[Secure-testing-commits] r7883 - in data: . CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Sat Jan 12 01:07:38 UTC 2008
Author: jmm-guest
Date: 2008-01-12 01:07:37 +0000 (Sat, 12 Jan 2008)
New Revision: 7883
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
two new no-dsa issues
xscreensaver issue doesn't affect etch
rss-glx was only a workaround, the real fix was xscreensaver
two moin issues were mixed around
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-11 21:14:10 UTC (rev 7882)
+++ data/CVE/list 2008-01-12 01:07:37 UTC (rev 7883)
@@ -3524,8 +3524,8 @@
CVE-2007-5585 (xscreensaver 5.03 and earlier, when running without ...)
{DTSA-83-1}
- xscreensaver 5.03-3.1 (medium; bug #448157)
- - rss-glx 0.8.1-8 (medium)
- NOTE: proper fix available and uploaded
+ [etch] - xscreensaver <not-affected> (Vulnerable code not present)
+ [sarge] - xscreensaver <not-affected> (Vulnerable code not present)
CVE-2007-5584 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...)
NOT-FOR-US: Cisco
CVE-2007-5583 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...)
@@ -8930,7 +8930,7 @@
- glibc 2.6-2 (unimportant; bug #431858)
NOTE: Not security-relevant
CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...)
- - flac123 0.0.11-1 (medium; bug #432008)
+ - flac123 0.0.11-1 (low; bug #432008)
CVE-2007-3506 (The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType ...)
- freetype 2.3.4 (bug #432013)
[sarge] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
@@ -15520,11 +15520,11 @@
CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd ...)
- ejabberd 1.1.2-5
CVE-2007-0902 (Unspecified vulnerability in the "Show debugging information" feature ...)
- - moin <not-affected> (Despite what the CVE says, this is not a problem in the 1.5.x code)
- [sarge] - moin <unfixed> (bug #411084; medium)
-CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages in ...)
- moin <unfixed> (unimportant)
NOTE: this is a version information disclosure.
+CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages in ...)
+ - moin 1.5 (bug #411084; medium)
+ NOTE: Despite what the CVE says, this is not a problem in the 1.5.x code
CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard ...)
NOT-FOR-US: TagIt! Tagboard
CVE-2007-0899 [Possible heap overflow in libclamav/fsg.c]
@@ -15976,7 +15976,9 @@
CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other versions ...)
NOT-FOR-US: SmartFTP
CVE-2007-0844 (The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when ...)
- - libpam-ssh 1.91.0-9.2 (bug #410236; medium)
+ - libpam-ssh 1.91.0-9.2 (bug #410236; low)
+ [etch] - libpam-ssh <no-dsa> (Minor issue)
+ [sarge] - libpam-ssh <no-dsa> (Minor issue)
CVE-2007-0769 (** DISPUTED ** ...)
NOT-FOR-US: Phorum
CVE-2007-0768 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2008-01-11 21:14:10 UTC (rev 7882)
+++ data/spu-candidates.txt 2008-01-12 01:07:37 UTC (rev 7883)
@@ -21,6 +21,10 @@
--
+flac123 (CVE-2007-3507)
+
+--
+
libapache2-mod-perl2 (CVE-2007-1349)
http://svn.apache.org/viewvc?view=rev&revision=521584
#433549
@@ -28,6 +32,11 @@
--
+libpam-ssh (CVE-2007-0844)
+#410236
+
+--
+
liferea (CVE-2005-4791)
notified maintainer
More information about the Secure-testing-commits
mailing list