[Secure-testing-commits] r6171 - data/CVE

stef-guest Wed, 25 Jul 2007 13:53:42 -0700

Author: stef-guest
Date: 2007-07-25 20:53:35 +0000 (Wed, 25 Jul 2007)
New Revision: 6171


Modified:
   data/CVE/list
Log:
fixed: dokuwiki, asterisk, linux

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-07-25 20:33:27 UTC (rev 6170)
+++ data/CVE/list       2007-07-25 20:53:35 UTC (rev 6171)
@@ -1,3 +1,5 @@
+CVE-2007-XXXX [dokuwiki XSS in spellchecker]
+       - dokuwiki 0.0.20070626b-1 (bug #434134)
 CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital 
Management ...)
        TODO: check
 CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer 
Relationship ...)
@@ -209,13 +211,17 @@
 CVE-2007-3766
        RESERVED
 CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, 
AsteriskNOW ...)
-       TODO: check
+       - asterisk 1:1.4.8~dfsg-1 (bug #433681)
+       NOTE: ASA-2007-017
 CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 
1.2.22 and ...)
-       TODO: check
+       - asterisk 1:1.4.8~dfsg-1
+       NOTE: ASA-2007-016
 CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 
and ...)
-       TODO: check
+       - asterisk 1:1.4.8~dfsg-1
+       NOTE: ASA-2007-015
 CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver 
(chan_iax2) in ...)
-       TODO: check
+       - asterisk 1:1.4.8~dfsg-1 (high)
+       NOTE: ASA-2007-014
 CVE-2007-XXXX [konqueror data: URL address bar spoofing]
        - kdebase <unfixed> (bug #433072; low)
        NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2
@@ -483,7 +489,7 @@
 CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative 
privileges ...)
        TODO: check
 CVE-2007-3642 (The decode_choice function in 
net/netfilter/nf_conntrack_h323_asn1.c ...)
-       TODO: check
+       - linux-2.6 2.6.22-2
 CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 
does not ...)
        - libarchive 2.2.4-1 (bug #432924; low)
 CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows 
context-dependent ...)
@@ -1289,8 +1295,6 @@
        - apache2 2.2.4-2 (low)
        [etch] - apache2 <unfixed> (low)
        [sarge] - apache2 2.0.54-5sarge2 (low)
-       NOTE: Apache 2.0 likely not exploitable, see
-       NOTE: 
http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/<20070622162353.GA15396%40redhat.com>
 CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, 
allows ...)
        - apache2 <unfixed> (unimportant)
        NOTE: If you can execute arbitrary code, a DoS is not a problem.


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r6171 - data/CVE

Reply via email to