[Secure-testing-commits] r7902 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sun Jan 13 17:47:40 UTC 2008 

Author: jmm-guest
Date: 2008-01-13 17:47:39 +0000 (Sun, 13 Jan 2008)
New Revision: 7902

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
duplicity no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-13 17:39:00 UTC (rev 7901)
+++ data/CVE/list	2008-01-13 17:47:39 UTC (rev 7902)
@@ -4914,7 +4914,11 @@
 CVE-2007-5202
 	RESERVED
 CVE-2007-5201 (The FTP backend for Duplicity sends the password as a command line ...)
-	- duplicity 0.4.3-2 (bug #442840)
+	- duplicity 0.4.3-2 (low; bug #442840)
+	[etch] - duplicity <no-dsa> (Minor issue, inherently insecure feature anyway)
+	[sarge] - duplicity <no-dsa> (Minor issue, inherently insecure feature anyway)
+	NOTE: ftp is an inherently insecure protocol, any security-sensitive data would
+	NOTE: be transferred through the scp, sftp or rsync backends.
 CVE-2007-5200 (hugin, as used on various operating systems including SUSE openSUSE ...)
 	{DTSA-74-1}
 	- hugin 0.6.1-1.1 (low; bug #447344)
@@ -17974,7 +17978,7 @@
 CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...)
 	- sun-java5 <unfixed> (unimportant)
 	- sun-java6 <unfixed> (unimportant)
-	NOTE: not a security issue, browser dos treated as regular bugs
+	NOTE: not a security issue, browser dos treated as regular bugs, also likely Windows-specific
 CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...)
 	NOT-FOR-US: Citrix Access Gateway
 CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 ...)
@@ -23230,7 +23234,6 @@
 	- libgsf 1.14.2-1
 CVE-2006-4513 (Multiple integer overflows in the WV library in wvWare (formerly ...)
 	- wv 1.2.4-1 (bug #396256; medium)
-	TODO: The maintainer tagged it Sarge, check, when this was fixed in etch/sid
 	[sarge] - abiword 2.4.6-1.1 (bug #396360)
 CVE-2006-4512
 	RESERVED

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-01-13 17:39:00 UTC (rev 7901)
+++ data/spu-candidates.txt	2008-01-13 17:47:39 UTC (rev 7902)
@@ -21,6 +21,11 @@
 
 --
 
+duplicity (CVE-2007-5201)
+#442840
+
+--
+
 flac123 (CVE-2007-3507)
 notified maintainer

More information about the Secure-testing-commits mailing list