[Secure-testing-commits] r7315 - data/CVE

white at alioth.debian.org white at alioth.debian.org
Fri Nov 16 04:00:44 UTC 2007 

Author: white
Date: 2007-11-16 04:00:43 +0000 (Fri, 16 Nov 2007)
New Revision: 7315

Modified:
   data/CVE/list
Log:
NFUs; old pcre3 issues fixed in testing and stable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-11-16 03:46:22 UTC (rev 7314)
+++ data/CVE/list	2007-11-16 04:00:43 UTC (rev 7315)
@@ -19,19 +19,19 @@
 CVE-2007-5980 (Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog ...)
 	NOT-FOR-US: eggblog
 CVE-2007-5979 (Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 ...)
-	TODO: check
+	NOT-FOR-US: F5 Firepass
 CVE-2007-5978 (SQL injection vulnerability in brokenlink.php in the mylinks module ...)
-	TODO: check
+	NOT-FOR-US: XOOPS
 CVE-2007-5977 (Cross-site scripting (XSS) vulnerability in db_create.php in ...)
 	TODO: check
 CVE-2007-5976 (SQL injection vulnerability in db_create.php in phpMyAdmin before ...)
 	TODO: check
 CVE-2007-5975 (SQL injection vulnerability in index.php in TBSource, as used in (1) ...)
-	TODO: check
+	NOT-FOR-US: TBSource
 CVE-2007-5974 (SQL injection vulnerability in mailer.php in JPortal 2 allows remote ...)
-	TODO: check
+	NOT-FOR-US: JPortal
 CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and ...)
-	TODO: check
+	NOT-FOR-US: JPortal
 CVE-2007-5972
 	RESERVED
 CVE-2007-5971
@@ -65,11 +65,17 @@
 CVE-2006-7229 (The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly ...)
 	TODO: check
 CVE-2006-7228 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...)
-	TODO: check
+	- pcre3 6.2-1
+	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
+	NOTE: oldstable might still be affected
 CVE-2006-7227 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...)
-	TODO: check
+	- pcre3 6.2-1
+	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
+	NOTE: oldstable might still be affected
 CVE-2005-4872 (Perl-Compatible Regular Expression (PCRE) library before 6.2 does not ...)
-	TODO: check
+	- pcre3 6.2-1
+	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
+	NOTE: oldstable might still be affected
 CVE-2007-5957 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) ...)
 	NOT-FOR-US: IBM Informix Dynamic Server
 CVE-2007-5956 (Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) ...)

More information about the Secure-testing-commits mailing list