[Git][security-tracker-team/security-tracker][master] Reassociate some ancient CVEs with 3proxy with itp bug (#718219)

Salvatore Bonaccorso carnil at debian.org
Fri Aug 2 21:57:59 BST 2019



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b5bb0ee by Salvatore Bonaccorso at 2019-08-02T20:57:28Z
Reassociate some ancient CVEs with 3proxy with itp bug (#718219)

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -325325,7 +325325,7 @@ CVE-2003-1430 (Directory traversal vulnerability in Unreal Tournament Server 436
 CVE-2003-1429 (Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to ex ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2007-5622 (Double free vulnerability in the ftpprchild function in ftppr in 3prox ...)
-	NOT-FOR-US: 3proxy
+	- 3proxy <itp> (bug #718219)
 CVE-2007-5621 (Multiple cross-site scripting (XSS) vulnerabilities in the Token modul ...)
 	NOT-FOR-US: Token Drupal
 	NOTE: Token is not included in the drupal packages
@@ -334526,7 +334526,7 @@ CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS)
 CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded F ...)
 	NOT-FOR-US: Cisco
 CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, an ...)
-	NOT-FOR-US: 3proxy
+	- 3proxy <itp> (bug #718219)
 CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might a ...)
 	- lha 1.14i-10.2 (bug #437621; low)
 	[sarge] - lha <no-dsa> (Non-free not supported)
@@ -338059,9 +338059,9 @@ CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in ImUti
 	NOTE: With certain mail user agents, this issue is likely exploitable
 	NOTE: without much user interaction.
 CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic au ...)
-	NOT-FOR-US: 3proxy
+	- 3proxy <itp> (bug #718219)
 CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows  ...)
-	NOT-FOR-US: 3proxy
+	- 3proxy <itp> (bug #718219)
 CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a  ...)
 	- amarok 1.4.4-4 (bug #410850; unimportant)
 	NOTE: This could only be exploited through the Magnatune shop



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b5bb0ee17c95b023adbd83c7c53a964925f21d1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9b5bb0ee17c95b023adbd83c7c53a964925f21d1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190802/887544e1/attachment.html>


More information about the debian-security-tracker-commits mailing list