Author: jmm-guest
Date: 2007-02-10 01:32:46 +0100 (Sat, 10 Feb 2007)
New Revision: 5433
Modified:
data/CVE/list
Log:
two new bugzilla issues
dazuko DoS doesn't affect sarge
rewrite phpbb tweaked entry to treat addon packages as NFU, it slightly clutters
the package overview
hinfo no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-09 22:05:48 UTC (rev 5432)
+++ data/CVE/list 2007-02-10 00:32:46 UTC (rev 5433)
@@ -130,9 +130,10 @@
CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in
...)
NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not
set the ...)
- TODO: check
+ - bugzilla <not-affected> (Only development version 2.23.3 is affected)
CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in
Bugzilla ...)
- TODO: check
+ - bugzilla <unfixed> (bug #409824; medium)
+ [sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote
FTP ...)
NOT-FOR-US: SmartFTP
CVE-2007-0789 (SQL injection vulnerability in Mambo before 4.5.5 allows remote
...)
@@ -400,8 +401,7 @@
CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote
attackers to ...)
NOT-FOR-US: ExtCalendar
CVE-2007-0680 (PHP remote file inclusion vulnerability in
includes/functions.php in ...)
- - phpbb2 <not-affected>
- NOTE: Phpbb Tweaked it is a module to phpbb.
+ NOT-FOR-US: Phpbb Tweaked it is a module to phpbb
CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php
in ...)
NOT-FOR-US: PHPMyRing
CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp
Hosting ...)
@@ -871,7 +871,8 @@
CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php
in ...)
- bbclone 0.4.6-8 (bug #408839; medium)
CVE-2007-XXXX [hinfo code injection]
- - hinfo 1.02-3.1 (bug #402316)
+ - hinfo 1.02-3.1 (bug #402316; low)
+ [sarge] - hinfo (Package completely broken, hardly usable for an attack)
CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3,
9.4.0a1 ...)
{DSA-1254-1}
- bind9 1:9.3.4-2 (medium; bug #408432)
@@ -908,6 +909,7 @@
NOT-FOR-US: Apple
CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module
before ...)
- dazuko-source <unfixed> (bug #408300)
+ [sarge] - dazuko-source <not-affected> (Vulnerable code not present)
CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to
10.1, and ...)
- ulogd 1.23-6 (medium)
CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly
Ethereal) ...)
@@ -18143,7 +18145,7 @@
- xlockmore 1:5.13-2.1 (bug #309760)
CVE-2006-0061 [xlock segfaults when using libpam-opensc]
RESERVED
- - xlockmore 1:5.22-1.2 (bug #318123; bug #399003; high)
+ - xlockmore 1:5.22-1.2 (bug #318123; bug #399003; low)
CVE-2006-0060
RESERVED
CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over
TCP (RFC ...)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
