[Secure-testing-commits] r7731 - data/CVE

stef-guest at alioth.debian.org stef-guest at alioth.debian.org
Thu Dec 27 09:54:48 UTC 2007 

Author: stef-guest
Date: 2007-12-27 09:54:47 +0000 (Thu, 27 Dec 2007)
New Revision: 7731

Modified:
   data/CVE/list
Log:
etch r2 fixes, bugnum

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-12-27 01:24:24 UTC (rev 7730)
+++ data/CVE/list	2007-12-27 09:54:47 UTC (rev 7731)
@@ -34,7 +34,7 @@
 CVE-2007-6508 (Directory traversal vulnerability in view.php in xeCMS 1.0 allows ...)
 	NOT-FOR-US: xeCMS
 CVE-2007-XXXX [multiple security issues in gallery2]
-	- gallery2 2.2.4-1
+	- gallery2 2.2.4-1 (bug #457644)
 	NOTE: http://gallery.menalto.com/gallery_2.2.4_released
 	NOTE: requested CVE id
 CVE-2007-6514 (Apache HTTP Server, when running on Linux with a document root on a ...)
@@ -7231,8 +7231,7 @@
 	- linux-2.6 2.6.22-4
 CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in ...)
 	- apache2 2.2.6-1 (bug #441845; low)
-	[etch] - apache2 <no-dsa> (Scheduled for next point release)
-	NOTE:	[etch] - apache2 2.2.3-4+etch3 (bug #441845; low)
+	[etch] - apache2 2.2.3-4+etch3 (bug #441845; low)
 CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used ...)
 	NOT-FOR-US: TortoiseSVN on Windows
 CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x ...)
@@ -8600,8 +8599,7 @@
 CVE-2007-3304 (Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, ...)
 	- apache <removed> (low)
 	- apache2 2.2.4-2 (low)
-	[etch] - apache2 <no-dsa> (Scheduled for next point release)
-	NOTE: [etch] - apache2 2.2.3-4+etch2
+	[etch] - apache2 2.2.3-4+etch2
 	[sarge] - apache2 2.0.54-5sarge2 (low)
 CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...)
 	- apache2 <unfixed> (unimportant)
@@ -10610,8 +10608,7 @@
 CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in ...)
 	- findutils 4.2.31-1 (low; bug #426862)
 	[sarge] - findutils <no-dsa> (Not vulnerable in default configuration, minor issue)
-	[etch] - findutils <no-dsa> (Scheduled for next point release)
-	NOTE:	[etch] - findutils 4.2.28-1etch1 (low)
+	[etch] - findutils 4.2.28-1etch1 (low)
 CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES ...)
 	- linux-2.6 2.6.21-3
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.20)
@@ -11964,7 +11961,7 @@
 CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name function in ...)
 	NOT-FOR-US: dproxy-nexgen
 CVE-2007-1865 (** DISPUTED ** ...)
-	TODO: check
+	NOT-FOR-US: not a bug
 CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...)
 	{DSA-1331-1 DSA-1330-1}
 	- php4 <unfixed>
@@ -11973,10 +11970,7 @@
 	- apache2 2.2.4-1 (low)
 	- apache <unfixed> (low)
 	[sarge] - apache2 2.0.54-5sarge2
-	NOTE:	[etch] - apache2 2.2.3-4+etch2
-	[etch] - apache2 <no-dsa> (Scheduled for next point release)
-	NOTE: see http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?view=markup&pathrev=551944
-	NOTE: see http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?r1=463503&r2=551944&pathrev=551944
+	[etch] - apache2 2.2.3-4+etch2
 	NOTE: vulnerable code in src/modules/proxy/proxy_cache.c starting in line 1132
 CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...)
 	- apache2 <not-affected> (Only Apache 2.2.4 was affected, and all versions of 2.2.4 in Debian are fixed)
@@ -19601,8 +19595,7 @@
 CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...)
 	- apache2 2.2.4-2 (low)
 	[sarge] - apache2 2.0.54-5sarge2
-	NOTE: [etch] - apache2 2.2.3-4+etch2
-	[etch] - apache2 <no-dsa> (Scheduled for next point release)
+	[etch] - apache2 2.2.3-4+etch2
 	- apache <removed> (low)
 CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
 	{DSA-1233}
@@ -37820,8 +37813,7 @@
 	- netpbm-free 2:10.0-10
 CVE-2005-2977 (The SELinux version of PAM before 0.78 r3 allows local users to ...)
 	- pam 0.99.7.1-2 (bug #336344; low)
-	[etch] - pam <no-dsa> (Scheduled for next point release)
-	NOTE: [etch] - pam 0.79-5
+	[etch] - pam 0.79-5
 	[sarge] - pam <not-affected> (Does not contain SELinux support)
 	[woody] - pam <not-affected> (Does not contain SELinux support)
 CVE-2005-2976 (Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 ...)

More information about the Secure-testing-commits mailing list