[Secure-testing-commits] r7079 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Tue Oct 23 20:38:33 UTC 2007
Author: jmm-guest
Date: 2007-10-23 20:38:33 +0000 (Tue, 23 Oct 2007)
New Revision: 7079
Modified:
data/CVE/list
Log:
- new kernel issue
- asterisk voicemail overflow only not in sarge/etch
- mozilla cleanup for sarge
- pam fixed in point update
- correct older entries; don't use not-affected if a fixed version is available
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-23 15:42:27 UTC (rev 7078)
+++ data/CVE/list 2007-10-23 20:38:33 UTC (rev 7079)
@@ -358,7 +358,7 @@
CVE-2002-2268 (Buffer overflow in Webster HTTP Server allows remote attackers to ...)
NOT-FOR-US: Webster HTTP Server
CVE-2002-2267 (bogopass in bogofilter 0.9.0.4 allows local users to overwrite ...)
- - bogofilter <not-affected> (debian versions are all fixed)
+ - bogofilter 0.9.0.5
CVE-2002-2266 (NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or ...)
NOT-FOR-US: NetScreen
CVE-2002-2265 (Unspecified vulnerability in LDAP Module in System Authentication of Open ...)
@@ -370,7 +370,7 @@
CVE-2002-2262 (Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows ...)
NOT-FOR-US: HP-UX xntpd
CVE-2002-2261 (Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass ...)
- - sendmail <not-affected> (debian versions are all fixed)
+ - sendmail 8.12.7
CVE-2002-2260 (Cross-site scripting (XSS) vulnerability in the quips feature in ...)
{DSA-218}
- bugzilla 2.14.2-1
@@ -898,6 +898,8 @@
RESERVED
CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in Asterisk ...)
- asterisk 1:1.4.13~dfsg-1 (medium)
+ [sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
+ [etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
CVE-2007-5357
RESERVED
CVE-2007-5356
@@ -1847,8 +1849,9 @@
RESERVED
CVE-2007-4998
RESERVED
-CVE-2007-4997
+CVE-2007-4997 [kernel ieee80211 DoS]
RESERVED
+ - linux-2.6 <unfixed>
CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge ...)
- pidgin 2.2.1-1 (medium)
NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0
@@ -2119,8 +2122,6 @@
CVE-2007-4879 (Mozilla Firefox 2.0.x can automatically install TLS client ...)
- iceweasel <unfixed> (low; bug #444803)
- iceape <unfixed> (low; bug #444805)
- - mozilla-firefox <removed>
- - mozilla <removed>
CVE-2007-4878
RESERVED
CVE-2007-4877
@@ -2204,10 +2205,6 @@
{DTSA-69-1}
- iceweasel 2.0.0.8-1
- iceape <unfixed>
- - mozilla-firefox <removed>
- - mozilla <removed>
- NOTE: this vulnerability is unspecified
- NOTE: likely affects only windows and Mac OS
CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...)
- php5 <unfixed> (unimportant)
NOTE: Only triggerable by malicious script
@@ -6813,23 +6810,20 @@
NOTE: MFSA2007-17
- iceweasel 2.0.0.4-1 (low)
- iceape 1.1.2-1 (low)
- - firefox <removed> (low)
- - mozilla <removed> (low)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
- xulrunner 1.8.1.4-1 (low)
CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
NOTE: MFSA2007-16
- iceweasel 2.0.0.4-1 (medium)
- iceape 1.1.2-1 (medium)
- - firefox <removed> (medium)
- - mozilla <removed> (medium)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
- xulrunner 1.8.1.4-1 (medium)
CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before ...)
{DSA-1308-1 DSA-1306-1 DTSA-45-1 DTSA-51-1}
NOTE: MFSA2007-13
- iceweasel 2.0.0.4-1 (unimportant)
- iceape 1.1.2-1 (unimportant)
- - firefox <removed> (unimportant)
- mozilla <removed> (unimportant)
- xulrunner 1.8.1.4-1 (unimportant)
CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox ...)
@@ -6837,23 +6831,19 @@
NOTE: MFSA2007-12
- iceweasel 2.0.0.4-1 (high)
- iceape 1.1.2-1 (high)
- - firefox <removed> (high)
- - mozilla <removed> (high)
- - thunderbird <removed> (low)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
- icedove 2.0.0.4-1 (low)
- xulrunner 1.8.1.4-1 (high)
- [sarge] - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla Firefox ...)
{DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1}
NOTE: MFSA2007-12
- iceweasel 2.0.0.4-1 (high)
- iceape 1.1.2-1 (high)
- - firefox <removed> (high)
- - mozilla <removed> (high)
- - thunderbird <removed> (low)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
- icedove 2.0.0.4-1 (low)
- xulrunner 1.8.1.4-1 (high)
- [sarge] - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-2866 (Multiple SQL injection vulnerabilities in ...)
NOT-FOR-US: PHPEcho CMS
CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin ...)
@@ -11630,9 +11620,8 @@
- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
- xulrunner 1.8.0.10-1 (high)
- iceape 1.0.8-1 (high)
- - mozilla-firefox <removed> (high)
- - mozilla <removed> (high)
- - firefox <removed> (high)
+ [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged for ...)
NOT-FOR-US: HP Serviceguard
CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before ...)
@@ -12209,7 +12198,7 @@
- iceape 1.0.8-1 (low)
- xulrunner 1.8.0.10-1 (low)
[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
- [sarge] - mozilla <unfixed> (low)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x ...)
NOTE: MFSA-2007-01
- iceweasel 2.0.0.2+dfsg-1 (high)
@@ -12217,8 +12206,8 @@
- icedove 1.5.0.10.dfsg1-1 (low)
- xulrunner 1.8.0.10-1 (high)
[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
- [sarge] - mozilla-thunderbird <unfixed> (low)
- [sarge] - mozilla <unfixed> (high)
+ [sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in Mozilla ...)
NOTE: MFSA-2007-01
- iceweasel 2.0.0.2+dfsg-1 (high)
@@ -14696,21 +14685,19 @@
NOTE: MFSA-2007-06
- iceweasel 2.0.0.2+dfsg-1 (low)
- iceape 1.0.8-1 (low)
- - xulrunner 1.8.0.10-1 (high)
+ - xulrunner 1.8.0.10-1 (low)
- icedove 1.5.0.10.dfsg1-1
[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
- [sarge] - mozilla <unfixed> (high)
- - firefox <removed> (high)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security ...)
{DSA-1336-1}
NOTE: MFSA-2007-06
- iceweasel 2.0.0.2+dfsg-1 (low)
- iceape 1.0.8-1 (low)
- - xulrunner 1.8.0.10-1 (high)
+ - xulrunner 1.8.0.10-1 (low)
- icedove 1.5.0.10.dfsg1-1
[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
- [sarge] - mozilla <unfixed> (high)
- - firefox <removed> (high)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite arbitrary ...)
- gnucash 2.0.5-1 (bug #411942; medium)
CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...)
@@ -16074,7 +16061,7 @@
- iceweasel 2.0.0.2+dfsg-1 (high; bug #409220)
- iceape 1.0.8-1 (high)
[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
- [sarge] - mozilla <unfixed> (high)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
- xulrunner 1.8.0.10-1 (medium)
NOTE: Epiphany affected by xulrunner
CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly ...)
@@ -23229,9 +23216,7 @@
- mediawiki <not-affected> (Affects only 1.6.0-1.6.6)
CVE-2006-2894 (Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, ...)
{DSA-1392-1 DTSA-69-1}
- - iceweasel 2.0.0.8-1
- NOTE: There are very few scenarios, where this could be exploited
- NOTE: We can probably ignore this
+ - iceweasel 2.0.0.4-1
CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the full ...)
NOT-FOR-US: GANTTy
CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 ...)
@@ -34996,6 +34981,8 @@
- netpbm-free 2:10.0-10
CVE-2005-2977 (The SELinux version of PAM before 0.78 r3 allows local users to ...)
- pam 0.99.7.1-2 (bug #336344; low)
+ [etch] - pam <no-dsa> (Scheduled for next point release)
+ NOTE: [etch] - pam 0.79-5
[sarge] - pam <not-affected> (Does not contain SELinux support)
[woody] - pam <not-affected> (Does not contain SELinux support)
CVE-2005-2976 (Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 ...)
More information about the Secure-testing-commits
mailing list