[Secure-testing-commits] r5634 - data/CVE

Sun Apr 8 20:47:22 UTC 2007

Author: jmm-guest
Date: 2007-04-08 20:47:19 +0000 (Sun, 08 Apr 2007)
New Revision: 5634

Modified:
   data/CVE/list
Log:
sql-ledger documented as insecure
horde3 fixed
libwpd fixed
new kernel issue


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2007-04-06 11:11:29 UTC (rev 5633)
+++ data/CVE/list	2007-04-08 20:47:19 UTC (rev 5634)
@@ -685,9 +685,13 @@
 CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running ...)
 	NOT-FOR-US: Cisco
 CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only ...)
-	- sql-ledger <unfixed> (bug #409703)
+	- sql-ledger <unfixed> (unimportant, bug #409703)
+	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
+	NOTE: authenticated HTTP zone and without untrusted users
 CVE-2007-1540 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 and ...)
-	- sql-ledger <unfixed> (bug #409703)
+	- sql-ledger <unfixed> (unimportant, bug #409703)
+	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
+	NOTE: authenticated HTTP zone and without untrusted users
 CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX ...)
 	NOT-FOR-US: pragmaMX Landkarten
 CVE-2007-1538 (** DISPUTED ** ...)
@@ -843,9 +847,9 @@
 CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ...)
 	- php4 <unfixed> (low)
 CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in Horde ...)
-	- horde3 <unfixed> (medium)
+	- horde3 3.1.3-4 (medium)
 CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in ...)
-	- horde3 <unfixed> (medium)
+	- horde3 <unfixed> (low)
 CVE-2007-1472 (Variable overwrite vulnerability in groupit/base/groupit.start.inc in ...)
 	NOT-FOR-US: Groupit
 CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass ...)
@@ -860,6 +864,7 @@
 	NOT-FOR-US: Cisco Secure Access Control Server
 CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents ...)
 	- libwpd 0.8.9-1 (medium)
+	[etch] - libwpd 0.8.7-6
 CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 ...)
 	NOT-FOR-US: dproxy
 CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in ...)
@@ -943,9 +948,13 @@
 CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers to cause ...)
 	NOT-FOR-US: Avant Browser
 CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger ...)
-	- sql-ledger <unfixed> (bug #409703)
+	- sql-ledger <unfixed> (unimportant, bug #409703)
+	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
+	NOTE: authenticated HTTP zone and without untrusted users
 CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...)
-	- sql-ledger <unfixed> (bug #409703)
+	- sql-ledger <unfixed> (unimportant, bug #409703)
+	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
+	NOTE: authenticated HTTP zone and without untrusted users
 CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to ...)
 	NOT-FOR-US: D-Link TFTP Server
 CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly ...)
@@ -1111,8 +1120,9 @@
 	- libapache-mod-security <removed>
 CVE-2007-1358
 	RESERVED
-CVE-2007-1357
+CVE-2007-1357 [linux kernel appletalk remote DoS]
 	RESERVED
+	- linux-2.6 2.6.20-1
 CVE-2007-1356
 	RESERVED
 CVE-2007-1355
@@ -5355,6 +5365,7 @@
 	NOTE: openoffice.org changelog indicates libwpd is included but not used
 	- openoffice.org 2.0.4.dfsg.2-6
 	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
+	[etch] - libwpd 0.8.7-6
 CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl -w) in ...)
 	- linux-2.6 <unfixed>
 CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in ...)


