[Secure-testing-commits] r5500 - data/CVE

Sat Mar 3 20:51:33 CET 2007

Author: jmm-guest
Date: 2007-03-03 19:51:30 +0000 (Sat, 03 Mar 2007)
New Revision: 5500

Modified:
   data/CVE/list
Log:
typo3 dupe
openser fixed in etch
no-dsa for libgd2


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2007-03-03 10:53:39 UTC (rev 5499)
+++ data/CVE/list	2007-03-03 19:51:30 UTC (rev 5500)
@@ -409,8 +409,6 @@
 CVE-2007-XXXX [apg generates insecure passwords on 64-bit architectures]
 	- apg <unfixed> (bug #412618)
 	NOTE: This is not reproducible after a recompile on amd64.
-CVE-2007-XXXX [TYPO3 Security Bulletin TYPO3-20070221-1: Email header injection]
-	- typo3-src 4.0.5+debian-1
 CVE-2007-XXXX [mt-daapd remote access & default password]
 	- mt-daapd <unfixed> (unimportant; bug #404640)
 	NOTE: User-unfriendly packaging flaw, but not a vulnerability per se
@@ -1926,6 +1924,8 @@
 	[sarge] - ethereal <not-affected> (Vulnerable code not present)
 CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD ...)
 	- libgd2 <unfixed> (bug #408982; low)
+	[sarge] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
+	[etch] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
 CVE-2007-0454 (Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 ...)
 	{DSA-1257}
 	- samba 3.0.23d-5 (medium)
@@ -2981,9 +2981,11 @@
 	NOT-FOR-US: Matteo Lucarelli 3editor
 CVE-2006-6876 (The fetchsms function in the SMS handling module (libsms_getsms.c) in ...)
 	- openser 1.1.1-1 (medium)
+	[etch] - openser 1.1.0-9etch1
 	NOTE: http://www.openser.org/pub/openser/1.1.1/ChangeLog
 CVE-2006-6875 (Buffer overflow in the validateospheader function in the Open ...)
 	- openser 1.1.1-1 (medium)
+	[etch] - openser 1.1.0-9etch1
 	NOTE: http://www.openser.org/pub/openser/1.1.1/ChangeLog
 CVE-2006-6874 (Multiple cross-site scripting (XSS) vulnerabilities in friend.php in ...)
 	NOT-FOR-US: eNdonesia CMS


