[Secure-testing-commits] r5539 - data/CVE

Joey Hess joeyh at alioth.debian.org
Sat Mar 10 22:14:16 CET 2007 

Author: joeyh
Date: 2007-03-10 21:14:12 +0000 (Sat, 10 Mar 2007)
New Revision: 5539

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-03-10 18:01:12 UTC (rev 5538)
+++ data/CVE/list	2007-03-10 21:14:12 UTC (rev 5539)
@@ -915,7 +915,7 @@
 	NOT-FOR-US: TaskFreak!
 CVE-2007-XXXX [capi_{cmsg,message}2str not thread-safe; vulnerable to buffer overflow]
 	- isdnutils 1:3.9.20060704-3 (bug #408530)
-        [sarge] - isdnutils <no-dsa> (Not exploitable over ISDN network)
+	[sarge] - isdnutils <no-dsa> (Not exploitable over ISDN network)
 	- asterisk-chan-capi 0.7.1-1.1 (bug #411293)
 	- linux-2.6 <unfixed> (bug #411294)
 	NOTE: Not exploitable over ISDN network, only through a CAPI server
@@ -1160,6 +1160,7 @@
 	NOT-FOR-US: TagIt! Tagboard
 CVE-2007-0899 [Possible heap overflow in libclamav/fsg.c]
 	RESERVED
+	{DSA-1263-1}
 	- clamav 0.90-1
 	[etch] - clamav	0.88.7-2
 CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before ...)
@@ -1551,11 +1552,11 @@
 	- graphicsmagick 1.1.7-12
 	- imagemagick 7:6.2.4.5.dfsg1-0.14 (bug #410435)
 CVE-2007-XXXX [Lack of input validation in XInitImage/XGetPixel, exposed by broken XWD file]
-        - xfree86 <removed> (bug #414046; medium)
-        - libx11 2:1.0.3-6 (bug #414045; medium)
+	- xfree86 <removed> (bug #414046; medium)
+	- libx11 2:1.0.3-6 (bug #414045; medium)
 	NOTE: Discovered through CVE-2007-0770.
-        NOTE: With certain mail user agents, this issue is likely exploitable
-        NOTE: without much user interaction.
+	NOTE: With certain mail user agents, this issue is likely exploitable
+	NOTE: without much user interaction.
 CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic ...)
 	NOT-FOR-US: 3proxy
 CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows ...)
@@ -2673,7 +2674,7 @@
 	- phpmyadmin 4:2.9.1.1-2 (medium)
 CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full ...)
 	- phpmyadmin 4:2.9.1.1-2 (unimportant)
-        NOTE: Only path disclosure
+	NOTE: Only path disclosure
 CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin ...)
 	- phpmyadmin 4:2.9.1.1-2 (medium)
 	NOTE: All versions 2.9.1 is vulnerable, solution is 2.9.1.1 or newer.

More information about the Secure-testing-commits mailing list