[Secure-testing-commits] r7736 - data/CVE

Thu, 27 Dec 2007 09:55:14 -0800 

Author: jmm-guest
Date: 2007-12-27 17:55:18 +0000 (Thu, 27 Dec 2007)
New Revision: 7736

Modified:
   data/CVE/list
Log:
- knowledgeroot issue should rather be fixed in thr httpd
  instead of worked around
- ardour from sarge and etch doesn't include libsndfile yet


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-12-27 16:57:43 UTC (rev 7735)
+++ data/CVE/list       2007-12-27 17:55:18 UTC (rev 7736)
@@ -4201,8 +4201,10 @@
 CVE-2007-5157 (PHP remote file inclusion vulnerability in phfito-post.php in 
Alex ...)
        NOT-FOR-US: PHP Fidonet Tosser
 CVE-2007-5156 (Incomplete blacklist vulnerability in ...)
-       - knowledgeroot 0.9.8.4-1.1 (medium; bug #444928)
-       - moin 1.5.8-4.1
+       - knowledgeroot 0.9.8.4-1.1 (unimportant; bug #444928)
+       - moin 1.5.8-4.1 (unimportant)
+       NOTE: This problem should rather be addressed by proper httpd config
+       NOTE: The change only adds a workaround for insecure configs
        - karrigell <not-affected> (Does not include vulnerable php code)
        - gforge 4.6.99+svn6169-1 (low; bug #447590)
        [etch] - gforge <not-affected> (fckeditor is not shipped in these 
versions)
@@ -4641,6 +4643,8 @@
 CVE-2007-4974 (Heap-based buffer overflow in the flac_buffer_copy function in 
...)
        - libsndfile 1.0.17-4 (bug #443386; medium)
        - ardour 1:2.1-1.1 (medium; bug #445889)
+       [sarge] - ardour <not-affected> (Vulnerable code not present)
+       [etch] - ardour <not-affected> (Vulnerable code not present)
 CVE-2007-4973
        RESERVED
 CVE-2007-4972 (RegMon 7.04 does not properly validate certain parameters to 
System ...)
@@ -4942,7 +4946,7 @@
        NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=394974
 CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to 
cause a ...)
        - glibc 2.7-1 (unimportant) 
-       NOTE: Only triggerable by malicious script
+       NOTE: Original PHP issue only triggerable by malicious script
 CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM 
WebSphere ...)
        NOT-FOR-US: IBM WebSphere
 CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and 
earlier ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to