[Secure-testing-commits] r6034 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Tue Jun 19 20:09:29 UTC 2007 

Author: jmm-guest
Date: 2007-06-19 20:09:28 +0000 (Tue, 19 Jun 2007)
New Revision: 6034

Modified:
   data/CVE/list
Log:
researched some of the PHP issues
no-dsa for obscure older Mozilla issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-06-19 10:27:44 UTC (rev 6033)
+++ data/CVE/list	2007-06-19 20:09:28 UTC (rev 6034)
@@ -893,7 +893,7 @@
 CVE-2007-2845 (Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus ...)
 	NOT-FOR-US: Avast
 CVE-2007-2844 (PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ...)
-	- php5 5.2.2-1 (low)
+	- php5 5.2.1-1 (low)
 	- php4 <unfixed> (low)
 CVE-2007-2843 (Cross-domain vulnerability in Apple Safari 2.0.4 allows remote ...)
 	NOT-FOR-US: Apple Safari
@@ -1158,9 +1158,11 @@
 CVE-2007-2729 (Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, ...)
 	NOT-FOR-US: Comodo Personal Firewall
 CVE-2007-2728 (The soap extension in PHP calls php_rand_r with an uninitialized seed ...)
-	- php5 <unfixed> (low)
+	- php5 5.2.3-1 (low)
+	[etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand())
 	- php4 <not-affected> (no soap functions in php4)
 CVE-2007-2727 (The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before ...)
+	[etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand())
 	- php5 5.2.2-1 (low)
 	NOTE: Code not present in PHP 4.
 CVE-2007-2726 (BitsCast 0.13.0 allows remote attackers to cause a denial of service ...)
@@ -22890,12 +22892,15 @@
 	NOT-FOR-US: PHP GEN
 CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...)
 	- firefox <removed> (bug #349339)
-	- iceweasel <unfixed> (bug #349339)
+	- iceweasel <unfixed> (low; bug #349339)
+	[etch] - iceweasel <no-dsa> (Minor design issue, affects only broken setups)
 	NOTE: mozilla-firefox is now a dummy package, so not vulnerable any more
-	- mozilla-firefox 1.5.dfsg+1.5.0.3-2 (bug #349339)
-	- mozilla <unfixed>
-	- iceape <unfixed>
-	- xulrunner <unfixed>
+	- mozilla-firefox 1.5.dfsg+1.5.0.3-2 (low; bug #349339)
+	- mozilla <unfixed> (low)
+	- iceape <unfixed> (low)
+	[etch] - iceape <no-dsa> (Minor design issue, affects only broken setups)
+	- xulrunner <unfixed> (low)
+	[etch] - xulrunner <no-dsa> (Minor design issue, affects only broken setups)
 CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to ...)
 	NOT-FOR-US: MyBB (aka MyBulletinBoard)
 CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 ...)

More information about the Secure-testing-commits mailing list