[Secure-testing-commits] r5948 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Tue May 29 21:05:43 UTC 2007


Author: jmm-guest
Date: 2007-05-29 21:05:42 +0000 (Tue, 29 May 2007)
New Revision: 5948

Modified:
   data/CVE/list
Log:
no-dsa for openssh, zoo, unzoo, gems-installer
browser crash unimportant
mark bogus CVE entry as such
kernel issue doesn't affect etch


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-05-29 19:34:59 UTC (rev 5947)
+++ data/CVE/list	2007-05-29 21:05:42 UTC (rev 5948)
@@ -72,7 +72,9 @@
 CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly ...)
 	NOT-FOR-US: OPeNDAP
 CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...)
-	TODO: check
+	- openssh <unfixed> (low)
+	[etch] - openssh <no-dsa> (Minor issue)
+	[sarge] - openssh <no-dsa> (Minor issue)
 CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) ...)
 	NOT-FOR-US: OPeNDAP
 CVE-2007-2766 (Backup Manager before 0.7.6 provides the MySQL password as a plaintext ...)
@@ -283,7 +285,8 @@
 CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 ...)
 	NOT-FOR-US: PHP Coupon Script
 CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of ...)
-	TODO: check
+	- iceweasel <unfixed> (unimportant)
+	NOTE: Browser crashes not treated as security problems
 CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the ...)
 	NOT-FOR-US: PHPChain
 CVE-2007-2669 (Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 ...)
@@ -319,7 +322,7 @@
 CVE-2007-2654 (xfs_fsr in xfsdump creates a temporary directory with insecure ...)
 	- xfsdump 2.2.45-1 (bug #417894; low)
 CVE-2007-2653 (Unspecified vulnerability in Vim (Vi IMproved) before 7.1 has ...)
-	TODO: check
+	NOT-FOR-US: This is bogus, the annoucement refers to the recently discovered modelines issues	
 CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow ...)
 	NOT-FOR-US: Free-SA
 CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow ...)
@@ -745,6 +748,7 @@
 CVE-2007-2451 [linux geode-aes security issue]
 	RESERVED
 	- linux-2.6 2.6.21-3
+	[etch] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.20)
 CVE-2007-2450
 	RESERVED
 CVE-2007-2449
@@ -2520,8 +2524,12 @@
 CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in ...)
 	NOT-FOR-US: LANDesk Management Suite
 CVE-2007-1673 (unzoo.c allows remote attackers to cause a denial of service (infinite ...)
+	[sarge] - zoo <no-dsa> (Minor issue)
+	[etch] - zoo <no-dsa> (Minor issue)
 	- zoo 2.10-19 (bug #424686)
 	- unzoo <unfixed> (bug #424690)
+	[sarge] - unzoo <no-dsa> (Minor issue)
+	[etch] - unzoo <no-dsa> (Minor issue)
 CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a ...)
 	NOT-FOR-US: avast
 CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers ...)
@@ -5821,6 +5829,7 @@
 	NOT-FOR-US: Sun Solaris
 CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 ...)
 	- libgems-ruby 0.9.3-1 (low; bug #408299)
+	[etch] - libgems-ruby <no-dsa> (Minor issue, needs implicit trust on installed data)
 CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ ...)
 	NOT-FOR-US: Visual C++
 CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin ...)




More information about the Secure-testing-commits mailing list