[Secure-testing-commits] r6251 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Mon Aug 6 19:19:43 UTC 2007
Author: jmm-guest
Date: 2007-08-06 19:19:42 +0000 (Mon, 06 Aug 2007)
New Revision: 6251
Modified:
data/CVE/list
Log:
cupsys not-affected
another iceweasel fix
gdm no-dsa
xine-ui fixed in etch
NFUs
php5 not affectd
wordpress yet again
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-06 19:17:45 UTC (rev 6250)
+++ data/CVE/list 2007-08-06 19:19:42 UTC (rev 6251)
@@ -153,7 +153,7 @@
CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery ...)
NOT-FOR-US: Pony Gallery
CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote attackers ...)
- TODO: check
+ - cupsys <not-affected> (SuSE-specific regression)
CVE-2007-4044 (Incomplete blacklist vulnerability in the MS-RPC functionality in smbd ...)
NOTE: I've contacted SuSE: It's a functional regression in SuSE, not a security problem
CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...)
@@ -168,7 +168,7 @@
CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain URIs ...)
TODO: check
CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, ...)
- TODO: check
+ - iceweasel 2.0.0.5-1
CVE-2007-4037 (** DISPUTED ** Guidance Software EnCase allows user-assisted remote ...)
NOT-FOR-US: Guidance Software
CVE-2007-4036 (** DISPUTED ** Guidance Software EnCase allows user-assisted remote ...)
@@ -204,7 +204,7 @@
CVE-2007-4021 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
NOT-FOR-US: Brain Book Software Secure
CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
- TODO: check
+ NOT-FOR-US: AdMan
CVE-2007-4019
RESERVED
CVE-2007-5645
@@ -227,7 +227,7 @@
CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 ...)
NOT-FOR-US: Cisco
CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode and ...)
- TODO: check
+ - php5 <not-affected> (Windows-specific issue)
CVE-2007-4009 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: SWSoft Confixx
CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment Media ...)
@@ -235,7 +235,7 @@
CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article ...)
NOT-FOR-US: Article Directory
CVE-2007-4006 (Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has ...)
- TODO: check
+ NOT-FOR-US: Mike Dubman Windows RSH daemon
CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) ...)
NOT-FOR-US: Mike Dubman Windows RSH daemon
CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows ...)
@@ -839,7 +839,7 @@
CVE-2007-3731
RESERVED
CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services 5.6 for ...)
- TODO: check
+ NOT-FOR-US: HP OpenVMS
CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services 5.6 for ...)
NOT-FOR-US: HP OpenVMS
CVE-2007-3728 (Buffer overflow in lib/silcclient/client_notify.c of SILC Client and ...)
@@ -857,7 +857,7 @@
CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does not make ...)
NOT-FOR-US: Microsoft Windows XP
CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make use of ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs scheduling ...)
TODO: check
CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives preference to ...)
@@ -1033,7 +1033,7 @@
CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...)
NOT-FOR-US: Adobe Apollo
CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect visitors to ...)
- TODO: check
+ - wordpress 2.2.2-1
CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...)
NOT-FOR-US: Yahoo! Messenger
CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers ...)
@@ -1645,7 +1645,9 @@
RESERVED
CVE-2007-3381 [gdm DoS]
RESERVED
- - gdm 2.18.4-1
+ - gdm 2.18.4-1 (low)
+ [sarge] - gdm <no-dsa> (Minor issue)
+ [etch] - gdm <no-dsa> (Minor issue)
CVE-2007-3380 (The Distributed Lock Manager (DLM) in the cluster manager for Linux ...)
TODO: check
CVE-2007-3379
@@ -9455,7 +9457,8 @@
NOTE: I've been looking into this, but I can't find a copy of the VLC code anywhere
NOTE: This appears to be a generic crash
CVE-2007-0254 (Format string vulnerability in the errors_create_window function in ...)
- - xine-ui 0.99.4+dfsg+cvs20061111-2 (low; bug #407369)
+ - xine-ui 0.99.4+dfsg+cvs20061111-1 (low; bug #407369)
+ NOTE: If've verified the Etch version to contain the necessary format strings
CVE-2007-0253 (** DISPUTED ** ...)
- kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350)
NOTE: See CVE-2007-0257
More information about the Secure-testing-commits
mailing list