[Secure-testing-commits] r7657 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Wed Dec 19 12:40:29 UTC 2007 

Author: nion
Date: 2007-12-19 12:40:28 +0000 (Wed, 19 Dec 2007)
New Revision: 7657

Modified:
   data/CVE/list
Log:
NFUs
new linux-2.6 issues, poked maks
CVE-2007-6416 does not affect xen in Debian
removed comments for rejects items


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-12-19 09:14:12 UTC (rev 7656)
+++ data/CVE/list	2007-12-19 12:40:28 UTC (rev 7657)
@@ -9,13 +9,13 @@
 CVE-2008-0026
 	RESERVED
 CVE-2007-6436 (Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, ...)
-	TODO: check
+	NOT-FOR-US: JustSystems
 CVE-2007-6435 (Stack-based buffer overflow in Novell GroupWise before 6.5.7, when ...)
-	TODO: check
+	NOT-FOR-US: Novell GroupWise
 CVE-2007-6434 (Linux kernel 2.6.23 allows local users to create low pages in virtual ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2007-6433 (The getRenderedEjbql method in the org.jboss.seam.framework.Query ...)
-	TODO: check
+	- jbosseam <itp> (bug #451956)
 CVE-2007-6432
 	RESERVED
 CVE-2007-6431
@@ -33,7 +33,7 @@
 CVE-2007-6425
 	RESERVED
 CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in ...)
-	TODO: check
+	NOT-FOR-US: Fonality Trixbox
 CVE-2007-6423
 	RESERVED
 CVE-2007-6422
@@ -45,15 +45,17 @@
 CVE-2007-6419
 	RESERVED
 CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2007-6416 (The copy_to_user function in the PAL emulation functionality for Xen ...)
-	TODO: check
+	- xen-unstable <not-affected> (We only have xen for i386 and amd64)
+	- xen-3 <not-affected> (We only have xen for i386 and amd64)
+	- xen-3.0 <not-affected> (We only have xen for i386 and amd64)
 CVE-2007-6415
 	RESERVED
 CVE-2007-6414 (admin/administrator.php in Adult Script 1.6 and earlier sends a ...)
-	TODO: check
+	NOT-FOR-US: Adult ScriptAdult Script
 CVE-2007-6413 (Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris
 CVE-2007-6412 (Direct static code injection vulnerability in wiki/index.php in ...)
 	TODO: check
 CVE-2007-6411 (Multiple buffer overflows in the HandleEmotsConfig function in the GG ...)
@@ -9062,14 +9064,8 @@
 	NOT-FOR-US: Acoustica MP3 CD Burner
 CVE-2007-3005
 	REJECTED
-	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	- sun-java5 1.5.0-11-1 (low)
-	- sun-java6 6-01-0ubuntu1 (low)
 CVE-2007-3004
 	REJECTED
-	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-	- sun-java5 1.5.0-11-1 (medium)
-	- sun-java6 6-01-0ubuntu1 (medium)
 CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier ...)
 	NOT-FOR-US: myBloggie
 CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive ...)

More information about the Secure-testing-commits mailing list