[Secure-testing-commits] r7472 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Sun Dec 2 18:43:07 UTC 2007
Author: jmm-guest
Date: 2007-12-02 18:43:06 +0000 (Sun, 02 Dec 2007)
New Revision: 7472
Modified:
data/CVE/list
Log:
resolve older jffnms issue, incorrect CVE allocation
ekiga no-dsa
rewrite PHP non-issue
wordpress not unimportant, e.g. could be used as a stepstone
in an adjacent vulnerability
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-12-02 17:57:49 UTC (rev 7471)
+++ data/CVE/list 2007-12-02 18:43:06 UTC (rev 7472)
@@ -310,9 +310,9 @@
CVE-2007-6040 (The Belkin F5D7230-4 Wireless G Router allows remote attackers to ...)
NOT-FOR-US: Belkin F5D7230-4 Wireless G Router
CVE-2007-6039 (PHP 5.2.5 and earlier allows context-dependent attackers to cause a ...)
- - php5 <unfixed> (bug #453295)
- [etch] - php5 <no-dsa> (requires negligent/malicious local user)
- [etch] - php4 <not-affected> (detects memory exhaustion and quits)
+ - php5 <unfixed> (unimportant; bug #453295)
+ NOTE: Not a vulnerability per Debian PHP security policy, requires malicious
+ NOTE: script to trigger this issue
CVE-2007-6077 (The session fixation protection mechanism in cgi_process.rb in Rails ...)
- rails 1.2.6-1 (low; bug #452748)
CVE-2007-6111 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) ...)
@@ -410,7 +410,7 @@
CVE-2007-6014
RESERVED
CVE-2007-6013 (Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash ...)
- - wordpress <unfixed> (unimportant; bug #452251)
+ - wordpress <unfixed> (low; bug #452251)
NOTE: if untrusted people are allowed to read the database they could still
NOTE: crack the hash with more work, so maybe this is unimportant?
CVE-2007-6012 (SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 allows ...)
@@ -3859,6 +3859,7 @@
NOT-FOR-US: eWire Payment Client
CVE-2007-4924 (The Open Phone Abstraction Library (opal), as used by (1) Ekiga before ...)
- ekiga 2.0.11-1 (low)
+ [etch] - ekiga <no-dsa> (Minor issue)
CVE-2007-4923 (PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in ...)
NOT-FOR-US: Joomla extension
CVE-2007-4922 (SQL injection vulnerability in play.php in the jeuxflash 1.0 module ...)
@@ -3914,6 +3915,7 @@
NOT-FOR-US: Xwiki
CVE-2007-4897 (pwlib, as used by Ekiga 2.0.5 and possibly other products, allows ...)
- ekiga 2.0.9-1 (low)
+ [etch] - ekiga <no-dsa> (Minor issue)
CVE-2007-4896 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Toms Gaestebuch
CVE-2007-4895 (Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 ...)
@@ -7939,10 +7941,8 @@
- php5 <unfixed> (unimportant)
NOTE: That's by design
CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network ...)
- - jffnms 0.8.3dfsg.1-4 (high)
- NOTE: 20_security.dpatch is addressing this bug however the maintainer didn't include
- NOTE: a note about the CVE id.
- NOTE: the fix for CVE-2007-3190 is incomplete (the 'pass' param can still contain an injection)
+ NOTE: This is an jffnms ID, which has been wrongly reported by an external party,
+ NOTE: The data is sufficiently sanitised with the Debian fix for CVE-2007-3192
CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service in ...)
NOT-FOR-US: 602Pro LAN SUITE
CVE-2007-3202 (Cross-site scripting (XSS) vulnerability in the rich text editor in ...)
More information about the Secure-testing-commits
mailing list