[Secure-testing-commits] r5621 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Apr 4 20:13:01 UTC 2007 

Author: jmm-guest
Date: 2007-04-04 20:12:59 +0000 (Wed, 04 Apr 2007)
New Revision: 5621

Modified:
   data/CVE/list
Log:
new (harmless) dovecot issue
serendipity non-issue
new x.org local root exploit
one firefox issue doesn't affect sarge


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-04-04 09:14:13 UTC (rev 5620)
+++ data/CVE/list	2007-04-04 20:12:59 UTC (rev 5621)
@@ -1,3 +1,6 @@
+CVE-2007-XXXX [dovecot zlib plugin directory traversal]
+	- dovecot <unfixed>
+	[sarge] - dovecot <not-affected> (Vulnerable code not present)
 CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...)
 	TODO: check
 CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and ...)
@@ -1104,10 +1107,10 @@
 	RESERVED
 CVE-2007-1352
 	RESERVED
-	- libxfont 1:1.2.2-2
+	- libxfont 1:1.2.2-2 (medium)
 CVE-2007-1351
 	RESERVED
-	- libxfont 1:1.2.2-2
+	- libxfont 1:1.2.2-2 (medium)
 CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 ...)
 	NOT-FOR-US: Novell NetMail
 CVE-2007-1349 (PerlRun.pm in Apache mod_perl 1.30 and earlier, and RegistryCooker.pm ...)
@@ -1158,7 +1161,8 @@
 CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in ...)
 	NOT-FOR-US: silc daemon
 CVE-2007-1326 (SQL injection vulnerability in index.php in Serendipity 1.1.1 allows ...)
-	- serendipity <unfixed>
+	- serendipity <unfixed> (unimportant)
+	NOTE: http://blog.s9y.org/archives/164-Serendipity-1.1.2-released.html
 CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in ...)
 	- phpmyadmin <unfixed>
 CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the ...)
@@ -1519,7 +1523,7 @@
 CVE-2007-1216
 	RESERVED
 	{DSA-1276-1}
-	- krb5 1.4.4-8
+	- krb5 1.4.4-8 (high)
 CVE-2007-1215
 	RESERVED
 CVE-2007-1214
@@ -2183,8 +2187,9 @@
 	- iceape <unfixed> (low)
 	- xulrunner <unfixed> (low)
 	NOTE: maintainer notes that this may affect browsers based on xulrunner
-CVE-2007-1003
+CVE-2007-1003 [X.org resource management memory corruption]
 	RESERVED
+	- xorg-server 2:1.1.1-21 (medium)
 CVE-2007-1002 (Format string vulnerability in the write_html function in ...)
 	TODO: check
 CVE-2007-1001
@@ -2294,11 +2299,11 @@
 CVE-2007-0957
 	RESERVED
 	{DSA-1276-1}
-	- krb5 1.4.4-8
+	- krb5 1.4.4-8 (high)
 CVE-2007-0956
 	RESERVED
 	{DSA-1276-1}
-	- krb5 1.4.4-8
+	- krb5 1.4.4-8 (high)
 CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable ...)
 	NOT-FOR-US: Mail Enable Professional
 CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of ...)
@@ -2849,9 +2854,9 @@
 	- iceape 1.0.8-1 (high)
 	- icedove 1.5.0.10.dfsg1-1 (low)
 	- xulrunner 1.8.0.10-1 (high)
-	[sarge] - mozilla-firefox <unfixed> (high)
-	[sarge] - mozilla-thunderbird <unfixed> (low)
-	[sarge] - mozilla <unfixed> (high)
+	[sarge] - mozilla-firefox <not-affected> (Only affected Firefox 2.0 et al)
+	[sarge] - mozilla-thunderbird <not-affected> (Only affected Firefox 2.0 et al)
+	[sarge] - mozilla <not-affected> (Only affected Firefox 2.0 et al)
 CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox ...)
 	NOTE: MFSA-2007-01
 	- iceweasel 2.0.0.2+dfsg-1 (high)

More information about the Secure-testing-commits mailing list