[Secure-testing-commits] r7833 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sat Jan 5 00:59:58 UTC 2008 

Author: jmm-guest
Date: 2008-01-05 00:59:57 +0000 (Sat, 05 Jan 2008)
New Revision: 7833

Modified:
   data/CVE/list
Log:
stable fixes should only be marked as fixed when the point update has
   been released
flash not supported
one vlc issue unimportant



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-05 00:59:43 UTC (rev 7832)
+++ data/CVE/list	2008-01-05 00:59:57 UTC (rev 7833)
@@ -182,6 +182,8 @@
 	NOT-FOR-US: March Networks
 CVE-2007-6637 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash ...)
 	- flashplugin-nonfree <unfixed> (bug #459071)
+	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
+	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
 	NOTE: http://www.adobe.com/support/security/advisories/apsa07-06.html
 CVE-2007-6636 (Unspecified vulnerability in the StorageFarabDb module in Bitflu ...)
 	NOT-FOR-US: Bitflu
@@ -351,7 +353,8 @@
 	- vlc <unfixed> (low; bug #458318)
 	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
 CVE-2007-XXXX [vlc remote denial of service in rtsp module]
-	- vlc <unfixed> (low; bug #458318)
+	- vlc <unfixed> (unimportant; bug #458318)
+	NOTE: That's hardly a security problem, just a bug
 CVE-2007-XXXX [vlc insecure handling of vlcopt]
 	- vlc <unfixed> (medium; bug #458318)
 CVE-2007-6598 (Dovecot before 1.0.10, with certain configuration options including ...)
@@ -1242,8 +1245,10 @@
 	NOT-FOR-US: Neocrome Seditio CMS
 CVE-2007-6211 (Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users ...)
 	- sing 1.1-16 (low; bug #454167)
-	[etch] - sing 1.1-13etch1
-	[sarge] - sing 1.1-9sarge1
+        [etch] - sing <no-dsa> (Only exploitable in inherently broken setups)
+        [sarge] - sing <no-dsa> (Only exploitable in inherently broken setups)
+	TODO: r3	[etch] - sing 1.1-13etch1
+	TODO: r3	[sarge] - sing 1.1-9sarge1
 CVE-2007-6209 (Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary ...)
 	- zsh 4.3.4-dev-3-2 (low; bug #454073)
 	[etch] - zsh <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list