[Secure-testing-commits] r6825 - data/CVE

Sat, 06 Oct 2007 02:48:07 -0700 

Author: jmm-guest
Date: 2007-10-06 09:48:03 +0000 (Sat, 06 Oct 2007)
New Revision: 6825

Modified:
   data/CVE/list
Log:
mark dupe
no-dsa for yate


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-10-06 06:18:34 UTC (rev 6824)
+++ data/CVE/list       2007-10-06 09:48:03 UTC (rev 6825)
@@ -566,11 +566,7 @@
 CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly 
validate ...)
        NOT-FOR-US: Online Armor Personal Firewall
 CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in 
GForge ...)
-       {DTSA-57-1}
-       - gforge 4.6.99+svn6086-1
-       NOTE: duplicate of CVE-2007-3913 according to Roland Mas
-       NOTE: Look at the fix for it: 
http://gforge.org/scm/viewvc.php/trunk/gforge/www/people/editprofile.php?root=gforge&r1=5995&r2=6083
-       NOTE: This is already a fix for an SQL injection via skill_delete
+       NOTE: Duplicate of CVE-2007-3913
 CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 
2.5.1 and ...)
        - python2.5 <unfixed> (low; bug #443333)
        - python2.4 <unfixed> (low; bug #443335)
@@ -850,10 +846,8 @@
        NOTE: this vulnerability is unspecified
        NOTE: likely affects only windows and Mac OS
 CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to 
cause a ...)
-       - libc6 <unfixed> (low; bug #442247)
-       NOTE: was originally reported as a php vulnerability, but is actually
-       NOTE: a problem with the libc iconv_* functions, which allocate copies
-       NOTE: of strings on the stack without first checking the size.
+       - php5 <unfixed> (unimportant) 
+       NOTE: Only triggerable by malicious script
 CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM 
WebSphere ...)
        NOT-FOR-US: IBM WebSphere
 CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and 
earlier ...)
@@ -8220,6 +8214,7 @@
        RESERVED
 CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate) 
before ...)
        - yate 1.2.0-1.dfsg-1 (low; bug #421994)
+       [etch] - yate <no-dsa> (Minor issue, fringe application)
 CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web 
Proxy ...)
        NOT-FOR-US: Microsoft
 CVE-2007-1691 (Stack-based buffer overflow in Second Sight Software ActiveMod 
ActiveX ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to