[Secure-testing-commits] r5940 - data/CVE

stef-guest at alioth.debian.org stef-guest at alioth.debian.org
Mon May 28 14:15:12 UTC 2007 

Author: stef-guest
Date: 2007-05-28 14:15:11 +0000 (Mon, 28 May 2007)
New Revision: 5940

Modified:
   data/CVE/list
Log:
fixed: libgems-ruby xulrunner pulseaudio linux-2.6
one asterisk issue is only in sid


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-05-26 12:11:31 UTC (rev 5939)
+++ data/CVE/list	2007-05-28 14:15:11 UTC (rev 5940)
@@ -739,8 +739,9 @@
 	RESERVED
 CVE-2007-2452
 	RESERVED
-CVE-2007-2451
+CVE-2007-2451 [linux geode-aes security issue]
 	RESERVED
+	- linux-2.6 2.6.21-3
 CVE-2007-2450
 	RESERVED
 CVE-2007-2449
@@ -1111,6 +1112,9 @@
 	- asterisk 1:1.4.3~dfsg-1 (low)
 CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp function in ...)
 	- asterisk 1:1.4.3~dfsg-1 (high)
+	[sarge] - asterisk <not-affected> (vulnerable code not present)
+	[etch] - asterisk <not-affected> (vulnerable code not present)
+	NOTE: only in 1.4.x
 CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for ...)
 	- iceweasel (low)
 	- firefox <removed> (low)
@@ -2196,7 +2200,7 @@
 CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and ...)
 	NOT-FOR-US: debaser module for Xoops
 CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service ...)
-	- pulseaudio <unfixed> (medium)
+	- pulseaudio 0.9.6-1 (medium)
 CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote ...)
 	NOT-FOR-US: MailDwarf
 CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...)
@@ -3975,7 +3979,7 @@
 CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI ...)
 	- iceweasel <unfixed> (medium)
 	- iceape <unfixed> (medium)
-	- xulrunner <unfixed> (bug #415919; bug #415944; bug #415945; medium)
+	- xulrunner 1.8.1.4-1 (bug #415919; bug #415944; bug #415945; medium)
 	NOTE: according to a blog comment at http://www.gnucitizen.org/projects/hscan-redux/,
 	NOTE: older mozillas are not vulnerable
 	TODO: this should be checked
@@ -5813,7 +5817,7 @@
 CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 ...)
-	- libgems-ruby <unfixed> (low; bug #408299)
+	- libgems-ruby 0.9.3-1 (low; bug #408299)
 CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ ...)
 	NOT-FOR-US: Visual C++
 CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin ...)

More information about the Secure-testing-commits mailing list