Author: jmm-guest
Date: 2007-04-08 20:47:19 +0000 (Sun, 08 Apr 2007)
New Revision: 5634
Modified:
data/CVE/list
Log:
sql-ledger documented as insecure
horde3 fixed
libwpd fixed
new kernel issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-04-06 11:11:29 UTC (rev 5633)
+++ data/CVE/list 2007-04-08 20:47:19 UTC (rev 5634)
@@ -685,9 +685,13 @@
CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960
running ...)
NOT-FOR-US: Cisco
CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27
only ...)
- - sql-ledger <unfixed> (bug #409703)
+ - sql-ledger <unfixed> (unimportant, bug #409703)
+ NOTE: It's documented behaviour that SQL-Ledger should only be run in an
+ NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1540 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27
and ...)
- - sql-ledger <unfixed> (bug #409703)
+ - sql-ledger <unfixed> (unimportant, bug #409703)
+ NOTE: It's documented behaviour that SQL-Ledger should only be run in an
+ NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in
pragmaMX ...)
NOT-FOR-US: pragmaMX Landkarten
CVE-2007-1538 (** DISPUTED ** ...)
@@ -843,9 +847,9 @@
CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ...)
- php4 <unfixed> (low)
CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in
Horde ...)
- - horde3 <unfixed> (medium)
+ - horde3 3.1.3-4 (medium)
CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in
framework/NLS/NLS.php in ...)
- - horde3 <unfixed> (medium)
+ - horde3 <unfixed> (low)
CVE-2007-1472 (Variable overwrite vulnerability in
groupit/base/groupit.start.inc in ...)
NOT-FOR-US: Groupit
CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to
bypass ...)
@@ -860,6 +864,7 @@
NOT-FOR-US: Cisco Secure Access Control Server
CVE-2007-1466 (Integer overflow in the the WP6GeneralTextPacket::_readContents
...)
- libwpd 0.8.9-1 (medium)
+ [etch] - libwpd 0.8.7-6
CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through
0.5 ...)
NOT-FOR-US: dproxy
CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol
in ...)
@@ -943,9 +948,13 @@
CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers
to cause ...)
NOT-FOR-US: Avant Browser
CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and
SQL-Ledger ...)
- - sql-ledger <unfixed> (bug #409703)
+ - sql-ledger <unfixed> (unimportant, bug #409703)
+ NOTE: It's documented behaviour that SQL-Ledger should only be run in an
+ NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before
2.6.26 and ...)
- - sql-ledger <unfixed> (bug #409703)
+ - sql-ledger <unfixed> (unimportant, bug #409703)
+ NOTE: It's documented behaviour that SQL-Ledger should only be run in an
+ NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote
attackers to ...)
NOT-FOR-US: D-Link TFTP Server
CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and
possibly ...)
@@ -1111,8 +1120,9 @@
- libapache-mod-security <removed>
CVE-2007-1358
RESERVED
-CVE-2007-1357
+CVE-2007-1357 [linux kernel appletalk remote DoS]
RESERVED
+ - linux-2.6 2.6.20-1
CVE-2007-1356
RESERVED
CVE-2007-1355
@@ -5355,6 +5365,7 @@
NOTE: openoffice.org changelog indicates libwpd is included but not used
- openoffice.org 2.0.4.dfsg.2-6
[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
+ [etch] - libwpd 0.8.7-6
CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl
-w) in ...)
- linux-2.6 <unfixed>
CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control
(ole32.dll) in ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
