Author: stef-guest
Date: 2007-07-10 18:55:31 +0000 (Tue, 10 Jul 2007)
New Revision: 6129

Modified:
   data/CVE/list
Log:
- fixed: php4, imagemagick
- new issues fixed: graphicsmagick, silc-toolkit, silc-client, moodle


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-07-10 17:30:39 UTC (rev 6128)
+++ data/CVE/list       2007-07-10 18:55:31 UTC (rev 6129)
@@ -1,3 +1,10 @@
+CVE-2007-XXXX [silc-toolkit several buffer overflows]
+       - silc-toolkit 1.1.2-1
+       NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2
+CVE-2007-XXXX [silc-client several buffer overflows]
+       - silc-client 1.1.2-1
+CVE-2007-XXXX [moodle several XSS]
+       - moodle 1.8.2-1 (bug #432264)
 CVE-2007-3514 (Cross-domain vulnerability in Apple Safari for Windows 3.0.2 
allows ...)
        NOT-FOR-US: Apple Safari
 CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the 
Linux ...)
@@ -3911,7 +3918,8 @@
 CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 
allows ...)
        NOT-FOR-US: IBM AIX
 CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow 
remote ...)
-       - imagemagick <unfixed> (medium)
+       - imagemagick 7:6.2.4.5.dfsg1-1 (medium)
+       - graphicsmagick 1.1.7-15 (medium)
 CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before 
1.3.2 ...)
        NOT-FOR-US: URLshrink
 CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute 
arbitrary ...)
@@ -4112,7 +4120,7 @@
        [sarge] - php4 <not-affected> (Vulnerable code not present)
        - php5 5.2.0-11 (medium)
 CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 
5.2.1 ...)
-       - php4 <unfixed> (unimportant)
+       - php4 6:4.4.6-2 (unimportant)
        - php5 <unfixed> (unimportant)
        NOTE: This is a regular bug, not a security problem
 CVE-2007-1716 (pam_console does not properly restore ownership for certain 
console ...)
@@ -4127,7 +4135,7 @@
        NOT-FOR-US: Active Auction Pro
 CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 
4.4.6 ...)
        {DSA-1283-1 DSA-1282-1}
-       - php4 <unfixed> (unimportant)
+       - php4 6:4.4.6-2 (unimportant)
        - php5 5.2.0-9 (unimportant)
        NOTE: register_globals not supported
 CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...)
@@ -4589,7 +4597,7 @@
 CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 
5.2.2, ...)
        {DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
        - php5 5.2.0-11 (medium)
-       - php4 <unfixed> (medium)
+       - php4 6:4.4.6-2 (medium)
 CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 
8.0 and ...)
        NOT-FOR-US: PHP-Nuke
 CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in 
PHP-Nuke ...)
@@ -6808,6 +6816,8 @@
        {DSA-1294-1}
        - xfree86 <removed> (bug #414046; medium)
        - libx11 2:1.0.3-7 (bug #414045; medium)
+       - graphicsmagick 1.1.7-14 (bug #417862; medium)
+       - imagemagick 7:6.2.4.5.dfsg1-1 (medium)
        NOTE: Discovered through CVE-2007-0770.
        NOTE: With certain mail user agents, this issue is likely exploitable
        NOTE: without much user interaction.


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to