[Secure-testing-commits] r6219 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Fri Aug 3 15:04:22 UTC 2007 

Author: jmm-guest
Date: 2007-08-03 15:04:21 +0000 (Fri, 03 Aug 2007)
New Revision: 6219

Modified:
   data/CVE/list
Log:
CVE-2007-4049 is a dupe
clamav sarge not-affected
xpdf updates are being prepared



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-08-02 21:47:47 UTC (rev 6218)
+++ data/CVE/list	2007-08-03 15:04:21 UTC (rev 6219)
@@ -143,8 +143,7 @@
 CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta ...)
 	NOT-FOR-US: ADempiere Bazaar
 CVE-2007-4049 (Cross-site scripting (XSS) vulnerability in the printenv.pl test CGI ...)
-	- apache <unfixed> (unimportant)
-	NOTE: only an example script /usr/share/doc/apache-common/examples/
+	NOTE: Rediscovery / dupe of CVE-2000-1205
 CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...)
 	TODO: check
 CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) ...)
@@ -851,6 +850,7 @@
 CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows ...)
 	{DSA-1340-1 DTSA-43-1}
 	- clamav 0.91-1
+	[sarge] - clamav <not-affected> (Vulnerable code was introduced in 0.9x)
 CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does not make ...)
 	TODO: check
 CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make use of ...)
@@ -1616,10 +1616,12 @@
 	- xpdf <unfixed> (bug #435462)
 	- kdegraphics 4:3.5.7-3
 	- koffice <unfixed>
-	TODO: check pdftohtml/sarge (current poppler source package has a ported version, replaced in Etch)
-	TODO: check tetex-bin/sarge (links to poppler since 3.0-12)
+	- pdftohtml <removed>
+	- tetex-bin 3.0-12
+	NOTE: links to poppler since 3.0-12, thus marking as fixed
+	- pdfkit.framework 0.8-4
+	NOTE: links to poppler since 0.8-4, thus marking as fixed
 	TODO: check libextractor/sarge (uses internal pdf decoder since 0.5.12-1)
-	TODO: check pdfkit.framework/sarge (links to poppler since 0.8-4)
 	TODO: check ipe (only small parts, but with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp)
 CVE-2007-3386
 	RESERVED
@@ -57299,7 +57301,8 @@
 CVE-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for mass ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 ...)
-	NOT-FOR-US: Data pre-dating the Security Tracker
+	- apache 1.3.11 (unimportant)
+	NOTE: only an example script /usr/share/doc/apache-common/examples/
 CVE-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for Apache ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable ...)

More information about the Secure-testing-commits mailing list