US: Cisco
CVE-2008-2054
	NOT-FOR-US: Cisco CiscoWorks Common Services
CVE-2008-2053
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2008-2052
	NOT-FOR-US: Bitrix Site Manager
CVE-2008-2049
	NOT-FOR-US: E-Post Mail Server
CVE-2008-2048
	NOT-FOR-US: Angelo-Emlak
CVE-2008-2047
	NOT-FOR-US: Angelo-Emlak
CVE-2008-2046
	NOT-FOR-US: Softpedia
CVE-2008-2045
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2008-2044
	NOT-FOR-US: netOffice Dwins
CVE-2008-2043
	NOT-FOR-US: cPanel
CVE-2008-2085
	- sip-tester 2.0.1-1.2 (low; bug #479039)
	[etch] - sip-tester <no-dsa> (Minor issue)
CVE-2008-2051
	{DSA-1578-1 DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1
	NOTE: http://www.php.net/ChangeLog-5.php
	NOTE: http://web.archive.org/web/20120524033327/http://www.sektioneins.de/advisories/SE-2008-03.txt
CVE-2008-2050
	{DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1
	NOTE: php4 not affected, the vulnerable code isn't present
	NOTE: http://www.php.net/ChangeLog-5.php
CVE-2008-2042
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-2039
	REJECTED
CVE-2008-2038
	NOT-FOR-US: Tunkey WebTools
CVE-2008-2037
	NOT-FOR-US: EidteurScripts
CVE-2008-2036
	NOT-FOR-US: Koobi Pro
CVE-2008-2035
	NOT-FOR-US: Bluemoon
CVE-2008-2034
	NOT-FOR-US: wordpress Download Monitor 2.0.6 plugin
CVE-2008-2033
	REJECTED
CVE-2008-2032
	NOT-FOR-US: Acritum Femitter Server
CVE-2008-2031
	NOT-FOR-US: VicFTPS
CVE-2008-2030
	NOT-FOR-US: FirePass
CVE-2008-2029
	NOT-FOR-US: miniBB
CVE-2008-2028
	NOT-FOR-US: miniBB
CVE-2008-2027
	NOT-FOR-US: RSA Authentication Agent
CVE-2008-2026
	NOT-FOR-US: RSA Authentication Agent
CVE-2008-2025
	- libstruts1.2-java 1.2.9-3.1 (low; bug #528352)
	[lenny] - libstruts1.2-java <no-dsa> (Minor issue)
CVE-2008-2024
	NOT-FOR-US: miniBB
CVE-2008-2023
	NOT-FOR-US: MegaBBS
CVE-2008-2022
	NOT-FOR-US: MegaBBS
CVE-2008-2021
	NOT-FOR-US: Lhaplus
CVE-2008-2020
	NOT-FOR-US: PHP-Nuke
CVE-2008-2019
	NOT-FOR-US: Simple Machines Forum
CVE-2008-2018
	NOT-FOR-US: PHPizabi
CVE-2008-2017
	NOT-FOR-US: Chilek Content Management System
CVE-2008-2016
	NOT-FOR-US: Chilek Content Management System
CVE-2008-2015
	NOT-FOR-US: WatchFire
CVE-2008-2014
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes / hangs not treated as security issues
CVE-2008-2013
	NOT-FOR-US: pnFlashGames
CVE-2008-2012
	NOT-FOR-US: PostSchedule
CVE-2008-2011
	NOT-FOR-US: National Rail Enquiries Live Departure Boards gadget
CVE-2008-2010
	NOT-FOR-US: Windows
CVE-2008-2009
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-4 (bug #482039)
	[etch] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
	[lenny] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
	NOTE: additional hardening features have already been added to the unstable
	NOTE: packages that would be useful to have in stable, so proposing as spu/ospu
CVE-2008-2008
	NOT-FOR-US: Cerulean Studios Trillian Basic
CVE-2008-2007
	REJECTED
CVE-2008-2006
	NOT-FOR-US: Apple iCal
CVE-2008-2005
	NOT-FOR-US: SuiteLink
CVE-2008-2004
	{DTSA-133-1}
	- qemu 0.9.1-5
	- kvm 66+dfsg-1.1 (bug #481204)
	- xen-3 3.4.0-1 (bug #490409)
	- xen-unstable <removed> (bug #490411)
	- xen-3.0 <removed>
CVE-2008-2003
	NOT-FOR-US: BadBlue
CVE-2008-2002
	NOT-FOR-US: Motorola software
CVE-2008-2001
	NOT-FOR-US: Apple Safari
CVE-2008-2000
	NOT-FOR-US: Apple Safari
CVE-2008-1999
	NOT-FOR-US: Apple Safari
CVE-2008-1998
	NOT-FOR-US: Windows specific
CVE-2008-1997
	NOT-FOR-US: IBM DB2
CVE-2008-1996
	- licq 1.3.5-6 (low; bug #479036)
	[etch] - licq <no-dsa> (Minor issue)
CVE-2008-1995
	NOT-FOR-US: Sun Java System Directory Proxy Server
CVE-2008-1994
	- acon 1.0.5-6.1 (low; bug #475733)
CVE-2008-1993
	NOT-FOR-US: Acidcat
CVE-2008-1992
	NOT-FOR-US: Acidcat
CVE-2008-1991
	NOT-FOR-US: Acidcat
CVE-2008-1990
	NOT-FOR-US: Acidcat
CVE-2008-1989
	NOT-FOR-US: Flash Chat
CVE-2008-1988
	NOT-FOR-US: EncapsGallery
CVE-2008-1987
	NOT-FOR-US: EncapsGallery
CVE-2008-1986
	NOT-FOR-US: PixelMotion
CVE-2008-1985
	NOT-FOR-US: DigitalHive
CVE-2008-1984
	NOT-FOR-US: eTrust
CVE-2008-1983
	NOT-FOR-US: Advanced Electron Forum (AEF)
CVE-2008-1982
	NOT-FOR-US: Wordpress Spreadsheet plugin
CVE-2008-1981
	NOT-FOR-US: e-publish
CVE-2008-1980
	NOT-FOR-US: e-publish
CVE-2008-1979
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-1978
	NOT-FOR-US: Ubercart
CVE-2008-1977
	NOT-FOR-US: Drupal internationalization and localizer module
CVE-2008-1976
	NOT-FOR-US: Drupal internationalization and localizer module
CVE-2008-1975
	NOT-FOR-US: E-RESERV
CVE-2008-1973
	NOT-FOR-US: SubEdit Player
CVE-2008-1972
	NOT-FOR-US: Exponent CMS
CVE-2008-1971
	NOT-FOR-US: phShoutBox
CVE-2008-1970
	NOT-FOR-US: muCommander
CVE-2008-1969
	NOT-FOR-US: Cezanne
CVE-2008-1968
	NOT-FOR-US: Cezanne
CVE-2008-1967
	NOT-FOR-US: Cezanne
CVE-2008-1966
	NOT-FOR-US: Windows specific
CVE-2008-1965
	NOT-FOR-US: Lotus Expeditor
CVE-2008-1964
	- xine-lib <not-affected> (nsf support disabled by maintainer)
	NOTE: xine-lib (1.1.12) uses strndup to allocate the needed memory and limits it to 32 bytes
	NOTE: while copyright is 100 bytes long (+ padding for chunks)
CVE-2008-1963
	NOT-FOR-US: Quate Grape Web Statistics
CVE-2008-1962
	NOT-FOR-US: Aterr
CVE-2008-1961
	NOT-FOR-US: Voice Of Web AllMyGuests
CVE-2008-1960
	NOT-FOR-US: ContRay
CVE-2008-1959
	- sip-tester 2.0.1-1.2 (low; bug #479039)
	[etch] - sip-tester <no-dsa> (Minor issue)
CVE-2008-1958
	NOT-FOR-US: Tr Script News
CVE-2008-1957
	NOT-FOR-US: Tr Script News
CVE-2008-2146
	{DSA-1564-1}
	- wordpress 2.2.3-1
	NOTE: http://trac.wordpress.org/ticket/4748
	NOTE: fixed in DSA-1564-1
CVE-2008-2040
	{DSA-1583-1 DSA-1582-1}
	- peercast 0.1218+svn20080104-1.1 (medium; bug #478573)
	- gnome-peercast <removed>
	NOTE: etch version tested with PoC, affected
CVE-2008-1974
	{DSA-1560-1}
	- kronolith2 2.1.8-1
CVE-2008-1956
	NOT-FOR-US: Wikepage Opus
CVE-2008-1955
	NOT-FOR-US: Martin BOUCHER MyBoard
CVE-2008-1954
	NOT-FOR-US: Web Calendar Pro
CVE-2008-1953
	NOT-FOR-US: Sitedesigner
CVE-2008-1952
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable <not-affected> (Vulnerable code not present, introduced in changeset 17630)
	NOTE: vulnerable code no longer present as of xen 3.4 (xenfb.c has been removed)
CVE-2008-1951
	NOT-FOR-US: Red Hat issue
CVE-2008-1950
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (low)
	- gnutls26 2.2.5-1 (low)
CVE-2008-1949
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (low)
	- gnutls26 2.2.5-1 (low)
CVE-2008-1948
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (medium)
	- gnutls26 2.2.5-1 (medium)
CVE-2008-1947
	{DSA-1593-1}
	- tomcat5.5 5.5.26-3 (low; bug #484643)
	- tomcat5 <removed>
CVE-2008-1946
	- coreutils 5.93-1
CVE-2008-1945
	{DSA-1799-1}
	- qemu 0.9.1-5 (low; bug #526013)
CVE-2008-1944
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable 3.3-unstable+hg17602-1 (medium; bug #487097)
CVE-2008-1943
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable 3.3-unstable+hg17602-1 (medium; bug #487097)
CVE-2008-1942
	NOT-FOR-US: Foxit Reader
CVE-2008-1941
	NOT-FOR-US: Akiva WebBoard
CVE-2008-1940
	- linux-patch-grsecurity2 2.1.11+2.6.24.5+200804211829-1 (bug #478133)
CVE-2008-1939
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-1938
	NOT-FOR-US: Sony firmware
CVE-2008-1937
	- moin 1.6.3-1
	[etch] - moin <not-affected> (1.5.x is not affected)
	NOTE: acl_hierarchic was introduced in 1.6.0
	NOTE: userform processing issue was introduced in 1.6.1
CVE-2008-1936
	NOT-FOR-US: Classifieds Caffe
CVE-2008-1935
	NOT-FOR-US: Filiale
CVE-2008-1934
	NOT-FOR-US: Crazy Goomba
CVE-2008-1933
	NOT-FOR-US: Zune
CVE-2008-1932
	NOT-FOR-US: Realtek HD Audio Codec
CVE-2008-1931
	NOT-FOR-US: Realtek HD Audio Codec
CVE-2008-1929
	RESERVED
CVE-2008-1928
	- libimager-perl 0.64-1
CVE-2008-1926
	{DTSA-126-1}
	- util-linux 2.13.1.1-1 (low; bug #478135)
	[etch] - util-linux <not-affected> (Audit support not available in Etch's version)
CVE-2008-1923
	- asterisk 1:1.4.19.1~dfsg-1 (medium)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-1922
	- sarg 2.2.4-1
CVE-2008-1921
	NOT-FOR-US: 5th Avenue Shopping Cart
CVE-2008-1920
	NOT-FOR-US: ICQ
CVE-2008-1919
	NOT-FOR-US: YourFreeWorld Apartment Search Script
CVE-2008-1918
	NOT-FOR-US: PHP-Fusion
CVE-2008-1917
	NOT-FOR-US: AMFPHP
CVE-2008-1916
	NOT-FOR-US: Ubercart (drupal module)
CVE-2008-1915
	NOT-FOR-US: BlogWorx
CVE-2008-1930
	- wordpress 2.5.1-1 (medium; bug #477910)
	NOTE: only exploitable in blogs that allow user registering
	[etch] - wordpress <not-affected> (Vulnerable code was introduced in 2.5)
CVE-2008-1927
	{DSA-1556-2}
	- perl 5.10.0-1 (bug #454792)
CVE-2008-1925
	- inspircd 1.1.18+dfsg-1 (low)
CVE-2008-1924
	{DSA-1557-1}
	- phpmyadmin 4:2.11.5.2-1
	NOTE: PMASA-2008-3
	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_9/phpMyAdmin/libraries/tbl_replace_fields.inc.php?r1=11211&r2=11210&pathrev=11211
CVE-2008-1914
	NOT-FOR-US: BigAnt Messenger
CVE-2008-1913
	NOT-FOR-US: Lasernet CMS
CVE-2008-1912
	NOT-FOR-US: DivX Player
CVE-2008-1911
	NOT-FOR-US: 1024 CMS
CVE-2008-1910
	NOT-FOR-US: Borland InterBase
CVE-2008-1909
	NOT-FOR-US: PHPKB
CVE-2008-1908
	NOT-FOR-US: cpCommerce
CVE-2008-1907
	NOT-FOR-US: cpCommerce
CVE-2008-1906
	NOT-FOR-US: cpCommerce
CVE-2008-1905
	NOT-FOR-US: Nero MediaHome
CVE-2008-1904
	NOT-FOR-US: CcMail
CVE-2008-1903
	NOT-FOR-US: Newanz NewsOffice
CVE-2008-1902
	- aptlinex 0.91-1 (low; bug #476572)
	NOTE: the user gets a confirmation dialog
CVE-2008-1901
	- aptlinex 0.91-1 (medium; bug #476588)
	NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this
CVE-2008-1900
	NOT-FOR-US: Carbon Communities
CVE-2008-1899
	RESERVED
CVE-2008-1898
	NOT-FOR-US: Microsoft Works
CVE-2008-1897
	{DSA-1563-1}
	- asterisk 1:1.4.19.1~dfsg-1 (medium)
CVE-2008-1896
	NOT-FOR-US: Carbon Communities
CVE-2008-1895
	NOT-FOR-US: Carbon Communities
CVE-2008-1894
	NOT-FOR-US: BusinessObjects InfoView
CVE-2008-1893
	NOT-FOR-US: W2B Online Banking
CVE-2008-1892
	NOT-FOR-US: Blogator-script
CVE-2008-1891
	- ruby1.8 1.8.7.22-1 (unimportant)
	- ruby1.9 1.9.0.2-1 (unimportant)
	NOTE: corner-case only exploitable if web application is run on windows fs
CVE-2008-1890
	NOT-FOR-US: Jom Comment for Joomla!
CVE-2008-1889
	NOT-FOR-US: XplodPHP AutoTutorials
CVE-2008-1888
	NOT-FOR-US: Windows
CVE-2008-1886
	NOT-FOR-US: CDNetworks Nefficient Download
CVE-2008-1885
	NOT-FOR-US: NeffyLauncher
CVE-2008-1884
	NOT-FOR-US: Wikepage
CVE-2008-1883
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-1882
	RESERVED
CVE-2008-1881
	{DSA-1819-1 DTSA-125-1}
	- vlc 0.8.6.e-2.1 (medium; bug #477805)
CVE-2008-1880
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Firebird 1.5 no longer supported, see last DSA)
	- firebird2.0 2.0.3.12981.ds1-14 (bug #481389)
	NOTE: on debian after the installation firebird2.0-super is disabled, to enable it
	NOTE: you need to call dpkg-reconfigure
CVE-2008-1879
	RESERVED
CVE-2008-2041
	- egroupware 1.4.004-2.dfsg-1 (bug #476977)
CVE-2008-1876
	NOT-FOR-US: VisualPic
CVE-2008-1875
	NOT-FOR-US: Terong PHP Photo Gallery
CVE-2008-1874
	NOT-FOR-US: Xpoze Pro
CVE-2008-1873
	NOT-FOR-US: Nuke ET
CVE-2008-1872
	NOT-FOR-US: Comdev News Publisher
CVE-2008-1871
	NOT-FOR-US: Scriptsagent.com
CVE-2008-1870
	NOT-FOR-US: PIGMy-SQL
CVE-2008-1869
	NOT-FOR-US: Site Sift Listings
CVE-2008-1868
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1867
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1866
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1865
	NOT-FOR-US: openmosix-tools
CVE-2008-1864
	NOT-FOR-US: Prozilla Freelancers
CVE-2008-1863
	NOT-FOR-US: Prozilla Cheat Script
CVE-2008-1862
	NOT-FOR-US: ExBB Italia
CVE-2008-1861
	NOT-FOR-US: ExBB Italia
CVE-2008-1860
	NOT-FOR-US: LokiCMS
CVE-2008-1859
	NOT-FOR-US: iScripts SocialWare
CVE-2008-1858
	NOT-FOR-US: 724Networks 724CMS
CVE-2008-1857
	NOT-FOR-US: Mole
CVE-2008-1856
	NOT-FOR-US: LinPHA
CVE-2008-1855
	NOT-FOR-US: McAfee
CVE-2008-1854
	NOT-FOR-US: SmarterMail Web Server
CVE-2008-1853
	NOT-FOR-US: HP OpenView
CVE-2008-1852
	NOT-FOR-US: HP OpenView
CVE-2008-1851
	NOT-FOR-US: HP OpenView
CVE-2008-1850
	NOT-FOR-US: Omnistar Interactive OSI Affiliate
CVE-2008-1849
	NOT-FOR-US: com_joomlaxplorer Mambo/Joomla! component
CVE-2008-1848
	NOT-FOR-US: com_joomlaxplorer Mambo/Joomla!
CVE-2008-1847
	NOT-FOR-US: phpAddressBook
CVE-2008-1846
	NOT-FOR-US: SAP
CVE-2008-1845
	- mksh 33.4-1 (low)
	[etch] - mksh 28.0-3
CVE-2008-1844
	NOT-FOR-US: W2B phpHotResources
CVE-2008-1843
	NOT-FOR-US: W2B DatingClub
CVE-2008-1842
	NOT-FOR-US: HP OpenView
CVE-2008-1841
	NOT-FOR-US: Coppermine
CVE-2008-1840
	NOT-FOR-US: Coppermine
CVE-2008-1839
	NOT-FOR-US: WORK system e-commerce
CVE-2008-1838
	NOT-FOR-US: BosClassifieds Classified Ads System
CVE-2008-1836
	- clamav <not-affected> (Vulnerable code introduced later, checked back with upstream)
CVE-2008-1834
	- swfdec0.6 0.6.4-1 (low)
	- swfdec0.5 <removed> (low; bug #477037)
CVE-2008-1833
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1.1 (medium; bug #476694)
CVE-2008-1878
	{DSA-1586-1 DTSA-128-1}
	- xine-lib 1.1.12-2 (medium; bug #476990)
	NOTE: not patched but disabled in testing/unstable
CVE-2008-1831
	NOT-FOR-US: Oracle Siebel Enterprise
CVE-2008-1830
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1829
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1828
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1827
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-1826
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-1825
	NOT-FOR-US: Oracle
CVE-2008-1824
	NOT-FOR-US: Oracle
CVE-2008-1823
	NOT-FOR-US: Oracle
CVE-2008-1822
	NOT-FOR-US: Oracle
CVE-2008-1821
	NOT-FOR-US: Oracle
CVE-2008-1820
	NOT-FOR-US: Oracle
CVE-2008-1819
	NOT-FOR-US: Oracle
CVE-2008-1818
	NOT-FOR-US: Oracle
CVE-2008-1817
	NOT-FOR-US: Oracle
CVE-2008-1816
	NOT-FOR-US: Oracle
CVE-2008-1815
	NOT-FOR-US: Oracle
CVE-2008-1814
	NOT-FOR-US: Oracle
CVE-2008-1813
	NOT-FOR-US: Oracle
CVE-2008-1812
	NOT-FOR-US: Oracle
CVE-2008-1811
	NOT-FOR-US: Oracle
CVE-2008-1810
	NOT-FOR-US: SAP MaxDB
CVE-2008-1809
	NOT-FOR-US: Novell eDirectory
CVE-2008-1808
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (low; bug #485841)
CVE-2008-1807
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (medium; bug #485841)
CVE-2008-1806
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (medium; bug #485841)
CVE-2008-1805
	NOT-FOR-US: Skype
CVE-2008-1804
	{DTSA-173-1}
	- snort 2.7.0-20 (low; bug #483160)
	[lenny] - snort 2.7.0-20.2 (low; bug #483160)
	[etch] - snort <not-affected> (Only 2.6 and 2.8 are affected)
CVE-2008-1803
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480135)
CVE-2008-1802
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480134)
CVE-2008-1801
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480133)
CVE-2008-1800
	NOT-FOR-US: DivXDB
CVE-2008-1799
	NOT-FOR-US: sabros.us
CVE-2008-1798
	NOT-FOR-US: Dragoon
CVE-2008-1797
	NOT-FOR-US: Secure Computing Webwasher
CVE-2008-1796
	- comix 3.6.4-1.1 (unimportant)
	NOTE: only exploitable with insecure umask settings
CVE-2008-1795
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-1794
	NOT-FOR-US: Webform Drupal module
CVE-2008-1793
	NOT-FOR-US: Smart
CVE-2008-1792
	NOT-FOR-US: Flickr Drupal module
CVE-2008-1791
	NOT-FOR-US: My Gaming Ladder
CVE-2008-1790
	NOT-FOR-US: iScripts
CVE-2008-1789
	NOT-FOR-US: Prozilla Forum
CVE-2008-1788
	NOT-FOR-US: Prozilla Entertainers
CVE-2008-1787
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2008-1786
	NOT-FOR-US: CA products
CVE-2008-1785
	NOT-FOR-US: Prozilla Top 100
CVE-2008-1784
	NOT-FOR-US: Prozilla Topsites
CVE-2008-1783
	NOT-FOR-US: Prozilla Reviews
CVE-2008-1782
	NOT-FOR-US: Advanced Software Engineering ChartDirector
CVE-2008-1837
	- clamav <not-affected> (Debian doesn't include libunrar since it's non-free)
CVE-2008-1835
	- clamav <not-affected> (Debian doesn't include libunrar since it's non-free)
CVE-2008-1832
	- cecilia 2.0.5-2.1 (low; bug #476321)
	[etch] - cecilia <no-dsa> (Minor issue)
CVE-2008-1781
	REJECTED
CVE-2008-1780
	NOT-FOR-US: Solaris
CVE-2008-1779
	NOT-FOR-US: Solaris
CVE-2008-1778
	NOT-FOR-US: Solaris
CVE-2008-1777
	NOT-FOR-US: Novell eDirectory
CVE-2008-1776
	NOT-FOR-US: PhpBlock
CVE-2008-1775
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2008-1774
	NOT-FOR-US: Pligg
CVE-2008-1773
	NOT-FOR-US: Dragoon
CVE-2008-1772
	NOT-FOR-US: iScripts SocialWare
CVE-2008-1771
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1.3 (medium; bug #476241)
CVE-2008-1770
	NOT-FOR-US: Akamai Download Manager
CVE-2008-1769
	{DSA-1819-1 DTSA-125-1}
	- vlc 0.8.6.e-2.1 (low; bug #478140)
CVE-2008-1768
	{DSA-1819-1 DTSA-125-1}
	- vlc 0.8.6.e-2.1 (medium; bug #478140)
CVE-2008-1767
	{DSA-1589-1}
	- libxslt 1.1.24-1 (bug #482664)
CVE-2008-1766
	- phpbb3 3.0.1-1 (low)
	- phpbb2 <not-affected> (Vulnerable code not present)
CVE-2008-1765
	NOT-FOR-US: Adobe
CVE-2008-1764
	NOT-FOR-US: Opera
CVE-2008-1763
	NOT-FOR-US: Blogator-script
CVE-2008-1762
	NOT-FOR-US: Opera
CVE-2008-1761
	NOT-FOR-US: Opera
CVE-2008-1760
	NOT-FOR-US: Blogator-script
CVE-2008-1759
	NOT-FOR-US: KwsPHP
CVE-2008-1758
	NOT-FOR-US: KwsPHP
CVE-2008-1757
	NOT-FOR-US: KwsPHP
CVE-2008-1756
	NOT-FOR-US: Sun
CVE-2008-1755
	NOT-FOR-US: World of Phaos
CVE-2008-1754
	NOT-FOR-US: Symantec
CVE-2008-1753
	NOT-FOR-US: Alkacon OpenCMS
CVE-2008-1752
	NOT-FOR-US: ezRADIUS
CVE-2008-1751
	NOT-FOR-US: Ksemail
CVE-2008-1750
	NOT-FOR-US: LiveCart
CVE-2008-1749
	NOT-FOR-US: Cisco firmware
CVE-2008-1748
	NOT-FOR-US: Cisco firmware
CVE-2008-1747
	NOT-FOR-US: Cisco firmware
CVE-2008-1746
	NOT-FOR-US: Cisco firmware
CVE-2008-1745
	NOT-FOR-US: Cisco firmware
CVE-2008-1744
	NOT-FOR-US: Cisco firmware
CVE-2008-1743
	NOT-FOR-US: Cisco firmware
CVE-2008-1742
	NOT-FOR-US: Cisco firmware
CVE-2008-1741
	NOT-FOR-US: Cisco firmware
CVE-2008-1740
	NOT-FOR-US: Cisco firmware
CVE-2008-1739
	NOT-FOR-US: Apple QuickTime
CVE-2008-1738
	NOT-FOR-US: Rising Antivirus
CVE-2008-1737
	NOT-FOR-US: Sophos Anti-Virus
CVE-2008-1736
	NOT-FOR-US: Comodo Firewall
CVE-2008-1735
	NOT-FOR-US: BitDefender Antivirus
CVE-2008-1734
	NOT-FOR-US: PHP Toolkit (Gentoo specific)
CVE-2008-1733
	NOT-FOR-US: Joomla component Pragmatic Utopia PU Arcade
CVE-2008-1732
	NOT-FOR-US: Prediction Football
CVE-2008-1731
	NOT-FOR-US: Drupal module Simple Access
CVE-2008-1730
	NOT-FOR-US: ARWScripts Gallery Script Lite
CVE-2008-1729
	NOT-FOR-US: Drupal 6 (not packaged yet)
CVE-2008-1728
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2008-1727
	NOT-FOR-US: KnowledgeQuest
CVE-2008-1726
	NOT-FOR-US: KnowledgeQuest
CVE-2008-1725
	NOT-FOR-US: ActiveX
CVE-2008-1724
	NOT-FOR-US: ActiveX
CVE-2008-1723
	RESERVED
CVE-2008-1722
	{DSA-1625-1}
	- cups 1.3.7-2 (medium; bug #476305)
	- cupsys 1.3.7-2 (medium; bug #476305)
CVE-2008-1721
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1719
	NOT-FOR-US: Nuke ET
CVE-2008-1718
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1717
	NOT-FOR-US: WoltLab Community Framework
CVE-2008-1716
	NOT-FOR-US: WoltLab Community Framework
CVE-2008-1715
	NOT-FOR-US: AuraCMS
CVE-2008-1714
	NOT-FOR-US: FaScript FaPhoto
CVE-2008-1713
	NOT-FOR-US: NoticeWare Email Server
CVE-2008-1712
	NOT-FOR-US: mx_blogs
CVE-2008-1711
	NOT-FOR-US: Terong PHP Photo Gallery
CVE-2008-1710
	NOT-FOR-US: IBM AIX
CVE-2008-1709
	NOT-FOR-US: Microsoft Visual InterDev
CVE-2008-1708
	NOT-FOR-US: IBM solidDB
CVE-2008-1707
	NOT-FOR-US: IBM solidDB
CVE-2008-1706
	NOT-FOR-US: IBM solidDB
CVE-2008-1705
	NOT-FOR-US: IBM solidDB
CVE-2008-1887
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1877
	- tss <removed> (medium; bug #475747; bug #475736)
CVE-2008-1720
	{DSA-1545-1}
	- rsync 3.0.2-1
	NOTE: Etch is affected (it enables the acl upstream patch)
	NOTE: http://samba.anu.edu.au/rsync/security.html#s3_0_2
CVE-2008-1704
	NOT-FOR-US: TIBCO
CVE-2008-1703
	NOT-FOR-US: TIBCO
CVE-2008-1702
	NOT-FOR-US: my_gallery plugin for e107
CVE-2008-1701
	NOT-FOR-US: Novell NetWare
CVE-2008-1700
	NOT-FOR-US: WorkSite Web
CVE-2008-1699
	NOT-FOR-US: Desi Quintans Writer's Block CMS
CVE-2008-1698
	NOT-FOR-US: Simple Gallery
CVE-2008-1697
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-1696
	NOT-FOR-US: DaZPHPNews
CVE-2008-1695
	RESERVED
CVE-2008-1694
	- emacs21 21.4a+1-5.6 (low; bug #476612)
	[etch] - emacs21 <no-dsa> (Minor issue)
	- emacs22 22.2+2-2 (low; bug #476611)
	- xemacs21 21.4.21-4 (low; bug #476613)
	[etch] - xemacs21 <no-dsa> (Minor issue)
CVE-2008-1693
	{DSA-1606-1 DSA-1548-1}
	- xpdf 3.02
	- poppler 0.6.4-1 (bug #476842)
	- kdegraphics <not-affected> (Vulnerable code not present)
	- texlive-bin <not-affected> (code already has the needed fix)
	NOTE: see GfxFont.cc GfxFont::readEmbFontFile, line 362 checks if the font file is
	NOTE: a stream or not. Anyone knows a fixed version?
	- texlive-base <not-affected> (Vulnerable code not present)
	- swftools <not-affected> (Vulnerable file/code not present)
CVE-2008-1692
	- eterm 0.9.4.0debian1-2.1 (unimportant; bug #473127)
CVE-2008-1691
	NOT-FOR-US: SLMail Pro
CVE-2008-1690
	NOT-FOR-US: SLMail Pro
CVE-2008-1689
	NOT-FOR-US: SLMail Pro
CVE-2008-1688
	- m4 <unfixed> (unimportant)
	NOTE: The file name is passed through a cmdline argument and m4 doesn't run with
	NOTE: elevated privileges.
CVE-2008-1687
	- m4 <unfixed> (unimportant)
	NOTE: This is more a generic bug and not a security issue: the random output would
	NOTE: need to match the name of an existing macro
CVE-2008-1686
	{DSA-1586-1 DSA-1585-1 DSA-1584-1 DTSA-127-1 DTSA-128-1 DTSA-129-1}
	- speex 1.2~beta2-1 (medium)
	- libfishsound 0.7.0-2.2 (medium; bug #475152)
	- xine-lib 1.1.12-1 (medium)
CVE-2008-1685
	- gcc-4.3 4.3.1-1 (bug #482698; unimportant)
	NOTE: dup of CVE-2006-1902 which is fixed in Debian?
CVE-2008-1684
	NOT-FOR-US: Sun Solaris
CVE-2008-1683
	REJECTED
CVE-2008-1682
	NOT-FOR-US: com_onlineflashquiz component for Joomla!
CVE-2008-1681
	NOT-FOR-US: IBM DB2IBM DB2
CVE-2008-1680
	NOT-FOR-US: PHP-Nuke Platinum
CVE-2008-1679
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1678
	{DTSA-131-1}
	- apache2 2.2.8-4
	[etch] - apache2 <not-affected> (only a problem with openssl 0.9.8f or later)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
CVE-2008-1677
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-1676
	NOT-FOR-US: Red Hat Issue
CVE-2008-1675
	- linux-2.6 2.6.25-2 (low)
	[etch] - linux-2.6 <not-affected> (Tehuti driver not in 2.6.18)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
	NOTE: Fixed in 2.6.24.6 and 2.6.25.1
CVE-2008-1674
	REJECTED
CVE-2008-1673
	{DSA-1592-1}
	- linux-2.6 2.6.25-5 (bug #485944)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
CVE-2008-1672
	{DTSA-136-1}
	- openssl 0.9.8g-10.1 (bug #483379)
	[etch] - openssl <not-affected> (Vulnerable code (TLS extensions) not present)
CVE-2008-1671
	{DSA-1867-1}
	- kdelibs 4:3.5.9.dfsg.1-4 (low; bug #478024)
	[etch] - kdelibs <no-dsa> (Minor issue)
CVE-2008-1670
	- kdelibs <not-affected> (Vulnerable code introduce in kde 4.0)
	- kde4libs 4:4.0.72-1 (bug #478283)
CVE-2008-1669
	{DSA-1575-1}
	- linux-2.6 2.6.25-2 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
	NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2
CVE-2008-1668
	NOT-FOR-US: wu-ftpd in HP-UX
CVE-2008-1667
	NOT-FOR-US: Probe Builder 2.2
CVE-2008-1666
	NOT-FOR-US: HP Oracle for OpenView
CVE-2008-1665
	NOT-FOR-US: HP Select Identity
CVE-2008-1664
	NOT-FOR-US: HP HP-UX
CVE-2008-1663
	NOT-FOR-US: HP System Management Homepage
CVE-2008-1662
	NOT-FOR-US: HP System Administration Manager
CVE-2008-1661
	NOT-FOR-US: HP StorageWorks
CVE-2008-1660
	NOT-FOR-US: HP-UX
CVE-2008-1659
	NOT-FOR-US: HP LDAP-UX
CVE-2008-1658
	- policykit-1 0.8-1 (medium; bug #476615; bug #476616)
CVE-2008-1657
	- openssh 1:4.7p1-8 (low; bug #475156)
	[etch] - openssh <not-affected> (Vulnerable functionality was introduced in 4.4)
CVE-2008-1656
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-1655
	- flashplugin-nonfree 1:1.4
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change
CVE-2008-1654
	- flashplugin-nonfree 1:1.4
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2008-1653
	NOT-FOR-US: Sava's Link Manager
CVE-2008-1652
	- perlbal <not-affected> (Fixed before initial upload to archive)
CVE-2008-1651
	NOT-FOR-US: EasyNews
CVE-2008-1650
	NOT-FOR-US: EasyNews
CVE-2008-1649
	NOT-FOR-US: EasyNews
CVE-2008-1648
	{DSA-1600-1}
	- sympa 5.3.4-4 (medium; bug #475163)
CVE-2008-1647
	NOT-FOR-US: ChilkatHttp
CVE-2008-1646
	NOT-FOR-US: WP-Download plugin for WordPress
CVE-2008-1645
	NOT-FOR-US: phpSpamManager
CVE-2008-1644
	NOT-FOR-US: Sava's Link Manager
CVE-2008-1643
	NOT-FOR-US: LANDesk Management Suite
CVE-2008-1642
	NOT-FOR-US: Sava's GuestBook
CVE-2008-1641
	NOT-FOR-US: EfesTECH Video
CVE-2008-1640
	NOT-FOR-US: JGS-Treffen
CVE-2008-1639
	NOT-FOR-US: Neat weblog
CVE-2008-1638
	NOT-FOR-US: Nik Sharpener Pro
CVE-2008-1637
	{DSA-1544-2 DSA-1544-1}
	- pdns-recursor 3.1.7-1
	NOTE: Fix in 3.1.5 was incomplete, see CVE-2008-3217
CVE-2008-1636
	NOT-FOR-US: JV2 Quick Gallery
CVE-2008-1635
	NOT-FOR-US: Keep It Simple Guest Book
CVE-2008-1634
	NOT-FOR-US: JV2 Folder Gallery
CVE-2008-1633
	- mondo 1:2.2.7-1 (bug #475221)
CVE-2008-1632
	- cuteflow <itp> (bug #465372)
CVE-2008-1631
	- cuteflow <itp> (bug #465372)
CVE-2008-1630
	- cuteflow <itp> (bug #465372)
CVE-2008-1629
	NOT-FOR-US: PHPkrm
CVE-2008-1628
	{DTSA-123-1}
	- audit 1.5.3-2.1 (medium; bug #475227)
	NOTE: auditd runs as root
CVE-2008-1627
	NOT-FOR-US: CDS Invenio
CVE-2008-1626
	NOT-FOR-US: eggBlog
CVE-2008-1625
	NOT-FOR-US: avast! Home and Professional
CVE-2008-1624
	NOT-FOR-US: Jshop Server
CVE-2008-1623
	NOT-FOR-US: Smoothflash
CVE-2008-1622
	NOT-FOR-US: GeeCarts
CVE-2008-1621
	NOT-FOR-US: GeeCarts
CVE-2008-1620
	NOT-FOR-US: ThinClientServer
CVE-2008-1619
	- xen-3 <not-affected> (Debian Xen does not support ia64)
	- xen-unstable <not-affected> (Debian Xen does not support ia64)
	- xen-3.0 <not-affected> (Debian Xen does not support ia64)
CVE-2008-1618
	NOT-FOR-US: Watchguard Firebox
CVE-2008-1617
	NOT-FOR-US: WorkSite Web
CVE-2008-1616
	RESERVED
CVE-2008-1615
	{DSA-1588-1}
	- linux-2.6 2.6.25-1 (medium; bug #480390)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
CVE-2008-1614
	{DSA-1550-1 DTSA-124-1}
	- suphp 0.6.2-2.1 (low; bug #475431)
CVE-2008-1613
	NOT-FOR-US: RedDot CMS
CVE-2008-1612
	{DSA-1646-2}
	- squid 2.6.18-1 (medium)
CVE-2008-1611
	NOT-FOR-US: TFTP Server for Windows
CVE-2008-1610
	NOT-FOR-US: TFTP Server Pro
CVE-2008-1609
	NOT-FOR-US: JAF CMS
CVE-2008-1608
	NOT-FOR-US: Clever Copy
CVE-2008-1607
	NOT-FOR-US: Serbay Arslanhan Bomba Haber
CVE-2008-1606
	NOT-FOR-US: Elastic Path
CVE-2008-1605
	NOT-FOR-US: LEADTOOLS
CVE-2008-1604
	NOT-FOR-US: PerlMailer
CVE-2008-1603
	NOT-FOR-US: GNB DesignForm
CVE-2008-1602
	NOT-FOR-US: Orbit downloader
CVE-2008-1601
	NOT-FOR-US: IBM AIX
CVE-2008-1600
	NOT-FOR-US: IBM AIX
CVE-2008-1599
	NOT-FOR-US: IBM AIX
CVE-2008-1598
	NOT-FOR-US: IBM AIX
CVE-2008-1597
	NOT-FOR-US: IBM AIX
CVE-2008-1596
	NOT-FOR-US: IBM AIX
CVE-2008-1595
	NOT-FOR-US: IBM AIX
CVE-2008-1594
	NOT-FOR-US: IBM AIX
CVE-2008-1593
	NOT-FOR-US: IBM AIX
CVE-2008-1592
	NOT-FOR-US: IBM WebSphere
CVE-2008-1591
	NOT-FOR-US: PostNuke
CVE-2008-1590
	NOT-FOR-US: iPhone
CVE-2008-1589
	NOT-FOR-US: iPhone
CVE-2008-1588
	- webkit <not-affected> (mac-specific issue)
	NOTE: http://trac.webkit.org/changeset/23963
	NOTE: as of 1.1.21, all mac-specific code is no longer even present
CVE-2008-1587
	RESERVED
CVE-2008-1586
	NOT-FOR-US: Apple ImageIO
CVE-2008-1585
	NOT-FOR-US: Apple QuickTime
CVE-2008-1584
	NOT-FOR-US: Apple QuickTime
CVE-2008-1583
	NOT-FOR-US: Apple QuickTime
CVE-2008-1582
	NOT-FOR-US: Apple QuickTime
CVE-2008-1581
	NOT-FOR-US: Apple QuickTime
CVE-2008-1580
	NOT-FOR-US: CFNetwork Safari Apple Mac OS
CVE-2008-1579
	NOT-FOR-US: Wiki Server Apple Mac OS
CVE-2008-1578
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1577
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1576
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1575
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1574
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1573
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1572
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1571
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1566
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-1565
	NOT-FOR-US: PJIRC module for phpBB
CVE-2008-1564
	NOT-FOR-US: Dan Costin File Transfer
CVE-2008-1563
	- wireshark 1.0.0-1 (low)
	[etch] - wireshark <not-affected> (Only 0.99.6 to 0.99.8 are affected)
CVE-2008-1562
	- wireshark <not-affected> (Only Windows builds are affected according to #1613)
CVE-2008-1561
	- wireshark 1.0.0-1 (low)
	[etch] - wireshark <not-affected> (Only 0.99.5 to 0.99.8 are affected)
CVE-2008-1560
	NOT-FOR-US: Digiappz DigiDomain
CVE-2008-1559
	NOT-FOR-US: com_alphacontent component for Joomla!
CVE-2008-1558
	{DSA-1552-1 DTSA-121-1}
	- mplayer 1.0~rc2-10 (medium; bug #473056)
CVE-2008-1557
	NOT-FOR-US: BolinOS
CVE-2008-1556
	NOT-FOR-US: BolinOS
CVE-2008-1555
	NOT-FOR-US: BolinOS
CVE-2008-1554
	NOT-FOR-US: TopperMod
CVE-2008-1553
	NOT-FOR-US: TopperMod
CVE-2008-1552
	- silc-toolkit 1.1.7-1 (low)
	- silc-client <not-affected> (links against libsilc)
	NOTE: this can't result code execution but only in a crash as data_len - i always results
	NOTE: in -1 and malloc will never succeed and thus not reaching any free
CVE-2008-1551
	NOT-FOR-US: RunCMS
CVE-2008-1550
	NOT-FOR-US: CubeCart
CVE-2008-1549
	NOT-FOR-US: Eagle Software Aries Student Information System
CVE-2008-1548
	NOT-FOR-US: Eagle Software Aries Student Information System
CVE-2008-1547
	NOT-FOR-US: Outlook
CVE-2008-1546
	NOT-FOR-US: Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems
CVE-2008-1545
	NOT-FOR-US: Microsoft IE7
CVE-2008-1544
	NOT-FOR-US: Microsoft IE7
CVE-2008-1543
	NOT-FOR-US: Airspan WiMAX ProST
CVE-2008-1542
	NOT-FOR-US: BSDU
CVE-2008-1541
	NOT-FOR-US: HIS Webshop
CVE-2008-1540
	NOT-FOR-US: com_datsogallery module for Joomla!
CVE-2008-1539
	NOT-FOR-US: PHP-Nuke Platinum
CVE-2008-1538
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2008-1537
	NOT-FOR-US: PowerScripts PowerBook
CVE-2008-1536
	NOT-FOR-US: Photo Cart
CVE-2008-1535
	NOT-FOR-US: com_rekry component for Joomla!
CVE-2008-1534
	NOT-FOR-US: PowerPHPBoard
CVE-2008-1533
	NOT-FOR-US: Joomla!
CVE-2008-1532
	- perlbal <not-affected> (Fixed before initial upload to archive)
CVE-2008-1531
	{DSA-1540-1}
	- lighttpd 1.4.19-2 (low; bug #475438)
CVE-2008-1570
	{DSA-1531-2}
	- policyd-weight 0.1.14.17-1 (low)
	NOTE: http://www.mail-archive.com/policyd-weight-list%40ek-muc.de/msg00798.html
CVE-2008-1569
	{DSA-1531-2}
	- policyd-weight 0.1.14.17-1 (low)
CVE-2008-1568
	- comix 3.6.4-1.1 (low; bug #462840)
	[etch] - comix <no-dsa> (Minor issue)
	NOTE: comix can't be used in a non-interactive setup thus the impact level
CVE-2008-1567
	{DSA-1557-1}
	- phpmyadmin 2.11.5.1
	NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2
	NOTE: It is a workaround for the limited security that PHP has for
	NOTE: session files on a shared host. This limitation is documented with
	NOTE: PHP, warned against and not a specific vulnerability in phpMyAdmin.
	NOTE: I hence consider it a security enhancement/feature, not a vulnerability.
CVE-2008-1530
	- gnupg <not-affected> (Only 1.4.8 is affected)
	NOTE: The next upload was 1.4.9-1, so no vulnerable version was ever in the
	NOTE: archive
	[etch] - gnupg <not-affected> (Only 1.4.8 is affected)
	[sarge] - gnupg <not-affected> (Only 1.4.8 is affected)
	- gnupg2 2.0.9-1 (bug #472928)
	[etch] - gnupg2 <not-affected> (Only 2.0.8 is affected)
	[sarge] - gnupg2 <not-affected> (Only 2.0.8 is affected)
CVE-2008-1529
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1528
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1527
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1526
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1525
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1524
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1523
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1522
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1521
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1520
	RESERVED
CVE-2008-1519
	RESERVED
CVE-2008-1518
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2008-1517
	NOT-FOR-US: Apple Mac OS X xnu Kernel
CVE-2008-1516
	RESERVED
CVE-2008-1515
	- otrs2 2.2.5-2
	[etch] - otrs2 <not-affected> (Vulnerable code not present)
	[etch] - otrs <not-affected> (Vulnerable code not present)
	[sarge] - otrs <not-affected> (Vulnerable code not present)
	NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
CVE-2008-1514
	{DSA-1655-1 DSA-1653-1}
	- linux-2.6 2.6.26-8
	NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24 here
CVE-2008-1513
	NOT-FOR-US: Danneo CMS
CVE-2008-1512
	NOT-FOR-US: XS module for phpBB
CVE-2008-1511
	NOT-FOR-US: ooComments
CVE-2008-1510
	NOT-FOR-US: Alkacon OpenCMS
CVE-2008-1509
	NOT-FOR-US: XLPortal
CVE-2008-1508
	NOT-FOR-US: EfesTech E-Kontoer
CVE-2008-1507
	NOT-FOR-US: Peel
CVE-2008-1506
	NOT-FOR-US: Peel
CVE-2008-1505
	NOT-FOR-US: com_custompages component for Joomla!
CVE-2008-1504
	NOT-FOR-US: phpMyChat
CVE-2008-1503
	NOT-FOR-US: F5 BIG-IP
CVE-2008-1501
	- ircd-ircu <not-affected> (Vulnerable code not present)
	NOTE: vulnerable code introduced later than 2.0.12.10, see: http://hg.quakenet.org/snircd/rev/1ee48bee2f20
	NOTE: no other possible NULL ptr dereferences of p found and PoC not reproducible
CVE-2008-1500
	NOT-FOR-US: TinyPortal
CVE-2008-1499
	NOT-FOR-US: cPanel
CVE-2008-1498
	NOT-FOR-US: Surgemail
CVE-2008-1497
	NOT-FOR-US: Surgemail
CVE-2008-1496
	NOT-FOR-US: PEEL
CVE-2008-1495
	NOT-FOR-US: PEEL
CVE-2008-1494
	NOT-FOR-US: Easy-Clanpage
CVE-2008-1493
	- cuteflow <itp> (bug #465372)
CVE-2008-1492
	NOT-FOR-US: CoronaMatrix
CVE-2008-1491
	NOT-FOR-US: ASUS Remote Console
CVE-2008-1490
	NOT-FOR-US: ImageUploader4
CVE-2008-1489
	{DSA-1543-1 DTSA-119-1}
	- vlc 0.8.6.e-1.1 (medium; bug #472635)
CVE-2008-1488
	- php-apc <not-affected> (Fixed before initial upload)
CVE-2008-1487
	NOT-FOR-US: LinPHA
CVE-2008-1486
	NOT-FOR-US: Phorum
CVE-2008-1485
	NOT-FOR-US: PunBB
CVE-2008-1484
	NOT-FOR-US: PunBB
CVE-2008-1483
	{DSA-1576-1}
	- openssh 1:4.7p1-5 (bug #463011)
CVE-2008-1482
	{DSA-1586-1 DTSA-120-1}
	- xine-lib 1.1.11.1-1 (medium; bug #472639)
CVE-2008-1481
	NOT-FOR-US: webSPELL
CVE-2008-1480
	NOT-FOR-US: Sun Solaris
CVE-2008-1479
	NOT-FOR-US: cfnetgs
CVE-2008-1478
	NOT-FOR-US: Home FTP Server
CVE-2008-1477
	NOT-FOR-US: eForum
CVE-2008-1475
	- roundup 1.4.4-1.1 (medium; bug #484728)
	[etch] - roundup <not-affected> (xml-rpc code introduced in 1.4.0)
CVE-2008-1474
	{DSA-1554-1}
	- roundup 1.3.3-3.1 (low; bug #472643)
CVE-2008-1473
	NOT-FOR-US: Symantec Altiris
CVE-2008-1472
	NOT-FOR-US: ARCserve Backup
CVE-2008-1471
	NOT-FOR-US: Panda Internet Security/Antivirus+ Firewall
CVE-2008-1470
	NOT-FOR-US: WebID RSA Authentication Agent
CVE-2008-1469
	NOT-FOR-US: Gallarific
CVE-2008-1468
	- namazu2 2.0.18-0.1 (low; bug #472644)
CVE-2008-1467
	- centerim 4.22.3-1 (unimportant; bug #472649)
	NOTE: the victim needs to list the URLs in the message with F2 and press enter on it
	NOTE: the victim can see the complete URL including the commands however so the impact is really low
CVE-2008-1466
	NOT-FOR-US: W-Agora
CVE-2008-1465
	NOT-FOR-US: com_restaurante component for Mambo and Joomla!
CVE-2008-1464
	NOT-FOR-US: Gallarific
CVE-2008-1463
	NOT-FOR-US: Imperva SecureSphere MX Management Server
CVE-2008-1462
	NOT-FOR-US: RunCMS
CVE-2008-1461
	NOT-FOR-US: XnView
CVE-2008-1460
	NOT-FOR-US: com_joovideo component for Mambo and Joomla!
CVE-2008-1459
	NOT-FOR-US: com_alberghi component for Mambo and Joomla!
CVE-2008-1458
	NOT-FOR-US: CS-Cart
CVE-2008-1457
	NOT-FOR-US: Microsoft Windows 2000
CVE-2008-1456
	NOT-FOR-US: Microsoft Windows 2000
CVE-2008-1455
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2008-1454
	NOT-FOR-US: Windows issue
CVE-2008-1453
	NOT-FOR-US: Windows Xp
CVE-2008-1452
	REJECTED
CVE-2008-1451
	NOT-FOR-US: Microsoft Windows
CVE-2008-1450
	REJECTED
CVE-2008-1449
	REJECTED
CVE-2008-1448
	NOT-FOR-US: Microsoft Outlook Express
CVE-2008-1447
	{DSA-1605-1 DSA-1604-1 DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
	- bind9 1:9.5.0.dfsg-5 (high)
	NOTE: glibc stub resolver relies on source port randomisation in kernel
	- dnsmasq 2.43-1 (medium; bug #490123)
	- refpolicy 2:0.0.20080702-1
	- pdnsd 1.2.6-par-11 (bug #502275)
	- python-dns 2.3.1-5 (low; bug #490217)
	- dnspython <unfixed> (unimportant; bug #492465)
	NOTE: Just a stub resolver Linux kernel provides source port randomisation
	- adns 1.4-2 (unimportant; bug #492698)
	NOTE: adns is not suitable to use with untrusted responses, documented in README.Debian
	- udns 0.2-1 (bug #493599)
	- libnet-dns-perl 0.63-2 (low; bug #492700)
	NOTE: Source port randomization from Lenny kernel should provide sufficient protection
	NOTE: since this is just a Perl nodule for DNS queries and not a high-profile server app like
	NOTE: Bind, it's unlikely that a home-grown fix will provide an implementation of higher
	NOTE: cryptographical quality. Marking the version from Lenny as fixed, since Lenny includes
	NOTE: a kernel which provides source port randomization
	- ruby1.9 1.9.0.2-6 (low)
	NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying protocol issue, but
	NOTE: already use source port randomization.
	NOTE: Marking non-caching stub resolvers as low since these really should be fixed,
	NOTE: but are much less vulnerable than a caching server.
CVE-2008-1446
	NOT-FOR-US: Microsoft
CVE-2008-1445
	NOT-FOR-US: Microsoft Windows
CVE-2008-1444
	NOT-FOR-US: Microsoft Windows
CVE-2008-1443
	REJECTED
CVE-2008-1442
	NOT-FOR-US: Microsoft Windows
CVE-2008-1441
	NOT-FOR-US: Microsoft Windows
CVE-2008-1440
	NOT-FOR-US: Microsoft Windows
CVE-2008-1439
	REJECTED
CVE-2008-1438
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2008-1437
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2008-1436
	NOT-FOR-US: Windows
CVE-2008-1435
	NOT-FOR-US: Windows issue
CVE-2008-1434
	NOT-FOR-US: Microsoft Word
CVE-2008-1433
	REJECTED
CVE-2008-1432
	NOT-FOR-US: ManageEngine SupportCenter Plus
CVE-2008-1431
	NOT-FOR-US: RaidSonic NAS-4220-B firmware
CVE-2008-1430
	NOT-FOR-US: ASPapp
CVE-2008-1429
	- silc-server 1.1.1-1 (medium)
CVE-2008-1428
	NOT-FOR-US: Ubercart
CVE-2008-1427
	NOT-FOR-US: com_acajoom component for Joomla!
CVE-2008-1426
	NOT-FOR-US: KAPhotoservice
CVE-2008-1425
	NOT-FOR-US: Easy-Clanpage
CVE-2008-1424
	RESERVED
CVE-2008-1423
	{DSA-1591-1}
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1422
	REJECTED
CVE-2008-1421
	REJECTED
CVE-2008-1420
	{DSA-1591-1}
	- libvorbisidec <not-affected> (Vulnerable code not present)
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1419
	{DSA-1591-1}
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1418
	RESERVED
CVE-2008-1416
	NOT-FOR-US: PHPauction GPL
CVE-2008-1415
	NOT-FOR-US: Multiple Time Sheets
CVE-2008-1414
	NOT-FOR-US: Multiple Time Sheets
CVE-2008-1413
	NOT-FOR-US: SNewsCMS Rus
CVE-2008-1412
	NOT-FOR-US: F-Secure anti-virus
CVE-2008-1411
	NOT-FOR-US: Acronis Snap Deploy
CVE-2008-1410
	NOT-FOR-US: Acronis Snap Deploy
CVE-2008-1409
	NOT-FOR-US: Exero CMS
CVE-2008-1408
	NOT-FOR-US: phpBP
CVE-2008-1407
	NOT-FOR-US: WebChat module for eXV2
CVE-2008-1406
	NOT-FOR-US: MyAnnonces
CVE-2008-1405
	NOT-FOR-US: fuzzylime
CVE-2008-1404
	NOT-FOR-US: Viso module for eXV2
CVE-2008-1403
	NOT-FOR-US: BootManage TFTPD
CVE-2008-1402
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1401
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1400
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1399
	NOT-FOR-US: Clansphere
CVE-2008-1398
	NOT-FOR-US: AuraCMS
CVE-2008-1397
	NOT-FOR-US: Check Point VPN
CVE-2008-1396
	- plone3 <removed> (low; bug #473571)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1395
	- plone3 <removed> (low; bug #473571)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1394
	- zope-cmfplone <removed>
	[etch] - zope-cmfplone <no-dsa> (low)
	NOTE: doesn't apply to v3
	NOTE: more a security enhancement
CVE-2008-1393
	- plone3 <removed> (low; bug #473571; bug #486333)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1392
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-1476
	{DSA-1528-1}
	- serendipity 1.3-1
	NOTE: http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
CVE-2008-1502
	{DSA-1871-2 DSA-1871-1 DSA-1691-1}
	- egroupware 1.4.002.dfsg-2.1 (bug #471839)
	- wordpress 2.5.0-1 (bug #504243)
	- moodle 1.8.2-1.3 (bug #489533)
CVE-2008-1391
	{DSA-2058-1}
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
	- glibc 2.11-1 (low)
	- eglibc 2.11-1 (low)
	[lenny] - glibc <no-dsa> (minor issue)
	NOTE: not sure if it is a security bug, an attacker should not be able to change the format string
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=199eb0de8d
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=10600
	NOTE: PoC php -r 'money_format("%.1073741821i",1);' I can reproduce on 32bit, not 64bit
CVE-2008-1390
	- asterisk 1:1.4.19.1~dfsg-1 (low)
	[etch] - asterisk <not-affected> (Only 1.4.x affected)
	[sarge] - asterisk <not-affected> (Only 1.4.x affected)
CVE-2008-1389
	- clamav 0.94.dfsg-1
	[etch] - clamav <not-affected> (parsing does not continue on error)
	NOTE: see <20081203184852.GB30968@l03.local>
CVE-2008-1388
	RESERVED
CVE-2008-1387
	- clamav 0.92.1~dfsg2-1
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2008-1386
	- serendipity <not-affected> (Vulnerable code not present)
	NOTE: we do not ship the serendipity installer
CVE-2008-1385
	- serendipity 1.3.1-1 (low)
	NOTE: etch affected, but only in specific plugin.
CVE-2008-1384
	{DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1
	NOTE: http://securityreason.com/achievement_securityalert/52
	NOTE: Only exploitable through malicious script
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.104&r2=1.105&diff_format=u
CVE-2008-1383
	NOT-FOR-US: Gentoo Linux Ebuilds
CVE-2008-1382
	- libpng 1.2.26-1 (low; bug #476669)
	NOTE: 1.2.26-1 contains a patch to fix that
	[etch] - libpng 1.2.15~beta5-1+etch2
CVE-2008-1381
	{DTSA-130-1}
	- zoneminder 1.23.3-1 (medium; bug #479034)
	NOTE: http://www.awe.com/mark/blog/200804272230.html
CVE-2008-1380
	{DSA-1696-1 DSA-1562-1 DSA-1558-1 DSA-1555-1}
	- iceweasel 2.0.0.14-1
	- icedove 2.0.0.14-1
	- iceape 1.1.9-2
	- xulrunner 1.8.1.14-1
CVE-2008-1379
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1378
	REJECTED
CVE-2008-1377
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1376
	NOT-FOR-US: Red Hat build script
CVE-2008-1375
	{DSA-1565-1}
	- linux-2.6 2.6.25-2 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
CVE-2008-1374
	- cupsys <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
	- cups <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
CVE-2008-1373
	{DSA-1625-1 DTSA-122-1}
	- cupsys 1.3.7-1 (medium)
	- cups 1.3.7-1 (medium)
CVE-2008-1372
	- bzip2 1.0.5-0.1 (low; bug #471670)
	[etch] - bzip2 <no-dsa> (Pure crasher, no code injection, mostly a regular bug)
CVE-2008-1371
	NOT-FOR-US: Drake CMS
CVE-2008-1370
	NOT-FOR-US: wildmary Yap Blog
CVE-2008-1369
	NOT-FOR-US: Sun Solaris
CVE-2008-1368
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-1367
	- linux-2.6 2.6.24-5 (bug #469058)
	[etch] - linux-2.6 <not-affected> (Only exposed with GCC 4.3)
	- kfreebsd-6 6.3-4 (bug #469564)
	- kfreebsd-7 7.0-2 (bug #469565)
	- gcc-4.3 4.3.0-2 (bug #469567)
	- glibc 2.7-8 (bug #465583)
	[etch] - glibc <not-affected> (Problem only exposed with GCC 4.3)
CVE-2008-1366
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2008-1365
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2008-1364
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-1363
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1362
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1361
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1359
	NOT-FOR-US: Invision Power Board
CVE-2008-1358
	NOT-FOR-US: MDaemon
CVE-2008-1357
	NOT-FOR-US: McAfee Common Management Agent
CVE-2008-1356
	NOT-FOR-US: Sun Solaris
CVE-2008-1355
	NOT-FOR-US: Jeebles Directory
CVE-2008-1354
	NOT-FOR-US: VSO-XP
CVE-2008-1353
	- zabbix 1:1.4.5-1 (low; bug #471678)
	[etch] - zabbix <no-dsa> (Minor issue)
CVE-2008-1352
	NOT-FOR-US: EdiorCMS
CVE-2008-1351
	NOT-FOR-US: Tutorials module for XOOPS
CVE-2008-1350
	NOT-FOR-US: Fully Modded phpBB
CVE-2008-1349
	NOT-FOR-US: bamaGalerie
CVE-2008-1348
	NOT-FOR-US: eWeather module for PHP-Nuke
CVE-2008-1347
	NOT-FOR-US: MyioSoft EasyGallery
CVE-2008-1346
	NOT-FOR-US: MyioSoft EasyGallery
CVE-2008-1345
	NOT-FOR-US: MyioSoft EasyCalendar
CVE-2008-1344
	NOT-FOR-US: MyioSoft EasyCalendar
CVE-2008-1343
	NOT-FOR-US: SCO Unixware
CVE-2008-1342
	NOT-FOR-US: Polymita BPM-Suite and CollagePortal
CVE-2008-1341
	NOT-FOR-US: LaGarde StoreFront
CVE-2008-1340
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-1339
	RESERVED
CVE-2008-1338
	NOT-FOR-US: Perforce Server
CVE-2008-1337
	NOT-FOR-US: Timbuktu Pro for Windows
CVE-2008-1336
	NOT-FOR-US: Koobi CMS
CVE-2008-1335
	NOT-FOR-US: NetBSD
CVE-2008-1334
	NOT-FOR-US: BT Home Hub router
CVE-2008-1333
	{DSA-1525-1}
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
	NOTE: Etch's release is unimportant, since not exploitable, but was fixed anyway
	[sarge] - asterisk <not-affected> (Only 1.6.x affected)
CVE-2008-1332
	{DSA-1525-1}
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
CVE-2008-1331
	NOT-FOR-US: OmniPCX Office
CVE-2008-1330
	NOT-FOR-US: Novell Groupwise
CVE-2008-1329
	NOT-FOR-US: CA ARCserve
CVE-2008-1328
	NOT-FOR-US: CA ARCserve
CVE-2008-1327
	NOT-FOR-US: Gallarific
CVE-2008-1326
	NOT-FOR-US: Gallarific
CVE-2008-1325
	NOT-FOR-US: Uberghey CMS
CVE-2008-1324
	NOT-FOR-US: Travelsized CMS
CVE-2008-1323
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-1322
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1321
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1320
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1319
	NOT-FOR-US: Versant Object Database
CVE-2008-1317
	NOT-FOR-US: Sun Solaris
CVE-2008-1316
	NOT-FOR-US: QuickTalk Forum
CVE-2008-1315
	NOT-FOR-US: ZClassifieds module for PHP-Nuke
CVE-2008-1314
	NOT-FOR-US: Johannes Hass gaestebuch
CVE-2008-1313
	NOT-FOR-US: Bloo
CVE-2008-1312
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1311
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1310
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1309
	NOT-FOR-US: RealPlayer
CVE-2008-1308
	NOT-FOR-US: NukeC30 module for PHP-Nuke
CVE-2008-1307
	NOT-FOR-US: KingSoft Antivirus
CVE-2008-1306
	NOT-FOR-US: Savvy Content Manager
CVE-2008-1305
	NOT-FOR-US: Filebase mod for phpBb
CVE-2008-1304
	- wordpress <not-affected> (Vulnerable code not present)
	NOTE: referring to upstream this only affected wordpress.com and not the regular wordpress code
CVE-2008-1303
	NOT-FOR-US: Perforce Server
CVE-2008-1302
	NOT-FOR-US: Perforce Server
CVE-2008-1301
	NOT-FOR-US: Alkacon OpenCms
CVE-2008-1300
	NOT-FOR-US: Alkacon OpenCms
CVE-2008-1299
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2008-1298
	NOT-FOR-US: Hadith module for PHP-Nuke
CVE-2008-1297
	NOT-FOR-US: com_ewriting module for Mambo and Joomla!
CVE-2008-1296
	NOT-FOR-US: EncapsGallery
CVE-2008-1295
	NOT-FOR-US: phpMyNewsletter
CVE-2008-1292
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1291
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1290
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1289
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
	[etch] - asterisk <not-affected> (Only 1.4.x and above affected)
	[sarge] - asterisk <not-affected> (Only 1.4.x and above affected)
CVE-2008-1360
	{DSA-1883-2 DSA-1883-1}
	- nagios2 2.11-1 (low)
CVE-2008-1417
	- axyl 2.2.0 (low; bug #471227)
	[sarge] - axyl <not-affected> (Vulnerable code not present)
	[etch] - axyl <not-affected> (Vulnerable code not present)
CVE-2008-1294
	{DSA-1565-1}
	- linux-2.6 2.6.22-1 (low)
CVE-2008-1318
	- mediawiki 1:1.11.2-1
	[etch] - mediawiki <not-affected> (Versions prior to 1.11 do not include callback feature)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html
CVE-2008-1288
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-1287
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-1286
	NOT-FOR-US: Sun Javav Web Console
CVE-2008-1285
	NOT-FOR-US: Sun Java Server Faces
CVE-2008-1284
	{DSA-1519-1}
	- horde3 3.1.7-1 (medium; bug #470640)
CVE-2008-1283
	NOT-FOR-US: Neptune Web Server
CVE-2008-1282
	NOT-FOR-US: B21Soft BFup
CVE-2008-1281
	NOT-FOR-US: Argon Technology Client Management Services
CVE-2008-1280
	NOT-FOR-US: Acronis True Image
CVE-2008-1279
	NOT-FOR-US: Acronis True Image
CVE-2008-1278
	NOT-FOR-US: Remotely Anywhere
CVE-2008-1277
	NOT-FOR-US: MailEnable
CVE-2008-1276
	NOT-FOR-US: MailEnable
CVE-2008-1275
	NOT-FOR-US: MailEnable
CVE-2008-1274
	NOT-FOR-US: IBM AIX
CVE-2008-1273
	NOT-FOR-US: imageVue
CVE-2008-1272
	NOT-FOR-US: BM Classifieds
CVE-2008-1271
	REJECTED
CVE-2008-1270
	{DSA-1521-1}
	- lighttpd 1.4.19-1
	NOTE: user configuration error, default documented in moduserdir documentation
CVE-2008-1269
	NOT-FOR-US: Alice Gate 2 Plus router firmware
CVE-2008-1268
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1267
	NOT-FOR-US: Siemens SpeedStream
CVE-2008-1266
	NOT-FOR-US: D-Link router
CVE-2008-1265
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1264
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1263
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1262
	NOT-FOR-US: Airspan WiMax ProST antenna
CVE-2008-1261
	NOT-FOR-US: Zyxel router
CVE-2008-1260
	NOT-FOR-US: Zyxel router
CVE-2008-1259
	NOT-FOR-US: Zyxel router
CVE-2008-1258
	NOT-FOR-US: D-Link router
CVE-2008-1257
	NOT-FOR-US: Zyxel router
CVE-2008-1256
	NOT-FOR-US: Zyxel router
CVE-2008-1255
	NOT-FOR-US: Zyxel router
CVE-2008-1254
	NOT-FOR-US: Zyxel router
CVE-2008-1253
	NOT-FOR-US: D-Link router
CVE-2008-1252
	NOT-FOR-US: Telekom Speedport W500 DSL router
CVE-2008-1251
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1250
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1249
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1248
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1247
	NOT-FOR-US: Linksys WRT54g router
CVE-2008-1246
	NOT-FOR-US: Cisco PIX/ASA Finesse Operation System
CVE-2008-1245
	NOT-FOR-US: Belkin router
CVE-2008-1244
	NOT-FOR-US: Belkin router
CVE-2008-1243
	NOT-FOR-US: Linksys WRT300N router
CVE-2008-1242
	NOT-FOR-US: Belkin router
CVE-2008-1241
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1240
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1239
	RESERVED
CVE-2008-1238
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1237
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1236
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1235
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1234
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1233
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1232
	- tomcat5.5 5.5.26-4 (low; bug #494504)
CVE-2008-1231
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1230
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1229
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1228
	NOT-FOR-US: MG2
CVE-2008-1227
	- silc-toolkit 1.1.6-1
CVE-2008-1226
	NOT-FOR-US: Zimbra Collaboration Suite
CVE-2008-1225
	NOT-FOR-US: WebCT Campus Edition
CVE-2008-1224
	NOT-FOR-US: BosClassifieds Classified Ads System
CVE-2008-1223
	NOT-FOR-US: Dokeos
CVE-2008-1222
	NOT-FOR-US: Dokeos
CVE-2008-1221
	NOT-FOR-US: MicroWorld eScan
CVE-2008-1220
	NOT-FOR-US: 4nChat for PHP-Nuke
CVE-2008-1219
	NOT-FOR-US: Kutub-i Sitte for PHP-Nuke
CVE-2008-1217
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1216
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1215
	NOT-FOR-US: BSD net/userppp
CVE-2008-1214
	NOT-FOR-US: Numara FootPrints
CVE-2008-1213
	NOT-FOR-US: Numara FootPrints
CVE-2008-1212
	NOT-FOR-US: Podcast Generator
CVE-2008-1211
	NOT-FOR-US: BosDates
CVE-2008-1210
	NOT-FOR-US: Programmer's Notepad
CVE-2008-1209
	NOT-FOR-US: Xitex WebContent M1
CVE-2008-1208
	NOT-FOR-US: CheckPoint VPN-1
CVE-2008-1207
	NOT-FOR-US: Fujitsu Interstage
CVE-2008-1206
	NOT-FOR-US: Linux Kiss Server
CVE-2008-1205
	NOT-FOR-US: Sun Solaris
CVE-2008-1204
	NOT-FOR-US: Sun Java System
CVE-2008-1203
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-1202
	NOT-FOR-US: Adobe LiveCycle Workflow
CVE-2008-1201
	NOT-FOR-US: Adobe Flash CS3 Professional
CVE-2008-1200
	NOT-FOR-US: Microsoft Access
CVE-2008-1198
	NOT-FOR-US: Red Hat specific
CVE-2008-1197
	NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point
CVE-2008-1196
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1195
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1194
	- sun-java6 6-05-1 (unimportant)
	- sun-java5 1.5.0-15-1 (unimportant)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1193
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1192
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1191
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1190
	- sun-java6 6-05-1 (medium)
	- sun-java5 <not-affected> (No more information by sun)
CVE-2008-1189
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1188
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1187
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1186
	- sun-java6 6-05-1
	- sun-java5 1.5.0-15-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1185
	- sun-java6 6-05-1
	- sun-java5 1.5.0-15-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1184
	- dnssec-tools <not-affected> (first version in Debian was 1.4.1)
CVE-2008-1183
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2008-1182
	NOT-FOR-US: BSD Perimeter pfSense
CVE-2008-1181
	NOT-FOR-US: Juniper
CVE-2008-1180
	NOT-FOR-US: Juniper
CVE-2008-1179
	NOT-FOR-US: Centreon
CVE-2008-1178
	NOT-FOR-US: Centreon
CVE-2008-1177
	NOT-FOR-US: Affiliate Market
CVE-2008-1176
	NOT-FOR-US: Affiliate Market
CVE-2008-1175
	NOT-FOR-US: AuthentiX
CVE-2008-1174
	NOT-FOR-US: AuthentiX
CVE-2008-1173
	NOT-FOR-US: TorrentTrader
CVE-2008-1172
	NOT-FOR-US: TorrentTrader
CVE-2008-1171
	NOT-FOR-US: 123 Flash Chat Module for phpBB
CVE-2008-1170
	NOT-FOR-US: KCWiki
CVE-2008-1169
	NOT-FOR-US: SCI Photo Chat Server
CVE-2008-1168
	- sarg 2.2.5-1
CVE-2008-1167
	- sarg 2.2.4-1
CVE-2008-1166
	- flyspray <removed>
CVE-2008-1165
	- flyspray <removed>
CVE-2008-1164
	NOT-FOR-US: phpComasy CMS
CVE-2008-1163
	NOT-FOR-US: phpArcadeScript
CVE-2008-1162
	NOT-FOR-US: phpwebscript
CVE-2008-1161
	{DSA-1536-1}
	- xine-lib 1.1.10.1-1 (medium)
CVE-2008-1160
	NOT-FOR-US: ZyXEL ZyWALL 1050
CVE-2008-1159
	NOT-FOR-US: Cisco ssh server
CVE-2008-1158
	NOT-FOR-US: Presence Engine (PE) Cisco Unified Presence
CVE-2008-1157
	NOT-FOR-US: Cisco IPM
CVE-2008-1156
	NOT-FOR-US: Cisco IOS
CVE-2008-1155
	NOT-FOR-US: Cisco
CVE-2008-1154
	NOT-FOR-US: Cisco IOS
CVE-2008-1153
	NOT-FOR-US: Cisco IOS
CVE-2008-1152
	NOT-FOR-US: Cisco IOS
CVE-2008-1151
	NOT-FOR-US: Cisco IOS
CVE-2008-1150
	NOT-FOR-US: Cisco IOS
CVE-2008-1149
	{DSA-1557-1}
	- phpmyadmin 4:2.11.5-1 (low)
	[etch] - phpmyadmin <no-dsa> (Minor issue)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: PMASA-2008-1. SQL injection if you can set local cookies, which means
	NOTE: you must be able to create pages in the same cookie domain, which seems
	NOTE: rare and unwise. low priority.
CVE-2008-1148
	NOT-FOR-US: OpenBSD / NetBSD
CVE-2008-1147
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (KFreebsd not supported)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 <removed> (bug #559107)
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-1146
	NOT-FOR-US: OpenBSD
CVE-2008-1144
	NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point
CVE-2008-1143
	RESERVED
CVE-2008-1141
	NOT-FOR-US: DESlock+
CVE-2008-1140
	NOT-FOR-US: DESlock+
CVE-2008-1139
	NOT-FOR-US: DESlock+
CVE-2008-1138
	NOT-FOR-US: DESlock+
CVE-2008-1137
	NOT-FOR-US: com_garyscookbook component for Mambo and Joomla!
CVE-2008-1136
	- vdccm <removed>
CVE-2008-1135
	NOT-FOR-US: OMEGA
CVE-2008-1134
	NOT-FOR-US: OMEGA
CVE-2008-1133
	- drupal5 <not-affected> (Vulnerable code introduced in 6.x)
CVE-2008-1218
	{DSA-1516-1}
	- dovecot 1:1.0.13-1
	[etch] - dovecot <not-affected> (Vulnerable code not present)
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
	NOTE: exploitable through code introduced in 1.0.11
	NOTE: http://www.dovecot.org/list/dovecot-news/2008-March/000064.html
CVE-2008-1293
	{DSA-1561-1 DTSA-118-1}
	- ldm 2:0.1~bzr20080308-1 (bug #469462)
	- ltsp 5.0.40~bzr20071229-1
	NOTE: In revision 5.0.40~bzr20071229-1 ldm has been split into a separate source package
CVE-2008-1145
	- ruby1.8 1.8.6.114-1 (unimportant; bug #469475)
	- ruby1.9 1.9.0.1-1 (unimportant; bug #469482)
	[sarge] - ruby1.8 <no-dsa> (case insensitive FS, corner case)
	[etch] - ruby1.8 <no-dsa> (case insensitive FS, corner case)
	[etch] - ruby1.9 <no-dsa> (case insensitive FS, corner case)
	NOTE: http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
CVE-2008-1199
	{DSA-1516-1}
	- dovecot 1:1.0.12-1 (medium; bug #469457)
CVE-2008-1132
	NOT-FOR-US: Net Activity Viewer
CVE-2008-1131
	- drupal <not-affected> (Vulnerable code not present, affects only 6.x branch)
	- drupal5 <not-affected> (Vulnerable code not present, affects only 6.x branch)
CVE-2008-1130
	NOT-FOR-US: WebSphere
CVE-2008-1129
	NOT-FOR-US: XRMS
CVE-2008-1128
	NOT-FOR-US: phpMyTourney
CVE-2008-1127
	NOT-FOR-US: Crysis
CVE-2008-1126
	NOT-FOR-US: Barryvan Compo Manager
CVE-2008-1125
	NOT-FOR-US: Podcast Generator
CVE-2008-1124
	NOT-FOR-US: Podcast Generator
CVE-2008-1123
	NOT-FOR-US: SiteBuilder
CVE-2008-1122
	NOT-FOR-US: Koobi
CVE-2008-1121
	NOT-FOR-US: eazyPortal
CVE-2008-1120
	NOT-FOR-US: ICQ
CVE-2008-1119
	NOT-FOR-US: Centreon
CVE-2008-1118
	NOT-FOR-US: Timbuktu Pro
CVE-2008-1117
	NOT-FOR-US: Timbuktu Pro
CVE-2008-1116
	NOT-FOR-US: Rising Antivirus
CVE-2008-1115
	NOT-FOR-US: Sun Solaris
CVE-2008-1114
	NOT-FOR-US: Vocera
CVE-2008-1113
	NOT-FOR-US: Cisco
CVE-2008-1112
	REJECTED
CVE-2008-1110
	- xine-lib 1.1.10-1
	[etch] - xine-lib <not-affected> (Not affected per assessment of maintainer)
	[sarge] - xine-lib <not-affected> (Not affected per assessment of maintainer)
CVE-2008-1109
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
	NOTE: Requires that the user accepts the iCalendar request and replies
	NOTE: to it from the "Calendars" window.
CVE-2008-1108
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
	NOTE: Requires that the ITip Formatter plugin is disabled, which is enabled by default.
CVE-2008-1107
	NOT-FOR-US: Danske Bank e-Sec Control Module
CVE-2008-1106
	NOT-FOR-US: Akamai Client
CVE-2008-1105
	{DSA-1590-1}
	- samba 1:3.0.30-1 (medium; bug #483410)
CVE-2008-1104
	NOT-FOR-US: Foxit Reader
CVE-2008-1103
	- blender 2.40-1 (low)
CVE-2008-1102
	{DSA-1567-1}
	- blender 2.45-5 (medium; bug #477808)
CVE-2008-1101
	NOT-FOR-US: KeyView
CVE-2008-1100
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1
CVE-2008-1099
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-1098
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-1097
	{DSA-1858-1}
	- graphicsmagick 1.1.7-13
	- imagemagick 7:6.2.4.5.dfsg1-1
CVE-2008-1096
	{DSA-1903-1 DSA-1858-1}
	- imagemagick 7:6.3.7.9.dfsg1-2.1 (medium; bug #414370)
	[lenny] - imagemagick 7:6.3.7.9.dfsg1-2.1+lenny1
	- graphicsmagick 1.1.11-3.2 (medium; bug #414370)
CVE-2008-1095
	NOT-FOR-US: Sun Solaris
CVE-2008-1094
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2008-1093
	NOT-FOR-US: FLEXnet Connect
CVE-2008-1092
	NOT-FOR-US: Microsoft Jet Database Engine
CVE-2008-1091
	NOT-FOR-US: Microsoft Word
CVE-2008-1090
	NOT-FOR-US: Microsoft
CVE-2008-1089
	NOT-FOR-US: Microsoft
CVE-2008-1088
	NOT-FOR-US: Microsoft
CVE-2008-1087
	NOT-FOR-US: Microsoft
CVE-2008-1086
	NOT-FOR-US: Microsoft
CVE-2008-1085
	NOT-FOR-US: Microsoft
CVE-2008-1084
	NOT-FOR-US: Microsoft
CVE-2008-1083
	NOT-FOR-US: Microsoft
CVE-2008-1082
	NOT-FOR-US: Opera
CVE-2008-1081
	NOT-FOR-US: Opera
CVE-2008-1080
	NOT-FOR-US: Opera
CVE-2008-1079
	NOT-FOR-US: Beehive Software SendFile.NET
CVE-2008-1078
	- am-utils <not-affected> (Affected code not present in the binary package)
	NOTE: sendmail includes a copy of the script, which has been fixed since
	NOTE: several years
CVE-2008-1077
	NOT-FOR-US: com_simpleboard component for Mambo and Joomla!
CVE-2008-1076
	NOT-FOR-US: Interspire Shopping Cart
CVE-2008-1075
	NOT-FOR-US: Maian Cart
CVE-2008-1074
	NOT-FOR-US: GROUP-E
CVE-2008-1073
	NOT-FOR-US: Internet Security Systems
CVE-2008-1072
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affected in conjunction with later libcairo)
	[sarge] - ethereal <not-affected> (Only affected in conjunction with later libcairo)
CVE-2008-1071
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affects 0.99.6 onwards)
	[sarge] - ethereal <not-affected> (Only affects 0.99.6 onwards)
CVE-2008-1070
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affects 0.99.5 onwards)
	[sarge] - ethereal <not-affected> (Only affects 0.99.5 onwards)
CVE-2008-1069
	NOT-FOR-US: Quantum Game Library
CVE-2008-1068
	NOT-FOR-US: Portail Web Php
CVE-2008-1067
	- phpqladmin <removed>
CVE-2008-1066
	{DSA-1520-1}
	- smarty 2.6.18-1.1 (low; bug #469492)
	- moodle <not-affected> (low; bug #471158)
	- gallery2 2.2.5-2 (low; bug #471160)
	- mahara 0.9.2-2 (low; bug #471201)
	NOTE: Moodle ships Smarty but uses it in only one file, which doesn't use regex_replace
CVE-2008-1065
	NOT-FOR-US: xmmemberstats module for XOOPS
CVE-2008-1064
	NOT-FOR-US: rmgs module for XOOPs
CVE-2008-1063
	NOT-FOR-US: xmmemberstats module for XOOPS
CVE-2008-1062
	NOT-FOR-US: InterVideo IMC Server/InterVideo Home Theater
CVE-2008-1061
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1060
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1059
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1058
	NOT-FOR-US: OpenBSD
CVE-2008-1057
	NOT-FOR-US: OpenBSD
CVE-2008-1056
	NOT-FOR-US: Symark PowerBroker
CVE-2008-1111
	{DSA-1513-1}
	- lighttpd 1.4.18-4 (low; bug #469307)
CVE-2008-1142
	- rxvt 1:2.6.4-13 (unimportant; bug #469296)
CVE-2008-1055
	NOT-FOR-US: SurgeMail
CVE-2008-1054
	NOT-FOR-US: SurgeMail
CVE-2008-1053
	NOT-FOR-US: Kose_Yazilari module for PHP-Nuke
CVE-2008-1052
	NOT-FOR-US: SurgeFTP
CVE-2008-1051
	NOT-FOR-US: phpProfiles
CVE-2008-1050
	NOT-FOR-US: Softbiz Jokes & Funny Pics Script
CVE-2008-1049
	NOT-FOR-US: Parallels SiteStudio
CVE-2008-1048
	NOT-FOR-US: Plume CMS
CVE-2008-1047
	- tikiwiki <removed>
CVE-2008-1046
	NOT-FOR-US: Quinsonnas Mail Checker
CVE-2008-1045
	NOT-FOR-US: OpenCMS
CVE-2008-1044
	NOT-FOR-US: Quantum Streaming Player
CVE-2008-1043
	NOT-FOR-US: Linux Web Shop
CVE-2008-1042
	NOT-FOR-US: Linux Web Shop
CVE-2008-1041
	NOT-FOR-US: MWhois
CVE-2008-1040
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2008-1039
	NOT-FOR-US: PORAR WEBBOARD
CVE-2008-1038
	NOT-FOR-US: DBHcms
CVE-2008-1037
	NOT-FOR-US: Packeteer PacketShaper
CVE-2008-1036
	{DSA-1762-1}
	- icu 4.0.1-1
CVE-2008-1035
	NOT-FOR-US: Apple iCal
CVE-2008-1034
	NOT-FOR-US: Apple Mac OS
CVE-2008-1033
	- cups 1.3.7-1
CVE-2008-1032
	NOT-FOR-US: Apple Mac OS
CVE-2008-1031
	NOT-FOR-US: Apple Mac OS
CVE-2008-1030
	NOT-FOR-US: Apple Mac OS
CVE-2008-1029
	RESERVED
CVE-2008-1028
	NOT-FOR-US: Apple Mac OS
CVE-2008-1027
	NOT-FOR-US: Apple Mac OS
CVE-2008-1026
	- webkit 0~svn31841-1
	- qt4-x11 <not-affected> (vulnerable code not present referring to upstream)
	NOTE: for qt, referring to upstream this only applies to optimized code in safari 3.1
	NOTE: branch and qt 4.4 is based on safari 3.0
CVE-2008-1025
	- qt4-x11 <not-affected> (QUrl handles URLs and is not vulnerable to this CVE, see bug #479644)
	- webkit 0~svn31841-1 (medium)
CVE-2008-1024
	NOT-FOR-US: Apple Safari
CVE-2008-1023
	NOT-FOR-US: Apple QuickTime
CVE-2008-1022
	NOT-FOR-US: Apple QuickTime
CVE-2008-1021
	NOT-FOR-US: Apple QuickTime
CVE-2008-1020
	NOT-FOR-US: Apple QuickTime
CVE-2008-1019
	NOT-FOR-US: Apple QuickTime
CVE-2008-1018
	NOT-FOR-US: Apple QuickTime
CVE-2008-1017
	NOT-FOR-US: Apple QuickTime
CVE-2008-1016
	NOT-FOR-US: Apple QuickTime
CVE-2008-1015
	NOT-FOR-US: Apple QuickTime
CVE-2008-1014
	NOT-FOR-US: Apple QuickTime
CVE-2008-1013
	NOT-FOR-US: Apple QuickTime
CVE-2008-1012
	NOT-FOR-US: Apple AirPort
CVE-2008-1011
	NOTE: As far as I can see this has been addressed in revision 30871.
	NOTE: Please doublecheck.
CVE-2008-1010
	NOTE: As far as I can see this has been addressed in revision 31388.
	NOTE: Please doublecheck.
CVE-2008-1009
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1008
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1007
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1006
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1005
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1004
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1003
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1002
	NOT-FOR-US: Apple Safari
CVE-2008-1001
	NOT-FOR-US: Apple Safari
CVE-2008-1000
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0999
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0998
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0997
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0996
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0995
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0994
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0993
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0992
	- pax <not-affected> (issue specific to Apple's version of pax)
CVE-2008-0991
	RESERVED
CVE-2008-0990
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0989
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0988
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0987
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0986
	NOT-FOR-US: Google Android
CVE-2008-0985
	NOT-FOR-US: Google Android
CVE-2008-0984
	{DSA-1543-1 DTSA-116-1}
	- vlc 0.8.6.e-1 (medium; bug #467652)
CVE-2008-6426
	REJECTED
CVE-2008-0982
	NOT-FOR-US: Spyce
CVE-2008-0981
	NOT-FOR-US: Spyce
CVE-2008-0980
	NOT-FOR-US: Spyce
CVE-2008-0979
	NOT-FOR-US: Double-Take
CVE-2008-0978
	NOT-FOR-US: Double-Take
CVE-2008-0977
	NOT-FOR-US: Double-Take
CVE-2008-0976
	NOT-FOR-US: Double-Take
CVE-2008-0975
	NOT-FOR-US: Double-Take
CVE-2008-0974
	NOT-FOR-US: Double-Take
CVE-2008-0973
	NOT-FOR-US: Double-Take
CVE-2008-0972
	RESERVED
CVE-2008-0971
	NOT-FOR-US: Barracuda Networks products
CVE-2008-0970
	RESERVED
CVE-2008-0969
	RESERVED
CVE-2008-0968
	RESERVED
CVE-2008-0967
	- vmware-package <removed> (low; bug #486110)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-0966
	RESERVED
CVE-2008-0965
	NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0964
	NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0963
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0962
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0961
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0960
	{DSA-1663-1 DTSA-137-1}
	- net-snmp 5.4.1~dfsg-8.1 (medium; bug #485945)
CVE-2008-0959
	NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2
CVE-2008-0958
	NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2
CVE-2008-0957
	NOT-FOR-US: PhotoStockPlus Uploader Tool ActiveX control
CVE-2008-0956
	NOT-FOR-US: BackWeb Lite Install
CVE-2008-0955
	NOT-FOR-US: CTSUEng.ocx
CVE-2008-0954
	RESERVED
CVE-2008-0953
	NOT-FOR-US: ActiveX control
CVE-2008-0952
	NOT-FOR-US: ActiveX control
CVE-2008-0951
	NOT-FOR-US: Windows Vista
CVE-2008-0950
	RESERVED
CVE-2008-0949
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0948
	- krb5 1.3-1 (unimportant)
	NOTE: glibc properly defines FD_SETSIZE
CVE-2008-0947
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (medium)
CVE-2008-0946
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0945
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0944
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0943
	NOT-FOR-US: Eagle Software Aeries
CVE-2008-0942
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2008-0941
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2008-0940
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-0939
	NOT-FOR-US: WP Photo Album plugin for WordPress
CVE-2008-0938
	NOT-FOR-US: Sun Solaris
CVE-2008-0937
	NOT-FOR-US: XOOPS module
CVE-2008-0936
	NOT-FOR-US: XOOPS module
CVE-2008-0935
	NOT-FOR-US: Novell iPrint Client
CVE-2008-0934
	NOT-FOR-US: NukeC phpnuke module
CVE-2008-0933
	NOT-FOR-US: Sun Solaris
CVE-2008-0931
	{DSA-1526-1}
	- xwine <removed> (low; bug #468050)
CVE-2008-0930
	{DSA-1526-1}
	- xwine <removed> (low; bug #468050)
CVE-2008-0929
	REJECTED
CVE-2008-0928
	{DSA-1799-1 DTSA-133-1}
	- qemu 0.9.1+svn20081207-1 (low; bug #469649)
	- xen-unstable 3.2.0-4 (bug #469654)
	- xen-3 3.2.0-4 (bug #469662)
	- xen-3.0 <removed>
	- kvm 63+dfsg-1 (bug #469666)
CVE-2008-0927
	NOT-FOR-US: Novell eDirectory
CVE-2008-0926
	NOT-FOR-US: Novell eDirectory
CVE-2008-0925
	NOT-FOR-US: Novell eDirectory
CVE-2008-0924
	NOT-FOR-US: Novell eDirectory
CVE-2008-0923
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-0922
	NOT-FOR-US: Manuales module for PHP-Nuke
CVE-2008-0921
	NOT-FOR-US: beContent
CVE-2008-0920
	NOT-FOR-US: OSSIM
CVE-2008-0919
	NOT-FOR-US: OSSIM
CVE-2008-0918
	NOT-FOR-US: astatsPRO component for Joomla!
CVE-2008-0917
	NOT-FOR-US: TorWorld software
CVE-2008-0916
	NOT-FOR-US: com_hwdvideoshare component for Joomla!
CVE-2008-0915
	NOT-FOR-US: IPdiva SSL VPN Server
CVE-2008-0914
	NOT-FOR-US: IPdiva SSL VPN Server
CVE-2008-0913
	NOT-FOR-US: Invision Power Board
CVE-2008-0912
	NOT-FOR-US: Sybase MobiLink
CVE-2008-0911
	NOT-FOR-US: iScripts MultiCart
CVE-2008-0910
	NOT-FOR-US: Internet Security, Anti-Virus, F-Secure Protection Service
CVE-2008-0909
	NOT-FOR-US: Schoolwires Academic Portal
CVE-2008-0908
	NOT-FOR-US: Schoolwires Academic Portal
CVE-2008-0907
	NOT-FOR-US: Inhalt module for PHP-Nuke
CVE-2008-0906
	NOT-FOR-US: Docum module for PHP-Nuke
CVE-2008-0905
	NOT-FOR-US: Globsy
CVE-2008-0904
	NOT-FOR-US: BEA Plumtree Collaboration and AquaLogic Interaction
CVE-2008-0903
	NOT-FOR-US: BEA WebLogic Server and Express proxy plugin
CVE-2008-0902
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0901
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0900
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0899
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0898
	NOT-FOR-US: BEA WebLogic Server
CVE-2008-0897
	NOT-FOR-US: BEA WebLogic Server
CVE-2008-0896
	NOT-FOR-US: BEA WebLogic Portal
CVE-2008-0895
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0894
	NOT-FOR-US: Apple Safari
CVE-2008-0893
	NOT-FOR-US: Red Hat Administration Server
CVE-2008-0892
	NOT-FOR-US: Red Hat Administration Server
CVE-2008-0891
	{DTSA-136-1}
	- openssl 0.9.8g-10.1 (bug #483379)
	[etch] - openssl <not-affected> (Vulnerable code (TLS extensions) not present)
CVE-2008-0890
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-0889
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-0888
	{DSA-1522-1}
	- unzip 5.52-11
CVE-2008-0887
	- gnome-screensaver 2.22.2-1 (low; bug #475154)
	[etch] - gnome-screensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
CVE-2008-0886
	REJECTED
CVE-2008-0885
	RESERVED
CVE-2008-0884
	NOT-FOR-US: Red Hat Enterprise Linux
	NOTE: Seems Redhat specific
CVE-2008-0882
	{DSA-1530-1 DTSA-117-1}
	- cupsys 1.3.6-1 (medium; bug #467653)
	- cups 1.3.6-1 (medium; bug #467653)
	[sarge] - cupsys <no-dsa> (Remote DoS is minor issue)
CVE-2008-0881
	NOT-FOR-US: Okul module for PHP-Nuke
CVE-2008-0880
	NOT-FOR-US: EasyContent module for PHP-Nuke
CVE-2008-0879
	NOT-FOR-US: Web_Links module for PHP-Nuke
CVE-2008-0878
	NOT-FOR-US: MyAnnonces module for RunCMS
CVE-2008-0877
	NOT-FOR-US: Jinzora Media Jukebox
CVE-2008-0876
	NOT-FOR-US: Hitachi SEWB3
CVE-2008-0875
	NOT-FOR-US: Hitachi EUR Print Manager
CVE-2008-0874
	NOT-FOR-US: eEmpregos module for XOOPS
CVE-2008-0873
	NOT-FOR-US: jlmZone Classifieds module for XOOPS
CVE-2008-0872
	NOT-FOR-US: SmarterTools SmarterMail Enterprise
CVE-2008-0871
	NOT-FOR-US: Now SMS/MMS Gateway
CVE-2008-0870
	NOT-FOR-US: BEA WebLogic
CVE-2008-0869
	NOT-FOR-US: BEA WebLogic
CVE-2008-0868
	NOT-FOR-US: BEA WebLogic
CVE-2008-0867
	NOT-FOR-US: BEA WebLogic
CVE-2008-0866
	NOT-FOR-US: BEA WebLogic
CVE-2008-0865
	NOT-FOR-US: BEA WebLogic
CVE-2008-0864
	NOT-FOR-US: BEA WebLogic
CVE-2008-0863
	NOT-FOR-US: BEA WebLogic
CVE-2008-0862
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-0861
	NOT-FOR-US: IBM Lotus Quickplace
CVE-2008-0860
	NOT-FOR-US: Kerio MailServer
CVE-2008-0859
	NOT-FOR-US: Kerio MailServer
CVE-2008-0858
	NOT-FOR-US: Kerio MailServer
CVE-2008-0857
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-0856
	NOT-FOR-US: e-Vision CMS
CVE-2008-0855
	NOT-FOR-US: com_facileforms component for Joomla! and Mambo
CVE-2008-0854
	NOT-FOR-US: com_salesrep component for Joomla! and Mambo
CVE-2008-0853
	NOT-FOR-US: com_detail component for Joomla! and Mambo
CVE-2008-0852
	NOT-FOR-US: freeSSHd
CVE-2008-0851
	- dokeos <itp> (bug #433352)
CVE-2008-0850
	- dokeos <itp> (bug #433352)
CVE-2008-0849
	NOT-FOR-US: com_downloads component for Mambo and Joomla!
CVE-2008-0848
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2008-0847
	NOT-FOR-US: myTopics module for XOOPS
CVE-2008-0846
	NOT-FOR-US: com_profile component for Mambo and Joomla!
CVE-2008-0845
	NOT-FOR-US: WP-People plugin for WordPress
CVE-2008-0844
	NOT-FOR-US: com_pccookbook component for Joomla!
CVE-2008-0843
	NOT-FOR-US: StatCounteX
CVE-2008-0842
	NOT-FOR-US: com_clasifier component for Joomla!
CVE-2008-0841
	NOT-FOR-US: com_ricette component for Joomla!
CVE-2008-0840
	NOT-FOR-US: LightBlog
CVE-2008-0839
	NOT-FOR-US: com_astatspro component for Joomla!
CVE-2008-0838
	NOT-FOR-US: Sophos, Email Security Appliance
CVE-2008-0837
	NOT-FOR-US: John Godley Search Unleashed plugin for WordPress
CVE-2008-0836
	NOT-FOR-US: Sun Solaris
CVE-2008-0835
	NOT-FOR-US: Simple CMS
CVE-2008-0834
	NOT-FOR-US: Lotus Quickr
CVE-2008-0833
	NOT-FOR-US: com_galeria component for Joomla!
CVE-2008-0832
	NOT-FOR-US: com_quran component for Mambo and Joomla!
CVE-2008-0831
	NOT-FOR-US: com_rapidrecipe component for Joomla!
CVE-2008-0830
	NOT-FOR-US: DPAP server for iPhoto
CVE-2008-0829
	NOT-FOR-US: com_jooget component for Joomla! and Mambo
CVE-2008-0828
	NOT-FOR-US: ATutor
CVE-2008-0827
	NOT-FOR-US: Books module of PHP-Nuke
CVE-2008-0826
	NOT-FOR-US: Claroline
CVE-2008-0825
	NOT-FOR-US: Claroline
CVE-2008-0824
	NOT-FOR-US: Claroline
CVE-2008-0823
	NOT-FOR-US: Header Image Module for Drupal
CVE-2008-0822
	NOT-FOR-US: Scribe
CVE-2008-0821
	NOT-FOR-US: PHP Live!
CVE-2008-0820
	NOT-FOR-US: Etomite CMS
CVE-2008-0819
	NOT-FOR-US: PlutoStatus Locator
CVE-2008-0818
	NOT-FOR-US: freePHPgallery
CVE-2008-0817
	NOT-FOR-US: com_filebase component for Joomla! and Mambo
CVE-2008-0816
	NOT-FOR-US: com_sg component for Joomla! and Mambo
CVE-2008-0815
	NOT-FOR-US: com_mezun component for Joomla!
CVE-2008-0814
	NOT-FOR-US: TRUC
CVE-2008-0813
	NOT-FOR-US: XPWeb
CVE-2008-0812
	NOT-FOR-US: BanPro DMS
CVE-2008-0811
	NOT-FOR-US: AuraCMS
CVE-2008-0810
	NOT-FOR-US: com_scheduling module for Joomla! and Mambo
CVE-2008-0805
	NOT-FOR-US: PHPizabi
CVE-2008-0804
	NOT-FOR-US: Thecus N5200Pro NAS Server
CVE-2008-0983
	{DSA-1609-1}
	- lighttpd 1.4.18-2 (medium; bug #466663)
CVE-2008-0883
	NOT-FOR-US: Adobe Acrobat Reader
	NOTE: http://www.openwall.com/lists/oss-security/2008/02/21/5
CVE-2008-0803
	NOT-FOR-US: LookStrike Lan Manager
CVE-2008-0802
	NOT-FOR-US: Joomla component
CVE-2008-0801
	NOT-FOR-US: Joomla component
CVE-2008-0800
	NOT-FOR-US: Joomla component
CVE-2008-0799
	NOT-FOR-US: Joomla component
CVE-2008-0798
	NOT-FOR-US: artmedic webdesign
CVE-2008-0797
	NOT-FOR-US: iTheora
CVE-2008-0796
	NOT-FOR-US: Nuboard
CVE-2008-0795
	NOT-FOR-US: Joomla component
CVE-2008-0794
	NOT-FOR-US: Affiliate Market
CVE-2008-0793
	NOT-FOR-US: Tendenci CMS
CVE-2008-0792
	NOT-FOR-US: F-Secure
CVE-2008-0791
	NOT-FOR-US: Intermate WinIPDS
CVE-2008-0790
	NOT-FOR-US: Intermate WinIPDS
CVE-2008-0789
	NOT-FOR-US: LI Countdown
CVE-2008-0788
	NOT-FOR-US: MyBB
CVE-2008-0787
	NOT-FOR-US: MyBB
CVE-2008-0786
	- cacti 0.8.7b-1
	[etch] - cacti <not-affected> (Not exploitable with Etch PHP version)
	NOTE: this is prevented by PHP since 4.4.2/5.1.2.
CVE-2008-0785
	{DSA-1569-1}
	- cacti 0.8.7b-1 (low; bug #530919)
CVE-2008-0784
	- cacti 0.8.7b-1 (unimportant)
	NOTE: paths on Debian already known
CVE-2008-0783
	{DSA-1569-1}
	- cacti 0.8.7b-1 (low; bug #530919)
	[etch] - cacti 0.8.6i-3.3
CVE-2008-0782
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0781
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0780
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0932
	{DSA-1508-1}
	- sword 1.5.9-8 (high; bug #466449)
	NOTE: source package named sword, binary package named diatheke
CVE-2008-0806
	- wyrd 1.4.3b-4 (low; bug #466382)
	[etch] - wyrd <no-dsa> (Minor issue)
CVE-2008-0807
	{DSA-1507-1}
	- turba2 2.1.7-1 (bug #464058)
CVE-2008-0779
	NOT-FOR-US: Fortinet FortiClient 3.0
CVE-2008-0778
	NOT-FOR-US: QuickTime
CVE-2008-0777
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	- kfreebsd-6 6.3-3 (bug #483152)
	- kfreebsd-7 7.0-1 (bug #483152)
CVE-2008-0776
	NOT-FOR-US: iTechBids
CVE-2008-0775
	NOT-FOR-US: Simple Machines Forum
CVE-2008-0774
	NOT-FOR-US: Loris Hotel Reservations
CVE-2008-0773
	NOT-FOR-US: Mambo plugin
CVE-2008-0772
	NOT-FOR-US: Mambo plugin
CVE-2008-0771
	NOT-FOR-US: Site2Nite
CVE-2008-0770
	NOT-FOR-US: ibProArcade
CVE-2008-0769
	NOT-FOR-US: Livelink
CVE-2008-0768
	NOT-FOR-US: IBM Informix
CVE-2008-0767
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0766
	NOT-FOR-US: Brooks Remote Print Manager
CVE-2008-0765
	NOT-FOR-US: artmedic
CVE-2008-0764
	NOT-FOR-US: Larson Network Print Server
CVE-2008-0763
	NOT-FOR-US: Larson Network Print Server
CVE-2008-0762
	NOT-FOR-US: com_iomezun component for Joomla!
CVE-2008-0761
	NOT-FOR-US: Prince Clan Chess Club component for Joomla!
CVE-2008-0760
	NOT-FOR-US: SafeNet Sentinel Protection Server
CVE-2008-0759
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0758
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0757
	NOT-FOR-US: MercuryBoard
CVE-2008-0756
	NOT-FOR-US: cyan soft Opium OPI software
CVE-2008-0755
	NOT-FOR-US: cyan soft Opium OPI software
CVE-2008-0754
	NOT-FOR-US: Rapid Recipe component for Joomla!
CVE-2008-0753
	NOT-FOR-US: Virtual War
CVE-2008-0752
	NOT-FOR-US: Neogallery component for Joomla!
CVE-2008-0751
	NOT-FOR-US: Spartacus plugin (freetag) for serendipity
CVE-2008-0750
	NOT-FOR-US: Husrev BlackBoard
CVE-2008-0749
	NOT-FOR-US: Calimero.CMS
CVE-2008-0748
	NOT-FOR-US: Sony ImageStation
CVE-2008-0747
	NOT-FOR-US: COWON America jetAudio
CVE-2008-0746
	NOT-FOR-US: Gallery component for Mambo and Joomla!
CVE-2008-0745
	NOT-FOR-US: DomPHP
CVE-2008-0744
	NOT-FOR-US: Pre Hotels & Resorts Management System
CVE-2008-0743
	NOT-FOR-US: Joovili
CVE-2008-0742
	NOT-FOR-US: PowerNews
CVE-2008-0741
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0740
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0739
	NOT-FOR-US: CandyPress
CVE-2008-0738
	NOT-FOR-US: CandyPress
CVE-2008-0737
	NOT-FOR-US: CandyPress
CVE-2008-0736
	NOT-FOR-US: CandyPress
CVE-2008-0735
	NOT-FOR-US: AuraCMS
CVE-2008-0734
	NOT-FOR-US: Limbo CMS
CVE-2008-0733
	NOT-FOR-US: CS Team Counter Strike Portals
CVE-2008-0732
	NOT-FOR-US: Apache Geronimo
CVE-2008-0731
	NOT-FOR-US: SuSE kernel/apparmor
CVE-2008-0730
	NOT-FOR-US: Sun Solaris
CVE-2008-0729
	NOT-FOR-US: Apple iPhone
CVE-2008-0728
	- clamav 0.92.1~dfsg-1
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2008-0727
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0726
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-0725
	NOT-FOR-US: Titan FTP Server
CVE-2008-0724
	NOT-FOR-US: The Everything Development System
CVE-2008-0723
	NOT-FOR-US: MyNews
CVE-2008-0722
	NOT-FOR-US: Pagetool
CVE-2008-0721
	NOT-FOR-US: Sermon component for Mambo
CVE-2008-0720
	- webmin <removed>
CVE-2008-0719
	NOT-FOR-US: osCommerce Online Merchant
CVE-2008-0718
	NOT-FOR-US: Sun Solaris
CVE-2008-0717
	NOT-FOR-US: IBM WebSphere Edge Server
CVE-2008-0716
	NOT-FOR-US: Symantec Altiris Notification Server
CVE-2008-0715
	NOT-FOR-US: ACDSee
CVE-2008-0714
	NOT-FOR-US: Mihalism Multi Host
CVE-2008-0713
	NOT-FOR-US: HP-UX B
CVE-2008-0712
	NOT-FOR-US: HP HPeDiag
CVE-2008-0711
	NOT-FOR-US: HP iLO-2 management processors
CVE-2008-0710
	REJECTED
CVE-2008-0709
	NOT-FOR-US: HP Select Identity
CVE-2008-0708
	NOT-FOR-US: HP USB 2.0 Floppy Drive Key
CVE-2008-0707
	NOT-FOR-US: HP-UX
CVE-2008-0706
	NOT-FOR-US: BIOS F.26
CVE-2008-0705
	REJECTED
CVE-2008-0704
	NOT-FOR-US: HP OpenVMS
CVE-2008-0703
	NOT-FOR-US: sflog!
CVE-2008-0702
	NOT-FOR-US: Titan FTP Server
CVE-2008-0701
	NOT-FOR-US: Magnolia CE
CVE-2008-0700
	NOT-FOR-US: CruxCMS
CVE-2008-0699
	NOT-FOR-US: IBM DB2
CVE-2008-0698
	NOT-FOR-US: IBM DB2
CVE-2008-0697
	NOT-FOR-US: IBM DB2
CVE-2008-0696
	NOT-FOR-US: IBM DB2
CVE-2008-0695
	NOT-FOR-US: BookmarkX
CVE-2008-0694
	NOT-FOR-US: IBM OS/400 V5R3M0 and V5R4M0
CVE-2008-0693
	NOT-FOR-US: Print Manager Plus
CVE-2008-0692
	NOT-FOR-US: iTechBids
CVE-2008-0691
	NOT-FOR-US: WP-Footnotes plugin for WordPress
CVE-2008-0690
	NOT-FOR-US: mosDirectory component for Joomla!
CVE-2008-0689
	NOT-FOR-US: Marketplace component for Joomla!
CVE-2008-0688
	NOT-FOR-US: Smartscript Domain Trader
CVE-2008-0687
	NOT-FOR-US: Youtube Clone Script
CVE-2008-0686
	NOT-FOR-US: NeoReferences component for Joomla!
CVE-2008-0685
	NOT-FOR-US: iTechClassifieds
CVE-2008-0684
	NOT-FOR-US: iTechClassifieds
CVE-2008-0683
	NOT-FOR-US: st_newsletter plugin for WordPress
CVE-2008-0682
	NOT-FOR-US: Wordspew plugin for Wordpress
CVE-2008-0681
	NOT-FOR-US: PHPShop
CVE-2008-0680
	NOT-FOR-US: MicroTik RouterOS
CVE-2008-0679
	NOT-FOR-US: BlogPHP
CVE-2008-0678
	NOT-FOR-US: BlogPHP
CVE-2008-0677
	NOT-FOR-US: A-Blog
CVE-2008-0676
	NOT-FOR-US: A-Blog
CVE-2008-0675
	NOT-FOR-US: Everything Development System
CVE-2008-0674
	{DSA-1499-1 DTSA-115-1}
	- pcre3 7.6-1 (medium)
	- php5 <not-affected> (Uses sytem copy)
CVE-2008-0673
	- tintin++ 1.97.9-2 (low; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0672
	- tintin++ 1.97.9-2 (low; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0671
	- tintin++ 1.97.9-2 (medium; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0670
	NOT-FOR-US: Noticias component for Joomla!
CVE-2008-0669
	NOT-FOR-US: Sift Unity
CVE-2008-0668
	{DSA-1546-1}
	- gnumeric 1.8.1-1 (medium)
CVE-2008-0667
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-0663
	NOT-FOR-US: Novell Challenge Response Client
CVE-2008-0662
	NOT-FOR-US: SecuRemote/SecureClient NGX R60 and R56
CVE-2008-0661
	NOT-FOR-US: dBpowerAMP Audio Player
CVE-2008-0660
	NOT-FOR-US: Aurigma Image Uploader
CVE-2008-0659
	NOT-FOR-US: Aurigma Image Uploader
CVE-2008-0658
	{DSA-1541-1}
	- openldap2.3 2.4.7-6.1 (low; bug #465875)
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built from this version)
	NOTE: only authenticated users can exploit this
CVE-2008-0657
	- sun-java6 6-02-1
	- sun-java5 1.5.0-14-1
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2008-0656
	NOT-FOR-US: Documentum Administrator and Webtop
CVE-2008-0655
	NOT-FOR-US: Adobe Reader
CVE-2008-0654
	NOT-FOR-US: Azucar CMS
CVE-2008-0653
	NOT-FOR-US: Ynews component for Joomla!
CVE-2008-0652
	NOT-FOR-US: Downloads for Mambo and Joomla!
CVE-2008-0651
	NOT-FOR-US: Pedro Santana Codice CMS
CVE-2008-0650
	NOT-FOR-US: Simple OS CMS
CVE-2008-0649
	NOT-FOR-US: Astanda Directory Project
CVE-2008-0648
	NOT-FOR-US: OpenSiteAdmin
CVE-2008-0647
	NOT-FOR-US: Ourgame GLWorld
CVE-2008-0646
	- deluge-torrent 0.5.8.3-1 (bug #463357)
CVE-2008-0645
	NOT-FOR-US: Portail Web Php
CVE-2008-0644
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-0643
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-0642
	NOT-FOR-US: Adobe
CVE-2008-0808
	{DSA-1523-1}
	- ikiwiki 2.31.1 (low; bug #465110)
CVE-2008-0809
	{DSA-1523-1}
	- ikiwiki 2.31.1 (low; bug #465110)
CVE-2008-0641
	RESERVED
CVE-2008-0640
	NOT-FOR-US: Symantec Ghost Solution Suite
CVE-2008-0639
	NOT-FOR-US: Novell Client
CVE-2008-0638
	NOT-FOR-US: Veritas Enterprise Administrator service
CVE-2008-0637
	RESERVED
CVE-2008-0636
	NOT-FOR-US: Managed Workplace Service Center
CVE-2008-0635
	NOT-FOR-US: Openads
CVE-2008-0634
	NOT-FOR-US: NamoInstaller
CVE-2008-0633
	NOT-FOR-US: Anon Proxy Server
	NOTE: this is not anon-proxy
CVE-2008-0632
	NOT-FOR-US: LightBlog
CVE-2008-0631
	NOT-FOR-US: MailBee Objects
CVE-2008-0630
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (medium; bug #464532)
CVE-2008-0629
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (medium; bug #464533)
CVE-2008-0628
	- sun-java6 6-04-1
	- sun-java5 <not-affected> (referring to sun this vulnerability is not present in java5)
CVE-2008-0627
	REJECTED
CVE-2008-0626
	REJECTED
CVE-2008-0625
	NOT-FOR-US: Yahoo! Music Jukebox
CVE-2008-0624
	NOT-FOR-US: Yahoo! JukeBox
CVE-2008-0623
	NOT-FOR-US: Yahoo! JukeBox
CVE-2008-0622
	NOT-FOR-US: RaidenHTTPD
CVE-2008-0621
	NOT-FOR-US: SAP GUI
CVE-2008-0620
	NOT-FOR-US: SAPSprint
CVE-2008-0619
	NOT-FOR-US: Nero Media Player
CVE-2008-0618
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0617
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0616
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0615
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0614
	NOT-FOR-US: Photokorn Gallery
CVE-2008-0613
	NOT-FOR-US: XOOPS
CVE-2008-0612
	NOT-FOR-US: XOOPS
CVE-2008-0611
	NOT-FOR-US: RMSOFT Gallery module for XOOPS
CVE-2008-0610
	NOT-FOR-US: UltraVNC
CVE-2008-0609
	NOT-FOR-US: Web Pack 2.0
CVE-2008-0608
	NOT-FOR-US: IPSwitch WS_FTP
CVE-2008-0607
	NOT-FOR-US: Sigsiu Online Business Index 2 component for Joomla! and Mambo
CVE-2008-0606
	NOT-FOR-US: Shambo2 component for Mambo and Joomla!
CVE-2008-0605
	NOT-FOR-US: AstroSoft HelpDesk
CVE-2008-0604
	NOT-FOR-US: XLight FTP Server
CVE-2008-0603
	NOT-FOR-US: amazOOP Awesom! component for Mambo and Joomla!
CVE-2008-0602
	NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-0601
	NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-0600
	{DSA-1494-1 DTSA-113-1}
	- linux-2.6 2.6.24-4 (high)
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
CVE-2008-0599
	{DTSA-135-1}
	- php5 5.2.6-1
	[etch] - php5 <not-affected> (Vulnerable code not yet present, introduced in 5.2.3)
	[etch] - php4 <not-affected> (Vulnerable code not yet present, introduced in 5.2.3)
CVE-2008-0598
	{DSA-1630-1}
	- linux-2.6 2.6.26-4 (bug #490910)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-0597
	- cupsys 1.2.1-1
	- cups <not-affected> (Vulnerable code not present)
	NOTE: (mimeDeleteType included since 1.2.x
	NOTE: according to maintainer, applies to 1.1.x series only. exact fixed
	NOTE: version in 1.1 unknown but irrelevant. cups package never had 1.1
	NOTE: versions in Debian.
CVE-2008-0596
	- cupsys 1.2.1-1
	- cups <not-affected> (Vulnerable code not present)
	NOTE: see CVE-2008-0597
CVE-2008-0595
	{DSA-1599-1}
	- dbus 1.1.20-1
CVE-2008-0594
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.9-1
	- icedove 2.0.0.12-1
CVE-2008-0593
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0592
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0591
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.9-1
	- icedove 2.0.0.12-1
CVE-2008-0590
	NOT-FOR-US: WS_FTP Server with SSH
CVE-2008-0589
	NOT-FOR-US: IBM AIX
CVE-2008-0588
	NOT-FOR-US: IBM AIX
CVE-2008-0587
	NOT-FOR-US: IBM AIX
CVE-2008-0586
	NOT-FOR-US: IBM AIX
CVE-2008-0585
	NOT-FOR-US: IBM AIX
CVE-2008-0584
	NOT-FOR-US: IBM AIX
CVE-2008-0583
	NOT-FOR-US: Skype
CVE-2008-0582
	NOT-FOR-US: Skype
CVE-2008-0581
	NOT-FOR-US: LSrunasE
CVE-2008-0580
	NOT-FOR-US: LSrunasE and Supercrypt
CVE-2008-0579
	NOT-FOR-US: buslicense component for Joomla!
CVE-2008-0578
	NOT-FOR-US: Tripwire Enterprise/Server Management Web Interface
CVE-2008-0577
	NOT-FOR-US: Project Issue Tracking module for Drupal
CVE-2008-0576
	NOT-FOR-US: Project Issue Tracking module for Drupal
CVE-2008-0575
	NOT-FOR-US: webSPELL
CVE-2008-0574
	NOT-FOR-US: webSPELL
CVE-2008-0573
	NOT-FOR-US: SafeNET HighAssurance Remote and SoftRemote
CVE-2008-0572
	NOT-FOR-US: Mindmeld
CVE-2008-0571
	NOT-FOR-US: Userpoints module for Drupal
CVE-2008-0570
	NOT-FOR-US: OpenID module for Drupal
CVE-2008-0569
	NOT-FOR-US: Comment upload module for Drupal
CVE-2008-0568
	NOT-FOR-US: Secure Site module for Drupal
CVE-2008-0567
	NOT-FOR-US: ChronoEngine ChronoForms component for Joomla!
CVE-2008-0566
	NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-0565
	NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-0563
	- liferay-portal <itp> (bug #569819)
CVE-2008-0562
	NOT-FOR-US: Restaurant component for Mambo and Joomla!
CVE-2008-0561
	NOT-FOR-US: AkoGallery component for Mambo and Joomla!
CVE-2008-0560
	NOT-FOR-US: cforms wordpress plugin
CVE-2008-0559
	NOT-FOR-US: cforms wordpress plugin
CVE-2008-0558
	NOT-FOR-US: Uniwin eCart Professiona
CVE-2008-0557
	NOT-FOR-US: CatalogShop componenent for Mambo and Joomla!
CVE-2008-0556
	NOT-FOR-US: OpenCA PKI Project
CVE-2008-0555
	- apache <removed>
	[etch] - apache <no-dsa> (only exploitable in very specific setups)
	NOTE: Only affects the apache-ssl package, not apache or apache-perl.
	NOTE: Only relevant if the attacker can get a CA that is trusted by the server
	NOTE: to sign client certs with arbitrary CN, but cannot influence the contents
	NOTE: of the other DN fields.
	NOTE: OTOH, the configuration used in Debian's apache-ssl 1.55 (per-dir
	NOTE: ssl-renegotiation switched off), has obviously not been tested by upstream
	NOTE: with 1.59 (it doesn't even compile).
	NOTE: Also, upstream's fix breaks API/ABI compatibility in some corner cases.
	NOTE: While these cases are not really supported by Debian, all in all the low
	NOTE: severity of the issue is not in proportion to the risk of breaking something
	NOTE: with the fix.
CVE-2008-0552
	NOT-FOR-US: eTicket
CVE-2008-0551
	NOT-FOR-US: Namo Web Editor
CVE-2008-0550
	NOT-FOR-US: Steamcast
CVE-2008-0549
	NOT-FOR-US: Steamcast
CVE-2008-0548
	NOT-FOR-US: Steamcast
CVE-2008-0547
	NOT-FOR-US: CandyPress
CVE-2008-0546
	NOT-FOR-US: CandyPress
CVE-2008-0545
	NOT-FOR-US: Bubbling Library
CVE-2008-0543
	NOT-FOR-US: Pre Dynamic Institution
CVE-2008-0542
	NOT-FOR-US: Simple Forum
CVE-2008-0541
	NOT-FOR-US: Simple Forum
CVE-2008-0540
	NOT-FOR-US: trixbox
CVE-2008-0539
	NOT-FOR-US: F5 BIG-IP Application Security Manager
CVE-2008-0538
	NOT-FOR-US: phpIP Management
CVE-2008-0537
	NOT-FOR-US: Cisco
CVE-2008-0536
	NOT-FOR-US: Cisco
CVE-2008-0535
	NOT-FOR-US: Cisco
CVE-2008-0534
	NOT-FOR-US: Cisco
CVE-2008-0533
	NOT-FOR-US: Cisco ACS
CVE-2008-0532
	NOT-FOR-US: Cisco ACS
CVE-2008-0531
	NOT-FOR-US: Cisco
CVE-2008-0530
	NOT-FOR-US: Cisco
CVE-2008-0529
	NOT-FOR-US: Cisco
CVE-2008-0528
	NOT-FOR-US: Cisco
CVE-2008-0527
	NOT-FOR-US: Cisco
CVE-2008-0526
	NOT-FOR-US: Cisco
CVE-2008-0525
	NOT-FOR-US: PatchLink Update client for Unix
CVE-2008-0524
	NOT-FOR-US: Yamaha router firmware
CVE-2008-0523
	NOT-FOR-US: SoftCart
CVE-2008-0522
	NOT-FOR-US: Hal Networks shopping-cart products
CVE-2008-0521
	NOT-FOR-US: Bubbling Library
CVE-2008-0520
	NOT-FOR-US: WassUp plugin for WordPress
CVE-2008-0519
	NOT-FOR-US: Atapin Jokes component for Mambo and Joomla!
CVE-2008-0518
	NOT-FOR-US: Recipes component for Mambo and Joomla!
CVE-2008-0517
	NOT-FOR-US: EstateAgent component for Mambo and Joomla!
CVE-2008-0516
	NOT-FOR-US: SQLiteManager
CVE-2008-0515
	NOT-FOR-US: musepoes component for Mambo and Joomla!
CVE-2008-0514
	NOT-FOR-US: Glossary component for Mambo and Joomla!
CVE-2008-0513
	NOT-FOR-US: phpCMS
CVE-2008-0512
	NOT-FOR-US: fq component for Mambo and Joomla!
CVE-2008-0511
	NOT-FOR-US: MaMML component for Mambo and Joomla!
CVE-2008-0510
	NOT-FOR-US: Newsletter component for Mambo and Joomla!
CVE-2008-0509
	NOT-FOR-US: IBM AIX
CVE-2008-0508
	NOT-FOR-US: Dean's Permalinks Migration plugin for WordPress
CVE-2008-0507
	NOT-FOR-US: AdServe plugin for WordPress
CVE-2008-0506
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0505
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0504
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0503
	NOT-FOR-US: Netwerk Smart Publisher
CVE-2008-0502
	NOT-FOR-US: Connectix Boards
CVE-2008-0664
	{DSA-1601-1}
	- wordpress 2.3.3-1 (medium; bug #464170)
	[etch] - wordpress <not-affected> (vulnerable code not present)
	NOTE: The blog has to provide user accounts
	NOTE: A crafted XML-RPC request referring to a valid user can exploit this
	NOTE: This is specific to wordpress' implementation of xmlrpc.php, which is
	NOTE: not included in any other packages.
	- libwordpress-xmlrpc-perl <removed>
CVE-2008-0553
	{DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1}
	- tk8.5 8.5.0-3
	- tk8.4 8.4.17-2
	- tk8.3 8.3.5-12
	- libtk-img 1:1.3-release-7 (bug #485785)
CVE-2008-0554
	{DSA-1579-1}
	- netpbm-free 10.0-11.1 (medium; bug #464056)
CVE-2008-0564
	- mailman 1:2.1.10~b3-1 (low)
	[etch] - mailman <no-dsa> (Minor issue)
	[sarge] - mailman <no-dsa> (Minor issue)
	NOTE: Someone authenticated as list admin can insert malicious script
	NOTE: into list templates. This already consists of a high degree of
	NOTE: control over the mailinglist, so not a very important issue.
	NOTE: This enhances the fix for CVE-2006-3636.
	NOTE: http://mail.python.org/pipermail/mailman-announce/2008-February/000095.html
CVE-2008-0665
	{DSA-1492-1}
	- wml 2.0.11-3.1 (low; bug #463907)
	[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
CVE-2008-0666
	{DSA-1492-1}
	- wml 2.0.11-3.1 (low; bug #463907)
	[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
CVE-2008-0501
	NOT-FOR-US: phpMyClub
CVE-2008-0500
	NOT-FOR-US: MamboXChange LaiThai
CVE-2008-0499
	NOT-FOR-US: MamboXChange LaiThai
CVE-2008-0498
	NOT-FOR-US: Bigware Shop
CVE-2008-0497
	NOT-FOR-US: Nucleus CMS
CVE-2008-0496
	NOT-FOR-US: AmpJuke
CVE-2008-0495
	NOT-FOR-US: Pegasus CIM Server
CVE-2008-0494
	NOT-FOR-US: Endian Firewall
CVE-2008-0493
	NOT-FOR-US: FlashPix plugin for IrfanView
CVE-2008-0492
	NOT-FOR-US: Persits XUpload
CVE-2008-0491
	NOT-FOR-US: fGallery for WordPress
CVE-2008-0490
	NOT-FOR-US: WP-Cal plugin for WordPress
CVE-2008-0489
	NOT-FOR-US: Clansphere
CVE-2008-0488
	NOT-FOR-US: VB Marketing
CVE-2008-0487
	NOT-FOR-US: ASPired2Protect
CVE-2008-0486
	{DSA-1536-1 DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (bug #464060)
	- xine-lib 1.1.10.1-1 (bug #464696)
	[sarge] - xine-lib <not-affected> (Vulnerable code not present)
CVE-2008-0485
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (bug #464060)
CVE-2008-0484
	RESERVED
CVE-2008-0483
	RESERVED
CVE-2008-0482
	RESERVED
CVE-2008-0481
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0480
	NOT-FOR-US: Web Wiz Forums
CVE-2008-0479
	NOT-FOR-US: Web Wiz NewsPad
CVE-2008-0478
	NOT-FOR-US: SetCMS
CVE-2008-0477
	NOT-FOR-US: Move Networks Upgrade Manager
CVE-2008-0476
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0475
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0474
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0473
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0472
	NOT-FOR-US: Woltlab Burning Board
CVE-2008-0471
	{DSA-1488-1}
	- phpbb2 2.0.22-3 (low; bug #463589)
CVE-2008-0470
	NOT-FOR-US: Comodo AntiVirus
CVE-2008-0469
	NOT-FOR-US: Tiger Php News System
CVE-2008-0468
	NOT-FOR-US: Flinx
CVE-2008-0467
	{DSA-1529-1}
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 2.0.3.12981.ds1-5 (medium; bug #463596)
CVE-2008-0466
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0465
	NOT-FOR-US: Seagull
CVE-2008-0464
	NOT-FOR-US: aconon Mail Enterprise SQL
CVE-2008-0463
	NOT-FOR-US: Workflow module for Drupal
CVE-2008-0462
	NOT-FOR-US: Archive module for Drupal
CVE-2008-0461
	NOT-FOR-US: PHP-Nuke
CVE-2008-0460
	- mediawiki 1:1.11.1-1 (low)
	[etch] - mediawiki <not-affected> (Doesn't include API functionality)
CVE-2008-0459
	NOT-FOR-US: Liquit-Silver CMS
CVE-2008-0458
	NOT-FOR-US: SLAED CMS
CVE-2008-0457
	NOT-FOR-US: Symantec LiveState Apache Tomcat server
CVE-2008-0456
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
	NOTE: This is only relevant if an attacker can upload files with arbitrary names
	NOTE: but not with arbitrary contents.
CVE-2008-0455
	- apache <removed> (unimportant)
	- apache2 <unfixed> (unimportant)
	NOTE: This is only relevant if an attacker can upload files with arbitrary names
	NOTE: but not with arbitrary contents.
CVE-2008-0454
	NOT-FOR-US: Skype
CVE-2008-0453
	NOT-FOR-US: Easysitenetwork Recipe
CVE-2008-0452
	NOT-FOR-US: Siteman
CVE-2008-0451
	NOT-FOR-US: PacerCMS
CVE-2008-0450
	NOT-FOR-US: BLOG:CMS
CVE-2008-0449
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2008-0448
	NOT-FOR-US: phpSearch
CVE-2008-0447
	NOT-FOR-US: Foojan WMS PHP Weblog
CVE-2008-0446
	NOT-FOR-US: Foojan WMS PHP Weblog
CVE-2008-0445
	- elog 2.9.2+2014.05.11git44800a7-1 (low; bug #463600)
CVE-2008-0444
	- elog 2.9.2+2014.05.11git44800a7-1 (low; bug #463600)
CVE-2008-0443
	NOT-FOR-US: Lycos FileUploader Module
CVE-2008-0442
	NOT-FOR-US: Small Axe Weblog
CVE-2008-0441
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2008-0440
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-0439
	NOT-FOR-US: DeluxeBB
CVE-2008-0438
	NOT-FOR-US: Novemberborn sIFR
CVE-2008-0437
	NOT-FOR-US: HP Virtual Rooms
CVE-2008-0436
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2008-0435
	NOT-FOR-US: OZJournals
CVE-2008-0434
	NOT-FOR-US: AXIGEN Mail Server
CVE-2008-0433
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2008-0432
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2008-0431
	NOT-FOR-US: IDMOS
CVE-2008-0430
	NOT-FOR-US: 360 Web Manager
CVE-2008-0429
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-0428
	NOT-FOR-US: bloofoxCMS
CVE-2008-0427
	NOT-FOR-US: bloofoxCMS
CVE-2008-0426
	NOT-FOR-US: PacerCMS
CVE-2008-0425
	NOT-FOR-US: Frimousse
CVE-2008-0424
	NOT-FOR-US: Mooseguy Blog System
CVE-2008-0423
	NOT-FOR-US: Lama Software
CVE-2008-0422
	NOT-FOR-US: bMachine
CVE-2008-0421
	NOT-FOR-US: Invision Gallery
CVE-2008-0420
	{DSA-1534-1 DSA-1484-1}
	- iceape 1.1.8-1
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	NOTE: The initial advisory claimed Thunderbird/Icedove were vulnerable, but clarified
	NOTE: later, see http://www.mozilla.org/security/announce/2008/mfsa2008-07.html
CVE-2008-0419
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0418
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0417
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0416
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- icedove 2.0.0.12-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-0415
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
	- xulrunner 1.8.1.12-1
CVE-2008-0414
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0413
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0412
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0411
	{DSA-1510-1}
	- ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190)
	- gs-gpl <removed> (medium)
CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
	- exempi 1.99.7-1 (bug #454297)
CVE-2008-0544
	{DSA-1493-2 DSA-1493-1}
	- sdl-image1.2 1.2.6-3 (medium)
CVE-2008-0410
	NOT-FOR-US: HTTP File Server
CVE-2008-0409
	NOT-FOR-US: HTTP File Server
CVE-2008-0408
	NOT-FOR-US: HTTP File Server
CVE-2008-0407
	NOT-FOR-US: HTTP File Server
CVE-2008-0406
	NOT-FOR-US: HTTP File Server
CVE-2008-0405
	NOT-FOR-US: HTTP File Server
CVE-2008-0404
	- mantis <not-affected> (Vulnerable code not present)
	NOTE: code was introduced in the 1.1.x series, which are not shipped by us yet
CVE-2008-0403
	NOT-FOR-US: Belkin Wireless firmware
CVE-2008-0402
	NOT-FOR-US: IBM WebSphere Business Modeler
CVE-2008-0401
	NOT-FOR-US: IBM Tivoli Provisioning Manager for OS Deployment before
CVE-2008-0400
	NOT-FOR-US: Singapore
CVE-2008-0399
	NOT-FOR-US: Toshiba Surveillance
CVE-2008-0398
	NOT-FOR-US: aflog
CVE-2008-0397
	NOT-FOR-US: aflog
CVE-2008-0396
	NOT-FOR-US: BitDefender Update Server
CVE-2008-0395
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-0394
	NOT-FOR-US: Citadel SMTP server
CVE-2008-0393
	NOT-FOR-US: GradMan
CVE-2008-0392
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-0391
	NOT-FOR-US: aliTalk
CVE-2008-0390
	NOT-FOR-US: AuraCMS
CVE-2008-0389
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0388
	NOT-FOR-US: WP-Forum plugin for WordPress
CVE-2008-0387
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-4 (bug #460048)
	[lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
CVE-2008-0386
	- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable code and uses sed secure)
	NOTE: xdg-open-generic replaces the vulnerable code and runs view-mailcap or sensible-browser
CVE-2008-0385
	NOT-FOR-US: Urulu
CVE-2008-0384
	NOT-FOR-US: OpenBSD
CVE-2008-0383
	NOT-FOR-US: MyBB
CVE-2008-0382
	NOT-FOR-US: MyBB
CVE-2008-0381
	- mahara 0.9.1-1 (low)
CVE-2008-0380
	NOT-FOR-US: Digital Data Communications
CVE-2008-0379
	NOT-FOR-US: Crystal Reports
CVE-2008-0378
	NOT-FOR-US: SocksCap
CVE-2008-0377
	NOT-FOR-US: MicroNews
CVE-2008-0376
	NOT-FOR-US: Small Axe Weblog
CVE-2008-0375
	NOT-FOR-US: OKI C5510MFP Printer firmware
CVE-2008-0374
	NOT-FOR-US: OKI C5510MFP Printer firmware
CVE-2008-0373
	NOT-FOR-US: PHP F1 Max's File Uploader
CVE-2008-0372
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2008-0371
	NOT-FOR-US: aliTalk
CVE-2008-0370
	NOT-FOR-US: cPanel
CVE-2008-0369
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0368
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0367
	- iceweasel 3.0 (low)
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Mozilla #244273
CVE-2008-0366
	NOT-FOR-US: CORE FORCE
CVE-2008-0365
	NOT-FOR-US: CORE FORCE
CVE-2008-0364
	NOT-FOR-US: BitTorrent/uTorrent
CVE-2008-0363
	NOT-FOR-US: Clever Copy
CVE-2008-0362
	NOT-FOR-US: Clever Copy
CVE-2008-0361
	NOT-FOR-US: GradMan
CVE-2008-0360
	NOT-FOR-US: BLOG:CMS
CVE-2008-0359
	NOT-FOR-US: BLOG:CMS
CVE-2008-0358
	NOT-FOR-US: Pixelpost
CVE-2008-0357
	NOT-FOR-US: Galaxyscripts
CVE-2008-0356
	NOT-FOR-US: Citrix Presentation Server
CVE-2008-0355
	NOT-FOR-US: PHPEcho CMS
CVE-2008-0354
	NOT-FOR-US: IBM Lotus Sametime
CVE-2008-0353
	NOT-FOR-US: php-residence
CVE-2008-XXXX [apt-cacher arbitrary command execution]
	- apt-cacher 1.6.1
	[etch] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)
	[sarge] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)
CVE-2008-0352
	- linux-2.6 2.6.22-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced after 2.6.19 release)
CVE-2008-0351
	NOT-FOR-US: EvilSentinel
CVE-2008-0350
	NOT-FOR-US: EvilSentinel
CVE-2008-0349
	NOT-FOR-US: Oracle
CVE-2008-0348
	NOT-FOR-US: Oracle
CVE-2008-0347
	NOT-FOR-US: Oracle
CVE-2008-0346
	NOT-FOR-US: Oracle
CVE-2008-0345
	NOT-FOR-US: Oracle
CVE-2008-0344
	NOT-FOR-US: Oracle
CVE-2008-0343
	NOT-FOR-US: Oracle
CVE-2008-0342
	NOT-FOR-US: Oracle
CVE-2008-0341
	NOT-FOR-US: Oracle
CVE-2008-0340
	NOT-FOR-US: Oracle
CVE-2008-0339
	NOT-FOR-US: Oracle
CVE-2008-0338
	NOT-FOR-US: miniweb
CVE-2008-0337
	NOT-FOR-US: miniweb
CVE-2008-0336
	NOT-FOR-US: BugTracker.NET
CVE-2008-0335
	NOT-FOR-US: BugTracker.NET
CVE-2008-0334
	NOT-FOR-US: pMachine
CVE-2008-0333
	NOT-FOR-US: AfterLogic MailBee WebMail Pro 4.1 for ASP.NET
CVE-2008-0332
	NOT-FOR-US: Aria ERP (not the aria we ship)
CVE-2008-0331
	NOT-FOR-US: Funkwerk
CVE-2008-0330
	NOT-FOR-US: Radiator
CVE-2008-0329
	NOT-FOR-US: LulieBlog
CVE-2008-0328
	NOT-FOR-US: FaScript
CVE-2008-0327
	NOT-FOR-US: FaScript
CVE-2008-0326
	NOT-FOR-US: FaScript
CVE-2008-0325
	NOT-FOR-US: FaScript
CVE-2008-0324
	NOT-FOR-US: Cisco
CVE-2008-0323
	RESERVED
CVE-2008-0322
	NOT-FOR-US: Microsoft Windows XP driver
CVE-2008-0321
	RESERVED
CVE-2008-0320
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2008-0319
	RESERVED
CVE-2008-0318
	{DSA-1497-1}
	- clamav 0.92.1~dfsg-1 (medium)
CVE-2008-0317
	RESERVED
CVE-2008-0316
	RESERVED
CVE-2008-0315
	RESERVED
CVE-2008-0314
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1 (medium)
CVE-2008-0313
	NOT-FOR-US: Symantec Norton products
CVE-2008-0312
	NOT-FOR-US: Symantec Norton products
CVE-2008-0311
	NOT-FOR-US: Borland CaliberRM
CVE-2008-0310
	NOT-FOR-US: SCO UnixWare
CVE-2008-0309
	NOT-FOR-US: Symantec Decomposer
CVE-2008-0308
	NOT-FOR-US: Symantec Decomposer
CVE-2008-0307
	- maxdb-7.5.00 <removed>
CVE-2008-0306
	- maxdb-7.5.00 <removed>
CVE-2008-0305
	RESERVED
CVE-2008-0304
	{DSA-1697-1 DSA-1621-1}
	- icedove 2.0.0.12-1 (medium)
	- iceape 1.1.8-1 (medium)
CVE-2008-0303
	NOT-FOR-US: Canon printer firmware
CVE-2008-0301
	NOT-FOR-US: Mapbender
CVE-2008-0300
	NOT-FOR-US: Mapbender
CVE-2008-0298
	- webkit <not-affected> (Not reproducible, browser crashes not treated as security issues)
	- qt4-x11 <not-affected> (Not reproducible, browser crashes not treated as security issues)
	- kdelibs <not-affected> (Not reproducible, browser crashes not treated as security issues)
	- kde4libs <not-affected> (Not reproducible, browser crashes not treated as security issues)
	NOTE: Not reproducible, might be fixed before all the forks went off
CVE-2008-0297
	NOT-FOR-US: PhotoKorn
CVE-2008-0296
	{DSA-1543-1 DTSA-111-1}
	- vlc 0.8.6.c-6 (bug #461544; medium)
CVE-2008-0295
	{DSA-1543-1 DTSA-111-1}
	- vlc 0.8.6.c-6 (bug #461544; medium)
	NOTE: this does not affect xine-lib itself, its just vlc that ships a really old version of it
CVE-2008-0294
	NOT-FOR-US: FreeSeat
CVE-2008-0293
	NOT-FOR-US: FreeSeat
CVE-2008-0292
	NOT-FOR-US: Dansie Photo Album
CVE-2008-0291
	NOT-FOR-US: RichStrong CMS
CVE-2008-0161
	RESERVED
CVE-2008-0290
	NOT-FOR-US: Digital Hive
CVE-2008-0289
	NOT-FOR-US: Member Area System
CVE-2008-0288
	NOT-FOR-US: ImageAlbum
CVE-2008-0287
	NOT-FOR-US: VisionBurst vcart
CVE-2008-0286
	NOT-FOR-US: Article Dashboard
CVE-2008-0285
	- ngircd 0.10.3-2 (bug #461067; low)
	[etch] - ngircd <no-dsa> (Minor issue)
CVE-2008-0284
	NOT-FOR-US: Simple Machines Forum
CVE-2008-0283
	NOT-FOR-US: DomPHP
CVE-2008-0282
	NOT-FOR-US: DomPHP
CVE-2008-0281
	NOT-FOR-US: ID-Commerce
CVE-2008-0280
	NOT-FOR-US: MTCMS
CVE-2008-0279
	NOT-FOR-US: Xforum
CVE-2008-0278
	NOT-FOR-US: X7 Chat
CVE-2008-0277
	NOT-FOR-US: Fileshare module for Drupal
CVE-2008-0276
	NOT-FOR-US: Devel module for Drupal
CVE-2008-0275
	NOT-FOR-US: Atom module for Drupal
CVE-2008-0274
	- drupal5 5.6-1 (unimportant)
	NOTE: needs register_globals on
CVE-2008-0273
	- drupal5 5.6-1 (low)
CVE-2008-0272
	- drupal5 5.6-1 (low)
CVE-2008-0271
	NOT-FOR-US: BUEditor
CVE-2008-0270
	NOT-FOR-US: TaskFreak!
CVE-2008-0269
	NOT-FOR-US: Sun Solaris
CVE-2008-0268
	NOT-FOR-US: eTicket
CVE-2008-0267
	NOT-FOR-US: eTicket
CVE-2008-0266
	NOT-FOR-US: eTicket
CVE-2008-0265
	NOT-FOR-US: F5 BIG-IP
CVE-2008-0264
	NOT-FOR-US: Meta Tags module for Drupal
CVE-2008-0263
	NOT-FOR-US: Ingate Firewall
CVE-2008-0262
	NOT-FOR-US: Agares PhpAutoVideo
CVE-2008-0261
	NOT-FOR-US: Mambo
	NOTE: Mambo is in experimental
CVE-2008-0260
	NOT-FOR-US: minimal Gallery
CVE-2008-0259
	NOT-FOR-US: minimal Gallery
CVE-2008-0258
	NOT-FOR-US: PHP Running Management
CVE-2008-0257
	NOT-FOR-US: Dansie Search
CVE-2008-0256
	NOT-FOR-US: Matteo Binda ASP Photo Gallery
CVE-2008-0255
	NOT-FOR-US: iGaming
CVE-2008-0254
	NOT-FOR-US: TutorialCMS
CVE-2008-0253
	NOT-FOR-US: Binn SBuilder
CVE-2008-0252
	{DSA-1481-1}
	- python-cherrypy 2.2.1-3.1 (low; bug #461069)
	- cherrypy3 3.0.2-2
CVE-2008-0251
	NOT-FOR-US: PhotoPost vBGallery
CVE-2008-0250
	NOT-FOR-US: Microsoft Visual InterDev
CVE-2008-0249
	NOT-FOR-US: PHP Webquest
CVE-2008-0248
	NOT-FOR-US: StreamAudio ChainCast ProxyManager
CVE-2008-0247
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2008-0246
	NOT-FOR-US: UploadScript
CVE-2008-0245
	NOT-FOR-US: UploadImage
CVE-2008-0244
	- maxdb-7.5.00 <removed> (medium; bug #461444)
	NOTE: see #461456 for removal explanation
CVE-2008-0243
	NOT-FOR-US: Lotus Domino
CVE-2008-0242
	NOT-FOR-US: Sun Solari
CVE-2008-0241
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0240
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0239
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0238
	NOTE: Dupe of CVE-2008-0225
CVE-2008-0299
	- paramiko 1.6.4-1.1 (low; bug #460706)
	[etch] - paramiko <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20100715101310/http://www.lag.net/pipermail/paramiko/2008-January/000599.html
CVE-2008-0237
	NOT-FOR-US: Microsoft Rich Textbox ActiveX Control
CVE-2008-0236
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2008-0235
	NOT-FOR-US: Microsoft VFP_OLE_Server ActiveX control
CVE-2008-0234
	NOT-FOR-US: Apple Quicktime Player
CVE-2008-0233
	NOT-FOR-US: Zero CMS
CVE-2008-0232
	NOT-FOR-US: Zero CMS
CVE-2008-0231
	NOT-FOR-US: Tune Studio
CVE-2008-0230
	NOT-FOR-US: osDate
CVE-2008-0229
	NOT-FOR-US: LevelOne router firmware
CVE-2008-0228
	NOT-FOR-US: Linksys WRT54GL firmware
CVE-2008-0227
	{DSA-1478-1}
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg-5.0 5.0.51-3 (low; bug #460873)
	- cyassl <not-affected> (Fixed before initial upload to archive)
CVE-2008-0226
	{DSA-1478-1}
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg-5.0 5.0.51-3 (medium; bug #460873)
	- cyassl <not-affected> (Fixed before initial upload to archive)
CVE-2008-0225
	{DSA-1472-1 DTSA-109-1}
	- xine-lib 1.1.10-1 (medium; bug #460551)
CVE-2008-0224
	NOT-FOR-US: RunCMS
CVE-2008-0223
	NOT-FOR-US: JustSystem
CVE-2008-0222
	NOT-FOR-US: Wp-FileManager plugin for WordPress
CVE-2008-0221
	NOT-FOR-US: Gateway Weblaunch
CVE-2008-0220
	NOT-FOR-US: Gateway Weblaunch
CVE-2008-0219
	NOT-FOR-US: Webquest
CVE-2008-0218
	NOT-FOR-US: Merak IceWarp Mail Server
CVE-2008-0217
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
CVE-2008-0216
	- kfreebsd-5 <not-affected> (see bug #483152)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
CVE-2008-0215
	NOT-FOR-US: HP SRM
CVE-2008-0214
	NOT-FOR-US: HP Select Identity
CVE-2008-0213
	NOT-FOR-US: HP Virtual Rooms
CVE-2008-0212
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-0211
	NOT-FOR-US: BIOS F.04
CVE-2008-0210
	NOT-FOR-US: Uebimiau Webmail
CVE-2008-0209
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0208
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0207
	NOT-FOR-US: PRO-Search
CVE-2008-0206
	NOT-FOR-US: Captcha!
CVE-2008-0205
	NOT-FOR-US: Math Comment Spam Protection plugin for WordPress
CVE-2008-0204
	NOT-FOR-US: Math Comment Spam Protection plugin for WordPress
CVE-2008-0203
	NOT-FOR-US: Cryptographp plugin for WordPress
CVE-2008-0202
	NOT-FOR-US: ExpressionEngine
CVE-2008-0201
	NOT-FOR-US: ExpressionEngine
CVE-2008-0200
	NOT-FOR-US: RotaBanner
CVE-2008-0199
	NOT-FOR-US: PRO-Search
CVE-2008-0198
	NOT-FOR-US: WP-ContactForm plugin for WordPress
CVE-2008-0197
	NOT-FOR-US: WP-ContactForm plugin for WordPress
CVE-2008-0196
	- wordpress 2.3.3-1
	[etch] - wordpress <no-dsa> (Auth is needed and attacker should have permissions to edit files)
CVE-2008-0195
	- wordpress 2.1.0-1 (unimportant)
	NOTE: full path and DB structure already known on Debian
	NOTE: poked hendry
CVE-2008-0194
	{DSA-1502-1}
	- wordpress 2.1.0-1
	NOTE: Vulnerable code removed since 2.1 release
CVE-2008-0193
	{DSA-1502-1}
	- wordpress 2.1.0-1
	NOTE: Vulnerable code removed since 2.1 release
CVE-2008-0192
	- wordpress 2.0.10-1
	NOTE: poked hendry
CVE-2008-0191
	- wordpress <unfixed> (unimportant)
	NOTE: full path and DB structure already known on Debian
	NOTE: poked hendry
CVE-2008-0190
	NOT-FOR-US: AwesomeTemplateEngine
CVE-2008-0189
	REJECTED
CVE-2008-0188
	REJECTED
CVE-2008-0187
	NOT-FOR-US: SAM Broadcaster samPHPweb
CVE-2008-0186
	NOT-FOR-US: NetRisk
CVE-2008-0185
	NOT-FOR-US: NetRisk
CVE-2008-0184
	NOT-FOR-US: Sys-Hotel
CVE-2008-0183
	RESERVED
CVE-2008-0182
	- liferay-portal <itp> (bug #569819)
CVE-2008-0181
	- liferay-portal <itp> (bug #569819)
CVE-2008-0180
	- liferay-portal <itp> (bug #569819)
CVE-2008-0179
	- liferay-portal <itp> (bug #569819)
CVE-2008-0178
	- liferay-portal <itp> (bug #569819)
CVE-2008-0177
	- kfreebsd-7 <not-affected> (see bug #483152)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	NOTE: Linux kernel code is not affected, the proper check is there
	NOTE: (somewhat difficult to spot, it happens in the caller).
CVE-2008-0176
	NOT-FOR-US: GE Fanuc CIMPLICITY
CVE-2008-0175
	NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal
CVE-2008-0174
	NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal
CVE-2008-0172
	- boost 1.34.1-5 (low; bug #461236)
	[etch] - boost <no-dsa> (Minor issue)
CVE-2008-0171
	- boost 1.34.1-5 (low; bug #461236)
	[etch] - boost <no-dsa> (Minor issue)
CVE-2008-0170
	RESERVED
CVE-2008-0169
	- ikiwiki 2.48 (medium; bug #483770)
	[etch] - ikiwiki <not-affected> (Vulnerable code introduced in 1.34)
CVE-2008-0168
	RESERVED
CVE-2008-0167
	{DSA-1577-1}
	- gforge 4.6.99+svn6496-1 (low)
	NOTE: https://rt.debian.org/Ticket/Display.html?id=672
CVE-2008-0166
	{DSA-1576-1 DSA-1571-1}
	- openssl 0.9.8g-9 (high)
	[sarge] - openssl <not-affected> (Vulnerable code not present)
	- openssh 4.7p1-9 (high)
	NOTE: http://www.debian.org/security/key-rollover/
CVE-2008-0165
	{DSA-1553-1}
	- ikiwiki 2.42
CVE-2008-0164
	- plone3 3.1.1-1 (bug #473571)
CVE-2008-0163
	{DSA-1494-1}
	- linux-2.6 2.6.25-1 (high)
CVE-2008-0162
	{DSA-1500-1}
	- splitvt 1.6.6-4
CVE-2008-0302
	{DSA-1465-2}
	- apt-listchanges 2.82 (medium)
	[sarge] - apt-listchanges <not-affected> (Vulnerable code not present)
	NOTE: see http://web.archive.org/web/20080206193307/http://git.madism.org:80/?p=apt-listchanges.git;a=commitdiff;h=1bcfbf3dc55413bb83a1782dc9a54515a963fb32
CVE-2008-0160
	RESERVED
CVE-2008-0173
	{DSA-1459-1}
	- gforge 4.6.99+svn6330-1 (medium)
	NOTE: this is exploitable by unauthenticated users
	NOTE: Requires register_globals to be On, unsupported in lenny+sid.
	NOTE: In lenny+sid these scripts just don't work, so no security issue.
	NOTE: In etch+sarge we support gforge with rg On, unfortunately.
CVE-2008-0159
	NOT-FOR-US: eggBlog
CVE-2008-0158
	NOT-FOR-US: Shop-Script
CVE-2008-0157
	NOT-FOR-US: FlexBB
CVE-2008-0156
	NOT-FOR-US: Million Dollar Script
CVE-2008-0155
	NOT-FOR-US: EvilBoard
CVE-2008-0154
	NOT-FOR-US: EvilBoard
CVE-2008-0153
	NOT-FOR-US: Pragma TelnetServer
CVE-2008-0152
	NOT-FOR-US: SeattleLab SLNet RF Telnet Server
CVE-2008-0151
	NOT-FOR-US: Foxit WAC Server
CVE-2008-0150
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-0149
	- tutos <removed>
	- tutos2 <not-affected> (vulnerable code not present)
CVE-2008-0148
	- tutos <removed>
	- tutos2 <not-affected> (vulnerable code not present)
CVE-2008-0147
	NOT-FOR-US: SmallNuke
CVE-2008-0146
	NOT-FOR-US: W3-mSQL
CVE-2008-0145
	- php4 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2008-0144
	NOT-FOR-US: NetRisk
CVE-2008-0143
	NOT-FOR-US: samPHPweb
CVE-2008-0142
	NOT-FOR-US: WebPortal CMS
CVE-2008-0141
	NOT-FOR-US: WebPortal CMS
CVE-2008-0140
	NOT-FOR-US: Uebimiau Webmail
CVE-2008-0139
	NOT-FOR-US: Loudblog
CVE-2008-0138
	NOT-FOR-US: XOOPS
CVE-2008-0137
	NOT-FOR-US: SNETWORKS
CVE-2008-0136
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0135
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0134
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0133
	NOT-FOR-US: Tribisur
CVE-2008-0132
	NOT-FOR-US: Pragma FortressSSH
CVE-2008-0131
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2008-0130
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2008-0129
	NOT-FOR-US: Site@School
CVE-2008-0128
	{DSA-1468-1}
	- tomcat5 <removed> (unimportant)
	NOTE: SSO cookies not working in 5.0, have only been fixed in 5.5.13, see #34724
	- tomcat5.5 5.5.23-1 (low)
	NOTE: SSO cookies sent over secure connections do not require
	NOTE: secure connections, possibly defeating HTTPS encryption.
	NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
CVE-2008-0127
	NOT-FOR-US: McAfee E-Business Server
CVE-2008-0126
	RESERVED
CVE-2008-0125
	NOT-FOR-US: Michael Wagner phpstats
CVE-2008-0124
	{DSA-1528-1}
	- serendipity 1.3~b1-1 (low; bug #469667)
CVE-2008-0123
	- moodle 1.9.8-1 (unimportant)
	NOTE: the issue itself has a quite small attack vector
	NOTE: and considering that the apache configuration that comes
	NOTE: with moodle limits connections to localhost this is no issue
CVE-2008-0122
	- bind <removed>
	[sarge] - bind <no-dsa> (applications will use inet_network in libc)
	[etch] - bind <no-dsa> (applications will use inet_network in libc)
	- bind9 <not-affected> (does not build libbind)
	- glibc 2.2-1
	NOTE: The fix for the BIND-based resolver in GNU libc was made in 2000.
	NOTE: libbind9 is distinct code, not related to the old libbind.
CVE-2008-0121
	NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0120
	NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0119
	NOT-FOR-US: Microsoft Publisher
CVE-2008-0118
	NOT-FOR-US: Microsoft Office
CVE-2008-0117
	NOT-FOR-US: Microsoft Excel
CVE-2008-0116
	NOT-FOR-US: Microsoft Excel
CVE-2008-0115
	NOT-FOR-US: Microsoft Excel
CVE-2008-0114
	NOT-FOR-US: Microsoft Excel
CVE-2008-0113
	NOT-FOR-US: Microsoft Excel
CVE-2008-0112
	NOT-FOR-US: Microsoft Excel
CVE-2008-0111
	NOT-FOR-US: Microsoft Excel
CVE-2008-0110
	NOT-FOR-US: Microsoft Outlook
CVE-2008-0109
	NOT-FOR-US: Microsoft Office
CVE-2008-0108
	NOT-FOR-US: Microsoft Office
CVE-2008-0107
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0106
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0105
	NOT-FOR-US: Microsoft Office
CVE-2008-0104
	NOT-FOR-US: Microsoft Office
CVE-2008-0103
	NOT-FOR-US: Microsoft Office
CVE-2008-0102
	NOT-FOR-US: Microsoft Office
CVE-2008-0101
	- whitedune 0.28.13-1 (medium)
CVE-2008-0100
	- whitedune 0.28.13-1 (medium)
CVE-2008-0099
	NOT-FOR-US: MyPHP Forum
CVE-2008-0098
	NOT-FOR-US: RealPlayer
CVE-2008-0097
	NOT-FOR-US: Georgia SoftWorks SSH2 Server
CVE-2008-0096
	NOT-FOR-US: Georgia SoftWorks SSH2 Server
CVE-2008-0095
	- asterisk 1:1.4.17~dfsg-1 (medium; bug #458952)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
CVE-2008-0094
	NOT-FOR-US: MODx Content Management System
CVE-2008-0093
	NOT-FOR-US: eTicket
CVE-2008-0092
	NOT-FOR-US: Appalachian State University phpWebSite
CVE-2008-0091
	NOT-FOR-US: AGENCY4NET WEBFTP
CVE-2008-0090
	NOT-FOR-US: DivX Player
CVE-2008-0089
	NOT-FOR-US: ClipShare
CVE-2008-0088
	NOT-FOR-US: Windows
CVE-2008-0087
	NOT-FOR-US: Microsoft Windows
CVE-2008-0086
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0085
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0084
	NOT-FOR-US: Windows
CVE-2008-0083
	NOT-FOR-US: Microsoft Windows
CVE-2008-0082
	NOT-FOR-US: Windows Messenger
CVE-2008-0081
	NOT-FOR-US: Microsoft
CVE-2008-0080
	NOT-FOR-US: Windows
CVE-2008-0079
	REJECTED
CVE-2008-0078
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0077
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0076
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0075
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0074
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0073
	{DSA-1543-1 DSA-1536-1 DTSA-119-1 DTSA-128-1}
	- xine-lib 1.1.11-1 (medium)
	- vlc 0.8.6.e-2 (medium; bug #473057)
	NOTE: http://bugs.xine-project.org/show_bug.cgi?id=58
CVE-2008-0072
	{DSA-1512-1}
	- evolution 2.12.3-1.1
	NOTE: SA29057
CVE-2008-0071
	NOT-FOR-US: uTorrent 1.7.7 (build 8179) / BitTorrent 6.0.1 (build 7859)
CVE-2008-0070
	NOT-FOR-US: Orb Networks Orb and Winamp Remote BETA
CVE-2008-0069
	NOT-FOR-US: XnView
CVE-2008-0068
	NOT-FOR-US: HP OpenView
CVE-2008-0067
	NOT-FOR-US: HP OpenView Network Node Manager (OV NNM)
CVE-2008-0066
	NOT-FOR-US: KeyView
CVE-2008-0065
	NOT-FOR-US: Winamp
CVE-2008-0064
	NOT-FOR-US: XnView, nconvert GFL SDK for Windows
CVE-2008-0063
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (medium)
CVE-2008-0062
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (high)
CVE-2008-0060
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0059
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0058
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0057
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0056
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0055
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0054
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0053
	{DSA-1625-1}
	- cupsys 1.3.6-1
	- cups 1.3.6-1
	NOTE: https://bugzilla.redhat.com/attachment.cgi?id=298651
CVE-2008-0052
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0051
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0050
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0049
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0048
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0047
	{DSA-1530-1}
	- cupsys 1.3.6-3 (medium; bug #472105)
	- cups 1.3.6-3 (medium; bug #472105)
	[sarge] - cupsys <not-affected> (Vulnerable code not present)
CVE-2008-0046
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0045
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0044
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0043
	NOT-FOR-US: Apple iPhoto
CVE-2008-0042
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0041
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0040
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0039
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0038
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0037
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0036
	NOT-FOR-US: Apple QuickTime
CVE-2008-0035
	NOT-FOR-US: Apple cocoa Foundation
	NOTE: AFAICS this is not the same as libfoundation in Debian
CVE-2008-0034
	NOT-FOR-US: Apple iPhone
CVE-2008-0033
	NOT-FOR-US: Apple QuickTime
CVE-2008-0032
	NOT-FOR-US: Apple QuickTime
CVE-2008-0031
	NOT-FOR-US: Apple QuickTime
CVE-2008-0030
	REJECTED
CVE-2008-0029
	NOT-FOR-US: Cisco
CVE-2008-0028
	NOT-FOR-US: Cisco
CVE-2008-0027
	NOT-FOR-US: Cisco
CVE-2008-0026
	NOT-FOR-US: Cisco
CVE-2008-0025
	RESERVED
CVE-2008-0024
	RESERVED
CVE-2008-0023
	RESERVED
CVE-2008-0022
	RESERVED
CVE-2008-0021
	RESERVED
CVE-2008-0020
	NOT-FOR-US: Microsoft
CVE-2008-0019
	RESERVED
CVE-2008-0018
	RESERVED
CVE-2008-0017
	{DSA-1697-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- iceape 1.1.13-1
CVE-2008-0016
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.1-1
	- iceweasel 3.0.1-1
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-0015
	NOT-FOR-US: Microsoft
CVE-2008-0014
	NOT-FOR-US: Trend Micro
CVE-2008-0013
	NOT-FOR-US: Trend Micro
CVE-2008-0012
	NOT-FOR-US: Trend Micro
CVE-2008-0011
	NOT-FOR-US: Microsoft DirectX
CVE-2008-0010
	- linux-2.6 2.6.24-4
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-0009
	- linux-2.6 2.6.24-4
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-0008
	{DSA-1476-1}
	- pulseaudio 0.9.9-1
CVE-2008-0007
	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	- linux-2.6 2.6.24-4
CVE-2008-0006
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
	- libxfont 1:1.3.1-2
	[etch] - libxfont 1:1.2.2-2.etch1
CVE-2008-0005
	- apache2 2.2.8-1 (low)
	- apache <removed> (low)
	[etch] - apache <no-dsa> (browser issue; low impact)
	[sarge] - apache <no-dsa> (browser issue; low impact)
	[sarge] - apache2 <no-dsa> (browser issue; low impact)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2008-0004
	REJECTED
CVE-2008-0003
	NOT-FOR-US: OpenPegasus CIM management server
CVE-2008-0002
	- tomcat5.5 <not-affected> (Only Tomcat 6 is affected, according to upstream)
CVE-2008-0001
	{DSA-1479-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
CVE-2008-0061
	{DSA-1445-1}
	- maradns 1.2.12.08-1
	NOTE: http://marc.info/?l=maradns-list&m=118842373527534&w=2