[Secure-testing-commits] r6048 - in data: CVE DSA

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sat Jun 23 12:34:39 UTC 2007 

Author: jmm-guest
Date: 2007-06-23 12:34:38 +0000 (Sat, 23 Jun 2007)
New Revision: 6048

Modified:
   data/CVE/list
   data/DSA/list
Log:
five new DSAs
did some php5 triage with Sean


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-06-23 11:25:38 UTC (rev 6047)
+++ data/CVE/list	2007-06-23 12:34:38 UTC (rev 6048)
@@ -359,8 +359,8 @@
 CVE-2007-3206
 	RESERVED
 CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...)
-	- php4 <unfixed> (low)
-	- php5 <unfixed> (low)
+        - php4 <unfixed> (low)
+        - php5 <unfixed> (low)
 CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network ...)
 	- jffnms <unfixed> (high)
 	NOTE: the fix for CVE-2007-3190 is incomplete (the 'pass' param can still contain an injection)
@@ -1067,7 +1067,8 @@
 CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as ...)
 	- spamassassin 3.2.1-1 (low)
 CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5 before ...)
-	- php5 <unfixed>
+	- php5 <unfixed> (unimportant)
+	NOTE: Only triggerable by malicious script
 	NOTE: Fix from 5.2.3 was ineffective
 CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
 	{DSA-1308-1 DSA-1306-1 DSA-1300-1}
@@ -1161,8 +1162,8 @@
 CVE-2007-2845 (Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus ...)
 	NOT-FOR-US: Avast
 CVE-2007-2844 (PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ...)
-	- php5 5.2.1-1 (low)
-	- php4 <unfixed> (low)
+	- php5 <not-affected> (Multi-threaded operation nut supported in Debian)
+	- php4 <not-affected> (Multi-threaded operation nut supported in Debian)
 CVE-2007-2843 (Cross-domain vulnerability in Apple Safari 2.0.4 allows remote ...)
 	NOT-FOR-US: Apple Safari
 	NOTE: Does not seem to work with Konqueror.
@@ -1385,8 +1386,8 @@
 CVE-2007-2749 (SQL injection vulnerability in question.php in FAQEngine 4.16.03 and ...)
 	NOT-FOR-US: FAQEngine
 CVE-2007-2748 (The substr_count function in PHP 5.2.1 and earlier allows ...)
-	- php5 5.2.0-11
-	- php4 <unfixed>
+	- php4 <not-affected> (Debian shipped the correct fix from the beginning)
+	- php5 <not-affected> (Debian shipped the correct fix from the beginning)
 CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before ...)
 	NOT-FOR-US: rdiffWeb
 CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2007-06-23 11:25:38 UTC (rev 6047)
+++ data/DSA/list	2007-06-23 12:34:38 UTC (rev 6048)
@@ -1,3 +1,20 @@
+[23 Jun 2007] DSA-1320-1 clamav
+	{CVE-2007-2650 CVE-2007-3023 CVE-2007-3024 CVE-2007-3122 CVE-2007-3123}
+	[sarge] - clamav 0.84-2.sarge.17
+	[etch] - 0.90.1-3etch3
+[23 Jun 2007] DSA-1319-1 maradns
+        {CVE-2007-3114 CVE-2007-3115 CVE-2007-3116}
+        [etch] - maradns 1.2.12.04-1etch1
+[23 Jun 2007] DSA-1318-1 ekg
+	{CVE-2005-2370 CVE-2005-2448 CVE-2007-1663 CVE-2007-1664 CVE-2007-1665}
+	[sarge] - ekg 1:1.5+20050411-7
+	[etch] - ekg 1:1.7~rc2-1etch1
+[23 Jun 2007] DSA-1317-1 tinymux
+        {CVE-2007-1655}
+        [etch] - tinymux 2.4.3.31-1etch1
+[21 Jun 2007] DSA-1316-1 emacs21
+        {CVE-2007-2833}
+        [etch] - emacs21 21.4a+1-3etch1
 [19 Jun 2007] DSA-1315-1 libphp-phpmailer
         {CVE-2007-3215}
         [etch] - libphp-phpmailer 1.73-2etch1

More information about the Secure-testing-commits mailing list