[Secure-testing-commits] r6920 - in data: CVE DSA

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Fri Oct 12 20:18:30 UTC 2007 

Author: jmm-guest
Date: 2007-10-12 20:18:30 +0000 (Fri, 12 Oct 2007)
New Revision: 6920

Modified:
   data/CVE/list
   data/DSA/list
Log:
sql-ledger not an issue
add more fixed source packages to openssl DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-12 19:27:31 UTC (rev 6919)
+++ data/CVE/list	2007-10-12 20:18:30 UTC (rev 6920)
@@ -5,7 +5,9 @@
 CVE-2007-5373 (ldapscripts 1.4 and 1.7 sends a password as a command line argument ...)
 	- ldapscripts <unfixed> (bug #445582; medium)
 CVE-2007-5372 (Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...)
-	- sql-ledger <unfixed> (low; bug #446366)
+	- sql-ledger <unfixed> (unimportant; bug #409703)
+	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
+	NOTE: authenticated HTTP zone and without untrusted users
 CVE-2007-5371 (Multiple SQL injection vulnerabilities in mutate_content.dynamic.php ...)
 	NOT-FOR-US: MODx
 CVE-2007-5370 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -19,7 +21,7 @@
 CVE-2007-5366 (The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application ...)
 	NOT-FOR-US: Fujitsu Interstage Application Server
 CVE-2007-5365 (Stack-based buffer overflow in the cons_options function in options.c ...)
-	- dhcp <unfixed> (high; bug #446354)
+	- dhcp <unfixed> (medium; bug #446354)
 	TODO: check for code duplication
 CVE-2007-5364 (** DISPUTED ** ...)
 	NOT-FOR-US: ViArt Shopping Cart

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2007-10-12 19:27:31 UTC (rev 6919)
+++ data/DSA/list	2007-10-12 20:18:30 UTC (rev 6920)
@@ -22,7 +22,9 @@
 [02 Oct 2007] DSA-1379-1 openssl - arbitrary code execution
 	{CVE-2007-5135}
 	[sarge] - openssl 0.9.7e-3sarge5
+	[sarge] - openssl096 0.9.6m-1sarge5
 	[etch] - openssl 0.9.8c-4etch1
+	[etch] - openssl097 0.9.7k-3.1etch1
 [02 Oct 2007] DSA-1365-3 id3lib3.8.3 - denial of service
 	{CVE-2007-4460}
 	[sarge] - id3lib3.8.3 3.8.3-4.1sarge1

More information about the Secure-testing-commits mailing list