[Secure-testing-commits] r6428 - data/CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Wed Aug 29 19:01:44 UTC 2007
Author: stef-guest
Date: 2007-08-29 19:01:44 +0000 (Wed, 29 Aug 2007)
New Revision: 6428
Modified:
data/CVE/list
Log:
new issues: tar, star, python2.[234]
wengophone fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-29 13:33:16 UTC (rev 6427)
+++ data/CVE/list 2007-08-29 19:01:44 UTC (rev 6428)
@@ -51,9 +51,11 @@
CVE-2007-4560 (clamav-milter in ClamAV before 0.91.2, when run in black hole mode, ...)
- clamav 0.91.2-1 (high)
CVE-2007-4559 (Directory traversal vulnerability in the (1) extract and (2) ...)
- TODO: check
+ - python2.3 <removed>
+ - python2.4 <unfixed> (bug #440097)
+ - python2.5 <unfixed> (bug filed)
CVE-2007-4558 (Directory traversal vulnerability in extract.c in star before 1.5a84 ...)
- TODO: check
+ - star <unfixed> (bug filed)
CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet in ...)
TODO: check
CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x before ...)
@@ -494,7 +496,7 @@
CVE-2007-4367 (Opera before 9.23 allows remote attackers to execute arbitrary code ...)
NOT-FOR-US: Opera
CVE-2007-4366 (WengoPhone 2.1 allows remote attackers to cause a denial of service ...)
- - wengophone <unfixed> (bug #438419)
+ - wengophone 2.1.1.dfsg0-3 (bug #438419)
CVE-2007-4365 (Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier ...)
NOT-FOR-US: eXV2 CMS
CVE-2007-4364 (Fedora Commons before 2.2.1 does not properly handle certain ...)
@@ -993,7 +995,7 @@
CVE-2007-4132
RESERVED
CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...)
- TODO: check
+ - tar <unfixed> (high; bug #439335)
CVE-2007-4130
RESERVED
CVE-2007-4129
More information about the Secure-testing-commits
mailing list