[Secure-testing-commits] r5622 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Apr 4 20:16:15 UTC 2007 

Author: jmm-guest
Date: 2007-04-04 20:16:12 +0000 (Wed, 04 Apr 2007)
New Revision: 5622

Modified:
   data/CVE/list
   data/DSA/list
Log:
kdelibs non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-04-04 20:12:59 UTC (rev 5621)
+++ data/CVE/list	2007-04-04 20:16:12 UTC (rev 5622)
@@ -685,7 +685,6 @@
 CVE-2007-1536 (Integer underflow in the file_printf function in the "file" program ...)
 	{DSA-1274-1}
 	- file 4.20-1 (bug #415362; high)
-	[etch] - file 4.17-5etch1 (high)
 	NOTE: Has got lots of reverse dependencies.
 	NOTE: Some of them process remotely supplied untrusted input.
 CVE-2007-1535 (Microsoft Windows Vista establishes a Teredo address without user ...)
@@ -1198,8 +1197,8 @@
 CVE-2007-1309 (Novell Access Management 3 SSLVPN Server allows remote authenticated ...)
 	NOT-FOR-US: Novell Access Management
 CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE ...)
-	- kdelibs <unfixed> (low)
-	NOTE: this is a straight crash, I'm not sure it should even be considered "low"
+	- kdelibs <unfixed> (unimportant)
+	NOTE: Browser crashes not treated as security problems
 CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before ...)
 	NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN
 CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2007-04-04 20:12:59 UTC (rev 5621)
+++ data/DSA/list	2007-04-04 20:16:12 UTC (rev 5622)
@@ -8,6 +8,7 @@
 [02 Apr 2007] DSA-1274-1 file - buffer overflow
 	{CVE-2007-1536}
 	[sarge] - file 4.12-1sarge1
+	[etch] - file 4.17-5etch1
 [27 Mar 2007] DSA-1273-1 nas - several vulnerabilities
         {CVE-2007-1543 CVE-2007-1544 CVE-2007-1545 CVE-2007-1546 CVE-2007-1547}
         [sarge] - nas 1.7-2sarge1

More information about the Secure-testing-commits mailing list