[Secure-testing-commits] r8643 - in data: . CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Mon Apr 28 19:51:29 UTC 2008
Author: jmm-guest
Date: 2008-04-28 19:51:19 +0000 (Mon, 28 Apr 2008)
New Revision: 8643
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
two no-dsa
one openssh issue doesn't affect etch
mondo CVEfied
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-04-28 15:38:39 UTC (rev 8642)
+++ data/CVE/list 2008-04-28 19:51:19 UTC (rev 8643)
@@ -661,6 +661,7 @@
- policykit 0.8-1 (medium; bug #476615; bug #476616)
CVE-2008-1657 (OpenSSH before 4.9 allows remote authenticated users to bypass the ...)
- openssh 1:4.7p1-8 (low; bug #475156)
+ [etch] - openssh <not-affected> (Vulnerable functionality was introduced in 4.4)
CVE-2008-1656 (Adobe ColdFusion 8 and 8.0.1 does not properly implement the public ...)
NOT-FOR-US: Adobe ColdFusion
CVE-2008-1655 (Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, ...)
@@ -5662,6 +5663,7 @@
[sarge] - wesnoth 0.9.0-8
CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a ...)
- rsync 2.6.9-6 (low; bug #453652)
+ [etch] - rsync <no-dsa> (Minor issue)
CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon that is ...)
- rsync 2.6.9-6 (unimportant; bug #453652)
NOTE: Security feature enhancement, not really a security problem
@@ -9760,8 +9762,6 @@
NOT-FOR-US: Plesk (Windows)
CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer]
- libgd2 2.0.35.dfsg-3
-CVE-2007-XXXX [mondo insecure handling of temporary files]
- - mondo 2.24-2 (low)
CVE-2007-4891 (A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in ...)
NOT-FOR-US: PDWizard
CVE-2007-4890 (Absolute directory traversal vulnerability in a certain ActiveX ...)
@@ -12070,8 +12070,9 @@
- skktools 1.2+0.20061004-3 (low)
[sarge] - skktools <no-dsa> (Minor issue)
[etch] - skktools <no-dsa> (Minor issue)
-CVE-2007-3915
+CVE-2007-3915 [mondo insecure handling of temporary files]
RESERVED
+ - mondo 2.24-2 (low)
CVE-2007-3914
RESERVED
CVE-2007-3913 (SQL injection vulnerability in Gforge before 3.1 allows remote ...)
@@ -20767,15 +20768,19 @@
- openldap2 <not-affected> (Gentoo packaging bug)
CVE-2007-0475 (Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in ...)
- smb4k 0.8.1-1 (low)
+ [etch] - smb4k <no-dsa> (Minor issue)
NOTE: not all problems fixed in 0.8.0
CVE-2007-0474 (Smb4K before 0.8.0 allow local users, when present on the Smb4K ...)
- smb4k 0.8.1-1 (low)
+ [etch] - smb4k <no-dsa> (Minor issue)
NOTE: not fixed in 0.8.0, see
NOTE: http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769
CVE-2007-0473 (The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 ...)
- smb4k 0.8.0-1 (low)
+ [etch] - smb4k <no-dsa> (Minor issue)
CVE-2007-0472 (Multiple race conditions in Smb4K before 0.8.0 allow local users to ...)
- smb4k 0.8.0-1 (low)
+ [etch] - smb4k <no-dsa> (Minor issue)
CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki ...)
- dokuwiki 0.0.20061106-1 (low)
CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2008-04-28 15:38:39 UTC (rev 8642)
+++ data/spu-candidates.txt 2008-04-28 19:51:19 UTC (rev 8643)
@@ -142,12 +142,21 @@
--
+rsync (CVE-2007-6200)
+#453652)
+
+--
+
slocate (CVE-2007-0227)
#411937
notified maintainer
--
+smb4k (CVE-2007-0475, CVE-2007-0474, CVE-2007-0473, CVE-2007-0472)
+
+--
+
streamripper (CVE-2007-4337)
notified maintainer
More information about the Secure-testing-commits
mailing list