[Secure-testing-commits] r8400 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Mon Mar 24 21:14:11 UTC 2008
Author: joeyh
Date: 2008-03-24 21:14:09 +0000 (Mon, 24 Mar 2008)
New Revision: 8400
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-03-24 20:41:07 UTC (rev 8399)
+++ data/CVE/list 2008-03-24 21:14:09 UTC (rev 8400)
@@ -2110,7 +2110,7 @@
NOT-FOR-US: Flinx
CVE-2008-0467 (Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before ...)
- firebird2 <removed>
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
- firebird2.0 2.0.3.12981.ds1-5 (medium; bug #463596)
CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor ...)
NOT-FOR-US: Web Wiz Rich Text Editor
@@ -2333,7 +2333,7 @@
- firebird2.0 2.0.3.12981.ds1-4 (bug #460048)
[lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1
- firebird2 <removed>
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
CVE-2008-0386 (Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to ...)
- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable code and uses sed secure)
NOTE: xdg-open-generic replaces the vulnerable code and runs view-mailcap or sensible-browser
@@ -2960,6 +2960,7 @@
CVE-2008-0125
RESERVED
CVE-2008-0124 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before ...)
+ {DSA-1528-1}
- serendipity 1.3~b1-1 (low; bug #469667)
CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle ...)
- moodle <unfixed> (unimportant)
@@ -4337,6 +4338,7 @@
{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
- linux-2.6 2.6.24-1
CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS sidebar ...)
+ {DSA-1528-1}
- serendipity 1.2.1-1 (low)
[etch] - serendipity <no-dsa> (Can only be exploited in rare conditions)
CVE-2007-6204 (Multiple stack-based buffer overflows in HP OpenView Network Node ...)
@@ -8978,27 +8980,27 @@
NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285 and a non-issue
CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before 2.0.2 ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before 2.0.2, when ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2) create ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...)
- php5 <unfixed> (unimportant)
@@ -10457,7 +10459,7 @@
NOT-FOR-US: Pony Gallery
CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and other ...)
- cupsys 1.2
- NOTE: Since 1.2 allocation has changed and this issue is no longer exploitable
+ NOTE: Since 1.2 allocation has changed and this issue is no longer exploitable
CVE-2007-4044
REJECTED
CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...)
@@ -10768,6 +10770,7 @@
{DSA-1369-1 DTSA-57-1}
- gforge 4.6.99+svn6086-1
CVE-2007-3912 (checkrestart in debian-goodies before 0.34 allows local users to gain ...)
+ {DSA-1527-1}
- debian-goodies 0.34 (bug #440411; medium)
CVE-2007-3911 (Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka ...)
NOT-FOR-US: BakBone NetVault Reporter
@@ -11675,7 +11678,7 @@
[sarge] - dar <no-dsa> (Minor issue)
CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users ...)
- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed>
CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier ...)
NOT-FOR-US: Buddy Zone
@@ -11891,22 +11894,22 @@
CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow remote ...)
- firebird1.5 <removed> (bug #432753)
- firebird2 <removed>
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA and ...)
- firebird1.5 <removed> (bug #432753)
- firebird2 <removed>
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects WNET, ...)
- firebird1.5 <removed> (bug #432753)
- firebird2 <removed>
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the ...)
- firebird1.5 <not-affected> (fixed before rename to firebird1.5)
- firebird2 1.5.3.4870-4 (low; bug #362001)
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
- firebird2.0 <not-affected> (fixed in 2.0)
[sarge] - firebird2 <no-dsa> (Minor issue)
CVE-2006-7210 (Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to ...)
@@ -12575,7 +12578,7 @@
NOT-FOR-US: Calendarix
CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows ...)
- firebird2.0 2.0.3.12981.ds1-1 (medium)
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed> (medium)
NOTE: maybe fixed prior to 2.0.3.12981.ds1-1 (2.0.1) but couldn't find any earlier source code
NOTE: in the pool to check and since this version is in testing and unstable...
@@ -13956,7 +13959,7 @@
NOT-FOR-US: LaVague
CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger ...)
- firebird2.0 2.0.3.12981.ds1-1 (low; bug #444976)
- [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
+ [etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
[sarge] - firebird2 <unfixed> (low)
NOTE: Minor issue, because conffile is restricted
CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ...)
More information about the Secure-testing-commits
mailing list