[Secure-testing-commits] r6643 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Wed Sep 19 16:47:08 UTC 2007 

Author: nion
Date: 2007-09-19 16:47:07 +0000 (Wed, 19 Sep 2007)
New Revision: 6643

Modified:
   data/CVE/list
Log:
CVE-2007-1217 fixed in linux-2.6 2.6.21-1
CVE-2007-XXXX fixed in mt-daapd 0.9~r1586-1
CVE-2007-0262 fixed in wordpress 2.0.8-1
CVE-2007-0095 fixed in phpmyadmin 4:2.9.1.1-1
CVE-2006-5779 openldap2.2 <removed>
CVE-2006-5178 fixed in php4 4:4.4.4-1
CVE-2006-2754 fixed in openldap2.3 2.3.24-1
CVE-2006-1551 fixed in php5 5.1.4-0.1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-09-19 16:06:38 UTC (rev 6642)
+++ data/CVE/list	2007-09-19 16:47:07 UTC (rev 6643)
@@ -8805,7 +8805,7 @@
 	- isdnutils 1:3.9.20060704-3 (bug #408530; low)
 	[sarge] - isdnutils <no-dsa> (Not exploitable over ISDN network)
 	- asterisk-chan-capi 0.7.1-1.1 (bug #411293; unimportant)
-	- linux-2.6 <unfixed> (bug #411294; unimportant)
+	- linux-2.6 2.6.21-1 (bug #411294; unimportant)
 	NOTE: Not exploitable over ISDN network, only theoretically through a dedicated CAPI server
 CVE-2007-1216 (Double-free vulnerability in the GSS-API library ...)
 	{DSA-1276-1}
@@ -9390,7 +9390,7 @@
 	[etch] - apg <no-dsa> (Minor issue)
 	NOTE: This is not reproducible after a recompile on amd64.
 CVE-2007-XXXX [mt-daapd remote access & default password]
-	- mt-daapd <unfixed> (unimportant; bug #404640)
+	- mt-daapd 0.9~r1586-1 (unimportant; bug #404640)
 	NOTE: User-unfriendly packaging flaw, but not a vulnerability per se
 CVE-2007-XXXX [amavids-new uses contrib/non-free packers without security support in default config]
 	- amavisd-new <unfixed> (unimportant; bug #410588)
@@ -11394,7 +11394,7 @@
 	NOT-FOR-US: Total Commander
 CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify ...)
 	{DTSA-33-1}
-	- wordpress <unfixed> (unimportant; bug #407289)
+	- wordpress 2.0.8-1 (unimportant; bug #407289)
 CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when ...)
 	NOT-FOR-US: sNews
 CVE-2007-0260 (** DISPUTED ** ...)
@@ -11860,7 +11860,7 @@
 CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...)
 	NOT-FOR-US: Carbon Communities
 CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive ...)
-	- phpmyadmin <unfixed> (bug #399329; unimportant)
+	- phpmyadmin 4:2.9.1.1-1 (bug #399329; unimportant)
 	NOTE: Only path disclosure
 CVE-2007-0094 (Sven Moderow GuestBook 0.3a stores sensitive information under the web ...)
 	NOT-FOR-US: Sven Moderow GuestBook
@@ -14646,7 +14646,7 @@
 CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 ...)
 	NOT-FOR-US: XLink Omni-NFS
 CVE-2006-5779 (OpenLDAP before 2.3.29 allows remote attackers to cause a denial of ...)
-	- openldap2.2 <unfixed> (bug #397673)
+	- openldap2.2 <removed> (bug #397673)
 	- openldap2.3 2.3.29-1
 CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to ...)
 	NOT-FOR-US: Creasito E-Commerce Content Manager
@@ -15969,7 +15969,7 @@
 	NOT-FOR-US: Intoto iGateway
 CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier allows ...)
 	- php5 <unfixed> (bug #391281; unimportant)
-	- php4 <unfixed> (bug #391282; unimportant)
+	- php4 4:4.4.4-1 (bug #391282; unimportant)
 	NOTE: open_basedir is not supported
 CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and Enterprise ...)
 	NOT-FOR-US: MailEnable Professional
@@ -21532,7 +21532,7 @@
 CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in UBBThreads ...)
 	NOT-FOR-US: UBBThreads
 CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP before ...)
-	- openldap2.3 <unfixed> (bug #375494; bug #377047; unimportant)
+	- openldap2.3 2.3.24-1 (bug #375494; bug #377047; unimportant)
 	NOTE: File is only written and read by slurpd, only editable by root
 CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux ...)
 	NOT-FOR-US: RedCarpet
@@ -24439,7 +24439,7 @@
 	NOT-FOR-US: PAJAX
 CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...)
 	- php4 <unfixed> (bug #361854; unimportant)
-	- php5 <unfixed> (bug #361917; unimportant)
+	- php5 5.1.4-0.1 (bug #361917; unimportant)
 	[sarge] - php4 <no-dsa> (there are easier ways to segfault your own program)
 CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...)
 	NOT-FOR-US: BEA WebLogic

More information about the Secure-testing-commits mailing list