[Secure-testing-commits] r5644 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Apr 10 22:05:35 UTC 2007 

Author: jmm-guest
Date: 2007-04-10 22:05:32 +0000 (Tue, 10 Apr 2007)
New Revision: 5644

Modified:
   data/CVE/list
Log:
dovecot, yacas fixed
flyspry sarge not-affected
one linux-2.6 issue not-affected
mysql fixed in etch
sql-ledger only for local setups
no-dsa for geoip, xlockmore


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-04-10 21:14:09 UTC (rev 5643)
+++ data/CVE/list	2007-04-10 22:05:32 UTC (rev 5644)
@@ -6,7 +6,7 @@
 CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable]
 	- initramfs-tools 0.85g (low; bug #417995)
 CVE-2007-XXXX [dovecot zlib plugin directory traversal]
-	- dovecot <unfixed>
+	- dovecot 1.0.rc29-1
 	[sarge] - dovecot <not-affected> (Vulnerable code not present)
 CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...)
 	- ldap-account-manager <unfixed> (medium)
@@ -117,6 +117,7 @@
 	- flyspray <not-affected> (Code was introduced in 0.9.9, not sensitive anyway)
 CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or &quot;set to a low ...)
 	- flyspray 0.9.8-10 (medium)
+	[sarge] - flyspray <not-affected> (Vulnerable code not present)
 CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in ...)
 	NOT-FOR-US: Time-Assistant
 CVE-2007-1786 (SQL injection vulnerability in Hitachi Collaboration - Online ...)
@@ -992,6 +993,7 @@
 	NOT-FOR-US: SubDog
 CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of ...)
 	- mysql-dfsg-5.0 5.0.32-8 (bug #414790)
+	[etch] - mysql-dfsg-5.0 5.0.32-7etch1
 CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation ...)
 	NOT-FOR-US: JMX RMI-IIOP
 CVE-2007-1418 (Cross-site scripting (XSS) vulnerability in ...)
@@ -1187,7 +1189,9 @@
 CVE-2007-1330 (Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) ...)
 	NOT-FOR-US: Comodo Firewall Pro
 CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...)
-	- sql-ledger <unfixed> (bug #409703)
+	- sql-ledger <unfixed> (unimportant; bug #409703)
+	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
+	NOTE: authenticated HTTP zone and without untrusted users
 CVE-2007-1328 (Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard ...)
 	NOT-FOR-US: JOLY BJ Webring
 CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in ...)
@@ -4301,7 +4305,7 @@
 	- udev 0.105-2 (bug #404927)
 	[sarge] - udev <not-affected> (Doesn't affect Sarge)
 CVE-2007-XXXX [yacas insecure rpath]
-	- yacas <unfixed> (bug #399226; bug #399227; low)
+	- yacas 1.0.57-3 (bug #399226; bug #399227; low)
 CVE-2007-XXXX [TXT record parsing overflow with special characters]
 	- pdns <unfixed> (bug #406465)
 CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows ...)
@@ -4428,7 +4432,8 @@
 	NOTE: fake LiveJournal server. All version of Debian centericq packages have a
 	NOTE: compromised code.
 CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...)
-	- geoip 1.3.17-1.1 (bug #406628; medium)
+	- geoip 1.3.17-1.1 (bug #406628; low)
+	[sarge] - geoip <no-dsa> (Minor issue)
 CVE-2007-0158
 	RESERVED
 CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for ...)
@@ -6761,8 +6766,7 @@
 	- linux-2.6 <unfixed> (unimportant)
 	NOTE: Mounting filesystem partitions should be limited to root
 CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on ...)
-	- linux-2.6 <unfixed> (unimportant)
-	NOTE: Mounting filesystem partitions should be limited to root
+	- linux-2.6 <not-affected> (Debian kernels up to 2.6.18 didn't include GFS)
 CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when ...)
 	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
 	NOTE: Mounting filesystem partitions should be limited to root
@@ -20947,6 +20951,7 @@
 CVE-2006-0061 [xlock segfaults when using libpam-opensc]
 	RESERVED
 	- xlockmore 1:5.22-1.2 (bug #318123; bug #399003; low)
+	[sarge] - xlockmore <no-dsa> (Minor issue)
 CVE-2006-0060
 	RESERVED
 CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over TCP (RFC ...)

More information about the Secure-testing-commits mailing list