[Secure-testing-commits] r6622 - data/CVE

stef-guest at alioth.debian.org stef-guest at alioth.debian.org
Mon Sep 17 18:55:03 UTC 2007 

Author: stef-guest
Date: 2007-09-17 18:55:03 +0000 (Mon, 17 Sep 2007)
New Revision: 6622

Modified:
   data/CVE/list
Log:
new apache issue that is actually an old browser issue
fixed: cvstrac, teamspeak-server
old ezpublish issues: should be removed from Debian
new unimportant php issue
new libgd2 issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-09-17 17:17:12 UTC (rev 6621)
+++ data/CVE/list	2007-09-17 18:55:03 UTC (rev 6622)
@@ -817,13 +817,9 @@
 CVE-2007-4531 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and ...)
 	NOT-FOR-US: Soldat game server
 CVE-2007-4530 (Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak ...)
-	- teamspeak-server <unfixed>
-	NOTE: likely fixed in 2.0.23.19-1
-	TODO: check
+	- teamspeak-server 2.0.23.19-1
 CVE-2007-4529 (The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote ...)
-	- teamspeak-server <unfixed>
-	NOTE: likely fixed in 2.0.23.19-1
-	TODO: check
+	- teamspeak-server 2.0.23.19-1
 CVE-2007-4528 (The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not ...)
 	NOT-FOR-US: ffi extension for php
 CVE-2007-4527 (Unrestricted file upload vulnerability in phUploader.php in phphq.Net ...)
@@ -963,7 +959,11 @@
 CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge ...)
 	NOT-FOR-US: snif
 CVE-2007-4465 (Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the ...)
-	TODO: check
+	- apache <unfixed>
+	- apache2 2.2.6-1
+	NOTE: This is really a browser bug, see CVE-2006-5152. But still unfixed in MSIE.
+	NOTE: Etch's default configuration not vulnerable due to AddDefaultCharset,
+	NOTE: but many users change this.
 CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total ...)
 	NOT-FOR-US: Total Commander
 CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted ...)
@@ -1998,9 +1998,12 @@
 	NOTE: so maybe this is already fixed in 5.2.3, not sure
 	TODO: check php4, contact upstream
 CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...)
-	TODO: check
+	- php5 <unfixed> (unimportant)
+	- php4 <unfixed> (unimportant)
+	NOTE: only exploitable by malicious script
 CVE-2007-3996 (Multiple integer overflows in libgd in PHP before 5.2.4 allow remote ...)
-	TODO: check
+	- libgd2 <unfixed>
+	TODO: file bug
 CVE-2007-3995
 	RESERVED
 CVE-2007-3994
@@ -3095,17 +3098,17 @@
 CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, ...)
 	- ezpublish <not-affected> (Debian's version is too old)
 CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...)
-	TODO: check
+	- ezpublish <unfixed> (bug #424790)
 CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder's ...)
-	TODO: check
+	- ezpublish <unfixed> (bug #424790)
 CVE-2005-4853 (The default configuration of the forum package in eZ publish 3.5 ...)
-	TODO: check
+	- ezpublish <unfixed> (bug #424790)
 CVE-2005-4852 (The siteaccess URIMatching implementation in eZ publish 3.5 through ...)
-	TODO: check
+	- ezpublish <unfixed> (bug #424790)
 CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before 20050722 applies certain ...)
-	TODO: check
+	- ezpublish <unfixed> (bug #424790)
 CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit and ...)
-	TODO: check
+	- ezpublish <unfixed> (bug #424790)
 CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2) password ...)
 	NOT-FOR-US: Apache Derby
 CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which ...)
@@ -11119,7 +11122,7 @@
 CVE-2007-0348 (Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in ...)
 	NOT-FOR-US: ActiveX control in InterActual Player
 CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not ...)
-	TODO: check
+	- cvstrac 2.0.1-1
 	NOTE: it is unclear if 1.1.5 is vulnerable (is_repository_file is not in 1.1.5 source)
 	NOTE: the vulnerable code can't be found on other places in 1.1.5 and also similar things
 	NOTE: are done like using %q instead of %s for user supplied data

More information about the Secure-testing-commits mailing list