[Secure-testing-commits] r7902 - in data: . CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Sun Jan 13 17:47:40 UTC 2008
Author: jmm-guest
Date: 2008-01-13 17:47:39 +0000 (Sun, 13 Jan 2008)
New Revision: 7902
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
duplicity no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-13 17:39:00 UTC (rev 7901)
+++ data/CVE/list 2008-01-13 17:47:39 UTC (rev 7902)
@@ -4914,7 +4914,11 @@
CVE-2007-5202
RESERVED
CVE-2007-5201 (The FTP backend for Duplicity sends the password as a command line ...)
- - duplicity 0.4.3-2 (bug #442840)
+ - duplicity 0.4.3-2 (low; bug #442840)
+ [etch] - duplicity <no-dsa> (Minor issue, inherently insecure feature anyway)
+ [sarge] - duplicity <no-dsa> (Minor issue, inherently insecure feature anyway)
+ NOTE: ftp is an inherently insecure protocol, any security-sensitive data would
+ NOTE: be transferred through the scp, sftp or rsync backends.
CVE-2007-5200 (hugin, as used on various operating systems including SUSE openSUSE ...)
{DTSA-74-1}
- hugin 0.6.1-1.1 (low; bug #447344)
@@ -17974,7 +17978,7 @@
CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...)
- sun-java5 <unfixed> (unimportant)
- sun-java6 <unfixed> (unimportant)
- NOTE: not a security issue, browser dos treated as regular bugs
+ NOTE: not a security issue, browser dos treated as regular bugs, also likely Windows-specific
CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...)
NOT-FOR-US: Citrix Access Gateway
CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 ...)
@@ -23230,7 +23234,6 @@
- libgsf 1.14.2-1
CVE-2006-4513 (Multiple integer overflows in the WV library in wvWare (formerly ...)
- wv 1.2.4-1 (bug #396256; medium)
- TODO: The maintainer tagged it Sarge, check, when this was fixed in etch/sid
[sarge] - abiword 2.4.6-1.1 (bug #396360)
CVE-2006-4512
RESERVED
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2008-01-13 17:39:00 UTC (rev 7901)
+++ data/spu-candidates.txt 2008-01-13 17:47:39 UTC (rev 7902)
@@ -21,6 +21,11 @@
--
+duplicity (CVE-2007-5201)
+#442840
+
+--
+
flac123 (CVE-2007-3507)
notified maintainer
More information about the Secure-testing-commits
mailing list