[Secure-testing-commits] r6385 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Fri Aug 24 07:17:01 UTC 2007
Author: thijs
Date: 2007-08-24 07:17:01 +0000 (Fri, 24 Aug 2007)
New Revision: 6385
Modified:
data/CVE/list
Log:
phpmyadmin non-issue
po4a fixed in unstable
nufw fixed, stable not vulnerable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-23 22:36:54 UTC (rev 6384)
+++ data/CVE/list 2007-08-24 07:17:01 UTC (rev 6385)
@@ -5,9 +5,10 @@
CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted ...)
NOT-FOR-US: Total Commander
CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to ...)
- - po4a <unfixed> (bug #439226)
+ - po4a 0.31-1 (bug #439226)
CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote ...)
- - nufw <unfixed> (bug #439227)
+ - nufw 2.2.4-1 (bug #439227)
+ [etch] - nufw <not-affected>
CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) ...)
TODO: check
CVE-2007-4459 (The Cisco IP Phone 7940 with P0S3-08-6-00 firmware allows remote ...)
@@ -347,10 +348,10 @@
CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 ...)
NOT-FOR-US: Storesprite
CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- - phpmyadmin <unfixed>
+ - phpmyadmin (unimportant)
[sarge] - phpmyadmin <not-affected>
NOTE: It seems that this requires knowledge of a unguessable session token.
- NOTE: I'm contacting upstream to verify this, but it seems a non issue.
+ NOTE: Confirmed by upstream. Sarge is not affected at all.
CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail ...)
NOT-FOR-US: NetBSD and OpenBSD
CVE-2007-4304 (CerbNG for FreeBSD 4.8 does not properly implement VM protection when ...)
More information about the Secure-testing-commits
mailing list