[Secure-testing-commits] r6986 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Tue Oct 16 21:11:28 UTC 2007
Author: jmm-guest
Date: 2007-10-16 21:11:28 +0000 (Tue, 16 Oct 2007)
New Revision: 6986
Modified:
data/CVE/list
Log:
- track madwifi by source package name and record it as non-free
- mplayer and one of the vorbis issues unimportant
- no-dsa for minor ircd issues
- rewrite some issues postponed for stable updates, so that they
don't show up in the mean time, this will be changed once the
next stable update is released. The tracker cannot record two
states, so we need this little hack
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-16 20:43:59 UTC (rev 6985)
+++ data/CVE/list 2007-10-16 21:11:28 UTC (rev 6986)
@@ -21,7 +21,8 @@
CVE-2007-5449 (SQL injection vulnerability in searchresult.php in Softbiz Recipes ...)
NOT-FOR-US: Softbiz Recipes Portal Script
CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial ...)
- - madwifi-source <unfixed> (medium; bug #446824)
+ - madwifi <unfixed> (medium; bug #446824)
+ [etch] - madwidi <no-dsa> (Non-free not supported)
NOTE: this results in a kernel panic
CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP ...)
NOT-FOR-US: ionCube
@@ -1391,8 +1392,8 @@
NOT-FOR-US: Media Player Classic
CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 ...)
{DTSA-65-1}
- - mplayer 1.0~rc1-16.1 (bug #443478; low)
- NOTE: just a NULL pointer dereference.
+ - mplayer 1.0~rc1-16.1 (bug #443478; unimportant)
+ NOTE: just a NULL pointer dereference, not treated as a security problem for this class of applications
CVE-2007-4937 (CS Guestbook stores sensitive information under the web root with ...)
NOT-FOR-US: CS Guestbook
CVE-2007-4936 (Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has ...)
@@ -2595,13 +2596,16 @@
CVE-2007-4412 (Multiple cross-site scripting (XSS) vulnerabilities in Headstart ...)
NOT-FOR-US: Deskpro
CVE-2007-4411 (ircu 2.10.12.05 and earlier allows remote attackers to discover the ...)
- - ircd-ircu 2.10.12.10.dfsg1-1 (bug #439314)
+ - ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
+ [etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4410 (ircu 2.10.12.05 and earlier does not properly synchronize a kick ...)
- - ircd-ircu 2.10.12.10.dfsg1-1 (bug #439314)
+ - ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
+ [etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4409 (Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote ...)
- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4408 (ircu 2.10.12.05 and earlier ignores timestamps in bounces, which ...)
- - ircd-ircu 2.10.12.10.dfsg1-1 (bug #439314)
+ - ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
+ [etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4407 (ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops ...)
- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4406 (ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after ...)
@@ -3358,7 +3362,9 @@
CVE-2007-4066 (Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow ...)
NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 ...)
- NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
+ - libvorbis <unfixed> (unimportant)
+ NOTE: Just an infinite loop in an enduser multimedia libarary, not treated as a vulnerability
+ NOTE: svn revisionions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...)
- drupal 4.7.7-1 (low)
- drupal5 5.2-1 (low)
@@ -3846,7 +3852,8 @@
- linux-2.6 2.6.22-4
CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in ...)
- apache2 2.2.6-1 (bug #441845; low)
- [etch] - apache2 2.2.3-4+etch3 (bug #441845; low)
+ [etch] - apache2 <no-dsa> (Scheduled for next point release)
+ NOTE: [etch] - apache2 2.2.3-4+etch3 (bug #441845; low)
CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used ...)
NOT-FOR-US: TortoiseSVN on Windows
CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x ...)
@@ -5182,10 +5189,9 @@
NOT-FOR-US: Cerulean Studios Trillian
CVE-2007-3304 (Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, ...)
- apache <removed> (low)
- [etch] - apache <unfixed> (low)
- [sarge] - apache <unfixed> (low)
- apache2 2.2.4-2 (low)
- [etch] - apache2 2.2.3-4+etch2
+ [etch] - apache2 <no-dsa> (Scheduled for next point release)
+ NOTE: [etch] - apache2 2.2.3-4+etch2
[sarge] - apache2 2.0.54-5sarge2 (low)
CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...)
- apache2 <unfixed> (unimportant)
@@ -7198,7 +7204,8 @@
CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in ...)
- findutils 4.2.31-1 (low; bug #426862)
[sarge] - findutils <no-dsa> (Not vulnerable in default configuration, minor issue)
- [etch] - findutils 4.2.28-1etch1 (low)
+ [etch] - findutils <no-dsa> (Scheduled for next point release)
+ NOTE: [etch] - findutils 4.2.28-1etch1 (low)
CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES ...)
- linux-2.6 2.6.21-3
[etch] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.20)
@@ -8561,7 +8568,8 @@
- apache2 2.2.4-1 (low)
- apache <unfixed> (low)
[sarge] - apache2 2.0.54-5sarge2
- [etch] - apache2 2.2.3-4+etch2
+ NOTE: [etch] - apache2 2.2.3-4+etch2
+ [etch] - apache2 <no-dsa> (Scheduled for next point release)
NOTE: see http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?view=markup&pathrev=551944
NOTE: see http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/cache/cache_util.c?r1=463503&r2=551944&pathrev=551944
NOTE: vulnerable code in src/modules/proxy/proxy_cache.c starting in line 1132
@@ -16179,7 +16187,8 @@
CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...)
- apache2 2.2.4-2 (low)
[sarge] - apache2 2.0.54-5sarge2
- [etch] - apache2 2.2.3-4+etch2
+ NOTE: [etch] - apache2 2.2.3-4+etch2
+ [etch] - apache2 <no-dsa> (Scheduled for next point release)
- apache <removed> (low)
CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
{DSA-1233}
More information about the Secure-testing-commits
mailing list