[Secure-testing-commits] r5497 - data/CVE

Wed Feb 28 21:14:25 UTC 2007

Author: jmm-guest
Date: 2007-02-28 22:14:22 +0100 (Wed, 28 Feb 2007)
New Revision: 5497

Modified:
   data/CVE/list
Log:
record clamav fixes for etch
remove firefox-sage dupe
amarok fix had been updated
no-dsa for minor evolution issue


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2007-02-28 20:43:52 UTC (rev 5496)
+++ data/CVE/list	2007-02-28 21:14:22 UTC (rev 5497)
@@ -782,12 +782,17 @@
 CVE-2007-0899 [Possible heap overflow in libclamav/fsg.c]
 	RESERVED
 	- clamav 0.90-1
+	[etch] - clamav	0.88.7-2
 CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before ...)
 	- clamav 0.90-1 (bug #411117)
+	[etch] - clamav	0.88.7-2
 CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under ...)
 	- clamav 0.90-1 (bug #411118)
+	[etch] - clamav	0.88.7-2
 CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before ...)
 	- firefox-sage 1.3.10-1
+	NOTE: http://secunia.com/advisories/24086/
+	NOTE: might not affect Debian version because HTML mode is disabled. sf: pinged maintainer
 CVE-2007-0451 (Apache SpamAssassin before 3.1.8 allows remote attackers to cause a ...)
 	- spamassassin 3.1.7-2 (bug #410843)
 	NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318
@@ -926,10 +931,6 @@
 	NOT-FOR-US: GreenBrowser
 CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote ...)
 	NOT-FOR-US: MYweb4net Browser
-CVE-2007-XXXX [Firefox-sage XSS]
-	- firefox-sage <unfixed>
-	NOTE: http://secunia.com/advisories/24086/
-	NOTE: might not affect Debian version because HTML mode is disabled. sf: pinged maintainer
 CVE-2007-XXXX [php: multiple issues fixed in php 5.2.1]
 	- php4 <unfixed>
 	- php5 <unfixed> (bug #410561; bug #410995)
@@ -1174,7 +1175,7 @@
 CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows ...)
 	NOT-FOR-US: 3proxy
 CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a ...)
-	- amarok 1.4.4-3 (bug #410850; low)
+	- amarok 1.4.4-4 (bug #410850; low)
 CVE-2006-6979 (The ruby handlers in Amarok do not properly quote text in certain ...)
 	- amarok 1.4.4-1 (bug #410850; low)
 CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the &quot;Basic Toolbar ...)
@@ -19520,6 +19521,7 @@
 	RESERVED
 CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a ...)
 	- evolution <unfixed> (bug #398064; low)
+	[etch] - evolution <no-dsa> (Minor issue)
 	[sarge] - evolution <not-affected> (Not reproducable on Sarge)
 CVE-2006-0039 (Race condition in the do_add_counters function in netfilter for Linux ...)
 	{DSA-1103 DSA-1097-1}


