[Secure-testing-commits] r6422 - data/CVE doc
thijs at alioth.debian.org
thijs at alioth.debian.org
Tue Aug 28 21:45:55 UTC 2007
Author: thijs
Date: 2007-08-28 21:45:54 +0000 (Tue, 28 Aug 2007)
New Revision: 6422
Modified:
data/CVE/list
doc/how-to-DTSA
doc/narrative_introduction
Log:
cveify id3lib3.8.3 issue
asterisk issue low priority
link existing bug to nvidia driver issue
some nfu's
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-28 21:22:59 UTC (rev 6421)
+++ data/CVE/list 2007-08-28 21:45:54 UTC (rev 6422)
@@ -1,11 +1,11 @@
CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows ...)
TODO: check
CVE-2007-4579 (Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live ...)
- TODO: check
+ NOT-FOR-US: MSN
CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Sophos
CVE-2007-4576
RESERVED
TODO: check
@@ -127,7 +127,8 @@
CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 ...)
TODO: check
CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an ...)
- TODO: check
+ - asterisk <unfixed> (low)
+ NOTE: Patch: http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.html
CVE-2007-4520
RESERVED
TODO: check
@@ -183,7 +184,7 @@
CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American ...)
TODO: check
CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...)
- TODO: check
+ NOT-FOR-US: Grandstream SIP Phone
CVE-2007-4497
RESERVED
TODO: check
@@ -227,7 +228,7 @@
CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
TODO: check
CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...)
- TODO: check
+ NOT-FOR-US: Planet VC-200M VDSL2 router
CVE-2007-4476
RESERVED
TODO: check
@@ -279,7 +280,7 @@
- nufw 2.2.4-1 (bug #439227)
[etch] - nufw <not-affected>
CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) ...)
- - id3lib3.8.3 3.8.3-7 (bug #438540)
+ - id3lib3.8.3 3.8.3-7 (low; bug #438540)
CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP ...)
NOT-FOR-US: Cisco IP Phone
CVE-2007-4458 (PHP remote file inclusion vulnerability in ...)
@@ -480,8 +481,6 @@
CVE-2007-XXXX [pam usb wrongly allows authentication without password in ssh sessions]
- libpam-usb 0.4.1-1 (medium)
NOTE: see http://sourceforge.net/mailarchive/forum.php?thread_name=7D75703BC8E1C149BF78A1E79AAAB169B8A2E4%40svits28.main.ad.rit.edu&forum_name=pamusb-devel
-CVE-2007-XXXX [id3lib insecure tempfile creation]
- - id3lib3.8.3 3.8.3-7 (low; bug #438540)
CVE-2007-XXXX [lwat sometimes logs passwords in access.log]
- lwat 0.15-2 (low)
CVE-2007-4371 (Unrestricted file upload vulnerability in admin/pages/blog-add.php in ...)
@@ -2310,7 +2309,7 @@
CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote ...)
NOT-FOR-US: 3Com
CVE-2007-3532 (NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and ...)
- TODO: check
+ - nvidia-kernel-common <unfixed> (bug #434398)
CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...)
TODO: check
CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and ...)
Modified: doc/how-to-DTSA
===================================================================
--- doc/how-to-DTSA 2007-08-28 21:22:59 UTC (rev 6421)
+++ doc/how-to-DTSA 2007-08-28 21:45:54 UTC (rev 6422)
@@ -51,7 +51,7 @@
Some time after the buildd has received the signed .changes, it will
upload the packages to klecker to
/org/security.debian.org/queue/unembargoed/. "dak queue-report" gives
-an overview, what packges have arrived in the queue.
+an overview, what packages have arrived in the queue.
If a buildd has problems: A list with the admins is at [3].
Modified: doc/narrative_introduction
===================================================================
--- doc/narrative_introduction 2007-08-28 21:22:59 UTC (rev 6421)
+++ doc/narrative_introduction 2007-08-28 21:45:54 UTC (rev 6422)
@@ -109,7 +109,7 @@
Issues Not-For-Us (NFU)
-----------------------
-Processing your claimed entires is done by first seeing if the issue
+Processing your claimed entries is done by first seeing if the issue
is related to any software packaged in Debian, if it isn't a package
in Debian and has no ITP then you note that in the file, for example:
More information about the Secure-testing-commits
mailing list