[Secure-testing-commits] r6171 - data/CVE

stef-guest at alioth.debian.org stef-guest at alioth.debian.org
Wed Jul 25 20:53:36 UTC 2007 

Author: stef-guest
Date: 2007-07-25 20:53:35 +0000 (Wed, 25 Jul 2007)
New Revision: 6171

Modified:
   data/CVE/list
Log:
fixed: dokuwiki, asterisk, linux

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-07-25 20:33:27 UTC (rev 6170)
+++ data/CVE/list	2007-07-25 20:53:35 UTC (rev 6171)
@@ -1,3 +1,5 @@
+CVE-2007-XXXX [dokuwiki XSS in spellchecker]
+	- dokuwiki 0.0.20070626b-1 (bug #434134)
 CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital Management ...)
 	TODO: check
 CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer Relationship ...)
@@ -209,13 +211,17 @@
 CVE-2007-3766
 	RESERVED
 CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW ...)
-	TODO: check
+	- asterisk 1:1.4.8~dfsg-1 (bug #433681)
+	NOTE: ASA-2007-017
 CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and ...)
-	TODO: check
+	- asterisk 1:1.4.8~dfsg-1
+	NOTE: ASA-2007-016
 CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and ...)
-	TODO: check
+	- asterisk 1:1.4.8~dfsg-1
+	NOTE: ASA-2007-015
 CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in ...)
-	TODO: check
+	- asterisk 1:1.4.8~dfsg-1 (high)
+	NOTE: ASA-2007-014
 CVE-2007-XXXX [konqueror data: URL address bar spoofing]
 	- kdebase <unfixed> (bug #433072; low)
 	NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2
@@ -483,7 +489,7 @@
 CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...)
 	TODO: check
 CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c ...)
-	TODO: check
+	- linux-2.6 2.6.22-2
 CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not ...)
 	- libarchive 2.2.4-1 (bug #432924; low)
 CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...)
@@ -1289,8 +1295,6 @@
 	- apache2 2.2.4-2 (low)
 	[etch] - apache2 <unfixed> (low)
 	[sarge] - apache2 2.0.54-5sarge2 (low)
-	NOTE: Apache 2.0 likely not exploitable, see
-	NOTE: http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/<20070622162353.GA15396%40redhat.com>
 CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...)
 	- apache2 <unfixed> (unimportant)
 	NOTE: If you can execute arbitrary code, a DoS is not a problem.

More information about the Secure-testing-commits mailing list