Author: stef-guest
Date: 2007-07-24 20:50:12 +0000 (Tue, 24 Jul 2007)
New Revision: 6165
Modified:
data/CVE/list
Log:
old matrixssl issues already fixed
new flashplugin-nonfree issues already fixed
new unicon-imc2 issue
new minor php pear issue
new minor tomcat issue
new linux issue
some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-07-24 20:22:12 UTC (rev 6164)
+++ data/CVE/list 2007-07-24 20:50:12 UTC (rev 6165)
@@ -767,9 +767,9 @@
CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2)
password ...)
TODO: check
CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding,
which ...)
- TODO: check
+ - matrixssl 1.1-1
CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an
indefinitely ...)
- TODO: check
+ - matrixssl 1.1-1
CVE-1999-1591 (Microsoft Internet Information Services (IIS) server 4.0 SP4,
without ...)
TODO: check
CVE-2007-XXXX [silc-toolkit several buffer overflows]
@@ -912,9 +912,13 @@
CVE-2007-3458 (The libsldap library in Sun Solaris 8, 9, and 10 allows local
users to ...)
NOT-FOR-US: Sun Solaris libsldap
CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently
validates HTTP ...)
- TODO: check
+ - flashplugin-nonfree 9.0.48.0.1
+ [sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
+ [etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier
might ...)
- TODO: check
+ - flashplugin-nonfree 9.0.48.0.1
+ [sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
+ [etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow
remote ...)
- firebird1.5 <unfixed> (bug #432753)
- firebird2 <removed>
@@ -1072,7 +1076,7 @@
CVE-2007-3383 [XSS in Tomcat send mail example]
RESERVED
- tomcat4 <removed> (low)
- [sarge] tomcat4 <no-dsa> (minor issue)
+ [sarge] - tomcat4 <no-dsa> (minor issue)
NOTE: affects example app in tomcat4-webapps
CVE-2007-3382
RESERVED
@@ -1215,7 +1219,7 @@
CVE-2007-3330 (Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO
4.0 ...)
NOT-FOR-US: STphp EasyNews PRO
CVE-2007-3329 (Multiple array index errors in the (1) get_intra_block, (2) ...)
- TODO: check
+ NOT-FOR-US: Xvid
CVE-2007-3328 (Multiple cross-site scripting (XSS) vulnerabilities in Interact
2.4 ...)
NOT-FOR-US: Interact
CVE-2007-3327 (httpsv.exe in HTTP Server 1.6.2 allows remote attackers to
obtain ...)
@@ -1740,7 +1744,7 @@
CVE-2007-3108
RESERVED
CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when
run on ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2007-3106
RESERVED
CVE-2007-3105
@@ -1890,7 +1894,7 @@
CVE-2007-3039
RESERVED
CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64
Edition ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-3037
RESERVED
CVE-2007-3036
@@ -1906,11 +1910,11 @@
CVE-2007-3031
RESERVED
CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Excel
CVE-2007-3029 (Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003
SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Excel
CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft
Windows 2000 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7
allows ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3026
@@ -2366,7 +2370,7 @@
[sarge] - hiki <not-affected> (Vulnerable code not present)
CVE-2007-2835 (Multiple stack-based buffer overflows in (1) CCE_pinyin.c and
(2) ...)
{DSA-1328-1}
- TODO: check
+ - unicon-imc2 <unfixed> (bug #431336)
CVE-2007-2834
RESERVED
CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of
service ...)
@@ -3069,7 +3073,13 @@
CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when
...)
NOT-FOR-US: MyNews
CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0
through ...)
- TODO: check
+ - php5 <unfixed> (low)
+ - php4 <removed> (low)
+ [sarge] - php5 <no-dsa> (minor issue)
+ [sarge] - php4 <no-dsa> (minor issue)
+ [etch] - php5 <no-dsa> (minor issue)
+ [etch] - php4 <no-dsa> (minor issue)
+ NOTE: not an issue in most use cases
CVE-2007-2518
REJECTED
CVE-2007-2517
@@ -3318,7 +3328,7 @@
CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible
Messaging ...)
NOT-FOR-US: Cerulean Trillian
CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software
...)
- TODO: check
+ NOT-FOR-US: Progress Software Progress and OpenEdge
CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote
...)
NOT-FOR-US: E-Annu
CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a
denial ...)
@@ -3348,7 +3358,7 @@
CVE-2007-2403
RESERVED
CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not
perform ...)
- TODO: check
+ NOT-FOR-US: Apple Quicktime
CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X
10.3.9, and ...)
NOT-FOR-US: Apple
CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X,
...)
@@ -3358,17 +3368,17 @@
CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote
attackers ...)
NOT-FOR-US: Apple Safari
CVE-2007-2397 (QuickTime for Java in Apple Quicktime before 7.2 does not
properly ...)
- TODO: check
+ NOT-FOR-US: Apple Quicktime
CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime
before ...)
- TODO: check
+ NOT-FOR-US: Apple Quicktime
CVE-2007-2395
RESERVED
CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X
10.3.9 and ...)
- TODO: check
+ NOT-FOR-US: Apple Quicktime
CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2
allows ...)
- TODO: check
+ NOT-FOR-US: Apple Quicktime
CVE-2007-2392 (Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows
...)
- TODO: check
+ NOT-FOR-US: Apple Quicktime
CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta
3.0.1 ...)
NOT-FOR-US: Apple
CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9
allows ...)
@@ -4204,9 +4214,9 @@
CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the
authorization and ...)
NOT-FOR-US: Secustick USB flash drive
CVE-2007-2022 (Adobe Macromedia Flash Player 7 and 9, when used with Opera
before ...)
- - flashplayer-mozilla <unfixed> (unknown)
- [sarge] - flashplayer-mozilla <no-dsa> (Non-free not supported)
- [etch] - flashplayer-mozilla <no-dsa> (Non-free not supported)
+ - flashplugin-nonfree 9.0.48.0.1
+ [sarge] - flashplugin-nonfree <no-dsa> (Non-free not supported)
+ [etch] - flashplugin-nonfree <no-dsa> (Non-free not supported)
NOTE: Flash Plugin has a vulnerablity, which will only be disclosed in
a few months
NOTE: Some browser vendors produce updates, which fix this issue on the
browser side,
NOTE: but that it not of concern for Debian
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
