[Secure-testing-commits] r7986 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sun Jan 20 12:11:18 UTC 2008 

Author: jmm-guest
Date: 2008-01-20 12:11:17 +0000 (Sun, 20 Jan 2008)
New Revision: 7986

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
libcdio no-dsa
older tomcat issue only affecting examples, rewriting


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-20 10:31:59 UTC (rev 7985)
+++ data/CVE/list	2008-01-20 12:11:17 UTC (rev 7986)
@@ -856,6 +856,8 @@
 	NOT-FOR-US: Agares Media phpAutoVideo
 CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in ...)
 	- libcdio 0.78.2+dfsg1-2 (low; bug #459129)
+	[sarge] - libcdio <no-dsa> (Minor issue)
+	[etch] - libcdio <no-dsa> (Minor issue)
 	NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool
 CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly escape ...)
 	- unp 1.0.13 (bug #448437)
@@ -14444,12 +14446,10 @@
 CVE-2007-1356
 	REJECTED
 CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	- tomcat4 <removed> (low)
-	[etch] - tomcat5 <no-dsa> (Just an example, no enduser app)
-	[etch] - tomcat5.5 <no-dsa> (Just an example, no enduser app)
-	[sarge] - tomcat4 <no-dsa> (Contrib not supported) 
-	- tomcat5 <unfixed> (low)
-	- tomcat5.5 5.5.25-1 (low)
+	- tomcat4 <removed> (unimportant)
+	- tomcat5 <removed> (unimportant)
+	- tomcat5.5 5.5.25-1 (unimportant)
+	NOTE: Just an example application for documentation purposes
 CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in JMX ...)
 	NOT-FOR-US: JBoss Application Server
 CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-01-20 10:31:59 UTC (rev 7985)
+++ data/spu-candidates.txt	2008-01-20 12:11:17 UTC (rev 7986)
@@ -39,6 +39,17 @@
 
 --
 
+libcdio (CVE-2007-6613)
+https://bugs.gentoo.org/show_bug.cgi?id=203777
+http://savannah.gnu.org/bugs/?21910
+http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html
+http://cvs.savannah.gnu.org/viewvc/libcdio/src/iso-info.c?root=libcdio&r1=1.35&r2=1.36
+http://cvs.savannah.gnu.org/viewvc/libcdio/src/cd-info.c?root=libcdio&r1=1.149&r2=1.150
+http://cvs.savannah.gnu.org/viewvc/libcdio/src/iso-info.c?root=libcdio&r1=1.36&r2=1.37
+http://cvs.savannah.gnu.org/viewvc/libcdio/src/cd-info.c?root=libcdio&r1=1.150&r2=1.151
+
+--
+
 libpam-ssh (CVE-2007-0844)
 #410236
 notified maintainer

More information about the Secure-testing-commits mailing list