[Secure-testing-commits] r6091 - in data: CVE DSA

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Tue Jul 3 21:16:34 UTC 2007


Author: jmm-guest
Date: 2007-07-03 21:16:33 +0000 (Tue, 03 Jul 2007)
New Revision: 6091

Modified:
   data/CVE/list
   data/DSA/list
Log:
add two CVEs to previous icefoo DSAs, which were missed back then
remove hiki dupe
non-free no-dsa as usual
no-dsa for obscure, minor subversion issue
no-dsa for minor icefoo issue
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-07-03 21:14:12 UTC (rev 6090)
+++ data/CVE/list	2007-07-03 21:16:33 UTC (rev 6091)
@@ -167,7 +167,7 @@
 CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote ...)
 	TODO: check
 CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft 
 CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a certain ...)
 	TODO: check
 CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attackers to ...)
@@ -227,7 +227,7 @@
 CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to ...)
 	NOT-FOR-US: Simple HTTPD
 CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft Internet ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-3405 (Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp ...)
 	NOT-FOR-US: Lebisoft zdefter
 CVE-2007-3404 (Directory traversal vulnerability in ShowImage.php in SiteDepth CMS ...)
@@ -250,8 +250,7 @@
 	NOT-FOR-US: KeyFocus
 CVE-2007-3395
 	REJECTED
-	- hiki 0.8.7-1 (bug #430691; medium)
-	NOTE: Duplicate of CVE-2007-2836
+	NOTE: Duplicate of CVE-2007-2836 (hiki, bu# 430691)
 CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote ...)
 	NOT-FOR-US: eNdonesia
 CVE-2007-3388
@@ -422,7 +421,7 @@
 CVE-2006-7207 (Buffer overflow in ageet AGEphone before 1.4.0 might allow remote ...)
 	NOT-FOR-US: AGEphone
 CVE-2006-7206 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-4168
 	REJECTED
 CVE-2007-3322 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
@@ -486,7 +485,7 @@
 CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow ...)
 	NOT-FOR-US: Musoo
 CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web ...)
-	TODO: check
+	NOT-FOR-US: Web Thunderbolt
 CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...)
 	NOT-FOR-US: YaBB
 CVE-2007-3294 (Multiple buffer overflows in the Tidy extension for PHP 5.2.3 allow ...)
@@ -518,7 +517,7 @@
 CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root ...)
 	- xscreensaver <not-affected> (Not a security issue: works as documented)
 CVE-2007-3282 (Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting ...)
 	NOT-FOR-US: Php Hosting Biller
 CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements ...)
@@ -877,7 +876,6 @@
 	- gimp <unfixed> (unimportant)
 CVE-2007-3125
 	REJECTED
-	NOTE: Duplicate of CVE-2006-6772
 CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in ...)
 	NOT-FOR-US: FreeVMS
 CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)
@@ -1011,8 +1009,7 @@
 CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and ...)
 	TODO: check
 CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...)
-	- iceweasel <not-affected>
-	NOTE: Windows only
+	- iceweasel <not-affected> (Only affects Windows versions of Firefox)
 CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX ...)
 	NOT-FOR-US: eSellerate
 CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in BDigital Web ...)
@@ -1148,11 +1145,11 @@
 CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted ...)
 	NOT-FOR-US: Acoustica MP3 CD Burner
 CVE-2007-3005 (Unspecified vulnerability in the Sun Java Runtime Environment in JDK ...)
-	[etch] - sun-java <no-dsa> (Non-free not supported)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java5 1.5.0-11-1 (low)
 	- sun-java6 <unfixed> (low)
 CVE-2007-3004 (Buffer overflow in the image parsing implementation in the Sun Java ...)
-	[etch] - sun-java <no-dsa> (Non-free not supported)
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java5 1.5.0-11-1 (medium)
 	- sun-java6 <unfixed> (medium)
 CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier ...)
@@ -1328,9 +1325,9 @@
 CVE-2007-2925
 	RESERVED
 CVE-2007-2924 (Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX ...)
-	TODO: check
+	NOT-FOR-US: RealNetworks GameHouse
 CVE-2007-2923 (The launch method in the LocalExec ActiveX control (LocalExec.ocx) in ...)
-	TODO: check
+	NOT-FOR-US: LocalExec ActiveX control
 CVE-2007-2922
 	RESERVED
 CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx ...)
@@ -1641,9 +1638,9 @@
 	- php4 <unfixed> (unimportant)
 	NOTE: open_basedir bypasses not supported
 CVE-2003-1330 (Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom &quot;on ...)
-	TODO: check
+	NOT-FOR-US: MAILsweeper
 CVE-2001-1581 (The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows ...)
-	TODO: check
+	NOT-FOR-US: MAILsweeper
 CVE-2007-XXXX [mantis multiple issues fixed in 1.0.7]
 	- mantis 1.0.7+dfsg-1
 	NOTE: "email notifications bypass security on custom fields" and "XSS vulnerabilities"
@@ -2411,6 +2408,8 @@
 	- tomcat5.5 <unfixed> (low)
 CVE-2007-2448 (Subversion 1.4.3 and earlier does not properly implement the &quot;partial ...)
 	- subversion 1.4.4dfsg1-1 (bug #428194; low)
+	[etch] - subversion <no-dsa> (Minor issue)
+	[sarge] - subversion <no-dsa> (Minor issue)
 CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 ...)
 	{DSA-1291-2 DTSA-41-1}
 	- samba 3.0.25-1 (high)
@@ -3875,7 +3874,7 @@
 CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and ...)
 	NOT-FOR-US: debaser module for Xoops
 CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service ...)
-	- pulseaudio 0.9.6-1 (medium)
+	- pulseaudio 0.9.6-1 (low)
 CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote ...)
 	NOT-FOR-US: MailDwarf
 CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...)
@@ -5721,7 +5720,7 @@
 CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart ...)
 	NOT-FOR-US: VirtueMart
 CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload ...)
-	- iceweasel <unfixed> (medium)
+	- iceweasel <unfixed> (low)
 CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
 	NOT-FOR-US: Microsoft IE
 CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ...)
@@ -6090,7 +6089,9 @@
 	- iceweasel <unfixed> (low)
 	[etch] - iceweasel <no-dsa> (Minor issue)
 	- iceape <unfixed> (low)
+	[etch] - iceape <no-dsa> (Minor issue)
 	- xulrunner <unfixed> (low)
+	[etch] - xulrunner <no-dsa> (Minor issue)
 	NOTE: maintainer notes that this may affect browsers based on xulrunner
 CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList ...)
 	{DSA-1294-1}

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2007-07-03 21:14:12 UTC (rev 6090)
+++ data/DSA/list	2007-07-03 21:16:33 UTC (rev 6091)
@@ -67,14 +67,14 @@
         {CVE-2007-2138}
         [etch] - postgresql-8.1 8.1.9-0etch1
 [14 Jun 2007] DSA-1308-1 iceweasel - several vulnerabilities
-	{CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871}
+	{CVE-2007-1116 CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871}
 	[etch] - iceweasel 2.0.0.4-0etch1
 [12 Jun 2007] DSA-1307-1 openoffice.org - heap overflow
         {CVE-2007-0245}
         [sarge] - openoffice.org 1.1.3-9sarge7
         [etch] - openoffice.org 2.0.4.dfsg.2-7etch1
 [12 Jun 2007] DSA-1306-1 xulrunner
-	{CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871}
+	{CVE-2007-1116 CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871}
 	[etch] - xulrunner 1.8.0.12-0etch1
 [13 Jun 2007] DSA-1305-1 icedove - several vulnerabilities
 	{CVE-2007-1558 CVE-2007-2867 CVE-2007-2868}




More information about the Secure-testing-commits mailing list