[Secure-testing-commits] r10059 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Sat Oct 11 09:14:13 UTC 2008 

Author: joeyh
Date: 2008-10-11 09:14:12 +0000 (Sat, 11 Oct 2008)
New Revision: 10059

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-11 06:29:05 UTC (rev 10058)
+++ data/CVE/list	2008-10-11 09:14:12 UTC (rev 10059)
@@ -3347,8 +3347,8 @@
 	NOTE: several DoS fixed in 1.2.4 according to upstream
 	NOTE: http://sourceforge.net/project/shownotes.php?release_id=610253
 	TODO: check imagemagick
-        NOTE: *magick don't really meet the robustness/quality criteria to treat such crashes as
-        NOTE: security issues
+	NOTE: *magick don't really meet the robustness/quality criteria to treat such crashes as
+	NOTE: security issues
 CVE-2008-3133 (SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, ...)
 	NOT-FOR-US: BareNuked CMS
 CVE-2008-3132 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...)
@@ -7271,10 +7271,10 @@
 	- udns <unfixed> (bug #493599)
 	- libnet-dns-perl 0.63-2 (low; bug #492700)
 	NOTE: Source port randomization from Lenny kernel should provide sufficient protection
-        NOTE: since this is just a Perl nodule for DNS queries and not a high-profile server app like
-        NOTE: Bind, it's unlikely that a home-grown fix will provide an implementation of higher
-        NOTE: cryptographical quality. Marking the version from Lenny as fixed, since Lenny includes
-        NOTE: a kernel which provides source port randomization
+	NOTE: since this is just a Perl nodule for DNS queries and not a high-profile server app like
+	NOTE: Bind, it's unlikely that a home-grown fix will provide an implementation of higher
+	NOTE: cryptographical quality. Marking the version from Lenny as fixed, since Lenny includes
+	NOTE: a kernel which provides source port randomization
 	- ruby1.9 1.9.0.2-6 (low)
 	NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying protocol issue, but
 	NOTE: already use source port randomization.
@@ -9502,7 +9502,7 @@
 	- openldap2 <not-affected> (slapd not built)
 CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)
 	- webcalendar 1.1.6-7 (bug #466935)
-        [lenny] - webcalendar <not-affected> (See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466935#37)
+	[lenny] - webcalendar <not-affected> (See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466935#37)
 CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake CMS ...)
 	NOT-FOR-US: Drake CMS
 CVE-2008-0664 (The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, ...)
@@ -20256,8 +20256,8 @@
 	NOT-FOR-US: Zen Help Desk
 CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote ...)
 	- galeon <unfixed> (unimportant; bug #429216)
-        NOTE: Hardly a problem, Galeon's rotting any way and doesn't offer up-to-date
-        NOTE: phishing protections anyway
+	NOTE: Hardly a problem, Galeon's rotting any way and doesn't offer up-to-date
+	NOTE: phishing protections anyway
 CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote ...)
 	- iceweasel <unfixed> (low)
 	[etch] - iceweasel <no-dsa> (Minor issue)
@@ -23539,9 +23539,9 @@
 	NOT-FOR-US: Microsoft
 CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs ...)
 	- iceweasel <unfixed> (unimportant; bug #445515)
-        NOTE: I don't believe this has relevant security impact, such a black list
-        NOTE: will register URLs found in the wild and the used adresses will be
-        NOTE: volatile anyway
+	NOTE: I don't believe this has relevant security impact, such a black list
+	NOTE: will register URLs found in the wild and the used adresses will be
+	NOTE: volatile anyway
 CVE-2007-1761
 	RESERVED
 CVE-2007-1760
@@ -23595,9 +23595,9 @@
 	NOT-FOR-US: Opera
 CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...)
 	- iceweasel <unfixed> (unimportant)
-        NOTE: I don't believe this has relevant security impact, such a black list
-        NOTE: will register URLs found in the wild and the used adresses will be
-        NOTE: volatile anyway
+	NOTE: I don't believe this has relevant security impact, such a black list
+	NOTE: will register URLs found in the wild and the used adresses will be
+	NOTE: volatile anyway
 CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 ...)
 	NOT-FOR-US: Corel WordPerfect
 CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in ...)
@@ -26279,7 +26279,7 @@
 	[sarge] - stlport5 <not-affected> (Vulnerable code not compiled in)
 CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...)
 	- iceweasel 2.0.0.16-1 (low)
-        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=367538
+	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=367538
 CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox ...)
 	- iceweasel 2.0.0.2+dfsg-1 (low)
 	- firefox <removed> (low)

More information about the Secure-testing-commits mailing list