[Secure-testing-commits] r6157 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Tue Jul 24 00:24:02 UTC 2007 

Author: jmm-guest
Date: 2007-07-24 00:24:01 +0000 (Tue, 24 Jul 2007)
New Revision: 6157

Modified:
   data/CVE/list
Log:
track removals
libgd no-dsa
imager-perl non-issue
record gimp fix in sid


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-07-21 06:38:49 UTC (rev 6156)
+++ data/CVE/list	2007-07-24 00:24:01 UTC (rev 6157)
@@ -2319,7 +2319,7 @@
 CVE-2007-2850 (The Session Reliability Service (XTE) in Citrix MetaFrame Presentation ...)
 	NOT-FOR-US: Citrix
 CVE-2007-2849 (KnowledgeTree Document Management (aka KnowledgeTree Open Source) ...)
-	- knowledgetree <unfixed> (bug #432123)
+	- knowledgetree <removed> (bug #432123)
 CVE-2007-2848 (Stack-based buffer overflow in the SetPath function in the shComboBox ...)
 	NOT-FOR-US: Sky Software
 CVE-2007-2847 (Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in ...)
@@ -2548,7 +2548,11 @@
 	NOT-FOR-US: Redoable
 CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted ...)
 	- libgd <unfixed> (bug #426099; low)
+	[etch] - libgd <no-dsa> (Minor issue)
+	[sarge] - libgd <no-dsa> (Minor issue)
 	- libgd2 <unfixed> (bug #426100; low)
+	[etch] - libgd2 <no-dsa> (Minor issue)
+	[sarge] - libgd2 <no-dsa> (Minor issue)
 	NOTE: http://bugs.libgd.org/?do=details&task_id=86
 CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...)
 	NOT-FOR-US: PrecisionID
@@ -3187,8 +3191,8 @@
 CVE-2007-2460 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: FireFly
 CVE-2007-2459 (Buffer overflow in the read_4bit_bmp function in bmp.c in Imager 0.56 ...)
-	- libimager-perl 0.58-1 (medium; bug #421582)
-	NOTE: http://rt.cpan.org/Ticket/Display.html?id=26811
+	- libimager-perl 0.58-1 (unimportant; bug #421582)
+	NOTE: Only CVE-2007-2413 is exploitable per upstream
 CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery ...)
 	NOT-FOR-US: Pixaria Gallery
 CVE-2007-2457 (PHP remote file inclusion vulnerability in ...)
@@ -5519,8 +5523,10 @@
 	NOT-FOR-US: dproxy
 CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in ...)
 	- inkscape <unfixed> (medium)
+	TODO: File bug
 CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows ...)
 	- inkscape <unfixed> (low)
+	TODO: File bug
 CVE-2007-1462 (The luci server component in conga preserves the password between page ...)
 	NOT-FOR-US: conga
 CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...)
@@ -10585,7 +10591,7 @@
 CVE-2006-6458 (The Trend Micro scan engine before 8.320 for Windows and before 8.150 ...)
 	NOT-FOR-US: Trend Micro (Windows)
 CVE-2006-6457 (tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other ...)
-	- tikiwiki <unfixed> (bug #404472)
+	- tikiwiki <removed> (bug #404472)
 	NOTE: Might be a mis-report, check with upstream
 CVE-2006-6456 (Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and ...)
 	NOT-FOR-US: Microsoft Word
@@ -14850,7 +14856,8 @@
 	NOT-FOR-US: Novell eDirectory
 CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...)
 	{DSA-1335-1}
-	TODO: check
+	- gimp 2.2.16-1 (medium)
+	NOTE: Security problems were fixed in 2.2.16, but only 2.2.17 fixes a PSD regression
 CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...)
 	NOT-FOR-US: Qbik WinGate
 CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...)
@@ -18573,9 +18580,9 @@
 CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and ...)
 	NOT-FOR-US: myNewsletter
 CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote ...)
-	- knowledgetree <unfixed> (bug #373137; low)
+	- knowledgetree <removed> (bug #373137; low)
 CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree ...)
-	- knowledgetree <unfixed> (bug #373137; low)
+	- knowledgetree <removed> (bug #373137; low)
 CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows ...)
 	NOT-FOR-US: Kmita
 CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ ...)

More information about the Secure-testing-commits mailing list