Author: jmm-guest
Date: 2007-06-28 20:37:50 +0000 (Thu, 28 Jun 2007)
New Revision: 6071
Modified:
data/CVE/list
Log:
another php non-issue
no-dsas
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-06-27 23:30:04 UTC (rev 6070)
+++ data/CVE/list 2007-06-28 20:37:50 UTC (rev 6071)
@@ -142,8 +142,10 @@
RESERVED
CVE-2007-3379
RESERVED
-CVE-2007-3378
+CVE-2007-3378 [php htaccess safe_mode basedir_bypasses]
RESERVED
+ - php4 <unfixed> (unimportant)
+ - php5 <unfixed> (unimportant)
CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates
...)
TODO: check
CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows
...)
@@ -291,7 +293,6 @@
TODO: check
CVE-2007-4168
REJECTED
- TODO: check
CVE-2007-3322 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and
earlier SIP ...)
NOT-FOR-US: Avaya IP Phone
CVE-2007-3321 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and
earlier SIP ...)
@@ -540,6 +541,7 @@
CVE-2007-3209 (Mail Notification 4.0, when WITH_SSL is set to 0 at compile
time, uses ...)
- mail-notification <unfixed> (low; bug #428157)
[sarge] - mail-notification <not-affected> (Only affects 3.x and 4.x)
+ [etch] - mail-notification <no-dsa> (Minor issue, needs proper
documentation in errata)
CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board
(YaBB) 2.1 ...)
NOT-FOR-US: YaBB
CVE-2007-3207 (Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell
NetWare ...)
@@ -3180,6 +3182,8 @@
NOTE: Commit r3021 looks as if it's just a null pointer dereference.
CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote
attackers to ...)
- freeradius <unfixed> (low)
+ [sarge] - freeradius <no-dsa> (Minor issue)
+ [etch] - freeradius <no-dsa> (Minor issue)
CVE-2007-2027 (Untrusted search path vulnerability in the
add_filename_to_string ...)
- elinks 0.11.1-1.4 (bug #417789; low)
[sarge] - elinks <no-dsa> (Hardly exploitable)
@@ -3551,8 +3555,8 @@
CVE-2007-1863
RESERVED
CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4
does not ...)
- - apache2 <not-affected> (low)
- NOTE: this is actually only vulnerable in Apache 2.2.4
+ - apache2 <not-affected> (Only Apache 2.2.4 was affected)
+ TODO: Check, that no 2.2.4 version is uploaded w/o a fix and remove me
once 2.2.5 is in the archive
CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux
Kernel ...)
{DSA-1289-1}
- linux-2.6 2.6.21-1
@@ -15847,8 +15851,7 @@
[sarge] - armagetron <no-dsa> (Minor game DoS)
[etch] - armagetron <no-dsa> (Minor game DoS)
CVE-2006-3672 (KDE Konqueror 3.5.1 and earlier allows remote attackers to
cause a ...)
- - kdelibs 4:3.5.4-1 (bug #378962; low)
- [sarge] - kdelibs <not-affected> (Doesn't trigger a crash on Sarge)
+ - kdelibs 4:3.5.4-1 (bug #378962; unimportant)
CVE-2006-3671 (Cross-site request forgery (CSRF) vulnerability in the
communicate ...)
{DTSA-31-1}
- hyperestraier 1.3.3-1 (bug #379060; low)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
