[Secure-testing-commits] r7705 - data/CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Sun Dec 23 21:19:31 UTC 2007
Author: stef-guest
Date: 2007-12-23 21:19:30 +0000 (Sun, 23 Dec 2007)
New Revision: 7705
Modified:
data/CVE/list
Log:
- new apache issue
- add info about apache2 stable updates
- add info to autofs* issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-12-23 21:14:11 UTC (rev 7704)
+++ data/CVE/list 2007-12-23 21:19:30 UTC (rev 7705)
@@ -1,3 +1,6 @@
+CVE-2007-6514 [apache script source disclosure when docroot is on smbfs]
+ - apache <unfixed>
+ - apache2 <unfixed>
CVE-2007-XXXX [venkman preinst symlink dos]
- venkman 0.9.87.2-1 (bug #456520)
[sarge] - venkman <not-affected> (Vulnerable code not present)
@@ -515,7 +518,9 @@
CVE-2007-6286
RESERVED
CVE-2007-6285 (The default configuration for autofs 5 (autofs5) on Red Hat Enterprise ...)
- TODO: check
+ TODO: file bug (autofs5 is in experimental)
+ - autofs <not-affected> (-hosts feature not present, auto.net has nosuid,nodev)
+ - autofs5 <unfixed>
CVE-2007-6284
RESERVED
CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key ...)
@@ -714,6 +719,7 @@
[sarge] - apache2 <no-dsa> (minor issue)
[etch] - apache2 <no-dsa> (minor issue)
NOTE: Might be exploitable with older flash plugins via HTTP Request Splitting
+ NOTE: pending for 2.2.3-4+etch4 / etch r3
NOTE: apache 1.3 is not vulnerable
CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local users ...)
- claws-mail 3.1.0-2 (low; bug #454089)
@@ -1293,6 +1299,8 @@
RESERVED
CVE-2007-5964 (The default configuration of autofs 5 in Red Hat Enterprise Linux ...)
- autofs 3.1.4-8 (medium)
+ - autofs5 <unfixed>
+ TODO: file bug (autofs5 in experimental)
CVE-2007-5963 (Unspecified vulnerability in kdebase allows local users to cause a ...)
- kdebase <unfixed> (unimportant)
NOTE: This has only theoretical security impact
@@ -4500,6 +4508,7 @@
[etch] - apache <no-dsa> (minor issue)
- apache2 <unfixed> (low)
- apache <unfixed> (low)
+ NOTE: pending for 2.2.3-4+etch4 / etch r3
CVE-2007-4999 (libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, ...)
- pidgin 2.2.2-1 (medium)
CVE-2007-4998
@@ -5759,7 +5768,7 @@
CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge ...)
NOT-FOR-US: snif
CVE-2007-4465 (Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the ...)
- - apache <unfixed> (low)
+ - apache <removed> (low)
- apache2 2.2.6-1 (bug #453783)
[sarge] - apache <no-dsa> (browser issue, low impact)
[etch] - apache <no-dsa> (browser issue, low impact)
@@ -5768,6 +5777,8 @@
NOTE: This is really a browser bug, see CVE-2006-5152. But still unfixed in MSIE.
NOTE: Etch's default configuration not vulnerable due to AddDefaultCharset,
NOTE: but many users change this.
+ NOTE: pending for 2.2.3-4+etch4 / etch r3
+ NOTE: The apache2 fix is actually a workaround. It will not be applied to apache 1.3.
CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total ...)
NOT-FOR-US: Total Commander
CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted ...)
More information about the Secure-testing-commits
mailing list