[Secure-testing-commits] r6251 - data/CVE

jmm-guest Mon, 06 Aug 2007 12:19:46 -0700

Author: jmm-guest
Date: 2007-08-06 19:19:42 +0000 (Mon, 06 Aug 2007)
New Revision: 6251


Modified:
   data/CVE/list
Log:
cupsys not-affected
another iceweasel fix
gdm no-dsa
xine-ui fixed in etch
NFUs
php5 not affectd
wordpress yet again


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-08-06 19:17:45 UTC (rev 6250)
+++ data/CVE/list       2007-08-06 19:19:42 UTC (rev 6251)
@@ -153,7 +153,7 @@
 CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery 
...)
        NOT-FOR-US: Pony Gallery
 CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote 
attackers ...)
-       TODO: check
+       - cupsys <not-affected> (SuSE-specific regression)
 CVE-2007-4044 (Incomplete blacklist vulnerability in the MS-RPC functionality 
in smbd ...)
        NOTE: I've contacted SuSE: It's a functional regression in SuSE, not a 
security problem
 CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network 
Security ...)
@@ -168,7 +168,7 @@
 CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when 
certain URIs ...)
        TODO: check
 CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before 
2.0.0.5, ...)
-       TODO: check
+       - iceweasel 2.0.0.5-1
 CVE-2007-4037 (** DISPUTED ** Guidance Software EnCase allows user-assisted 
remote ...)
        NOT-FOR-US: Guidance Software
 CVE-2007-4036 (** DISPUTED ** Guidance Software EnCase allows user-assisted 
remote ...)
@@ -204,7 +204,7 @@
 CVE-2007-4021 (Multiple cross-site scripting (XSS) vulnerabilities in 
login.php in ...)
        NOT-FOR-US: Brain Book Software Secure
 CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in 
login.php in ...)
-       TODO: check
+       NOT-FOR-US: AdMan
 CVE-2007-4019
        RESERVED
 CVE-2007-5645
@@ -227,7 +227,7 @@
 CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 
...)
        NOT-FOR-US: Cisco
 CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode 
and ...)
-       TODO: check
+       - php5 <not-affected> (Windows-specific issue)
 CVE-2007-4009 (PHP remote file inclusion vulnerability in ...)
        NOT-FOR-US: SWSoft Confixx
 CVE-2007-4008 (Directory traversal vulnerability in custom.php in 
Entertainment Media ...)
@@ -235,7 +235,7 @@
 CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article 
...)
        NOT-FOR-US: Article Directory
 CVE-2007-4006 (Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 
has ...)
-       TODO: check
+       NOT-FOR-US: Mike Dubman Windows RSH daemon
 CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon 
(rshd) ...)
        NOT-FOR-US: Mike Dubman Windows RSH daemon
 CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 
allows ...)
@@ -839,7 +839,7 @@
 CVE-2007-3731
        RESERVED
 CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services 
5.6 for ...)
-       TODO: check
+       NOT-FOR-US: HP OpenVMS
 CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services 
5.6 for ...)
        NOT-FOR-US: HP OpenVMS
 CVE-2007-3728 (Buffer overflow in lib/silcclient/client_notify.c of SILC 
Client and ...)
@@ -857,7 +857,7 @@
 CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does 
not make ...)
        NOT-FOR-US: Microsoft Windows XP
 CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make 
use of ...)
-       TODO: check
+       NOT-FOR-US: Solaris
 CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs 
scheduling ...)
        TODO: check
 CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives 
preference to ...)
@@ -1033,7 +1033,7 @@
 CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows 
context-dependent ...)
        NOT-FOR-US: Adobe Apollo
 CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect 
visitors to ...)
-       TODO: check
+       - wordpress 2.2.2-1
 CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted 
remote ...)
        NOT-FOR-US: Yahoo! Messenger
 CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote 
attackers ...)
@@ -1645,7 +1645,9 @@
        RESERVED
 CVE-2007-3381 [gdm DoS]
        RESERVED
-       - gdm 2.18.4-1
+       - gdm 2.18.4-1 (low)
+       [sarge] - gdm <no-dsa> (Minor issue)
+       [etch] - gdm <no-dsa> (Minor issue)
 CVE-2007-3380 (The Distributed Lock Manager (DLM) in the cluster manager for 
Linux ...)
        TODO: check
 CVE-2007-3379
@@ -9455,7 +9457,8 @@
        NOTE: I've been looking into this, but I can't find a copy of the VLC 
code anywhere
        NOTE: This appears to be a generic crash
 CVE-2007-0254 (Format string vulnerability in the errors_create_window 
function in ...)
-       - xine-ui 0.99.4+dfsg+cvs20061111-2 (low; bug #407369)
+       - xine-ui 0.99.4+dfsg+cvs20061111-1 (low; bug #407369)
+       NOTE: If've verified the Etch version to contain the necessary format 
strings
 CVE-2007-0253 (** DISPUTED ** ...)
        - kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350)
        NOTE: See CVE-2007-0257


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r6251 - data/CVE

Reply via email to