[Secure-testing-commits] r6645 - data/CVE

[jmm-guest at alioth.debian.org]

Author: jmm-guest
Date: 2007-09-19 20:26:42 +0000 (Wed, 19 Sep 2007)
New Revision: 6645

Modified:
   data/CVE/list
Log:
irssi-scripts no-dsa
gimp issue not yet fixed, pinged Mandriva for isolated patch


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-09-19 19:45:21 UTC (rev 6644)
+++ data/CVE/list	2007-09-19 20:26:42 UTC (rev 6645)
@@ -82,7 +82,7 @@
 	NOT-FOR-US: Microsoft Visual Studio
 CVE-2007-4889 (The MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...)
 	- php5 <unfixed> (unimportant)
-	NOTE: Only triggerable by malicious script
+	NOTE: basedir and safemode not supported
 CVE-2007-4888 (The &quot;You are not allowed...&quot; error handler in XWiki 1.0 B1 and 1.0 B2 ...)
 	NOT-FOR-US: Xwiki
 CVE-2007-4887 (The dl function in PHP 5.2.4 and earlier allows context-dependent ...)
@@ -1190,6 +1190,8 @@
 	NOT-FOR-US: various IRC now_playing scripts
 CVE-2007-4396 (Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) ...)
 	- irssi-scripts <unfixed> (low; bug #439840)
+	[etch] - irssi-scripts <no-dsa> (minor issue)
+	[sarge] - irssi-scripts <no-dsa> (minor issue)
 	NOTE: weechat-scripts does not include the mentioned scripts
 CVE-2007-4395 (Multiple unspecified vulnerabilities in the Role Based Access Control ...)
 	NOT-FOR-US: Sun Solaris 8
@@ -2653,7 +2655,8 @@
 CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before ...)
 	NOT-FOR-US: Apple Safari
 CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...)
-	- gimp 2.2.16-1 (low)
+	- gimp <unfixed> 
+	TODO: Poke maintainer, might be a non-issue, as upstream is fairly well organized
 CVE-2007-3740 (The CIFS filesystem, when Unix extension support is enabled, does not ...)
 	- linux-2.6 <unfixed>
 CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not ...)