[Secure-testing-commits] r6774 - in data: CVE DSA

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Wed Oct 3 10:17:04 UTC 2007 

Author: jmm-guest
Date: 2007-10-03 10:17:04 +0000 (Wed, 03 Oct 2007)
New Revision: 6774

Modified:
   data/CVE/list
   data/DSA/list
Log:
correct version number in OO2 DSA
fix severity of openssl
new kernel issue not affecting debian
CVE-2007-3379 never affected debian


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-03 09:14:07 UTC (rev 6773)
+++ data/CVE/list	2007-10-03 10:17:04 UTC (rev 6774)
@@ -112,8 +112,7 @@
 	NOT-FOR-US: Php-Nuke
 CVE-2007-5135 (Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL ...)
 	{DSA-1379-1}
-	- openssl 0.9.8e-9 (high; bug #444435)
-	NOTE: see https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/146269
+	- openssl 0.9.8e-9 (low; bug #444435)
 CVE-2007-5115 (Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre ...)
 	NOT-FOR-US: Ekke Doerre Contenido
 CVE-2007-5114 (** DISPUTED ** ...)
@@ -2950,8 +2949,9 @@
 CVE-2007-3851 (The drm/i915 component in the Linux kernel before 2.6.22.2, when used ...)
 	{DSA-1356-1}
 	- linux-2.6 2.6.22-4
-CVE-2007-3850
+CVE-2007-3850 [Kernel ppc64 DoS]
 	RESERVED
+	- linux-2.6 <not-affected> (Debian's kernel doesn't enable CONFIG_PPC_64K_PAGES)
 CVE-2007-3849 (Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced ...)
 	NOT-FOR-US: RedHat Advanced Intrusion Detection Environment
 CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send ...)
@@ -4094,7 +4094,7 @@
 	- linux-2.6 2.6.23-1
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2007-3379 (Unspecified vulnerability in the kernel in Red Hat Enterprise Linux ...)
-	- linux-2.6 2.6.12-1
+	- linux-2.6 <not-affected> (Red Hat-specific vulnerability)
 CVE-2007-3378 (The (1) session_save_path, (2) ini_set, and (3) error_log functions in ...)
 	- php4 <unfixed> (unimportant)
 	- php5 <unfixed> (unimportant)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2007-10-03 09:14:07 UTC (rev 6773)
+++ data/DSA/list	2007-10-03 10:17:04 UTC (rev 6774)
@@ -25,9 +25,6 @@
 [21 Sep 2007] DSA-1377-2 fetchmail - null pointer dereference
 	{CVE-2007-4565}
 	[etch] - fetchmail 6.3.6-1etch1
-[21 Sep 2007] DSA-1377-1 fetchmail - null pointer reference
-	{CVE-2007-4565}
-	[etch] - fetchmail 6.3.6-1etch1
 [21 Sep 2007] DSA-1376-1 kdebase - programming error
 	{CVE-2007-4569}
 	[etch] - kdebase 4:3.5.5a.dfsg.1-6etch1
@@ -36,7 +33,7 @@
 	[etch] - vim 7.0-122+1etch3
 [17 Sep 2007] DSA-1375-1 openoffice.org - buffer overflow
 	{CVE-2007-2834}
-	[etch] - openoffice.org 2.0.4.dfsg.2-7etch2.
+	[etch] - openoffice.org 2.0.4.dfsg.2-7etch2
 [11 Sep 2007] DSA-1373-1 ktorrent - directory traversal vulnerabilities
 	{CVE-2007-1799}
 	[etch] - ktorrent 2.0.3+dfsg1-2etch1

More information about the Secure-testing-commits mailing list