[Secure-testing-commits] r7213 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Sun Nov 4 17:32:29 UTC 2007
Author: jmm-guest
Date: 2007-11-04 17:32:29 +0000 (Sun, 04 Nov 2007)
New Revision: 7213
Modified:
data/CVE/list
Log:
vobcopy no-dsa
browser crashes not security-relevant
contrib and non-free as usual
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-11-04 17:30:38 UTC (rev 7212)
+++ data/CVE/list 2007-11-04 17:32:29 UTC (rev 7213)
@@ -304,6 +304,7 @@
NOT-FOR-US: Sony SonicStage CONNECT Player
CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary file, ...)
- vobcopy <unfixed> (low; bug #448319)
+ [etch] - vobcopy <no-dsa> (Minor issue)
CVE-2007-5706 (Absolute path traversal vulnerability in download.php in Jeebles ...)
NOT-FOR-US: Jeebles
CVE-2007-5705 (Unspecified vulnerability in the Settings component in the ...)
@@ -336,8 +337,8 @@
CVE-2007-5692 (Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 ...)
- sitebar <unfixed> (low; bug #448689)
CVE-2007-5691 (ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers ...)
- - iceweasel 2.0.0.8-1 (low)
- TODO: check other ice-*
+ - iceweasel 2.0.0.8-1 (unimportant)
+ NOTE: Browser crashes not treated as security problems
CVE-2007-5690 (Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might ...)
- zaptel <unfixed> (unimportant; bug #448763)
NOTE: zaptel does copy argv[1] into ifr_name but zaptel is not suid root or something
@@ -345,6 +346,7 @@
CVE-2007-5689 (The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) ...)
- sun-java6 6-03-1 (medium)
- sun-java5 1.5.0-13-1 (medium)
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2007-5688 (Multiple SQL injection vulnerabilities in directory.php in the ...)
NOT-FOR-US: Multi Host Forum Pro
CVE-2007-5687 (Multiple buffer overflows in the rich text processing functionality in ...)
@@ -1910,7 +1912,8 @@
NOT-FOR-US: Opera
CVE-2007-5275 (The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause ...)
- flashplugin-nonfree <unfixed> (bug #449110)
- NOTE: no upstream fix yet
+ [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
+ [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and ...)
- sun-java6 6-03-1 (low)
- sun-java5 1.5.0-13-1 (low)
More information about the Secure-testing-commits
mailing list