[Secure-testing-commits] r7329 - data/CVE

stef-guest at alioth.debian.org stef-guest at alioth.debian.org
Fri Nov 16 20:18:19 UTC 2007


Author: stef-guest
Date: 2007-11-16 20:18:19 +0000 (Fri, 16 Nov 2007)
New Revision: 7329

Modified:
   data/CVE/list
Log:
- CVE-2005-4790/1 are affecting debian:
tomboy, blam fixed only in unstable
liferea unfixed
beagle, banshee already fixed in etch
many other packages affected => QA / lintian check is required
- CVE-2007-5925 affects old mysql versions


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-11-16 20:07:32 UTC (rev 7328)
+++ data/CVE/list	2007-11-16 20:18:19 UTC (rev 7329)
@@ -160,6 +160,8 @@
 	NOT-FOR-US: OpenBase
 CVE-2007-5925 (The convert_search_mode_to_innobase function in ha_innodb.cc in the ...)
 	- mysql-dfsg-5.0 5.0.45-3 (medium; bug #451235)
+	- mysql-dfsg-4.1 <removed>
+	- mysql-dfsg <removed>
 CVE-2007-5924 (Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task ...)
 	NOT-FOR-US: IBM Lotus Domino
 CVE-2007-5923 (Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in ...)
@@ -26664,9 +26666,13 @@
 CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows ...)
 	NOT-FOR-US: Apple
 CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 ...)
+	- beagle 0.2.13-1 (low)
+	- banshee 0.11.2+dfsg-1 (low)
 	- liferea <unfixed> (low; bug #451548)
+	- blam 1.8.4-1 (low)
+	TODO: file wishlist bug for lintian check, check all packages
 CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and ...)
-	NOT-FOR-US: SuSE-specific packaging flaws
+	- tomboy 0.8.1-2
 CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
 	- resmgr <not-affected>
 CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)




More information about the Secure-testing-commits mailing list