[Secure-testing-commits] r7270 - data/CVE

Sat Nov 10 21:14:08 UTC 2007

Author: joeyh
Date: 2007-11-10 21:14:08 +0000 (Sat, 10 Nov 2007)
New Revision: 7270

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2007-11-10 19:52:10 UTC (rev 7269)
+++ data/CVE/list	2007-11-10 21:14:08 UTC (rev 7270)
@@ -242,6 +242,7 @@
 CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows local ...)
 	- ircii-pana <unfixed> (low; bug #449149)
 CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when ...)
+	{DTSA-79-1}
 	- emacs22 22.1+1-2.1 (medium; bug #449008)
 	NOTE: Emacs 21 is not affected
 CVE-2007-5793 (Stonesoft StoneGate IPS before 4.0 does not properly decode ...)
@@ -347,6 +348,7 @@
 CVE-2007-5742
 	RESERVED
 CVE-2007-5741 (Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers ...)
+	{DSA-1405-1}
 	- zope-cmfplone 2.5.2-2 (bug #449523)
 	[sarge] - zope-cmfplone <not-affected> (Upstream confirms that 2.0 branch is not vulnerable)
 	NOTE: Fix available:
@@ -2693,7 +2695,7 @@
 CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in FrontAccounting ...)
 	NOT-FOR-US: FrontAccounting
 CVE-2007-5116 (Buffer overflow in the polymorphic opcode support in the Regular ...)
-	{DSA-1400-1}
+	{DSA-1400-1 DTSA-78-1}
 	- perl <unfixed> (medium; bug #450794)
 	NOTE: http://public.activestate.com/cgi-bin/perlbrowse/30647
 CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 ...)
@@ -5877,25 +5879,25 @@
 	{DSA-1378-2 DSA-1378-1}
 	- linux-2.6 <unfixed>
 CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 ...)
-	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
 	- iceape 1.1.3-1 (medium)
 	- xulrunner 1.8.1.5-1 (medium)
 	- iceweasel 2.0.0.5-1 (medium)
 	NOTE: MFSA2007-25
 CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute ...)
-	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
 	- iceape 1.1.3-1 (high)
 	- xulrunner 1.8.1.5-1 (high)
 	- iceweasel 2.0.0.5-1 (high)
 	NOTE: MFSA2007-21
 CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
-	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
 	- iceweasel 2.0.0.5-1 (high)
 	- iceape 1.1.3-1 (high)
 	- xulrunner 1.8.1.5-1 (high)
 	NOTE: MFSA2007-19
 CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
-	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
+	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1 DTSA-80-1}
 	- iceweasel 2.0.0.5-1 (high)
 	- icedove <unfixed> (low)
 	NOTE: Affects only broken setups, enabling js in Icedove is strongly not recommended
@@ -5903,7 +5905,7 @@
 	- xulrunner 1.8.1.5-1 (high)
 	NOTE: MFSA2007-18
 CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
+	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1 DTSA-80-1}
 	- iceweasel 2.0.0.5-1 (high)
 	- icedove 2.0.0.6-1 (high; bug #444010)
 	- iceape 1.1.3-1 (high)
@@ -6084,7 +6086,7 @@
 CVE-2007-3657 (** DISPUTED ** ...)
 	NOTE: Disputed Firefox issue, browser crashes not treated as security problems anyway
 CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not ...)
-	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
 	- iceweasel 2.0.0.5-1 (high)
 	- iceape 1.1.3-1 (high)
 	- xulrunner 1.8.1.5-1 (high)
@@ -7001,6 +7003,7 @@
 CVE-2007-3286 (Multiple buffer overflows in unspecified ActiveX controls in COM ...)
 	NOT-FOR-US: Avaya IP Softphone
 CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote ...)
+	{DTSA-80-1}
 	- iceweasel <not-affected> (Affects only Firefox in Windows)
 	NOTE: MFSA2007-22
 CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows ...)
@@ -7496,7 +7499,7 @@
 	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
 	- xulrunner <unfixed> (medium)
 CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write ...)
-	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
 	- iceweasel 2.0.0.5-1 (low; bug #427691)
 	- iceape 1.1.3-1 (low)
 	- xulrunner 1.8.1.5-1 (low)
@@ -11300,8 +11303,10 @@
 	- php4 <unfixed> (unimportant)
 	NOTE: Can only be triggered by malicious script
 CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in Horde ...)
+	{DSA-1406-1}
 	- horde3 3.1.3-4 (medium)
 CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in ...)
+	{DSA-1406-1}
 	- horde3 3.1.4-1 (low; bug #434045)
 CVE-2007-1472 (Variable overwrite vulnerability in groupit/base/groupit.start.inc in ...)
 	NOT-FOR-US: Groupit
@@ -21303,6 +21308,7 @@
 CVE-2006-4257 (IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote ...)
 	NOT-FOR-US: IBM DB2
 CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows remote ...)
+	{DSA-1406-1}
 	- horde3 3.1.3-1 (low; bug #383416)
 CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php in ...)
 	- imp4 4.1.3-1 (low; bug #383416)
@@ -22974,8 +22980,10 @@
 CVE-2006-3550 (Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks ...)
 	NOT-FOR-US: F5 Netowrks FirePass
 CVE-2006-3549 (services/go.php in Horde Application Framework 3.0.0 through 3.0.10 ...)
+	{DSA-1406-1}
 	- horde3 3.1.2-1 (bug #378281; low)
 CVE-2006-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
+	{DSA-1406-1}
 	- horde3 3.1.2-1 (bug #378281; low)
 CVE-2006-3547 (** DISPUTED ** ...)
 	NOT-FOR-US: EMC VMware Player


