[Secure-testing-commits] r6825 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sat Oct 6 09:48:04 UTC 2007


Author: jmm-guest
Date: 2007-10-06 09:48:03 +0000 (Sat, 06 Oct 2007)
New Revision: 6825

Modified:
   data/CVE/list
Log:
mark dupe
no-dsa for yate


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-06 06:18:34 UTC (rev 6824)
+++ data/CVE/list	2007-10-06 09:48:03 UTC (rev 6825)
@@ -566,11 +566,7 @@
 CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly validate ...)
 	NOT-FOR-US: Online Armor Personal Firewall
 CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in GForge ...)
-	{DTSA-57-1}
-	- gforge 4.6.99+svn6086-1
-	NOTE: duplicate of CVE-2007-3913 according to Roland Mas
-	NOTE: Look at the fix for it: http://gforge.org/scm/viewvc.php/trunk/gforge/www/people/editprofile.php?root=gforge&r1=5995&r2=6083
-	NOTE: This is already a fix for an SQL injection via skill_delete
+	NOTE: Duplicate of CVE-2007-3913
 CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1 and ...)
 	- python2.5 <unfixed> (low; bug #443333)
 	- python2.4 <unfixed> (low; bug #443335)
@@ -850,10 +846,8 @@
 	NOTE: this vulnerability is unspecified
 	NOTE: likely affects only windows and Mac OS
 CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...)
-	- libc6 <unfixed> (low; bug #442247)
-	NOTE: was originally reported as a php vulnerability, but is actually
-	NOTE: a problem with the libc iconv_* functions, which allocate copies
-	NOTE: of strings on the stack without first checking the size.
+	- php5 <unfixed> (unimportant) 
+	NOTE: Only triggerable by malicious script
 CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier ...)
@@ -8220,6 +8214,7 @@
 	RESERVED
 CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate) before ...)
 	- yate 1.2.0-1.dfsg-1 (low; bug #421994)
+	[etch] - yate <no-dsa> (Minor issue, fringe application)
 CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy ...)
 	NOT-FOR-US: Microsoft
 CVE-2007-1691 (Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX ...)




More information about the Secure-testing-commits mailing list