[Secure-testing-commits] r5491 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Tue Feb 27 22:49:36 UTC 2007
Author: jmm-guest
Date: 2007-02-27 23:49:33 +0100 (Tue, 27 Feb 2007)
New Revision: 5491
Modified:
data/CVE/list
Log:
etch fix for ikiwiki
amarok fixes
nexuiz issue doesn't affect etch
fetchmail issue doesn't affect sarge
amavis-ng only an issue is someone installs non-free code (in which case you're screwed anyway)
mt-daapd uses an not-so-well default, but it's not a direct vulnerability
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-27 22:36:27 UTC (rev 5490)
+++ data/CVE/list 2007-02-27 22:49:33 UTC (rev 5491)
@@ -4,9 +4,12 @@
CVE-2007-XXXX [TYPO3 Security Bulletin TYPO3-20070221-1: Email header injection]
- typo3-src 4.0.5+debian-1
CVE-2007-XXXX [mt-daapd remote access & default password]
- - mt-daapd <unfixed> (bug #404640)
+ - mt-daapd <unfixed> (unimportant; bug #404640)
+ NOTE: User-unfriendly packaging flaw, but not a vulnerability per se
CVE-2007-XXXX [amavids-new uses contrib/non-free packers without security support in default config]
- - amavisd-new <unfixed> (bug #410588)
+ - amavisd-new <unfixed> (unimportant; bug #410588)
+ NOTE: Doesn't affect a standard Debian installation, only users, which install
+ NOTE: proprietary apps, it should be fixed for sanity, but not a direct vulnerability
CVE-2006-XXXX [pure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem]
- pure-ftpd <unfixed> (bug #350889)
CVE-2007-XXXX [MediaWiki XSS based on Microsoft Internet Explorer's UTF-7 charset autodetection]
@@ -524,7 +527,8 @@
- php4 <unfixed>
- php5 <unfixed> (bug #410561; bug #410995)
CVE-2007-XXXX [ikiwiki allows web user to edit images and other non-page format files in the wiki]
- - ikiwiki 1.42
+ - ikiwiki 1.42 (low)
+ [etch] - ikiwiki 1.33.1
CVE-2007-0858
RESERVED
CVE-2007-0857 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before ...)
@@ -768,9 +772,9 @@
CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows ...)
NOT-FOR-US: 3proxy
CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a ...)
- - amarok 1.4.4-3 (bug #410850)
+ - amarok 1.4.4-3 (bug #410850; low)
CVE-2006-6979 (The ruby handlers in Amarok do not properly quote text in certain ...)
- - amarok <unfixed> (bug #410850; medium)
+ - amarok 1.4.4-1 (bug #410850; low)
CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar ...)
NOT-FOR-US: FCKEditor
CVE-2006-6977 (Cross-site scripting (XSS) vulnerability in the "Basic Toolbar ...)
@@ -1036,6 +1040,7 @@
NOT-FOR-US: Drupal addon module "Textimage"
CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to ...)
- nexuiz 2.2.3-1 (medium)
+ [etch] - nexuiz <not-affected> (Vulnerable code not present, was introduced in 2.2.2)
CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
NOT-FOR-US: phpBB2-MODificat it is a module to phpbb2
CVE-2007-0655
@@ -4754,6 +4759,7 @@
NOT-FOR-US: BlogMe
CVE-2006-5974 (fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message ...)
- fetchmail 6.3.6-1 (low)
+ [sarge] - fetchmail <not-affected> (Vulnerable code not present)
CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ...)
- dovecot 1.0.rc15-1
[sarge] - dovecot <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list