[Secure-testing-commits] r7871 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu Jan 10 22:49:22 UTC 2008 

Author: jmm-guest
Date: 2008-01-10 22:49:21 +0000 (Thu, 10 Jan 2008)
New Revision: 7871

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- When I tried to assist the maintainer to extract a patch to backport
  I noticed the code isn't present in Etch at all, noting accordingly
- Sylpheed issue not worth a DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-10 21:16:07 UTC (rev 7870)
+++ data/CVE/list	2008-01-10 22:49:21 UTC (rev 7871)
@@ -2739,8 +2739,7 @@
 CVE-2007-5723 (Heap-based buffer overflow in the samp_send function in nuauth/sasl.c ...)
 	{DTSA-82-1}
 	- nufw 2.2.7-1 (low)
-	[sarge] - nufw <no-dsa> (Minor issue)
-	[etch] - nufw <no-dsa> (Minor issue)
+	[etch] - nufw <not-affected> (Vulnerable code not present)
 CVE-2007-5722 (Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx ...)
 	NOT-FOR-US: GlobalLink
 CVE-2007-5721 (PHP remote file inclusion vulnerability in _theme/breadcrumb.php in ...)
@@ -10106,7 +10105,11 @@
 	NOT-FOR-US: cpCommerce
 CVE-2007-2958 (Format string vulnerability in the inc_put_error function in src/inc.c ...)
 	- sylpheed-claws 1.0.5-5.2 (low; bug #441854)
+	[etch] - sylpheed-claws <no-dsa> (Minor issue)
+	[sarge] - sylpheed-claws <no-dsa> (Minor issue)
 	- sylpheed 2.4.5-1 (low)
+	[etch] - sylpheed <no-dsa> (Minor issue)
+	[sarge] - sylpheed <no-dsa> (Minor issue)
 	NOTE: the cvs referenced in redhat bugzilla is not available anymore however
 	NOTE: http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
 CVE-2007-2957 (Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-01-10 21:16:07 UTC (rev 7870)
+++ data/spu-candidates.txt	2008-01-10 22:49:21 UTC (rev 7871)
@@ -38,11 +38,6 @@
 #435439
 notified maintainer
 
---
-
-nufw (CVE-2007-5723)
-notified maintainer
-
 ---
 
 proftpd-dfsg, proftpd (CVE-2007-2165)
@@ -62,6 +57,12 @@
 
 --
 
+sylpheed (CVE-2007-2958)
+#441854
+http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
+
+--
+
 tomboy (CVE-2005-4790)
 notified maintainer

More information about the Secure-testing-commits mailing list