[Secure-testing-commits] r7856 - in data: . CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Tue Jan 8 18:41:20 UTC 2008
Author: jmm-guest
Date: 2008-01-08 18:41:19 +0000 (Tue, 08 Jan 2008)
New Revision: 7856
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- Firefly Media Server is in the archive, but under a different name (marked
unfixed w/o further checks for now as a temporary measure)
- one rails issue doesn't affect Etch
- nufw, mldonkey no-dsa
- rewrite phpsysinfo as unimportant, rather than no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-08 09:14:08 UTC (rev 7855)
+++ data/CVE/list 2008-01-08 18:41:19 UTC (rev 7856)
@@ -2227,9 +2227,9 @@
CVE-2007-5826 (Absolute path traversal vulnerability in the EDraw Flowchart ActiveX ...)
NOT-FOR-US: EDraw Flowchart
CVE-2007-5825 (Format string vulnerability in the ws_addarg function in webserver.c ...)
- NOT-FOR-US: Firefly Media Server
+ - mt-daapd <unfixed>
CVE-2007-5824 (webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier ...)
- NOT-FOR-US: Firefly Media Server
+ - mt-daapd <unfixed>
CVE-2007-5823 (Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 ...)
NOT-FOR-US: Ben Ng Scribe
CVE-2007-5822 (Direct static code injection vulnerability in forum.php in Ben Ng ...)
@@ -2578,7 +2578,9 @@
NOT-FOR-US: Omnistar Live
CVE-2007-5723 (Heap-based buffer overflow in the samp_send function in nuauth/sasl.c ...)
{DTSA-82-1}
- - nufw 2.2.7-1 (medium)
+ - nufw 2.2.7-1 (low)
+ [sarge] - nufw <no-dsa> (Minor issue)
+ [etch] - nufw <no-dsa> (Minor issue)
CVE-2007-5722 (Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx ...)
NOT-FOR-US: GlobalLink
CVE-2007-5721 (PHP remote file inclusion vulnerability in _theme/breadcrumb.php in ...)
@@ -4017,6 +4019,7 @@
- rails 1.2.5-1
CVE-2007-5379 (Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers ...)
- rails 1.2.5-1
+ [etch] - rails <not-affected> (Vulnerable code not present)
CVE-2007-5378 (Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk ...)
{DSA-1416-1 DSA-1415-1}
- tk8.3 8.3.5-10 (medium; bug #446465)
@@ -7179,6 +7182,7 @@
NOT-FOR-US: Madoa Poll
CVE-2007-4100 (MLDonkey before 2.9.0 does not load certain code from ...)
- mldonkey 2.9.0-1 (bug #435439)
+ [etch] - mldonkey <no-dsa> (Minor issue)
CVE-2007-4099 (Tor before 0.1.2.15 can select a guard node beyond the first listed ...)
- tor 0.1.2.15-1
CVE-2007-4098 (Tor before 0.1.2.15 does not properly distinguish "streamids from ...)
@@ -7290,11 +7294,10 @@
REJECTED
CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...)
{DTSA-58-1}
- - phpsysinfo 2.5.1-6.1 (low; bug #435935)
- [etch] - phpsysinfo <no-dsa> (Minor issue, does not have valuable cookies)
- [sarge] - phpsysinfo <no-dsa> (Minor issue, does not have valuable cookies)
+ - phpsysinfo 2.5.1-6.1 (unimportant; bug #435935)
- phpgroupware 0.9.16.012-1 (low; bug #435936)
- egroupware-phpsysinfo 1.2.107-2.dfsg-1.1 (low; bug #435937)
+ NOTE: phpsysinfo alone doesn't maintain any data, which makes this an issue
CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) ...)
NOT-FOR-US: geoBlog
CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2008-01-08 09:14:08 UTC (rev 7855)
+++ data/spu-candidates.txt 2008-01-08 18:41:19 UTC (rev 7856)
@@ -26,6 +26,15 @@
#429174
notified maintainer
+--
+
+mldonkey (CVE-2007-4100)
+#435439
+
+--
+
+nufw (CVE-2007-5723)
+
---
proftpd-dfsg, proftpd (CVE-2007-2165)
More information about the Secure-testing-commits
mailing list