[Secure-testing-commits] r5948 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Tue May 29 21:05:43 UTC 2007
Author: jmm-guest
Date: 2007-05-29 21:05:42 +0000 (Tue, 29 May 2007)
New Revision: 5948
Modified:
data/CVE/list
Log:
no-dsa for openssh, zoo, unzoo, gems-installer
browser crash unimportant
mark bogus CVE entry as such
kernel issue doesn't affect etch
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-05-29 19:34:59 UTC (rev 5947)
+++ data/CVE/list 2007-05-29 21:05:42 UTC (rev 5948)
@@ -72,7 +72,9 @@
CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly ...)
NOT-FOR-US: OPeNDAP
CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...)
- TODO: check
+ - openssh <unfixed> (low)
+ [etch] - openssh <no-dsa> (Minor issue)
+ [sarge] - openssh <no-dsa> (Minor issue)
CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) ...)
NOT-FOR-US: OPeNDAP
CVE-2007-2766 (Backup Manager before 0.7.6 provides the MySQL password as a plaintext ...)
@@ -283,7 +285,8 @@
CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 ...)
NOT-FOR-US: PHP Coupon Script
CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of ...)
- TODO: check
+ - iceweasel <unfixed> (unimportant)
+ NOTE: Browser crashes not treated as security problems
CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the ...)
NOT-FOR-US: PHPChain
CVE-2007-2669 (Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 ...)
@@ -319,7 +322,7 @@
CVE-2007-2654 (xfs_fsr in xfsdump creates a temporary directory with insecure ...)
- xfsdump 2.2.45-1 (bug #417894; low)
CVE-2007-2653 (Unspecified vulnerability in Vim (Vi IMproved) before 7.1 has ...)
- TODO: check
+ NOT-FOR-US: This is bogus, the annoucement refers to the recently discovered modelines issues
CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow ...)
NOT-FOR-US: Free-SA
CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow ...)
@@ -745,6 +748,7 @@
CVE-2007-2451 [linux geode-aes security issue]
RESERVED
- linux-2.6 2.6.21-3
+ [etch] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.20)
CVE-2007-2450
RESERVED
CVE-2007-2449
@@ -2520,8 +2524,12 @@
CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in ...)
NOT-FOR-US: LANDesk Management Suite
CVE-2007-1673 (unzoo.c allows remote attackers to cause a denial of service (infinite ...)
+ [sarge] - zoo <no-dsa> (Minor issue)
+ [etch] - zoo <no-dsa> (Minor issue)
- zoo 2.10-19 (bug #424686)
- unzoo <unfixed> (bug #424690)
+ [sarge] - unzoo <no-dsa> (Minor issue)
+ [etch] - unzoo <no-dsa> (Minor issue)
CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a ...)
NOT-FOR-US: avast
CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers ...)
@@ -5821,6 +5829,7 @@
NOT-FOR-US: Sun Solaris
CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 ...)
- libgems-ruby 0.9.3-1 (low; bug #408299)
+ [etch] - libgems-ruby <no-dsa> (Minor issue, needs implicit trust on installed data)
CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ ...)
NOT-FOR-US: Visual C++
CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin ...)
More information about the Secure-testing-commits
mailing list