[Secure-testing-commits] r5408 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Feb 4 19:35:41 CET 2007 

Author: jmm-guest
Date: 2007-02-04 19:35:38 +0100 (Sun, 04 Feb 2007)
New Revision: 5408

Modified:
   data/CVE/list
Log:
mpg123 unimportant
flash issue windows-only
added unstable entry for elog
bbclone fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-02-04 15:58:18 UTC (rev 5407)
+++ data/CVE/list	2007-02-04 18:35:38 UTC (rev 5408)
@@ -225,7 +225,9 @@
 CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde Groupware ...)
 	NOT-FOR-US: Horde Groupware
 CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows ...)
-	- mpg123 <unfixed> (bug #409296; low)
+	- mpg123 <unfixed> (bug #409296; unimportant)
+	NOTE: Not much of a security problem; user will abort mpg123 and never listen to
+	NOTE: the faulty stream again
 CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in ...)
 	NOT-FOR-US: ACGVclick
 CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats ...)
@@ -470,7 +472,7 @@
 CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy ...)
 	NOT-FOR-US: WebRoot Spy Sweeper 
 CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in ...)
-	- bbclone <unfixed> (bug #408839; medium)
+	- bbclone 0.4.6-8 (bug #408839; medium)
 CVE-2007-XXXX [hinfo code injection]
 	- hinfo 1.02-3.1 (bug #402316)
 CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 ...)
@@ -1779,7 +1781,7 @@
 CVE-2006-6828 (Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier ...)
 	NOT-FOR-US: Efkan Forum
 CVE-2006-6827 (Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a ...)
-	TODO: check
+	- flashplugin-nonfree <not-affected> (Windows-specific)
 CVE-2006-6826 (Unspecified vulnerability in the tab editor for Personal .NET Portal ...)
 	NOT-FOR-US: Personal .NET Portal
 CVE-2006-6825 (Calendar MX BASIC 1.0.2 and earlier store sensitive information under ...)
@@ -2999,7 +3001,7 @@
 	RESERVED
 CVE-2006-6318 (The show_elog_list function in elogd.c in elog 2.6.2 and earlier ...)
 	{DSA-1242-1}
-	TODO: check
+	- elog 2.6.2+r1754-1
 CVE-2006-6317
 	RESERVED
 CVE-2006-6316
@@ -12574,9 +12576,9 @@
 CVE-2006-2078 (Multiple unspecified vulnerabilities in multiple FITELnet products, ...)
 	NOT-FOR-US: FITELnet
 CVE-2006-2077 (Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact ...)
-	- pdnsd 1.2.4par-0.1 (bug #368268; high)
+	- pdnsd 1.2.4par-0.1 (bug #368268; medium)
 CVE-2006-2076 (Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote ...)
-	- pdnsd 1.2.4par-0.1 (bug #368268; high)
+	- pdnsd 1.2.4par-0.1 (bug #368268; medium)
 CVE-2006-2075 (Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to ...)
 	[sarge] - mydns 1.0.0-4sarge1
 	- mydns 1.1.0+pre-3 (medium; bug #348826)

More information about the Secure-testing-commits mailing list