[Secure-testing-commits] r8023 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Wed Jan 23 17:11:58 UTC 2008 

Author: jmm-guest
Date: 2008-01-23 17:11:57 +0000 (Wed, 23 Jan 2008)
New Revision: 8023

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
one kernel issue not affecting etch
safe mode bypass unimportant (report has been posted to full disclosure)
mnogosearch minor issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-23 16:14:37 UTC (rev 8022)
+++ data/CVE/list	2008-01-23 17:11:57 UTC (rev 8023)
@@ -125,6 +125,7 @@
 	[sarge] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)
 CVE-2008-0352 (The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to ...)
 	- linux-2.6 2.6.22-1
+	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced after 2.6.19 release)
 CVE-2008-0351 (admin/config.php in Evilsentinel 1.0.9 and earlier allows remote ...)
 	NOT-FOR-US: EvilSentinel
 CVE-2008-0350 (admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to ...)
@@ -3978,6 +3979,8 @@
 CVE-2007-5588 (Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 ...)
 	{DTSA-103-1}
 	- mnogosearch 3.3.4-4.1 (low; bug #447753)
+	[sarge] - mnogosearch <no-dsa> (Minor issue)
+	[etch] - mnogosearch <no-dsa> (Minor issue)
 CVE-2007-5587 (Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2007-5586
@@ -6205,8 +6208,11 @@
 	NOT-FOR-US: Xwiki
 CVE-2005-4862 (The search functionality in XWiki 0.9.793 indexes cleartext user ...)
 	NOT-FOR-US: Xwiki
-CVE-2007-4850
+CVE-2007-4850 [php curl safe mode bypass]
 	RESERVED
+	- php4 <removed> (unimportant)
+	- php5 <unfixed> (unimportant)
+	NOTE: Safe mode bypasses not treated as security problems
 CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly ...)
 	{DSA-1378-2 DSA-1378-1}
 	- linux-2.6 2.6.23-1 (bug #442245; low)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-01-23 16:14:37 UTC (rev 8022)
+++ data/spu-candidates.txt	2008-01-23 17:11:57 UTC (rev 8023)
@@ -76,6 +76,11 @@
 #435439
 notified maintainer
 
+--
+
+mnogosearch (CVE-2007-5588)
+#447753)
+
 ---
 
 proftpd-dfsg, proftpd (CVE-2007-2165)

More information about the Secure-testing-commits mailing list