[Secure-testing-commits] r7505 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Tue Dec 4 21:19:30 UTC 2007 

Author: jmm-guest
Date: 2007-12-04 21:19:30 +0000 (Tue, 04 Dec 2007)
New Revision: 7505

Modified:
   data/CVE/list
Log:
sing not critical
fix name of claws-mail src pkg
zsh, mp, kfreebsd no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-12-04 21:14:09 UTC (rev 7504)
+++ data/CVE/list	2007-12-04 21:19:30 UTC (rev 7505)
@@ -29,15 +29,18 @@
 CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method ...)
 	TODO: check
 CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local users ...)
-	- claws-mail-tools 3.1.0-2 (low; bug #454089)
+	- claws-mail 3.1.0-2 (low; bug #454089)
 CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX runs "UserParameter" scripts with gid 0, ...)
 	- zabbix <unfixed> (bug #452682)
 CVE-2007-6202 (SQL injection vulnerability in plugins/search/search.php in Neocrome ...)
 	NOT-FOR-US: Neocrome Seditio CMS
 CVE-2007-6211 (Send Nasty ICMP Garbage (sing) on Debian GNU/Linux allows local users ...)
-	- sing <unfixed> (high; bug #454167)
+	- sing <unfixed> (low; bug #454167)
 CVE-2007-6209 (difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary ...)
 	- zsh 4.3.4-dev-3-2 (low; bug #454073)
+	[etch] - zsh <no-dsa> (Minor issue)
+	[sarge] - zsh <no-dsa> (Minor issue)
+	NOTE: Can be fixed in a point update
 CVE-2007-6201 (Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x ...)
 	- wesnoth 1:1.2.8-1 (low)
 CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a ...)
@@ -179,7 +182,8 @@
 	{DSA-1417-1}
 	- asterisk <unfixed> (medium)
 CVE-2007-6150 (The &quot;internal state tracking&quot; code for the random and urandom devices ...)
-	- kfreebsd-5 <unfixed> (high; bug #453944)
+	- kfreebsd-5 <unfixed> (medium; bug #453944)
+	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
 CVE-2007-6132
 	REJECTED
 CVE-2007-6131 (buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite ...)
@@ -3687,7 +3691,10 @@
 CVE-2001-1582 (Buffer overflow in the LDAP naming services library (libsldap) in Sun ...)
 	NOT-FOR-US: Solaris
 CVE-2007-XXXX [mimep insecure tempfile usage and insecure calls to LaTeX and dvips]
-	- mp 3.7.1-8
+	- mp 3.7.1-8 (low)
+	[sarge] - mp <no-dsa> (Minor issue)
+	[etch] - mp <no-dsa> (Minor issue)
+	NOTE: Can be fixed in a point update
 CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in Java ...)
 	- sun-java6-jre <unfixed> (unimportant)
 	- sun-java5-jre <unfixed> (unimportant)

More information about the Secure-testing-commits mailing list