[Secure-testing-commits] r7313 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Thu Nov 15 22:21:36 UTC 2007
Author: jmm-guest
Date: 2007-11-15 22:21:35 +0000 (Thu, 15 Nov 2007)
New Revision: 7313
Modified:
data/CVE/list
Log:
one of the tk issues is a regression to an incorrect security fix,
the other one is pending
fix ezpublish entry
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-11-15 21:40:20 UTC (rev 7312)
+++ data/CVE/list 2007-11-15 22:21:35 UTC (rev 7313)
@@ -2848,7 +2848,9 @@
NOT-FOR-US: lustig.cms
CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl ...)
- tk8.4 8.4.16-1
- - tk8.3 8.3.5-9 (medium; bug #445303)
+ [etch] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13)
+ [sarge] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13)
+ - tk8.3 <not-affected> (Vulnerability was introduced in 8.4.13)
CVE-2007-5136 (Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier ...)
NOT-FOR-US: DFD Cart
CVE-2007-5134 (Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP ...)
@@ -6602,9 +6604,9 @@
CVE-2005-4858 (Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in ...)
NOT-FOR-US: mimicboard2
CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and ...)
- - ezpublish <not-affected> (Debian's version is too old)
+ - ezpublish <removed>
CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, ...)
- - ezpublish <not-affected> (Debian's version is too old)
+ - ezpublish <removed>
CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...)
- ezpublish <removed> (bug #424790)
CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder's ...)
More information about the Secure-testing-commits
mailing list