[Secure-testing-commits] r7921 - data/CVE

thijs at alioth.debian.org thijs at alioth.debian.org
Mon Jan 14 20:55:01 UTC 2008 

Author: thijs
Date: 2008-01-14 20:55:01 +0000 (Mon, 14 Jan 2008)
New Revision: 7921

Modified:
   data/CVE/list
Log:
eliminate 3 TEMP issues that have CVE's


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-14 20:17:21 UTC (rev 7920)
+++ data/CVE/list	2008-01-14 20:55:01 UTC (rev 7921)
@@ -8804,7 +8804,7 @@
 CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web root with ...)
 	NOT-FOR-US: Liesbeth
 CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 ...)
-	- moodle 1.8.2-1 (low)
+	- moodle 1.8.2-1 (low; bug #432264)
 CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control ...)
 	NOT-FOR-US: HP
 CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web Server ...)
@@ -8931,8 +8931,6 @@
 	- matrixssl 1.1-1
 CVE-1999-1591 (Microsoft Internet Information Services (IIS) server 4.0 SP4, without ...)
 	NOT-FOR-US: Microsoft IIS
-CVE-2007-XXXX [moodle several XSS]
-	- moodle 1.8.2-1 (bug #432264)
 CVE-2007-3514 (Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows ...)
 	NOT-FOR-US: Apple Safari
 CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the Linux ...)
@@ -9094,6 +9092,7 @@
 	- firebird1.5 <not-affected> (fixed before rename to firebird1.5)
 	- firebird2 1.5.3.4870-4 (low; bug #362001)
 	- firebird2.0 <not-affected> (fixed in 2.0)
+	[sarge] - firebird2 <no-dsa> (Minor issue)
 CVE-2006-7210 (Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to ...)
 	NOT-FOR-US: Windows
 CVE-2005-4848 (Buffer overflow in the decompression algorithm in Research in Motion ...)
@@ -10270,10 +10269,6 @@
 	NOTE: This is not a vulnerability, but an additional precaution function for
 	NOTE: a development framework. If someone wants to have this updated in Etch, this
 	NOTE: needs to go through a point update
-CVE-2007-XXXX [dar choosing weak IV when encrypting]
-	- dar 2.3.3-1 (bug #425335; low)
-	[sarge] - dar <no-dsa> (minor issue)
-	[etch] - dar <no-dsa> (minor issue)
 CVE-2006-XXXX [Owl Intranet Engine multiple cross-site scripting, SQL-injection]
 	- owl-dms 0.94-1 (medium; bug #416296)
 CVE-2007-2967 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...)
@@ -29865,9 +29860,6 @@
 	NOT-FOR-US: VMware
 CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like ...)
 	- slash <not-affected> (Vulnerable code introduced in 2002, while Debian's is older!, see #390469)
-CVE-2006-XXXX [firebird local DoS]
-	- firebird2 1.5.3.4870-4 (bug #362001)
-	[sarge] - firebird2 <no-dsa> (Minor issue)
 CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows ...)
 	{DSA-1036-1}
 	- bsdgames 2.17-7 (bug #360989)

More information about the Secure-testing-commits mailing list