[Secure-testing-commits] r7313 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu Nov 15 22:21:36 UTC 2007


Author: jmm-guest
Date: 2007-11-15 22:21:35 +0000 (Thu, 15 Nov 2007)
New Revision: 7313

Modified:
   data/CVE/list
Log:
one of the tk issues is a regression to an incorrect security fix,
  the other one is pending
fix ezpublish entry


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-11-15 21:40:20 UTC (rev 7312)
+++ data/CVE/list	2007-11-15 22:21:35 UTC (rev 7313)
@@ -2848,7 +2848,9 @@
 	NOT-FOR-US: lustig.cms
 CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl ...)
 	- tk8.4 8.4.16-1
-	- tk8.3 8.3.5-9 (medium; bug #445303)
+	[etch] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13)
+	[sarge] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13)
+	- tk8.3 <not-affected> (Vulnerability was introduced in 8.4.13)
 CVE-2007-5136 (Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier ...)
 	NOT-FOR-US: DFD Cart
 CVE-2007-5134 (Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP ...)
@@ -6602,9 +6604,9 @@
 CVE-2005-4858 (Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in ...)
 	NOT-FOR-US: mimicboard2
 CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and ...)
-	- ezpublish <not-affected> (Debian's version is too old)
+	- ezpublish <removed>
 CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, ...)
-	- ezpublish <not-affected> (Debian's version is too old)
+	- ezpublish <removed>
 CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...)
 	- ezpublish <removed> (bug #424790)
 CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder's ...)




More information about the Secure-testing-commits mailing list