[Secure-testing-commits] r7700 - in data: . CVE DSA

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sun Dec 23 10:58:58 UTC 2007 

Author: jmm-guest
Date: 2007-12-23 10:58:57 +0000 (Sun, 23 Dec 2007)
New Revision: 7700

Modified:
   data/CVE/list
   data/DSA/list
   data/embedded-code-copies
Log:
clamav DSA
asterisk issue postponed
one cups issue still affects sarge, though not really severe


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-12-22 21:14:16 UTC (rev 7699)
+++ data/CVE/list	2007-12-23 10:58:57 UTC (rev 7700)
@@ -185,6 +185,8 @@
 	RESERVED
 CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and ...)
 	- asterisk <unfixed> (low; bug #457063)
+	[etch] - asterisk <no-dsa> (Minor issue, eventually fix in a later DSA)
+	[sarge] - asterisk <not-affected> (Vulnerable code not present)
 CVE-2007-6429
 	RESERVED
 CVE-2007-6428
@@ -413,9 +415,11 @@
 CVE-2007-6336 (Off-by-one error in ClamAV before 0.92 allows remote attackers to ...)
 	{DTSA-101-1}
 	- clamav 0.92~dfsg-1~volatile2
+	[sarge] - clamav <not-affected> (Vulnerable code not present)
 CVE-2007-6335 (Integer overflow in libclamav in ClamAV before 0.92 allows remote ...)
 	{DTSA-101-1}
 	- clamav 0.92~dfsg-1~volatile2
+	[sarge] - clamav <not-affected> (Vulnerable code not present)
 CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and ...)
 	NOT-FOR-US: Ingres on Windows
 CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as ...)
@@ -1620,7 +1624,9 @@
 	- cupsys <unfixed> (medium; bug #457453)
 	[sarge] - cupsys <not-affected> (Vulnerable code not present)
 CVE-2007-5848 (Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin ...)
-	- cupsys <not-affected> (Mac driver specific problem)
+	- cupsys 1.2.0
+	NOTE: This only affects the Cups 1.1 series
+	[sarge] - cupsys <no-dsa> (Minor issue, may only lead to an infinite loop)
 CVE-2007-5847 (Race condition in the CFURLWriteDataAndPropertiesToResource API in ...)
 	NOT-FOR-US: Core Foundation (Apple Mac OS X)
 CVE-2007-5846 (The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2007-12-22 21:14:16 UTC (rev 7699)
+++ data/DSA/list	2007-12-23 10:58:57 UTC (rev 7700)
@@ -3,6 +3,9 @@
 	[etch] - linux-2.6 2.6.18.dfsg.1-13etch6
 	[etch] - fai-kernels 1.17+etch.13etch6
 	[etch] - user-mode-linux 2.6.18-1um-2etch.13etch6
+[19 Dec 2007] DSA-1435-1 clamav
+        {CVE-2007-6335 CVE-2007-6336}
+        [etch] - clamav 0.90.1-3etch8
 [16 Dec 2007] DSA-1434-1 mydns - denial of service
 	{CVE-2007-2362}
 	[etch] - mydns 1:1.1.0-7etch1

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2007-12-22 21:14:16 UTC (rev 7699)
+++ data/embedded-code-copies	2007-12-23 10:58:57 UTC (rev 7700)
@@ -43,7 +43,7 @@
 silc-client (uses libsilc and libsilcclient)
 
 dietlibc:
-ccontrol (links statically)
+ccontrol (linked statically until 0.9.1+20071204-1, affects Etch only)
 
 libiax:
 iaxmodem

More information about the Secure-testing-commits mailing list