[Secure-testing-commits] r6157 - data/CVE

jmm-guest Mon, 23 Jul 2007 17:24:04 -0700

Author: jmm-guest
Date: 2007-07-24 00:24:01 +0000 (Tue, 24 Jul 2007)
New Revision: 6157


Modified:
   data/CVE/list
Log:
track removals
libgd no-dsa
imager-perl non-issue
record gimp fix in sid


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-07-21 06:38:49 UTC (rev 6156)
+++ data/CVE/list       2007-07-24 00:24:01 UTC (rev 6157)
@@ -2319,7 +2319,7 @@
 CVE-2007-2850 (The Session Reliability Service (XTE) in Citrix MetaFrame 
Presentation ...)
        NOT-FOR-US: Citrix
 CVE-2007-2849 (KnowledgeTree Document Management (aka KnowledgeTree Open 
Source) ...)
-       - knowledgetree <unfixed> (bug #432123)
+       - knowledgetree <removed> (bug #432123)
 CVE-2007-2848 (Stack-based buffer overflow in the SetPath function in the 
shComboBox ...)
        NOT-FOR-US: Sky Software
 CVE-2007-2847 (Multiple cross-site scripting (XSS) vulnerabilities in 
hlstats.php in ...)
@@ -2548,7 +2548,11 @@
        NOT-FOR-US: Redoable
 CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted 
...)
        - libgd <unfixed> (bug #426099; low)
+       [etch] - libgd <no-dsa> (Minor issue)
+       [sarge] - libgd <no-dsa> (Minor issue)
        - libgd2 <unfixed> (bug #426100; low)
+       [etch] - libgd2 <no-dsa> (Minor issue)
+       [sarge] - libgd2 <no-dsa> (Minor issue)
        NOTE: http://bugs.libgd.org/?do=details&task_id=86
 CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...)
        NOT-FOR-US: PrecisionID
@@ -3187,8 +3191,8 @@
 CVE-2007-2460 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: FireFly
 CVE-2007-2459 (Buffer overflow in the read_4bit_bmp function in bmp.c in 
Imager 0.56 ...)
-       - libimager-perl 0.58-1 (medium; bug #421582)
-       NOTE: http://rt.cpan.org/Ticket/Display.html?id=26811
+       - libimager-perl 0.58-1 (unimportant; bug #421582)
+       NOTE: Only CVE-2007-2413 is exploitable per upstream
 CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria 
Gallery ...)
        NOT-FOR-US: Pixaria Gallery
 CVE-2007-2457 (PHP remote file inclusion vulnerability in ...)
@@ -5519,8 +5523,10 @@
        NOT-FOR-US: dproxy
 CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol 
in ...)
        - inkscape <unfixed> (medium)
+       TODO: File bug
 CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows 
...)
        - inkscape <unfixed> (low)
+       TODO: File bug
 CVE-2007-1462 (The luci server component in conga preserves the password 
between page ...)
        NOT-FOR-US: conga
 CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension 
in PHP ...)
@@ -10585,7 +10591,7 @@
 CVE-2006-6458 (The Trend Micro scan engine before 8.320 for Windows and before 
8.150 ...)
        NOT-FOR-US: Trend Micro (Windows)
 CVE-2006-6457 (tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other 
...)
-       - tikiwiki <unfixed> (bug #404472)
+       - tikiwiki <removed> (bug #404472)
        NOTE: Might be a mis-report, check with upstream
 CVE-2006-6456 (Unspecified vulnerability in Microsoft Word 2000, 2002, and 
2003 and ...)
        NOT-FOR-US: Microsoft Word
@@ -14850,7 +14856,8 @@
        NOT-FOR-US: Novell eDirectory
 CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP 
before ...)
        {DSA-1335-1}
-       TODO: check
+       - gimp 2.2.16-1 (medium)
+       NOTE: Security problems were fixed in 2.2.16, but only 2.2.17 fixes a 
PSD regression
 CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause 
a ...)
        NOT-FOR-US: Qbik WinGate
 CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause 
a ...)
@@ -18573,9 +18580,9 @@
 CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 
and ...)
        NOT-FOR-US: myNewsletter
 CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows 
remote ...)
-       - knowledgetree <unfixed> (bug #373137; low)
+       - knowledgetree <removed> (bug #373137; low)
 CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in 
KnowledgeTree ...)
-       - knowledgetree <unfixed> (bug #373137; low)
+       - knowledgetree <removed> (bug #373137; low)
 CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 
allows ...)
        NOT-FOR-US: Kmita
 CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita 
FAQ ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r6157 - data/CVE

Reply via email to