[Secure-testing-commits] r7161 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Wed Oct 31 18:50:53 UTC 2007


Author: nion
Date: 2007-10-31 18:50:52 +0000 (Wed, 31 Oct 2007)
New Revision: 7161

Modified:
   data/CVE/list
Log:
CVE-2007-5690 zaptel affected but not a real security issue in debian
CVE-2007-5689 fixed in sun-java6 6-03-1/sun-java5 1.5.0-13-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-31 18:18:24 UTC (rev 7160)
+++ data/CVE/list	2007-10-31 18:50:52 UTC (rev 7161)
@@ -34,9 +34,12 @@
 	- iceweasel 2.0.0.8-1 (low)
 	TODO: check other ice-*
 CVE-2007-5690 (Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might ...)
-	TODO: check
+	- zaptel <unfixed> (unimportant; bug #448763)
+	NOTE: zaptel does copy argv[1] into ifr_name but zaptel is not suid root or something
+	NOTE: similar so this is no security issue in Debian even if sethdl-new will segfault
 CVE-2007-5689 (The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) ...)
-	TODO: check
+	- sun-java6 6-03-1 (medium)
+	- sun-java5 1.5.0-13-1 (medium)
 CVE-2007-5688 (Multiple SQL injection vulnerabilities in directory.php in the ...)
 	TODO: check
 CVE-2007-5687 (Multiple buffer overflows in the rich text processing functionality in ...)




More information about the Secure-testing-commits mailing list