[Secure-testing-commits] r6128 - in data: CVE DSA

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Tue Jul 10 17:30:40 UTC 2007 

Author: jmm-guest
Date: 2007-07-10 17:30:39 +0000 (Tue, 10 Jul 2007)
New Revision: 6128

Modified:
   data/CVE/list
   data/DSA/list
Log:
vlc DSA
gfax only affected sarge
glibc bug only
wz_tooltip apparently bogus


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-07-10 12:23:02 UTC (rev 6127)
+++ data/CVE/list	2007-07-10 17:30:39 UTC (rev 6128)
@@ -12,7 +12,7 @@
 	RESERVED
 CVE-2007-3508 [glibc hwcaps integer overflow]
 	RESERVED
-	- glibc <unfixed> (unimportant; bug #431858)
+	- glibc 2.6-2 (unimportant; bug #431858)
 	NOTE: Not security-relevant
 CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...)
 	- flac123 <unfixed> (medium; bug #432008)
@@ -106,9 +106,9 @@
 CVE-2007-3469 (Unspecified vulnerability in the TCP Loopback/Fusion implementation in ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2007-3468 (input.c in VideoLAN VLC Media Player before 0.8.6c allows remote ...)
-	- vlc 0.8.6.c.debian-1 (bug #429726)
+	- vlc 0.8.6.c.debian-1 (unimportant; bug #429726)
 CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c VideoLAN ...)
-	- vlc 0.8.6.c.debian-1 (bug #429726)
+	- vlc 0.8.6.c.debian-1 (unknown; bug #429726)
 CVE-2007-3466
 	RESERVED
 CVE-2007-3465 (Check Point SofaWare Safe at Office, with firmware before Embedded NGX ...)
@@ -450,7 +450,7 @@
 CVE-2007-3317 (The Session Initiation Protocol (SIP) User Access Client (UAC) message ...)
 	NOT-FOR-US: Avaya one-X Desktop Edition
 CVE-2007-3316 (Multiple format string vulnerabilities in plugins in VideoLAN VLC ...)
-	- vlc 0.8.6.c.debian-1 (bug #429726)
+	- vlc 0.8.6.c.debian-1 (medium; bug #429726)
 CVE-2007-3315 (Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer ...)
 	NOT-FOR-US: YourFreeScreamer
 CVE-2007-3314 (Stack-based buffer overflow in peviewer.spl in Altap Servant ...)
@@ -816,10 +816,8 @@
 CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown ...)
 	- egroupware <unfixed> (bug #429208)
 CVE-2007-3154 (Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka ...)
-	- ktorrent 2.1.4.dfsg.1-3 (bug #429209)
-	- dtc-common <unfixed> (bug #429214)
-	- egroupware-core <unfixed> (bug #429215)
-	- gallery <unfixed> (bug #429213)
+	NOTE: Apparently a bogus issue; upstream developer of wz_tooltip.js isn't aware
+	NOTE: of any security problem, see #429215, #429209, #429214, #429213
 CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms other ...)
 	NOT-FOR-US: c-ares
 CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random number ...)
@@ -1556,7 +1554,8 @@
 CVE-2007-2839 [gfax: local users can maniplate root's contrab]
 	RESERVED
 	{DSA-1329-1}
-	- gfax <unfixed> (bug #431893; low)
+	- gfax 0.6 (bug #431893; low)
+	NOTE: Vulnerable code no longer present since 0.6, so marking this as fixed version
 CVE-2007-2838 (The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 ...)
 	{DSA-1327-1}
 	- gsambad 0.1.6-2 (bug #431331)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2007-07-10 12:23:02 UTC (rev 6127)
+++ data/DSA/list	2007-07-10 17:30:39 UTC (rev 6128)
@@ -1,3 +1,7 @@
+[09 Jul 2007] DSA-1332-1 vlc
+	{CVE-2007-3316 CVE-2007-3467 CVE-2007-3468}
+	[sarge] - vlc 0.8.1.svn20050314-1sarge3
+	[etch] - vlc 0.8.6-svn20061012.debian-5etch1
 [07 Jul 2007] DSA-1331-1 php4 - several vulnerabilities
 	{CVE-2006-0207 CVE-2006-4486 CVE-2007-1864}
 	[sarge] - php4 4:4.3.10-22

More information about the Secure-testing-commits mailing list