[Secure-testing-commits] r7443 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Fri Nov 30 15:46:19 UTC 2007
Author: nion
Date: 2007-11-30 15:46:18 +0000 (Fri, 30 Nov 2007)
New Revision: 7443
Modified:
data/CVE/list
Log:
CVE-2007-3387 does not affect ipe
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-11-30 14:59:27 UTC (rev 7442)
+++ data/CVE/list 2007-11-30 15:46:18 UTC (rev 7443)
@@ -1,3 +1,6 @@
+CVE-2007-6171 [sql injection issue in asterisk res_config_pgsql module]
+ - asterisk <unfixed> (medium)
+ NOTE: maintainer is aware of it, preparing upload atm
CVE-2007-6170 [sql injection issue in asterisk cdr_pgsql module]
- asterisk <unfixed> (medium)
NOTE: maintainer is aware of it, preparing upload atm
@@ -7326,7 +7329,7 @@
NOTE: links to poppler since 0.8-4, thus marking as fixed
- libextractor 0.5.12-1
NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
- TODO: check ipe (only small parts, but with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp)
+ - ipe <not-affected> (Does not include the vulnerable code)
CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet ...)
- tomcat5.5 5.5.25-1
NOTE: patch can be found in http://ftp.yz.yamagata-u.ac.jp/pub/linux/centos/5/updates/SRPMS/tomcat5-5.5.23-0jpp.3.0.2.el5.src.rpm
More information about the Secure-testing-commits
mailing list