[Secure-testing-commits] r5575 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Thu Mar 22 23:07:59 CET 2007
Author: jmm-guest
Date: 2007-03-22 22:07:56 +0000 (Thu, 22 Mar 2007)
New Revision: 5575
Modified:
data/CVE/list
Log:
webcalendar requested for removal from the archive
rhapsody not in release quality, removal from Etch necessary
mark two issues as nonimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-03-22 20:33:10 UTC (rev 5574)
+++ data/CVE/list 2007-03-22 22:07:56 UTC (rev 5575)
@@ -34,8 +34,10 @@
NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b ...)
- rhapsody <unfixed> (medium)
+ NOTE: Removal from Etch requested
CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers ...)
- rhapsody <unfixed> (medium)
+ NOTE: Removal from Etch requested
CVE-2007-1501 (Stack-based buffer overflow in Avant Browser 11.0 build 26 allows ...)
NOT-FOR-US: Avant Browse
CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to ...)
@@ -73,7 +75,8 @@
CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...)
TODO: check
CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar ...)
- - webcalendar <unfixed> (bug #404297; high)
+ - webcalendar <unfixed> (high)
+ NOTE: Requested removal from the archive
CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...)
NOT-FOR-US: WBBlog
CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote ...)
@@ -496,7 +499,8 @@
CVE-2006-7163 (DreameeSoft Password Master 1.0 stores the database in an unencrypted ...)
NOT-FOR-US: DreameeSoft Password Master
CVE-2006-7162 (PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files ...)
- - putty 0.59-1 (bug #400804; medium)
+ - putty 0.59-1 (bug #400804; unimportant)
+ NOTE: Unsafe default, but not a vulnerability
CVE-2006-7161 (SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows ...)
NOT-FOR-US: Hazir Site
CVE-2006-7160 (The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly ...)
@@ -542,7 +546,8 @@
CVE-2006-7140 (The libike library, as used by in.iked, elfsign, and kcfd in Sun ...)
NOT-FOR-US: Sun Solaris
CVE-2006-7139 (Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, ...)
- - kdepim <unfixed> (low)
+ - kdepim <unfixed> (unimportant)
+ NOTE: Annoying bug, but neglectable "security implications"
CVE-2006-7138 (SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in ...)
NOT-FOR-US: Oracle APEX
CVE-2006-7137 (Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 ...)
More information about the Secure-testing-commits
mailing list