[Secure-testing-commits] r6098 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu Jul 5 22:38:41 UTC 2007


Author: jmm-guest
Date: 2007-07-05 22:38:40 +0000 (Thu, 05 Jul 2007)
New Revision: 6098

Modified:
   data/CVE/list
Log:
one PHP non-issue
we need to file bugs for every new issue. if an issue is only marked
  as unfixed in the tracker, no maintainer will notice it. So, bugs
  need to be filed.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-07-05 15:21:44 UTC (rev 6097)
+++ data/CVE/list	2007-07-05 22:38:40 UTC (rev 6098)
@@ -16,8 +16,10 @@
 	NOTE: Not security-relevant
 CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...)
 	- flac123 <unfixed> (medium)
+	TODO: File bug
 CVE-2007-3506 (The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType ...)
 	- freetype <unfixed> (medium)
+	TODO: File bug
 CVE-2007-3505 (Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 ...)
 	NOT-FOR-US: QuickTalk forum
 CVE-2007-3504 (Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java ...)
@@ -232,8 +234,7 @@
 CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause ...)
 	- libnet-dns-perl 0.60-1 (low)
 CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have ...)
-	- dia <not-affected>
-	NOTE: Windows packaging with bundled FreeType libs
+	- dia <not-affected> (Windows packaging with bundled FreeType libs)
 CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to ...)
 	NOT-FOR-US: Simple HTTPD
 CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft Internet ...)
@@ -498,7 +499,8 @@
 CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...)
 	NOT-FOR-US: YaBB
 CVE-2007-3294 (Multiple buffer overflows in the Tidy extension for PHP 5.2.3 allow ...)
-	TODO: check
+	- php5 <unfixed> (unimportant)
+	NOTE: Only exploitable by malicious script
 CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and ...)
 	NOT-FOR-US: LiveCMS
 CVE-2007-3292 (Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier ...)
@@ -530,17 +532,14 @@
 CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting ...)
 	NOT-FOR-US: Php Hosting Biller
 CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements ...)
-	- postgresql-8.1 <not-affected>
-	- postgresql-8.2 <not-affected>
-	NOTE: Neither PL/pgsql nor dblink are enabled by default.
+	- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
+	- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
 CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL ...)
-	- postgresql-8.1 <not-affected>
-	- postgresql-8.2 <not-affected>
-	NOTE: Neither PL/pgsql nor dblink are enabled by default.
+	- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
+	- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
 CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust ...)
-	- postgresql-8.1 <not-affected>
-	- postgresql-8.2 <not-affected>
-	NOTE: local trust authentication is not enabled in Debian.
+	- postgresql-8.1 <not-affected> (local trust authentication is not enabled in Debian)
+	- postgresql-8.2 <not-affected> (local trust authentication is not enabled in Debian)
 CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module for ...)
 	NOT-FOR-US: localization module for WIKINDX
 CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site at School ...)




More information about the Secure-testing-commits mailing list