date:20070805

[Secure-testing-commits] r6238 - data/CVE

2007-08-05 Thread white

Author: white
Date: 2007-08-05 09:38:37 + (Sun, 05 Aug 2007)
New Revision: 6238

Modified:
   data/CVE/list
Log:
* inkspace CVEs are fixed in testing and unstable

Modified: data/CVE/list
===
--- data/CVE/list   2007-08-04 17:20:25 UTC (rev 6237)
+++ data/CVE/list   2007-08-05 09:38:37 UTC (rev 6238)
@@ -6123,10 +6123,10 @@
 CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 
0.5 ...)
NOT-FOR-US: dproxy
 CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol 
in ...)
-   - inkscape unfixed (medium)
+   - inkscape 0.45.1-1 (medium)
TODO: File bug
 CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows 
...)
-   - inkscape unfixed (low)
+   - inkscape 0.45.1-1 (low)
TODO: File bug
 CVE-2007-1462 (The luci server component in conga preserves the password 
between page ...)
NOT-FOR-US: conga


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r6239 - data/CVE

2007-08-05 Thread white

Author: white
Date: 2007-08-05 12:19:41 + (Sun, 05 Aug 2007)
New Revision: 6239

Modified:
   data/CVE/list
Log:
* Add cupsys with debian bug to CVE-2007-3387

Modified: data/CVE/list
===
--- data/CVE/list   2007-08-05 09:38:37 UTC (rev 6238)
+++ data/CVE/list   2007-08-05 12:19:41 UTC (rev 6239)
@@ -1619,6 +1619,7 @@
- koffice unfixed
- pdftohtml removed
- tetex-bin 3.0-12
+   - cupsys unfixed (bug #436099)
NOTE: links to poppler since 3.0-12, thus marking as fixed
- pdfkit.framework 0.8-4
NOTE: links to poppler since 0.8-4, thus marking as fixed


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r6240 - data/DSA

2007-08-05 Thread jmm-guest

Author: jmm-guest
Date: 2007-08-05 19:07:41 + (Sun, 05 Aug 2007)
New Revision: 6240

Modified:
   data/DSA/list
Log:
- add the last DSAs (everyone is encouraged to add these, it's
 a straight-forward format)
- add a CVE for one issue fixed in the icefoo DSAs, which later
  got an additional CVE assigned


Modified: data/DSA/list
===
--- data/DSA/list   2007-08-05 12:19:41 UTC (rev 6239)
+++ data/DSA/list   2007-08-05 19:07:41 UTC (rev 6240)
@@ -1,3 +1,26 @@
+[04 Aug 2007] DSA-1348-1 poppler
+   {CVE-2007-3387}
+   [etch] - poppler 0.4.5-5.1etch1
+[04 Aug 2007] DSA-1347-1 xpdf
+   {CVE-2007-3387}
+   [etch] - xpdf 3.01-9etch1
+   [sarge] - xpdf 3.00-13.7
+[04 Aug 2007] DSA-1346-1 iceape
+   {CVE-2007-3844 CVE-2007-3845 CVE-2007-4041}
+   [etch] - iceape 1.0.10~pre070720-0etch3
+[04 Aug 2007] DSA-1345-1 xulrunner
+   {CVE-2007-3844 CVE-2007-3845 CVE-2007-4041}
+   [etch] - xulrunner 1.8.0.13~pre070720-0etch3
+[03 Aug 2007] DSA-1344-1 iceweasel
+   {CVE-2007-3844 CVE-2007-3845 CVE-2007-4041}
+   [etch] - iceweasel 2.0.0.6-0etch1
+[02 Aug 2007] DSA-1343-1 file
+   {CVE-2007-2799}
+   [sarge] - file 4.12-1sarge2
+   [etch] - file 4.17-5etch2
+[30 Jul 2007] DSA-1342-1 xfs
+   {CVE-2007-3103}
+   [etch] - xfs 1.0.1-6
 [25 Jul 2007] DSA-1341-2 bind9 - DNS cache poisoning vulnerability
{CVE-2007-2926}
[etch] - bind9 1:9.3.4-2etch1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r6241 - data/CVE

2007-08-05 Thread jmm-guest

Author: jmm-guest
Date: 2007-08-05 19:09:59 + (Sun, 05 Aug 2007)
New Revision: 6241

Modified:
   data/CVE/list
Log:
smbd regression in SuSE
another icefoo issue fixed
reported kernel issue isn't sufficiently attacker controllable to
  warrant calling it a security problem


Modified: data/CVE/list
===
--- data/CVE/list   2007-08-05 19:07:41 UTC (rev 6240)
+++ data/CVE/list   2007-08-05 19:09:59 UTC (rev 6241)
@@ -155,13 +155,13 @@
 CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote 
attackers ...)
TODO: check
 CVE-2007-4044 (Incomplete blacklist vulnerability in the MS-RPC functionality 
in smbd ...)
-   TODO: check
+   NOTE: I've contacted SuSE: It's a functional regression in SuSE, not a 
security problem
 CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network 
Security ...)
NOT-FOR-US: Secure Computing SecurityReporter
 CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape 
Navigator 9 ...)
-   TODO: check
+   NOT-FOR-US: Netscape Navigator
 CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 
2.0.0.5 ...)
-   TODO: check
+   - iceweasel 2.0.0.6-1
 CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook 
and ...)
NOT-FOR-US: Micrsoft Outlook
 CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when 
certain URIs ...)
@@ -2307,7 +2307,8 @@
 CVE-2007-3108
RESERVED
 CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when 
run on ...)
-   - linux-2.6 unfixed
+   - linux-2.6 unfixed (unimportant)
+   NOTE: Not reproducibly reliably by an attacker, mostly a bug
 CVE-2007-3106 (libvorbis 1.1.2, and possibly other versions before 1.2.0, 
allows ...)
TODO: check
 CVE-2007-3105 (Stack-based buffer overflow in the random number generator 
(RNG) ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r6242 - data/CVE

2007-08-05 Thread jmm-guest

Author: jmm-guest
Date: 2007-08-05 19:13:30 + (Sun, 05 Aug 2007)
New Revision: 6242

Modified:
   data/CVE/list
Log:
more xpdf status updates


Modified: data/CVE/list
===
--- data/CVE/list   2007-08-05 19:09:59 UTC (rev 6241)
+++ data/CVE/list   2007-08-05 19:13:30 UTC (rev 6242)
@@ -1619,11 +1619,13 @@
- koffice unfixed
- pdftohtml removed
- tetex-bin 3.0-12
-   - cupsys unfixed (bug #436099)
-   NOTE: links to poppler since 3.0-12, thus marking as fixed
+   NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
+   - cupsys unfixed (unimportant; bug #436099)
+   NOTE: cups uses xpdf-utils
- pdfkit.framework 0.8-4
NOTE: links to poppler since 0.8-4, thus marking as fixed
-   TODO: check libextractor/sarge (uses internal pdf decoder since 
0.5.12-1)
+   - libextractor 0.5.12-1
+   NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus 
marking as fixed
TODO: check ipe (only small parts, but with renamed source files: 
ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp)
 CVE-2007-3386
RESERVED


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r6243 - data/CVE

2007-08-05 Thread joeyh

Author: joeyh
Date: 2007-08-05 21:14:09 + (Sun, 05 Aug 2007)
New Revision: 6243

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2007-08-05 19:13:30 UTC (rev 6242)
+++ data/CVE/list   2007-08-05 21:14:09 UTC (rev 6243)
@@ -161,6 +161,7 @@
 CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape 
Navigator 9 ...)
NOT-FOR-US: Netscape Navigator
 CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 
2.0.0.5 ...)
+   {DSA-1346-1 DSA-1345-1 DSA-1344-1}
- iceweasel 2.0.0.6-1
 CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook 
and ...)
NOT-FOR-US: Micrsoft Outlook
@@ -566,12 +567,14 @@
RESERVED
 CVE-2007-3845 [firefox external URI handler escaping vulnerability]
RESERVED
+   {DSA-1346-1 DSA-1345-1 DSA-1344-1}
- iceweasel 2.0.0.6-1 (medium)
- xulrunner 1.8.1.6-1 (medium)
- iceape 1.1.3-2 (medium)
- icedove unfixed (medium)
 CVE-2007-3844 [firefox about:blank regression]
RESERVED
+   {DSA-1346-1 DSA-1345-1 DSA-1344-1}
- iceweasel 2.0.0.6-1 (medium)
- xulrunner 1.8.1.6-1 (medium)
- iceape 1.1.3-2 (medium)
@@ -1612,6 +1615,7 @@
- qt4-x11 4.3.0-5
NOTE: there is some dissagreement whether qt4 is affected
 CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor 
function in ...)
+   {DSA-1348-1 DSA-1347-1}
- poppler unfixed (bug #435460)
- gpdf removed
- xpdf unfixed (bug #435462)
@@ -2318,6 +2322,7 @@
 CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat 
Enterprise ...)
- linux-2.6 unfixed
 CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat 
...)
+   {DSA-1342-1}
- xfs 1:1.0.4-2
 CVE-2007-3102
RESERVED
@@ -3020,6 +3025,7 @@
 CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote 
attackers to ...)
NOT-FOR-US: eTicket
 CVE-2007-2799 (Integer overflow in the quot;filequot; program 4.20, when 
running on 32-bit ...)
+   {DSA-1343-1}
- file 4.21-1 (medium)
 CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc 
function in ...)
{DSA-1323-1}


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r6238 - data/CVE

[Secure-testing-commits] r6239 - data/CVE

[Secure-testing-commits] r6240 - data/DSA

[Secure-testing-commits] r6241 - data/CVE

[Secure-testing-commits] r6242 - data/CVE

[Secure-testing-commits] r6243 - data/CVE

6 matches

Site Navigation

Mail list logo

Footer information