[Secure-testing-commits] r7531 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Thu Dec 6 17:58:52 UTC 2007
Author: jmm-guest
Date: 2007-12-06 17:58:51 +0000 (Thu, 06 Dec 2007)
New Revision: 7531
Modified:
data/CVE/list
Log:
one lighttpd issue already resolved
tar/perl, audacity, wesnoth, tomboy no-dsa
gnump3d doesn't affect etch or sarge
bandersnatch unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-12-06 17:21:20 UTC (rev 7530)
+++ data/CVE/list 2007-12-06 17:58:51 UTC (rev 7531)
@@ -142,9 +142,10 @@
- zsh 4.3.4-dev-3-2 (low; bug #454073)
[etch] - zsh <no-dsa> (Minor issue)
[sarge] - zsh <no-dsa> (Minor issue)
- NOTE: Can be fixed in a point update
CVE-2007-6201 (Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x ...)
- wesnoth 1:1.2.8-1 (low)
+ [etch] - wesnoth <no-dsa> (Minor issue)
+ [sarge] - wesnoth <no-dsa> (Minor issue)
CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a ...)
- rsync 2.6.9-5.1 (low; bug #453652)
CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon that is ...)
@@ -293,7 +294,9 @@
NOTE: this is just an example script, maintainer adds a note about it
NOTE: 0.2.3-6 adds a security note about this script
CVE-2007-6130 (gnump3d 2.9final does not apply password protection to its plugins, ...)
- - gnump3d 3.0-1 (low)
+ - gnump3d 3.0-1 (medium)
+ [sarge] - gnump3d <not-affected> (Vulnerable code not present)
+ [etch] - gnump3d <not-affected> (Vulnerable code not present)
CVE-2007-6129 (Directory traversal vulnerability in scripts/include/show_content.php ...)
NOT-FOR-US: Amber script
CVE-2007-6128 (SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 ...)
@@ -413,6 +416,7 @@
[etch] - ngircd <no-dsa> (Minor issue)
CVE-2007-6061 (Audacity 1.3.2 creates a temporary directory with a predictable name ...)
- audacity <unfixed> (bug #453283; low)
+ [etch] - audacity <no-dsa> (Minor issue)
CVE-2007-6060 (AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a ...)
NOT-FOR-US: AhnLab Antivirus 3 Internet Security 2008 Platinum
CVE-2007-6059 (Javamail does not properly handle a series of invalid login attempts ...)
@@ -746,7 +750,8 @@
CVE-2007-5943 (Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a ...)
NOT-FOR-US: Simple Machines Forum
CVE-2007-5942 (Bandersnatch 0.4 allows remote attackers to obtain sensitive ...)
- - bandersnatch <removed> (low; bug #451365)
+ - bandersnatch <removed> (unimportant; bug #451365)
+ NOTE: Installation path disclosure not treated as a security issue
CVE-2007-5941 (Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in ...)
NOT-FOR-US: Adobe Shockwave
CVE-2007-5940 (feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users ...)
@@ -1426,6 +1431,7 @@
CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary file, ...)
- vobcopy <unfixed> (low; bug #448319)
[etch] - vobcopy <no-dsa> (Minor issue)
+ [sarge] - vobcopy <no-dsa> (Minor issue)
CVE-2007-5706 (Absolute path traversal vulnerability in download.php in Jeebles ...)
NOT-FOR-US: Jeebles
CVE-2007-5705 (Unspecified vulnerability in the Settings component in the ...)
@@ -4239,6 +4245,8 @@
NOT-FOR-US: DirectAdmin
CVE-2007-4829 (Directory traversal vulnerability in the Archive::Tar Perl module 1.36 ...)
- libarchive-tar-perl (low; bug #449544)
+ [sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
+ [etch] - libarchive-tar-perl <no-dsa> (Minor issue)
CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing ...)
- mediawiki 1.10.2-1 (low; bug #442255)
[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
@@ -6286,7 +6294,7 @@
- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3947 (request.c in lighttpd 1.4.15 allows remote attackers to cause a denial ...)
{DSA-1362-1}
- - lighttpd 1.4.16-1 (bug #434888)
+ - lighttpd 1.4.16-1 (bug #428368)
CVE-2007-3946 (mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote ...)
{DSA-1362-1}
- lighttpd 1.4.16-1 (bug #434888)
@@ -8991,7 +8999,8 @@
RESERVED
CVE-2007-2841 [lighttpd DoS]
RESERVED
- - lighttpd 1.4.15-1.1 (bug #428368)
+ NOTE: Duplicate of CVE-2007-3947, was assigned from Debian CNA and clashed with MITRE
+ NOTE: assignment
CVE-2007-2840
RESERVED
CVE-2007-2839 (gfax 0.4.2 and probably other versions creates temporary files ...)
@@ -27380,7 +27389,8 @@
TODO: check all packages
NOTE: lintian bug filed: #451559
CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and ...)
- - tomboy 0.8.1-2
+ - tomboy 0.8.1-2 (low)
+ [etch] - tomboy <no-dsa> (Minor issue)
CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
- resmgr <not-affected>
CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
More information about the Secure-testing-commits
mailing list