[Secure-testing-commits] r8399 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Mon Mar 24 20:41:08 UTC 2008
Author: jmm-guest
Date: 2008-03-24 20:41:07 +0000 (Mon, 24 Mar 2008)
New Revision: 8399
Modified:
data/CVE/list
Log:
firebird special case DSA
some bug nums
one older cups no longer exploitable since 1.2
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-03-24 18:29:08 UTC (rev 8398)
+++ data/CVE/list 2008-03-24 20:41:07 UTC (rev 8399)
@@ -2110,6 +2110,7 @@
NOT-FOR-US: Flinx
CVE-2008-0467 (Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before ...)
- firebird2 <removed>
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
- firebird2.0 2.0.3.12981.ds1-5 (medium; bug #463596)
CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor ...)
NOT-FOR-US: Web Wiz Rich Text Editor
@@ -2332,7 +2333,7 @@
- firebird2.0 2.0.3.12981.ds1-4 (bug #460048)
[lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1
- firebird2 <removed>
- NOTE: firebird2 in etch is vulnerable
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
CVE-2008-0386 (Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to ...)
- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable code and uses sed secure)
NOTE: xdg-open-generic replaces the vulnerable code and runs view-mailcap or sensible-browser
@@ -4695,7 +4696,7 @@
CVE-2007-6040 (The Belkin F5D7230-4 Wireless G Router allows remote attackers to ...)
NOT-FOR-US: Belkin F5D7230-4 Wireless G Router
CVE-2007-6039 (PHP 5.2.5 and earlier allows context-dependent attackers to cause a ...)
- - php5 <unfixed> (unimportant; bug #453295)
+ - php5 <unfixed> (unimportant; bug #453295; bug #453295)
NOTE: Not a vulnerability per Debian PHP security policy, requires malicious
NOTE: script to trigger this issue
CVE-2007-6077 (The session fixation protection mechanism in cgi_process.rb in Rails ...)
@@ -8977,27 +8978,27 @@
NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285 and a non-issue
CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
- [etch] - firebird2 <unfixed>
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
- [etch] - firebird2 <unfixed>
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before 2.0.2 ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
- [etch] - firebird2 <unfixed>
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before 2.0.2, when ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
- [etch] - firebird2 <unfixed>
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
- [etch] - firebird2 <unfixed>
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2) create ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
- [etch] - firebird2 <unfixed>
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...)
- php5 <unfixed> (unimportant)
@@ -10455,7 +10456,8 @@
CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery ...)
NOT-FOR-US: Pony Gallery
CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and other ...)
- - cupsys <not-affected> (SuSE-specific regression)
+ - cupsys 1.2
+ NOTE: Since 1.2 allocation has changed and this issue is no longer exploitable
CVE-2007-4044
REJECTED
CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...)
@@ -10493,7 +10495,7 @@
RESERVED
CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...)
{DSA-1471-1}
- - libvorbis 1.2.0.dfsg-1 (medium)
+ - libvorbis 1.2.0.dfsg-1 (medium; bug #437916)
NOTE: svn revisions fixing this https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell 4.01.02 ...)
NOT-FOR-US: WebSPELL
@@ -11673,7 +11675,7 @@
[sarge] - dar <no-dsa> (Minor issue)
CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
- [etch] - firebird2 <unfixed>
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier ...)
NOT-FOR-US: Buddy Zone
@@ -11889,18 +11891,22 @@
CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow remote ...)
- firebird1.5 <removed> (bug #432753)
- firebird2 <removed>
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA and ...)
- firebird1.5 <removed> (bug #432753)
- firebird2 <removed>
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects WNET, ...)
- firebird1.5 <removed> (bug #432753)
- firebird2 <removed>
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the ...)
- firebird1.5 <not-affected> (fixed before rename to firebird1.5)
- firebird2 1.5.3.4870-4 (low; bug #362001)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
- firebird2.0 <not-affected> (fixed in 2.0)
[sarge] - firebird2 <no-dsa> (Minor issue)
CVE-2006-7210 (Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to ...)
@@ -12569,7 +12575,7 @@
NOT-FOR-US: Calendarix
CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows ...)
- firebird2.0 2.0.3.12981.ds1-1 (medium)
- [etch] - firebird2 <unfixed> (medium)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed> (medium)
NOTE: maybe fixed prior to 2.0.3.12981.ds1-1 (2.0.1) but couldn't find any earlier source code
NOTE: in the pool to check and since this version is in testing and unstable...
@@ -12763,7 +12769,7 @@
NOT-FOR-US: Microsoft FrontPage
CVE-2007-3108 (The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL ...)
- openssl 0.9.8e-6 (bug #438142; low)
- - openssl097 <removed>
+ - openssl097 <removed> (bug #438180)
[sarge] - openssl <no-dsa> (Not exploitable in a real-world scenario)
[etch] - openssl <no-dsa> (Not exploitable in a real-world scenario)
[etch] - openssl097 <no-dsa> (Not exploitable in a real-world scenario)
@@ -13613,7 +13619,7 @@
CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 ...)
NOT-FOR-US: Redoable
CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted ...)
- - libgd2 2.0.35.dfsg-1 (bug #426100; low)
+ - libgd2 2.0.35.dfsg-1 (bug #426100; bug #426099; low)
[etch] - libgd <no-dsa> (Minor issue)
[sarge] - libgd <no-dsa> (Minor issue)
[etch] - libgd2 <no-dsa> (Minor issue)
@@ -13950,7 +13956,7 @@
NOT-FOR-US: LaVague
CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger ...)
- firebird2.0 2.0.3.12981.ds1-1 (low; bug #444976)
- [etch] - firebird2 <unfixed> (low)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed> (low)
NOTE: Minor issue, because conffile is restricted
CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ...)
@@ -17288,7 +17294,7 @@
- kdepim <unfixed> (unimportant)
NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1264 (Enigmail 0.94.2 and earlier does not properly use the --status-fd ...)
- - enigmail <unfixed> (unimportant)
+ - enigmail <unfixed> (unimportant; bug #415225)
NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1263 (GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the ...)
{DSA-1266-1}
More information about the Secure-testing-commits
mailing list