[Secure-testing-commits] r6422 - data/CVE doc

thijs at alioth.debian.org thijs at alioth.debian.org
Tue Aug 28 21:45:55 UTC 2007 

Author: thijs
Date: 2007-08-28 21:45:54 +0000 (Tue, 28 Aug 2007)
New Revision: 6422

Modified:
   data/CVE/list
   doc/how-to-DTSA
   doc/narrative_introduction
Log:
cveify id3lib3.8.3 issue
asterisk issue low priority
link existing bug to nvidia driver issue
some nfu's


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-08-28 21:22:59 UTC (rev 6421)
+++ data/CVE/list	2007-08-28 21:45:54 UTC (rev 6422)
@@ -1,11 +1,11 @@
 CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows ...)
 	TODO: check
 CVE-2007-4579 (Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live ...)
-	TODO: check
+	NOT-FOR-US: MSN
 CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Sophos
 CVE-2007-4576
 	RESERVED
 	TODO: check
@@ -127,7 +127,8 @@
 CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 ...)
 	TODO: check
 CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an ...)
-	TODO: check
+	- asterisk <unfixed> (low)
+	NOTE: Patch: http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.html
 CVE-2007-4520
 	RESERVED
 	TODO: check
@@ -183,7 +184,7 @@
 CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American ...)
 	TODO: check
 CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...)
-	TODO: check
+	NOT-FOR-US: Grandstream SIP Phone
 CVE-2007-4497
 	RESERVED
 	TODO: check
@@ -227,7 +228,7 @@
 CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
 	TODO: check
 CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...)
-	TODO: check
+	NOT-FOR-US: Planet VC-200M VDSL2 router
 CVE-2007-4476
 	RESERVED
 	TODO: check
@@ -279,7 +280,7 @@
 	- nufw 2.2.4-1 (bug #439227)
 	[etch] - nufw <not-affected>
 CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) ...)
-	- id3lib3.8.3 3.8.3-7 (bug #438540)
+	- id3lib3.8.3 3.8.3-7 (low; bug #438540)
 CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP ...)
 	NOT-FOR-US: Cisco IP Phone
 CVE-2007-4458 (PHP remote file inclusion vulnerability in ...)
@@ -480,8 +481,6 @@
 CVE-2007-XXXX [pam usb wrongly allows authentication without password in ssh sessions]
 	- libpam-usb 0.4.1-1 (medium)
 	NOTE: see http://sourceforge.net/mailarchive/forum.php?thread_name=7D75703BC8E1C149BF78A1E79AAAB169B8A2E4%40svits28.main.ad.rit.edu&forum_name=pamusb-devel
-CVE-2007-XXXX [id3lib insecure tempfile creation]
-	- id3lib3.8.3 3.8.3-7 (low; bug #438540)
 CVE-2007-XXXX [lwat sometimes logs passwords in access.log]
 	- lwat 0.15-2 (low)
 CVE-2007-4371 (Unrestricted file upload vulnerability in admin/pages/blog-add.php in ...)
@@ -2310,7 +2309,7 @@
 CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote ...)
 	NOT-FOR-US: 3Com
 CVE-2007-3532 (NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and ...)
-	TODO: check
+	- nvidia-kernel-common <unfixed> (bug #434398)
 CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...)
 	TODO: check
 CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and ...)

Modified: doc/how-to-DTSA
===================================================================
--- doc/how-to-DTSA	2007-08-28 21:22:59 UTC (rev 6421)
+++ doc/how-to-DTSA	2007-08-28 21:45:54 UTC (rev 6422)
@@ -51,7 +51,7 @@
 Some time after the buildd has received the signed .changes, it will
 upload the packages to klecker to
 /org/security.debian.org/queue/unembargoed/. "dak queue-report" gives
-an overview, what packges have arrived in the queue.
+an overview, what packages have arrived in the queue.
 
 If a buildd has problems: A list with the admins is at [3].
 

Modified: doc/narrative_introduction
===================================================================
--- doc/narrative_introduction	2007-08-28 21:22:59 UTC (rev 6421)
+++ doc/narrative_introduction	2007-08-28 21:45:54 UTC (rev 6422)
@@ -109,7 +109,7 @@
 
 Issues Not-For-Us (NFU)
 -----------------------
-Processing your claimed entires is done by first seeing if the issue
+Processing your claimed entries is done by first seeing if the issue
 is related to any software packaged in Debian, if it isn't a package
 in Debian and has no ITP then you note that in the file, for example:

More information about the Secure-testing-commits mailing list