[Secure-testing-commits] r5490 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Feb 27 22:36:30 UTC 2007 

Author: jmm-guest
Date: 2007-02-27 23:36:27 +0100 (Tue, 27 Feb 2007)
New Revision: 5490

Modified:
   data/CVE/list
   data/DSA/list
Log:
two new DSAs
etch fix for stlport issue
gnucash fixed in sid, unfixed in etch
correct fetchmail fix
ISDN issue only exploitable in obscure environments


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-02-27 22:24:57 UTC (rev 5489)
+++ data/CVE/list	2007-02-27 22:36:27 UTC (rev 5490)
@@ -139,6 +139,7 @@
 	- isdnutils 1:3.9.20060704-3 (bug #408530)
 	- asterisk-chan-capi <unfixed> (bug #411293)
 	- linux-2.6 <unfixed> (bug #411294)
+	NOTE: Not exploitable over ISDN network, only through a CAPI server
 CVE-2007-0981 (Mozilla based browsers, including Firefox, allow remote attackers to ...)
 	NOTE: MFSA-2007-07
 	- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
@@ -643,6 +644,7 @@
 	NOT-FOR-US: GGCMS
 CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote ...)
 	- stlport5 5.0.3-1 (bug #410864; low)
+	[etch] - stlport5 5.0.2-12
 CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...)
 	- iceweasel <unfixed> (low)
 CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox ...)
@@ -3174,7 +3176,7 @@
 	[sarge] - mozilla <unfixed> (high)
 	- firefox <removed> (high)
 CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite arbitrary ...)
-	- gnucash <unfixed> (bug #411942; medium)
+	- gnucash 2.0.5-1 (bug #411942; medium)
 CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...)
 	- linux-2.6 <unfixed>
 CVE-2007-0005
@@ -4989,7 +4991,7 @@
 	{DSA-1213}
 	- imagemagick 7:6.2.4.5.dfsg1-0.11
 CVE-2006-5867 (fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit ...)
-	- fetchmail 6.3.6~rc5-1 (low)
+	- fetchmail 6.3.6-1 (low)
 CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php for ...)
 	NOT-FOR-US: phpManta
 CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php for Script ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2007-02-27 22:24:57 UTC (rev 5489)
+++ data/DSA/list	2007-02-27 22:36:27 UTC (rev 5490)
@@ -1,3 +1,9 @@
+[14 Jan 2007] DSA-1260 imagemagick
+	{CVE-2007-0770}
+	[sarge] - imagemagick 6:6.0.6.2-2.9
+[14 Jan 2007] DSA-1259-1 fetchmail
+	{CVE-2006-5867}
+	[sarge] - fetchmail 6.2.5-12sarge5
 [07 Jan 2007] DSA-1258-1 mozilla-thunderbird
 	{CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502 CVE-2006-6503}
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8e.2

More information about the Secure-testing-commits mailing list