[Secure-testing-commits] r6251 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Mon Aug 6 19:19:43 UTC 2007 

Author: jmm-guest
Date: 2007-08-06 19:19:42 +0000 (Mon, 06 Aug 2007)
New Revision: 6251

Modified:
   data/CVE/list
Log:
cupsys not-affected
another iceweasel fix
gdm no-dsa
xine-ui fixed in etch
NFUs
php5 not affectd
wordpress yet again


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-08-06 19:17:45 UTC (rev 6250)
+++ data/CVE/list	2007-08-06 19:19:42 UTC (rev 6251)
@@ -153,7 +153,7 @@
 CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery ...)
 	NOT-FOR-US: Pony Gallery
 CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote attackers ...)
-	TODO: check
+	- cupsys <not-affected> (SuSE-specific regression)
 CVE-2007-4044 (Incomplete blacklist vulnerability in the MS-RPC functionality in smbd ...)
 	NOTE: I've contacted SuSE: It's a functional regression in SuSE, not a security problem
 CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...)
@@ -168,7 +168,7 @@
 CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain URIs ...)
 	TODO: check
 CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, ...)
-	TODO: check
+	- iceweasel 2.0.0.5-1
 CVE-2007-4037 (** DISPUTED ** Guidance Software EnCase allows user-assisted remote ...)
 	NOT-FOR-US: Guidance Software
 CVE-2007-4036 (** DISPUTED ** Guidance Software EnCase allows user-assisted remote ...)
@@ -204,7 +204,7 @@
 CVE-2007-4021 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
 	NOT-FOR-US: Brain Book Software Secure
 CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
-	TODO: check
+	NOT-FOR-US: AdMan
 CVE-2007-4019
 	RESERVED
 CVE-2007-5645
@@ -227,7 +227,7 @@
 CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 ...)
 	NOT-FOR-US: Cisco
 CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode and ...)
-	TODO: check
+	- php5 <not-affected> (Windows-specific issue)
 CVE-2007-4009 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: SWSoft Confixx
 CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment Media ...)
@@ -235,7 +235,7 @@
 CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article ...)
 	NOT-FOR-US: Article Directory
 CVE-2007-4006 (Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has ...)
-	TODO: check
+	NOT-FOR-US: Mike Dubman Windows RSH daemon
 CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) ...)
 	NOT-FOR-US: Mike Dubman Windows RSH daemon
 CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows ...)
@@ -839,7 +839,7 @@
 CVE-2007-3731
 	RESERVED
 CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services 5.6 for ...)
-	TODO: check
+	NOT-FOR-US: HP OpenVMS
 CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services 5.6 for ...)
 	NOT-FOR-US: HP OpenVMS
 CVE-2007-3728 (Buffer overflow in lib/silcclient/client_notify.c of SILC Client and ...)
@@ -857,7 +857,7 @@
 CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does not make ...)
 	NOT-FOR-US: Microsoft Windows XP
 CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make use of ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs scheduling ...)
 	TODO: check
 CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives preference to ...)
@@ -1033,7 +1033,7 @@
 CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...)
 	NOT-FOR-US: Adobe Apollo
 CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect visitors to ...)
-	TODO: check
+	- wordpress 2.2.2-1
 CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...)
 	NOT-FOR-US: Yahoo! Messenger
 CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers ...)
@@ -1645,7 +1645,9 @@
 	RESERVED
 CVE-2007-3381 [gdm DoS]
 	RESERVED
-	- gdm 2.18.4-1
+	- gdm 2.18.4-1 (low)
+	[sarge] - gdm <no-dsa> (Minor issue)
+	[etch] - gdm <no-dsa> (Minor issue)
 CVE-2007-3380 (The Distributed Lock Manager (DLM) in the cluster manager for Linux ...)
 	TODO: check
 CVE-2007-3379
@@ -9455,7 +9457,8 @@
 	NOTE: I've been looking into this, but I can't find a copy of the VLC code anywhere
 	NOTE: This appears to be a generic crash
 CVE-2007-0254 (Format string vulnerability in the errors_create_window function in ...)
-	- xine-ui 0.99.4+dfsg+cvs20061111-2 (low; bug #407369)
+	- xine-ui 0.99.4+dfsg+cvs20061111-1 (low; bug #407369)
+	NOTE: If've verified the Etch version to contain the necessary format strings
 CVE-2007-0253 (** DISPUTED ** ...)
 	- kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350)
 	NOTE: See CVE-2007-0257

More information about the Secure-testing-commits mailing list