[Secure-testing-commits] r7736 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu Dec 27 17:55:19 UTC 2007 

Author: jmm-guest
Date: 2007-12-27 17:55:18 +0000 (Thu, 27 Dec 2007)
New Revision: 7736

Modified:
   data/CVE/list
Log:
- knowledgeroot issue should rather be fixed in thr httpd
  instead of worked around
- ardour from sarge and etch doesn't include libsndfile yet


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-12-27 16:57:43 UTC (rev 7735)
+++ data/CVE/list	2007-12-27 17:55:18 UTC (rev 7736)
@@ -4201,8 +4201,10 @@
 CVE-2007-5157 (PHP remote file inclusion vulnerability in phfito-post.php in Alex ...)
 	NOT-FOR-US: PHP Fidonet Tosser
 CVE-2007-5156 (Incomplete blacklist vulnerability in ...)
-	- knowledgeroot 0.9.8.4-1.1 (medium; bug #444928)
-	- moin 1.5.8-4.1
+	- knowledgeroot 0.9.8.4-1.1 (unimportant; bug #444928)
+	- moin 1.5.8-4.1 (unimportant)
+	NOTE: This problem should rather be addressed by proper httpd config
+	NOTE: The change only adds a workaround for insecure configs
 	- karrigell <not-affected> (Does not include vulnerable php code)
 	- gforge 4.6.99+svn6169-1 (low; bug #447590)
 	[etch] - gforge <not-affected> (fckeditor is not shipped in these versions)
@@ -4641,6 +4643,8 @@
 CVE-2007-4974 (Heap-based buffer overflow in the flac_buffer_copy function in ...)
 	- libsndfile 1.0.17-4 (bug #443386; medium)
 	- ardour 1:2.1-1.1 (medium; bug #445889)
+	[sarge] - ardour <not-affected> (Vulnerable code not present)
+	[etch] - ardour <not-affected> (Vulnerable code not present)
 CVE-2007-4973
 	RESERVED
 CVE-2007-4972 (RegMon 7.04 does not properly validate certain parameters to System ...)
@@ -4942,7 +4946,7 @@
 	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=394974
 CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...)
 	- glibc 2.7-1 (unimportant) 
-	NOTE: Only triggerable by malicious script
+	NOTE: Original PHP issue only triggerable by malicious script
 CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier ...)

More information about the Secure-testing-commits mailing list