[Secure-testing-commits] r7764 - data/CVE
Author: stef-guest Date: 2007-12-30 10:19:21 + (Sun, 30 Dec 2007) New Revision: 7764 Modified: data/CVE/list Log: dovecot fixed Modified: data/CVE/list === --- data/CVE/list 2007-12-29 23:29:12 UTC (rev 7763) +++ data/CVE/list 2007-12-30 10:19:21 UTC (rev 7764) @@ -1,9 +1,9 @@ CVE-2007- [dovecot LDAP infinite loop] - - dovecot unfixed (unimportant) + - dovecot 1:1.0.10-1 (unimportant) NOTE: Can only be triggered by an attacker being able to disconnect, NOTE: not by normal users, fixed in 1.0.10 CVE-2007- [uidlist crash] - - dovecot unfixed (unimportant) + - dovecot 1:1.0.10-1 (unimportant) NOTE: Only terminates a single connection, no security impact, fixed in 1.0.10 CVE-2007- [mongrel remote arbitrary file disclosure] - mongrel 1.1.3-1 (medium) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7764 failed
The error message was: data/packages/etch__main_mipsel_Packages:133270: expected package field Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7765 - data/CVE
Author: thijs Date: 2007-12-30 10:46:36 + (Sun, 30 Dec 2007) New Revision: 7765 Modified: data/CVE/list Log: dovecot ldap+auth cache issue, very specific configuration required Modified: data/CVE/list === --- data/CVE/list 2007-12-30 10:19:21 UTC (rev 7764) +++ data/CVE/list 2007-12-30 10:46:36 UTC (rev 7765) @@ -1,3 +1,9 @@ +CVE-2007- [dovecot LDAP auth may authenticate as wrong user] + - dovecot 1:1.0.10-1 (low; bug #458315) + [sarge] - dovecot not-affected (Vulnerable code not present) + NOTE: http://dovecot.org/list/dovecot-news/2007-December/57.html + NOTE: low, because issue is only with quite rare configurations + NOTE: CVE id requested CVE-2007- [dovecot LDAP infinite loop] - dovecot 1:1.0.10-1 (unimportant) NOTE: Can only be triggered by an attacker being able to disconnect, ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7765 failed
The error message was: data/packages/etch__main_mipsel_Packages:133270: expected package field Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7766 - data/CVE
Author: stef-guest Date: 2007-12-30 11:00:04 + (Sun, 30 Dec 2007) New Revision: 7766 Modified: data/CVE/list Log: new vlc issues Modified: data/CVE/list === --- data/CVE/list 2007-12-30 10:46:36 UTC (rev 7765) +++ data/CVE/list 2007-12-30 11:00:04 UTC (rev 7766) @@ -1,3 +1,12 @@ +CVE-2007- [vlc mozilla plugin arbitrary file overwrite vulnerability] + - vlc unfixed (high; bug filed) + NOTE: see https://trac.videolan.org/vlc/ticket/1371 +CVE-2007- [vlc format string vulnerability in built-in web-server] + - vlc unfixed + NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded +CVE-2007- [vlc buffer overflow in subtitle handling] + - vlc unfixed (low) + NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded CVE-2007- [dovecot LDAP auth may authenticate as wrong user] - dovecot 1:1.0.10-1 (low; bug #458315) [sarge] - dovecot not-affected (Vulnerable code not present) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7766 failed
The error message was: data/packages/etch__main_mipsel_Packages:133270: expected package field Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7767 - data/CVE
Author: stef-guest Date: 2007-12-30 11:53:06 + (Sun, 30 Dec 2007) New Revision: 7767 Modified: data/CVE/list Log: bugnum Modified: data/CVE/list === --- data/CVE/list 2007-12-30 11:00:04 UTC (rev 7766) +++ data/CVE/list 2007-12-30 11:53:06 UTC (rev 7767) @@ -1,11 +1,11 @@ CVE-2007- [vlc mozilla plugin arbitrary file overwrite vulnerability] - - vlc unfixed (high; bug filed) + - vlc unfixed (high; bug #458318) NOTE: see https://trac.videolan.org/vlc/ticket/1371 CVE-2007- [vlc format string vulnerability in built-in web-server] - - vlc unfixed + - vlc unfixed (bug #458318) NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded CVE-2007- [vlc buffer overflow in subtitle handling] - - vlc unfixed (low) + - vlc unfixed (low; bug #458318) NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded CVE-2007- [dovecot LDAP auth may authenticate as wrong user] - dovecot 1:1.0.10-1 (low; bug #458315) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7767 failed
The error message was: data/packages/etch__main_mipsel_Packages:133270: expected package field Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7768 - data
Author: nion Date: 2007-12-30 15:38:26 + (Sun, 30 Dec 2007) New Revision: 7768 Modified: data/spu-candidates.txt Log: notified all maintainers for possible security updates for stable Modified: data/spu-candidates.txt === --- data/spu-candidates.txt 2007-12-30 11:53:06 UTC (rev 7767) +++ data/spu-candidates.txt 2007-12-30 15:38:26 UTC (rev 7768) @@ -7,41 +7,51 @@ audacity (CVE-2007-6061) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453283 +notified maintainer -- blam (CVE-2005-4791) +notified maintainer -- linux-ftpd-ssl (CVE-2007-6263) #454733 +notified maintainer -- python2.4, python2.5 (CVE-2007-4965) http://bugs.python.org/issue1179 +notified maintainer -- slocate (CVE-2007-0227) #411937 +notified maintainer -- sing (CVE-2007-6211) #454167 +notified maintainer -- tomboy (CVE-2005-4790) +notified maintainer -- vobcopy (CVE-2007-5718) bug #448319 +notified maintainer -- zsh (CVE-2007-6209) bug #454073) +notified maintainer + ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7769 - data/CVE
Author: luk Date: 2007-12-30 18:08:37 + (Sun, 30 Dec 2007) New Revision: 7769 Modified: data/CVE/list Log: unrar-nonfree fixed in (oldstable-)proposed-updates Modified: data/CVE/list === --- data/CVE/list 2007-12-30 15:38:26 UTC (rev 7768) +++ data/CVE/list 2007-12-30 18:08:37 UTC (rev 7769) @@ -14962,8 +14962,8 @@ [sarge] - rar no-dsa (Non-free) [etch] - rar no-dsa (Non-free) - unrar-nonfree 1:3.7.3-1 (high; bug #410580) - [sarge] - unrar-nonfree no-dsa (Non-free) - [etch] - unrar-nonfree no-dsa (Non-free) + [sarge] - unrar-nonfree 1:3.5.2-0.2 + [etch] - unrar-nonfree 1:3.5.4-1.1 NOTE: amavid-new automatically uses rar -p- or unrar -p-, NOTE: which probably turns this into remote code execution NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7770 - data/CVE
Author: nion Date: 2007-12-30 19:36:55 + (Sun, 30 Dec 2007) New Revision: 7770 Modified: data/CVE/list Log: new issue: mantis, cve id pending Modified: data/CVE/list === --- data/CVE/list 2007-12-30 18:08:37 UTC (rev 7769) +++ data/CVE/list 2007-12-30 19:36:55 UTC (rev 7770) @@ -1,3 +1,5 @@ +CVE-2007- [XSS via file upload in mantis] + - mantis unfixed (low; bug #458377) CVE-2007- [vlc mozilla plugin arbitrary file overwrite vulnerability] - vlc unfixed (high; bug #458318) NOTE: see https://trac.videolan.org/vlc/ticket/1371 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7771 - data/CVE
Author: luk Date: 2007-12-30 23:05:30 + (Sun, 30 Dec 2007) New Revision: 7771 Modified: data/CVE/list Log: madwifi fixed in proposed-updates Modified: data/CVE/list === --- data/CVE/list 2007-12-30 19:36:55 UTC (rev 7770) +++ data/CVE/list 2007-12-30 23:05:30 UTC (rev 7771) @@ -3361,7 +3361,7 @@ NOT-FOR-US: Softbiz Recipes Portal Script CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial ...) - madwifi 1:0.9.3.2-2 (medium; bug #446824) - [etch] - madwifi no-dsa (Non-free not supported) + [etch] - madwifi 1:0.9.2+r1842.20061207-2etch2 NOTE: this results in a kernel panic CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP ...) NOT-FOR-US: ionCube ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7772 - data/CVE
Author: luk
Date: 2007-12-30 23:18:26 + (Sun, 30 Dec 2007)
New Revision: 7772
Modified:
data/CVE/list
Log:
rar was fixed before the release of etch
Modified: data/CVE/list
===
--- data/CVE/list 2007-12-30 23:05:30 UTC (rev 7771)
+++ data/CVE/list 2007-12-30 23:18:26 UTC (rev 7772)
@@ -7695,7 +7695,7 @@
[etch] - unrar-nonfree no-dsa (Non-free not supported)
[sarge] - unrar-nonfree no-dsa (Non-free not supported)
- rar 3.7b1-1 (low; bug #437704)
- [etch] - rar no-dsa (Non-free not supported)
+ [etch] - rar not-affected (Vulnerable code was fixed already)
[sarge] - rar no-dsa (Non-free not supported)
CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91
allows ...)
{DSA-1340-1 DTSA-43-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7773 - data/CVE
Author: stef-guest
Date: 2007-12-31 00:10:55 + (Mon, 31 Dec 2007)
New Revision: 7773
Modified:
data/CVE/list
Log:
new apache XSS
Modified: data/CVE/list
===
--- data/CVE/list 2007-12-30 23:18:26 UTC (rev 7772)
+++ data/CVE/list 2007-12-31 00:10:55 UTC (rev 7773)
@@ -429,8 +429,10 @@
CVE-2007-6389 (The notify feature in GNOME screensaver (gnome-screensaver)
2.20.0 ...)
- gnome-screensaver unfixed (low; bug #455484)
[etch] - gnome-screensaver no-dsa (Minor issue)
-CVE-2007-6388
+CVE-2007-6388 [apache mod_status XSS via refresh parameter]
RESERVED
+ - apache unfixed (low)
+ - apache2 unfixed (low)
CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local
users ...)
{DSA-1437-1}
- cupsys 1.3.5-1 (low; bug #456960)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] www.prestocash.com.ar
Please see this site in Subject ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
