[Secure-testing-commits] r8354 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Mon Mar 17 16:48:21 UTC 2008
Author: thijs
Date: 2008-03-17 16:48:19 +0000 (Mon, 17 Mar 2008)
New Revision: 8354
Modified:
data/CVE/list
Log:
add some packages fixed in past stable point releases
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-03-17 15:14:27 UTC (rev 8353)
+++ data/CVE/list 2008-03-17 16:48:19 UTC (rev 8354)
@@ -3483,12 +3483,10 @@
- apache2 <not-affected> (disputed / only for Windows)
CVE-2007-6422 (The balancer_handler function in mod_proxy_balancer in the Apache HTTP ...)
- apache2 2.2.8-1 (low)
- [etch] - apache2 <no-dsa> (minor issue)
[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in balancer-manager in ...)
- apache2 2.2.8-1 (low)
- [etch] - apache2 <no-dsa> (minor issue)
[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2007-6420 (Cross-site request forgery (CSRF) vulnerability in the ...)
@@ -4028,7 +4026,6 @@
[etch] - apache <no-dsa> (browser issue; low impact)
[sarge] - apache <no-dsa> (browser issue; low impact)
[sarge] - apache2 <no-dsa> (browser issue; low impact)
- [etch] - apache2 <no-dsa> (browser issue; low impact)
[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2008-0004
RESERVED
@@ -4052,7 +4049,6 @@
CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method ...)
- apache2 2.2.6-3 (low)
[sarge] - apache2 <no-dsa> (minor issue)
- [etch] - apache2 <no-dsa> (minor issue)
- apache <not-affected> (vulnerable code not present)
NOTE: Might be exploitable with older flash plugins via HTTP Request Splitting
[etch] - apache2 2.2.3-4+etch4
@@ -4075,8 +4071,8 @@
[sarge] - zsh <no-dsa> (Minor issue)
CVE-2007-6201 (Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x ...)
- wesnoth 1:1.2.8-1 (low)
- [etch] - wesnoth <no-dsa> (Minor issue)
- [sarge] - wesnoth <no-dsa> (Minor issue)
+ [etch] - wesnoth 1.2-4
+ [sarge] - wesnoth 0.9.0-8
CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a ...)
- rsync 2.6.9-6 (low; bug #453652)
CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon that is ...)
@@ -6561,7 +6557,6 @@
NOT-FOR-US: Softbiz Recipes Portal Script
CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial ...)
- madwifi 1:0.9.3.2-2 (medium; bug #446824)
- [etch] - madwifi <no-dsa> (Non-free not supported)
[etch] - madwifi 1:0.9.2+r1842.20061207-2etch2
CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP ...)
NOT-FOR-US: ionCube
@@ -7278,7 +7273,6 @@
CVE-2007-5226 (irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to ...)
- dircproxy 1.0.5-5.1 (low; bug #445883)
[sarge] - dircproxy <no-dsa> (Minor issue)
- [etch] - dircproxy <no-dsa> (Minor issue)
[etch] - dircproxy 1.0.5-5etch1
CVE-2005-4871 (Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 ...)
NOT-FOR-US: IBM DB2
@@ -8093,7 +8087,7 @@
NOT-FOR-US: eWire Payment Client
CVE-2007-4924 (The Open Phone Abstraction Library (opal), as used by (1) Ekiga before ...)
- opal 2.2.11~dfsg1-1 (low)
- [etch] - opal <no-dsa> (Minor issue; bug #454141)
+ [etch] - opal 2.2.3.dfsg-3+etch1 (bug #454141)
NOTE: will be fixed by regular stable update
CVE-2007-4923 (PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in ...)
NOT-FOR-US: Joomla extension
@@ -8152,8 +8146,8 @@
{DTSA-94-1}
- pwlib 1.10.10-1.1 (low; bug #454133)
- pwlib-titan 1.11.2-1.1 (low; bug #454139)
- [etch] - pwlib <no-dsa> (Minor issue)
- [sarge] - pwlib 1.8.4-1+sarge2
+ [etch] - pwlib 1.10.2-2+etch1
+ [sarge] - pwlib 1.8.4-1+sarge1.1
CVE-2007-4896 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Toms Gaestebuch
CVE-2007-4895 (Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 ...)
@@ -9204,7 +9198,6 @@
- apache <removed> (low)
- apache2 2.2.6-1 (bug #453783)
[sarge] - apache <no-dsa> (browser issue, low impact)
- [etch] - apache <no-dsa> (browser issue, low impact)
[sarge] - apache2 <no-dsa> (browser issue, low impact)
[etch] - apache2 2.2.3-4+etch4
NOTE: This is really a browser bug, see CVE-2006-5152. But still unfixed in MSIE.
@@ -9218,7 +9211,8 @@
NOT-FOR-US: Total Commander
CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to ...)
- po4a 0.31-1 (bug #439226)
- [etch] - po4a <no-dsa> (Minor issue)
+ [etch] - po4a 0.29-1etch1
+ [sarge] - po4a 0.20-2sarge1
CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote ...)
- nufw 2.2.4-1 (bug #439227)
[etch] - nufw <not-affected>
@@ -11989,7 +11983,6 @@
- apache2 2.2.4-2 (low)
[etch] - apache2 2.2.3-4+etch2
[sarge] - apache2 2.0.54-5sarge2 (low)
- [etch] - apache <no-dsa> (scheduled for next point release)
[etch] - apache 1.3.34-4.1+etch1
CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...)
- apache2 <unfixed> (unimportant)
@@ -23032,7 +23025,6 @@
[sarge] - apache2 2.0.54-5sarge2
[etch] - apache2 2.2.3-4+etch2
- apache <removed> (low)
- [etch] - apache <no-dsa> (scheduled for stable point release)
[etch] - apache 1.3.34-4.1+etch1
CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
{DSA-1233}
More information about the Secure-testing-commits
mailing list