[Secure-testing-commits] r5070 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Dec 5 19:58:14 CET 2006 

Author: jmm-guest
Date: 2006-12-05 19:58:12 +0100 (Tue, 05 Dec 2006)
New Revision: 5070

Modified:
   data/CVE/list
Log:
serendipity unimportant
no-dsas and issues not affecting sarge
mozilla cleanup for sarge


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-12-05 16:42:02 UTC (rev 5069)
+++ data/CVE/list	2006-12-05 18:58:12 UTC (rev 5070)
@@ -72,7 +72,8 @@
 CVE-2006-6243 (Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow ...)
 	TODO: check
 CVE-2006-6242 (Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and ...)
-	- serendipity <unfixed> (medium; bug #401614)
+	- serendipity 1.0.4-1 (unimportant; bug #401614)
+	NOTE: Only exploitable with register_globals
 CVE-2006-6241 (Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to ...)
 	TODO: check
 CVE-2006-6240 (Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 ...)
@@ -317,6 +318,7 @@
 	NOTE: PMASA-2006-7, PMASA-2006-8, PMASA-2006-9
 CVE-2006-XXXX [smb4k security issue]
 	- smb4k 0.7.5-1
+	[sarge] - smb4k <not-affected> (Vulnerable code not present)
 CVE-2006-XXXX [arbitrary code execution in metaInfo.php in torrentflux]
 	- torrentflux <unfixed> (bug #400582; medium)
 CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows ...)
@@ -1023,7 +1025,8 @@
 	- openssh 1:4.3p2-6 (unimportant)
 	NOTE: Not a direct vulnerability
 CVE-2006-5793 (The sPLT chunk handling code (png_set_sPLT function in pngset.c) in ...)
-	- libpng 1.2.13-0 (medium; bug #398706)
+	- libpng 1.2.13-0 (low; bug #398706)
+	[sarge] - libpng <no-dsa> (Minor issue)
 CVE-2006-XXXX [obexpushd arbitrary command execution]
 	- obexpushd 0.4+svn10-1 (bug #397297; medium)
 CVE-2006-XXXX [motion insecure tempfile creation]
@@ -1123,8 +1126,6 @@
 	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.8-1 (high)
-	- mozilla-firefox <removed> (high)
-	- mozilla-thunderbird <removed> (medium)
 CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
 	NOTE: MFSA-2006-65
 	- firefox <unfixed> (high)
@@ -1737,8 +1738,6 @@
 	- icedove 1.5.0.8-1 (low)
 	- mozilla <unfixed> (low)
 	- xulrunner 1.8.0.8-1 (low)
-	- mozilla-firefox <removed> (low)
-	- mozilla-thunderbird <removed> (low)
 CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
 	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
 	NOTE: MFSA-2006-67
@@ -1746,8 +1745,6 @@
 	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.8-1 (high)
-	- mozilla-firefox <removed> (high)
-	- mozilla-thunderbird <removed> (medium)
 CVE-2006-5462 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...)
 	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
 	NOTE: MFSA-2006-66
@@ -1757,7 +1754,6 @@
 	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (high)
 	- xulrunner 1.8.0.8-1 (high)
-	- mozilla-thunderbird <removed> (medium)
 CVE-2006-5461 (Avahi before 0.6.15 does not verify the sender identity of netlink ...)
 	- avahi 0.6.15-1 (low)
 CVE-2006-XXXX [diffmon information leakage]

More information about the Secure-testing-commits mailing list