[Secure-testing-commits] r4700 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Sep 7 22:13:24 UTC 2006 

Author: jmm-guest
Date: 2006-09-07 22:13:16 +0000 (Thu, 07 Sep 2006)
New Revision: 4700

Modified:
   data/CVE/list
Log:
one more php non-issue
xfree86 issue shares the CVE ID with freetype (it's the
  same vulnerability)
adjust severity of old wine issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-09-07 21:44:02 UTC (rev 4699)
+++ data/CVE/list	2006-09-07 22:13:16 UTC (rev 4700)
@@ -985,9 +985,6 @@
 	NOT-FOR-US: phpCC
 CVE-2006-4072 (Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 ...)
 	NOT-FOR-US: Club-Nuke [XP]
-CVE-2006-XXXX [X PCF Integer Overflow Vulnerability]
-	- libxfont 1:1.2.0-2 (medium; bug #383353)
-	[sarge] - xfree86 <unfixed> (medium)
 CVE-2006-4144 (Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick ...)
 	- imagemagick <unfixed> (medium; bug #383314)
 	- graphicsmagick 1.1.7-7 (medium; bug #383333)
@@ -2378,6 +2375,8 @@
 	- linux-2.6.16 2.6.16-18
 CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers to ...)
 	- freetype 2.2.1-1 (bug #379920; medium)
+	- libxfont 1:1.2.0-2 (medium; bug #383353)
+	[sarge] - xfree86 <unfixed> (medium)
 CVE-2006-3466
 	REJECTED
 CVE-2006-3465 (Unspecified vulnerability in the custom tag support for the TIFF ...)
@@ -8388,11 +8387,11 @@
 CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in ...)
 	NOT-FOR-US: zip.lib.php
 CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2 allows ...)
-	- php5 <unfixed> (bug #368545; low)
-	[sarge] - php4 <unfixed> (bug #368545; low)
-	[woody] - php4 <unfixed> (bug #368545; low)
+	- php5 <unfixed> (bug #368545; unimportant)
+	- php4 <unfixed> (bug #368545; unimportant)
 	NOTE: is this really a vulnerability in pear?  it seems it should be a bug
 	NOTE: in any application not checking for such archives.
+	NOTE: Lack of a security feature is not a vulnerability
 CVE-2006-0930 (Directory traversal vulnerability in Webmail in ArGoSoft Mail Server ...)
 	NOT-FOR-US: ArgoSoft Mail Server
 CVE-2006-0929 (Directory traversal vulnerability in the IMAP server in ArGoSoft Mail ...)
@@ -15560,7 +15559,7 @@
 	- zope2.7 2.7.8-1 (bug #313644; bug #313621; low)
 	[sarge] - zope2.7 <no-dsa> (Inside the responsibility of the admin)
 CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
-	- wine 0.0.20050830-1 (bug #327261; bug #327262; high)
+	- wine 0.0.20050830-1 (bug #327261; bug #327262; low)
 CVE-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...)
 	{DSA-824-1 DTSA-19-1}
 	- clamav 0.87-1 (bug #328660; bug #329280; medium)

More information about the Secure-testing-commits mailing list