[Secure-testing-commits] r7932 - in data: . CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Tue Jan 15 22:58:40 UTC 2008
Author: jmm-guest
Date: 2008-01-15 22:58:39 +0000 (Tue, 15 Jan 2008)
New Revision: 7932
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
minor lighttpd issue to spu candidates
gforge will be fixed in a DSA
one nagios-plugins issue doesn't affect Etch
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-01-15 22:21:34 UTC (rev 7931)
+++ data/CVE/list 2008-01-15 22:58:39 UTC (rev 7932)
@@ -180,7 +180,7 @@
CVE-2008-0173 [SQL injection in gforge]
RESERVED
{DSA-1459-1}
- - gforge 4.6.99+svn6330-1 (unimportant)
+ - gforge 4.6.99+svn6330-1 (medium)
NOTE: this is exploitable by unauthenticated users
NOTE: Requires register_globals to be On, unsupported in lenny+sid.
NOTE: In lenny+sid these scripts just don't work, so no security issue.
@@ -1405,7 +1405,8 @@
CVE-2007-6279 (Multiple double-free vulnerabilities in Free Lossless Audio Codec ...)
- flac 1.2.1-1
CVE-2007-6278 (Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows ...)
- - flac 1.2.1-1
+ - flac 1.2.1-1 (unimportant)
+ NOTE: Such validations are within the responsibility of the respective applications
CVE-2007-6277 (Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...)
- flac 1.2.1-1
CVE-2007-6276 (The accept_connections function in the virtual private network daemon ...)
@@ -3337,6 +3338,7 @@
- nagios2 2.9-1.1 (low; bug #448371)
CVE-2007-5623 (Buffer overflow in the check_snmp function in Nagios Plugins ...)
- nagios-plugins 1.4.8-2.2 (medium; bug #448372)
+ [sarge] - nagios-plugins <not-affected> (Vulnerable code not present)
CVE-2003-1494 (Unspecified vulnerability in HP OpenView Network Node Manager (NNM) ...)
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2003-1493 (Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 ...)
@@ -7022,7 +7024,7 @@
CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 ...)
NOT-FOR-US: Family Connections
CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header function in ...)
- - streamripper 1.62.2-1 (medium)
+ - streamripper 1.62.2-1 (low)
CVE-2007-4336 (Buffer overflow in the Live Picture Corporation ...)
NOT-FOR-US: Microsoft
CVE-2007-4335 (Format string vulnerability in the SMTP server component in Qbik ...)
@@ -7882,10 +7884,11 @@
{DSA-1362-1}
- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3948 (connections.c in lighttpd before 1.4.16 might accept more connections ...)
- - lighttpd 1.4.16-1 (bug #434888)
+ - lighttpd 1.4.16-1 (low; bug #434888)
CVE-2007-3947 (request.c in lighttpd 1.4.15 allows remote attackers to cause a denial ...)
{DSA-1362-1}
- lighttpd 1.4.16-1 (bug #428368)
+ [etch] - libghttpd <no-dsa> (Accidentally omitted in DSA, but doesn't warrant another update itself)
CVE-2007-3946 (mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote ...)
{DSA-1362-1}
- lighttpd 1.4.16-1 (bug #434888)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2008-01-15 22:21:34 UTC (rev 7931)
+++ data/spu-candidates.txt 2008-01-15 22:58:39 UTC (rev 7932)
@@ -45,11 +45,20 @@
--
+
liferea (CVE-2005-4791)
notified maintainer
--
+lighttpd (CVE-2007-3948)
+#434888
+Was accidentally omitted during DSA 1362, but doesn't warrant a DSA on it's own.
+http://trac.lighttpd.net/trac/changeset/1873?format=diff&new=1873
+http://trac.lighttpd.net/trac/ticket/1216
+
+--
+
linux-ftpd-ssl (CVE-2007-6263)
#454733
notified maintainer
More information about the Secure-testing-commits
mailing list