[Secure-testing-commits] r7974 - in data: . CVE DTSA

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sat Jan 19 13:15:17 UTC 2008 

Author: jmm-guest
Date: 2008-01-19 13:15:17 +0000 (Sat, 19 Jan 2008)
New Revision: 7974

Modified:
   data/CVE/list
   data/DTSA/list
   data/spu-candidates.txt
Log:
remove xine dupe
balsa no-dsa
qt ssl cert issue doesn't affect sarge or etch


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-19 13:11:41 UTC (rev 7973)
+++ data/CVE/list	2008-01-19 13:15:17 UTC (rev 7974)
@@ -255,8 +255,7 @@
 CVE-2008-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
 	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in ...)
-	{DTSA-109-1}
-	- xine-lib <unfixed> (medium; bug #460551)
+	NOTE: Dupe of CVE-2007-0225
 CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or forked ...)
 	- python-paramiko <unfixed> (medium; bug #460706)
 	NOTE: http://www.lag.net/pipermail/paramiko/2008-January/000599.html
@@ -2470,7 +2469,8 @@
 	- linux-2.6 2.6.23-2
 CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly ...)
 	- qt4-x11 4.3.3-1
-	- qt-x11-free <not-affected> (Vulnerable code not present)
+	[etch] - qt4-x11 <not-affected> (Vulnerable code was introduced in 4.3)
+	- qt-x11-free <not-affected> (Vulnerable code was introduced in 4.3)
 CVE-2007-5964 (The default configuration of autofs 5 in some Linux distributions, ...)
 	- autofs 3.1.4-8 (medium)
 	- autofs5 <unfixed>
@@ -5693,6 +5693,8 @@
 	NOT-FOR-US: HP-UX
 CVE-2007-5007 (Stack-based buffer overflow in the ir_fetch_seq function in balsa ...)
 	- balsa 2.3.20-1 (low)
+	[etch] - balsa <no-dsa> (Minor issue)
+	[sarge] - balsa <no-dsa> (Minor issue)
 	NOTE: attacker needs to get the victim a prepared server to use
 CVE-2007-5006 (Multiple command handlers in CA (Computer Associates) BrightStor ...)
 	NOT-FOR-US: CA ARCserve Backup
@@ -9529,8 +9531,8 @@
 CVE-2007-3388 (Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) ...)
 	{DSA-1426-1}
 	- qt-x11-free 3:3.3.7-6
-	- qt4-x11 4.3.0-5
-	NOTE: there is some dissagreement whether qt4 is affected
+	- qt4-x11 <not-affected> (This problem is not present in any version of Qt 4)
+	NOTE: http://trolltech.com/company/newsroom/announcements/press.2007-07-27.7503755960
 CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function in ...)
 	{DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1 DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1 DTSA-62-1}
 	- poppler 0.5.4-6.1 (bug #435460)

Modified: data/DTSA/list
===================================================================
--- data/DTSA/list	2008-01-19 13:11:41 UTC (rev 7973)
+++ data/DTSA/list	2008-01-19 13:15:17 UTC (rev 7974)
@@ -314,5 +314,5 @@
 [January 12th, 2008] DTSA-108-1 vlc - multiple vulnerabilities
 	[lenny] - vlc 0.8.6.c-4.1~lenny1
 [January 14th, 2008] DTSA-109-1 xine-lib - heap-based buffer overflow
-	{CVE-2008-0225 CVE-2008-0238}
+	{CVE-2008-0225}
 	[lenny] - xine-lib 1.1.8-3+lenny1

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-01-19 13:11:41 UTC (rev 7973)
+++ data/spu-candidates.txt	2008-01-19 13:15:17 UTC (rev 7974)
@@ -11,6 +11,11 @@
 
 --
 
+balsa (CVE-2007-5007)
+http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
+
+--
+
 beagle (CVE-2005-4791)
 notified maintainer

More information about the Secure-testing-commits mailing list