[Secure-testing-commits] r5535 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sat Mar 10 13:22:03 CET 2007 

Author: jmm-guest
Date: 2007-03-10 12:22:00 +0000 (Sat, 10 Mar 2007)
New Revision: 5535

Modified:
   data/CVE/list
   data/DSA/list
Log:
add another ID for clamav
tcpdump only DoS
asterisk-chan-capi fixed
amarok/sarge not affected
one phpmyadmin issue unimportant
remove temporaty phpmyadmin entry


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-03-10 12:12:14 UTC (rev 5534)
+++ data/CVE/list	2007-03-10 12:22:00 UTC (rev 5535)
@@ -352,7 +352,7 @@
 CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...)
 	- libapache2-mod-python 3.2.8-1 (low)
 CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the ...)
-	- tcpdump 3.9.5-2 (bug #413430; medium)
+	- tcpdump 3.9.5-2 (bug #413430; low)
 CVE-2007-XXXX [puttygen can create world-readable private keys]
 	- putty <unfixed> (bug #400804; unimportant)
 	NOTE: Sensitive operations like key generation should only be done in private home
@@ -915,7 +915,8 @@
 	NOT-FOR-US: TaskFreak!
 CVE-2007-XXXX [capi_{cmsg,message}2str not thread-safe; vulnerable to buffer overflow]
 	- isdnutils 1:3.9.20060704-3 (bug #408530)
-	- asterisk-chan-capi <unfixed> (bug #411293)
+        [sarge] - isdnutils <no-dsa> (Not exploitable over ISDN network)
+	- asterisk-chan-capi 0.7.1-1.1 (bug #411293)
 	- linux-2.6 <unfixed> (bug #411294)
 	NOTE: Not exploitable over ISDN network, only through a CAPI server
 CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x ...)
@@ -1564,6 +1565,7 @@
 	NOTE: This could only be exploited through the Magnatune shop
 CVE-2006-6979 (The ruby handlers in Amarok do not properly quote text in certain ...)
 	- amarok 1.4.4-1 (bug #410850; low)
+	[sarge] - amarok <not-affected> (Vulnerable code not present)
 CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the &quot;Basic Toolbar ...)
 	NOT-FOR-US: FCKEditor
 CVE-2006-6977 (Cross-site scripting (XSS) vulnerability in the &quot;Basic Toolbar ...)
@@ -2670,8 +2672,8 @@
 CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...)
 	- phpmyadmin 4:2.9.1.1-2 (medium)
 CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full ...)
-	- phpmyadmin 4:2.9.1.1-2 (medium)
-	NOTE: Fixed name in CVE.
+	- phpmyadmin 4:2.9.1.1-2 (unimportant)
+        NOTE: Only path disclosure
 CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin ...)
 	- phpmyadmin 4:2.9.1.1-2 (medium)
 	NOTE: All versions 2.9.1 is vulnerable, solution is 2.9.1.1 or newer.
@@ -5215,9 +5217,6 @@
 	{DSA-1231-1}
 	- gnupg 1.4.5-3 (medium; bug #401765)
 	- gnupg2 2.0.0-5.1 (medium; bug #400777)
-CVE-2006-XXXX [several security issues in phpmyadmin]
-	- phpmyadmin 4:2.9.1.1-1 (bug #399329)
-	NOTE: PMASA-2006-7, PMASA-2006-8, PMASA-2006-9
 CVE-2006-XXXX [smb4k security issue]
 	- smb4k 0.7.5-1
 	[sarge] - smb4k <not-affected> (Vulnerable code not present)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2007-03-10 12:12:14 UTC (rev 5534)
+++ data/DSA/list	2007-03-10 12:22:00 UTC (rev 5535)
@@ -2,8 +2,9 @@
 	{CVE-2007-0906 CVE-2007-0907 CVE-2006-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988}
 	[sarge] - php4 4:4.3.10-19
 [06 Mar 2007] DSA-1263-1 clamav
-	{CVE-2007-0897 CVE-2007-0898}
+	{CVE-2007-0897 CVE-2007-0898 CVE-2007-0899}
 	[sarge] - clamav 0.84-2.sarge.15
+	NOTE: We fixed the issue, but it's not 100% confirmed, that this is -0899
 [04 Mar 2007] DSA-1262-1 gnomemeeting
         {CVE-2007-1007}
         [sarge] - gnomemeeting 1.2.1-1sarge1

More information about the Secure-testing-commits mailing list