[Secure-testing-commits] r5575 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Mar 22 23:07:59 CET 2007 

Author: jmm-guest
Date: 2007-03-22 22:07:56 +0000 (Thu, 22 Mar 2007)
New Revision: 5575

Modified:
   data/CVE/list
Log:
webcalendar requested for removal from the archive
rhapsody not in release quality, removal from Etch necessary
mark two issues as nonimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-03-22 20:33:10 UTC (rev 5574)
+++ data/CVE/list	2007-03-22 22:07:56 UTC (rev 5575)
@@ -34,8 +34,10 @@
 	NOT-FOR-US: Fujitsu Interstage Application Server
 CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b ...)
 	- rhapsody <unfixed> (medium)
+	NOTE: Removal from Etch requested
 CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers ...)
 	- rhapsody <unfixed> (medium)
+	NOTE: Removal from Etch requested
 CVE-2007-1501 (Stack-based buffer overflow in Avant Browser 11.0 build 26 allows ...)
 	NOT-FOR-US: Avant Browse
 CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to ...)
@@ -73,7 +75,8 @@
 CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...)
 	TODO: check
 CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar ...)
-	- webcalendar <unfixed> (bug #404297; high)
+	- webcalendar <unfixed> (high)
+	NOTE: Requested removal from the archive
 CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...)
 	NOT-FOR-US: WBBlog
 CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote ...)
@@ -496,7 +499,8 @@
 CVE-2006-7163 (DreameeSoft Password Master 1.0 stores the database in an unencrypted ...)
 	NOT-FOR-US: DreameeSoft Password Master
 CVE-2006-7162 (PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files ...)
-	- putty 0.59-1 (bug #400804; medium)
+	- putty 0.59-1 (bug #400804; unimportant)
+	NOTE: Unsafe default, but not a vulnerability
 CVE-2006-7161 (SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows ...)
 	NOT-FOR-US: Hazir Site
 CVE-2006-7160 (The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly ...)
@@ -542,7 +546,8 @@
 CVE-2006-7140 (The libike library, as used by in.iked, elfsign, and kcfd in Sun ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2006-7139 (Kmail 1.9.1 on KDE 3.5.2, with &quot;Prefer HTML to Plain Text&quot; enabled, ...)
-	- kdepim <unfixed> (low)
+	- kdepim <unfixed> (unimportant)
+	NOTE: Annoying bug, but neglectable "security implications"
 CVE-2006-7138 (SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in ...)
 	NOT-FOR-US: Oracle APEX
 CVE-2006-7137 (Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 ...)

More information about the Secure-testing-commits mailing list