Author: stef-guest
Date: 2007-05-28 14:15:11 +0000 (Mon, 28 May 2007)
New Revision: 5940

Modified:
   data/CVE/list
Log:
fixed: libgems-ruby xulrunner pulseaudio linux-2.6
one asterisk issue is only in sid


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-05-26 12:11:31 UTC (rev 5939)
+++ data/CVE/list       2007-05-28 14:15:11 UTC (rev 5940)
@@ -739,8 +739,9 @@
        RESERVED
 CVE-2007-2452
        RESERVED
-CVE-2007-2451
+CVE-2007-2451 [linux geode-aes security issue]
        RESERVED
+       - linux-2.6 2.6.21-3
 CVE-2007-2450
        RESERVED
 CVE-2007-2449
@@ -1111,6 +1112,9 @@
        - asterisk 1:1.4.3~dfsg-1 (low)
 CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp 
function in ...)
        - asterisk 1:1.4.3~dfsg-1 (high)
+       [sarge] - asterisk <not-affected> (vulnerable code not present)
+       [etch] - asterisk <not-affected> (vulnerable code not present)
+       NOTE: only in 1.4.x
 CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication 
support for ...)
        - iceweasel (low)
        - firefox <removed> (low)
@@ -2196,7 +2200,7 @@
 CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 
and ...)
        NOT-FOR-US: debaser module for Xoops
 CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of 
service ...)
-       - pulseaudio <unfixed> (medium)
+       - pulseaudio 0.9.6-1 (medium)
 CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows 
remote ...)
        NOT-FOR-US: MailDwarf
 CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and 
earlier ...)
@@ -3975,7 +3979,7 @@
 CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the 
about: URI ...)
        - iceweasel <unfixed> (medium)
        - iceape <unfixed> (medium)
-       - xulrunner <unfixed> (bug #415919; bug #415944; bug #415945; medium)
+       - xulrunner 1.8.1.4-1 (bug #415919; bug #415944; bug #415945; medium)
        NOTE: according to a blog comment at 
http://www.gnucitizen.org/projects/hscan-redux/,
        NOTE: older mozillas are not vulnerable
        TODO: this should be checked
@@ -5813,7 +5817,7 @@
 CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 
9, and ...)
        NOT-FOR-US: Sun Solaris
 CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 
0.9.1 ...)
-       - libgems-ruby <unfixed> (low; bug #408299)
+       - libgems-ruby 0.9.3-1 (low; bug #408299)
 CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual 
C++ ...)
        NOT-FOR-US: Visual C++
 CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the 
admin ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to