[Secure-testing-commits] r6098 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Thu Jul 5 22:38:41 UTC 2007
Author: jmm-guest
Date: 2007-07-05 22:38:40 +0000 (Thu, 05 Jul 2007)
New Revision: 6098
Modified:
data/CVE/list
Log:
one PHP non-issue
we need to file bugs for every new issue. if an issue is only marked
as unfixed in the tracker, no maintainer will notice it. So, bugs
need to be filed.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-07-05 15:21:44 UTC (rev 6097)
+++ data/CVE/list 2007-07-05 22:38:40 UTC (rev 6098)
@@ -16,8 +16,10 @@
NOTE: Not security-relevant
CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...)
- flac123 <unfixed> (medium)
+ TODO: File bug
CVE-2007-3506 (The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType ...)
- freetype <unfixed> (medium)
+ TODO: File bug
CVE-2007-3505 (Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 ...)
NOT-FOR-US: QuickTalk forum
CVE-2007-3504 (Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java ...)
@@ -232,8 +234,7 @@
CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause ...)
- libnet-dns-perl 0.60-1 (low)
CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have ...)
- - dia <not-affected>
- NOTE: Windows packaging with bundled FreeType libs
+ - dia <not-affected> (Windows packaging with bundled FreeType libs)
CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to ...)
NOT-FOR-US: Simple HTTPD
CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft Internet ...)
@@ -498,7 +499,8 @@
CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...)
NOT-FOR-US: YaBB
CVE-2007-3294 (Multiple buffer overflows in the Tidy extension for PHP 5.2.3 allow ...)
- TODO: check
+ - php5 <unfixed> (unimportant)
+ NOTE: Only exploitable by malicious script
CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and ...)
NOT-FOR-US: LiveCMS
CVE-2007-3292 (Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier ...)
@@ -530,17 +532,14 @@
CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting ...)
NOT-FOR-US: Php Hosting Biller
CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements ...)
- - postgresql-8.1 <not-affected>
- - postgresql-8.2 <not-affected>
- NOTE: Neither PL/pgsql nor dblink are enabled by default.
+ - postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
+ - postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL ...)
- - postgresql-8.1 <not-affected>
- - postgresql-8.2 <not-affected>
- NOTE: Neither PL/pgsql nor dblink are enabled by default.
+ - postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
+ - postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust ...)
- - postgresql-8.1 <not-affected>
- - postgresql-8.2 <not-affected>
- NOTE: local trust authentication is not enabled in Debian.
+ - postgresql-8.1 <not-affected> (local trust authentication is not enabled in Debian)
+ - postgresql-8.2 <not-affected> (local trust authentication is not enabled in Debian)
CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module for ...)
NOT-FOR-US: localization module for WIKINDX
CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site at School ...)
More information about the Secure-testing-commits
mailing list