[Secure-testing-commits] r5290 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Jan 17 21:58:42 CET 2007 

Author: jmm-guest
Date: 2007-01-17 21:58:39 +0100 (Wed, 17 Jan 2007)
New Revision: 5290

Modified:
   data/CVE/list
Log:
various kernel updates
squid issues do not affect Sarge
wordpress unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-01-17 20:34:18 UTC (rev 5289)
+++ data/CVE/list	2007-01-17 20:58:39 UTC (rev 5290)
@@ -69,7 +69,7 @@
 CVE-2007-0263 (Unspecified vulnerability in Total Commander before 6.5.6 allows ...)
 	NOT-FOR-US: Total Commander
 CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify ...)
-	- wordpress <unfixed> (low; bug #407289)
+	- wordpress <unfixed> (unimportant; bug #407289)
 CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when ...)
 	NOT-FOR-US: sNews
 CVE-2007-0260 (** DISPUTED ** ...)
@@ -100,6 +100,7 @@
 	NOT-FOR-US: NWOM Topsites 3.0
 CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers ...)
 	- squid 2.6.5-4 (low)
+	[sarge] - squid <not-affected> (Vulnerable code not present)
 CVE-2007-0246
 	RESERVED
 CVE-2007-0245
@@ -219,7 +220,7 @@
 CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System ...)
 	TODO: check
 CVE-2006-6921 (Unspecified versions of the Linux kernel allows local users to cause a ...)
-	TODO: check
+	- linux-2.6 <unfixed> (low)
 CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP ...)
 	TODO: check
 CVE-2007-XXXX [udev wrong permissions on raid devices]
@@ -233,7 +234,7 @@
 	NOTE: http://secunia.com/advisories/23749/
 CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows ...)
 	- squid 2.6.5-4 (low; bug #407202)
-	TODO: check if version 2.5.9-10sarge2 have comprimised code.
+	[sarge] - squid <not-affected> (Vulnerable code not present)
 	NOTE: reference - http://secunia.com/advisories/23767/
 CVE-2007-XXXX [libgtop2 "glibtop_get_proc_map_s()" Buffer Overflow]
 	- libgtop2 2.14.4-3 (medium; bug #407020)
@@ -3303,8 +3304,9 @@
 	- linux-2.6 2.6.18-1
 CVE-2006-5754
 	RESERVED
-CVE-2006-5753
+CVE-2006-5753 [listxattr syscall memory corruption DoS]
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2006-5752
 	RESERVED
 CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
@@ -3313,7 +3315,7 @@
 CVE-2006-5750 (Directory traversal vulnerability in the DeploymentFileRepository ...)
 	NOT-FOR-US: JBoss
 CVE-2006-5749 (The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
 	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
 	NOTE: MFSA-2006-65

More information about the Secure-testing-commits mailing list