[Secure-testing-commits] r6071 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu Jun 28 20:37:51 UTC 2007 

Author: jmm-guest
Date: 2007-06-28 20:37:50 +0000 (Thu, 28 Jun 2007)
New Revision: 6071

Modified:
   data/CVE/list
Log:
another php non-issue
no-dsas


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-06-27 23:30:04 UTC (rev 6070)
+++ data/CVE/list	2007-06-28 20:37:50 UTC (rev 6071)
@@ -142,8 +142,10 @@
 	RESERVED
 CVE-2007-3379
 	RESERVED
-CVE-2007-3378
+CVE-2007-3378 [php htaccess safe_mode basedir_bypasses]
 	RESERVED
+	- php4 <unfixed> (unimportant)
+	- php5 <unfixed> (unimportant)
 CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates ...)
 	TODO: check
 CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows ...)
@@ -291,7 +293,6 @@
 	TODO: check
 CVE-2007-4168
 	REJECTED
-	TODO: check
 CVE-2007-3322 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
 	NOT-FOR-US: Avaya IP Phone
 CVE-2007-3321 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
@@ -540,6 +541,7 @@
 CVE-2007-3209 (Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses ...)
 	- mail-notification <unfixed> (low; bug #428157)
 	[sarge] - mail-notification <not-affected> (Only affects 3.x and 4.x)
+	[etch] - mail-notification <no-dsa> (Minor issue, needs proper documentation in errata)
 CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 ...)
 	NOT-FOR-US: YaBB
 CVE-2007-3207 (Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare ...)
@@ -3180,6 +3182,8 @@
 	NOTE: Commit r3021 looks as if it's just a null pointer dereference.
 CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to ...)
 	- freeradius <unfixed> (low)
+	[sarge] - freeradius <no-dsa> (Minor issue)
+	[etch] - freeradius <no-dsa> (Minor issue)
 CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string ...)
 	- elinks 0.11.1-1.4 (bug #417789; low)
 	[sarge] - elinks <no-dsa> (Hardly exploitable)
@@ -3551,8 +3555,8 @@
 CVE-2007-1863
 	RESERVED
 CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...)
-	- apache2 <not-affected> (low)
-	NOTE: this is actually only vulnerable in Apache 2.2.4
+	- apache2 <not-affected> (Only Apache 2.2.4 was affected)
+	TODO: Check, that no 2.2.4 version is uploaded w/o a fix and remove me once 2.2.5 is in the archive
 CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...)
 	{DSA-1289-1}
 	- linux-2.6 2.6.21-1
@@ -15847,8 +15851,7 @@
 	[sarge] - armagetron <no-dsa> (Minor game DoS)
 	[etch] - armagetron <no-dsa> (Minor game DoS)
 CVE-2006-3672 (KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a ...)
-	- kdelibs 4:3.5.4-1 (bug #378962; low)
-	[sarge] - kdelibs <not-affected> (Doesn't trigger a crash on Sarge)
+	- kdelibs 4:3.5.4-1 (bug #378962; unimportant)
 CVE-2006-3671 (Cross-site request forgery (CSRF) vulnerability in the communicate ...)
 	{DTSA-31-1}
 	- hyperestraier 1.3.3-1 (bug #379060; low)

More information about the Secure-testing-commits mailing list