[Secure-testing-commits] r6404 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sun Aug 26 08:05:55 UTC 2007 

Author: jmm-guest
Date: 2007-08-26 08:05:54 +0000 (Sun, 26 Aug 2007)
New Revision: 6404

Modified:
   data/CVE/list
Log:
mark asterisk dupe


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-08-24 19:22:07 UTC (rev 6403)
+++ data/CVE/list	2007-08-26 08:05:54 UTC (rev 6404)
@@ -50,7 +50,7 @@
 CVE-2007-4442 (Stack-based buffer overflow in the logging function in the Unreal ...)
 	TODO: check
 CVE-2007-4441 (Buffer overflow in php_win32std.dll in the win32std extension for PHP ...)
-	NOT-FOR-US: PHP
+	- php5 <not-affected> (Windows-specific)
 CVE-2007-4440 (Stack-based buffer overflow in the SMTP server in Mercury Mail ...)
 	TODO: check
 CVE-2007-4439 (PHP remote file inclusion vulnerability in popup_window.php in ...)
@@ -60,7 +60,7 @@
 CVE-2007-4437 (SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 ...)
 	TODO: check
 CVE-2007-4436 (The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and ...)
-	- drupal <not-affected> (bug #439379)
+	- drupal <not-affected> (External addon, see bug #439379)
 CVE-2007-4435 (Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 ...)
 	TODO: check
 CVE-2007-4434 (Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the ...)
@@ -4986,7 +4986,8 @@
 CVE-2007-2298 (Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 ...)
 	NOT-FOR-US: Garennes
 CVE-2007-2297 (The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x ...)
-	- asterisk 1:1.4.3~dfsg-1 (high; bug #420864)
+        - asterisk 1:1.4.2~dfsg-1 (medium; bug #419820)
+        [sarge] - asterisk <not-affected> (correctly logs a warning)
 CVE-2007-2296 (Integer overflow in the FlipFileTypeAtom_BtoN function in Apple ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2007-2295 (Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple ...)
@@ -6820,11 +6821,7 @@
 	- asterisk 1:1.4.2~dfsg-5 (bug #415466; medium)
 	NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
 CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 ...)
-	- asterisk 1:1.4.2~dfsg-1 (medium; bug #419820)
-	[sarge] - asterisk <not-affected> (correctly logs a warning)
-	NOTE: Etch affected
-	NOTE: http://ftp.digium.com/pub/asa/ASA-2007-011.html
-	NOTE: http://bugs.digium.com/view.php?id=9313
+	NOTE: Duplicate of CVE-2007-2297
 CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php in ...)
 	NOT-FOR-US: CcMail
 CVE-2007-1515 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 ...)

More information about the Secure-testing-commits mailing list