thr3ads.net - Secure testing commits - [Secure-testing-commits] r8354

If this information is useful, please help other people find it:
Share via:
thijs at alioth.debian.org
2008-Mar-17 16:48 UTC
[Secure-testing-commits] r8354 - data/CVE

Author: thijs
Date: 2008-03-17 16:48:19 +0000 (Mon, 17 Mar 2008)
New Revision: 8354

Modified:
   data/CVE/list
Log:
add some packages fixed in past stable point releases


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-03-17 15:14:27 UTC (rev 8353)
+++ data/CVE/list	2008-03-17 16:48:19 UTC (rev 8354)
@@ -3483,12 +3483,10 @@
 	- apache2 <not-affected> (disputed / only for Windows)
 CVE-2007-6422 (The balancer_handler function in mod_proxy_balancer in the
Apache HTTP ...)
 	- apache2 2.2.8-1 (low)
-	[etch] - apache2 <no-dsa> (minor issue)
 	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
 	[etch] - apache2 2.2.3-4+etch4 (low)
 CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in balancer-manager in
...)
 	- apache2 2.2.8-1 (low)
-	[etch] - apache2 <no-dsa> (minor issue)
 	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
 	[etch] - apache2 2.2.3-4+etch4 (low)
 CVE-2007-6420 (Cross-site request forgery (CSRF) vulnerability in the ...)
@@ -4028,7 +4026,6 @@
 	[etch] - apache <no-dsa> (browser issue; low impact)
 	[sarge] - apache <no-dsa> (browser issue; low impact)
 	[sarge] - apache2 <no-dsa> (browser issue; low impact)
-	[etch] - apache2 <no-dsa> (browser issue; low impact)
 	[etch] - apache2 2.2.3-4+etch4 (low)
 CVE-2008-0004
 	RESERVED
@@ -4052,7 +4049,6 @@
 CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP
Method ...)
 	- apache2 2.2.6-3 (low)
 	[sarge] - apache2 <no-dsa> (minor issue)
-	[etch] - apache2 <no-dsa> (minor issue)
 	- apache <not-affected> (vulnerable code not present)
 	NOTE: Might be exploitable with older flash plugins via HTTP Request Splitting
 	[etch] - apache2 2.2.3-4+etch4
@@ -4075,8 +4071,8 @@
 	[sarge] - zsh <no-dsa> (Minor issue)
 CVE-2007-6201 (Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and
1.3.x ...)
 	- wesnoth 1:1.2.8-1 (low)
-	[etch] - wesnoth <no-dsa> (Minor issue)
-	[sarge] - wesnoth <no-dsa> (Minor issue)
+	[etch] - wesnoth 1.2-4
+	[sarge] - wesnoth 0.9.0-8
 CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when
running a ...)
 	- rsync 2.6.9-6 (low; bug #453652)
 CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon
that is ...)
@@ -6561,7 +6557,6 @@
 	NOT-FOR-US: Softbiz Recipes Portal Script
 CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a
denial ...)
 	- madwifi 1:0.9.3.2-2 (medium; bug #446824)
-	[etch] - madwifi <no-dsa> (Non-free not supported)
 	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch2
 CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension
for PHP ...)
 	NOT-FOR-US: ionCube
@@ -7278,7 +7273,6 @@
 CVE-2007-5226 (irc_server.c in dircproxy 1.2.0 and earlier allows remote
attackers to ...)
 	- dircproxy 1.0.5-5.1 (low; bug #445883)
 	[sarge] - dircproxy <no-dsa> (Minor issue)
-	[etch] - dircproxy <no-dsa> (Minor issue)
 	[etch] - dircproxy 1.0.5-5etch1
 CVE-2005-4871 (Certain XML functions in IBM DB2 8.1 run with the privileges of
DB2 ...)
 	NOT-FOR-US: IBM DB2
@@ -8093,7 +8087,7 @@
 	NOT-FOR-US: eWire Payment Client
 CVE-2007-4924 (The Open Phone Abstraction Library (opal), as used by (1) Ekiga
before ...)
 	- opal 2.2.11~dfsg1-1 (low)
-	[etch] - opal <no-dsa> (Minor issue; bug #454141)
+	[etch] - opal 2.2.3.dfsg-3+etch1 (bug #454141)
 	NOTE: will be fixed by regular stable update
 CVE-2007-4923 (PHP remote file inclusion vulnerability in
admin.joomlaradiov5.php in ...)
 	NOT-FOR-US: Joomla extension
@@ -8152,8 +8146,8 @@
 	{DTSA-94-1}
 	- pwlib 1.10.10-1.1 (low; bug #454133)
 	- pwlib-titan 1.11.2-1.1 (low; bug #454139)
-	[etch] - pwlib <no-dsa> (Minor issue)
-	[sarge] - pwlib 1.8.4-1+sarge2
+	[etch] - pwlib 1.10.2-2+etch1
+	[sarge] - pwlib 1.8.4-1+sarge1.1
 CVE-2007-4896 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: Toms Gaestebuch
 CVE-2007-4895 (Directory traversal vulnerability in dwoprn.php in Sisfo Kampus
2006 ...)
@@ -9204,7 +9198,6 @@
 	- apache <removed> (low)
 	- apache2 2.2.6-1 (bug #453783)
 	[sarge] - apache <no-dsa> (browser issue, low impact)
-	[etch] - apache <no-dsa> (browser issue, low impact)
 	[sarge] - apache2 <no-dsa> (browser issue, low impact)
 	[etch] - apache2 2.2.3-4+etch4
 	NOTE: This is really a browser bug, see CVE-2006-5152. But still unfixed in
MSIE.
@@ -9218,7 +9211,8 @@
 	NOT-FOR-US: Total Commander
 CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to
...)
 	- po4a 0.31-1 (bug #439226)
-	[etch] - po4a <no-dsa> (Minor issue)
+	[etch] - po4a 0.29-1etch1
+	[sarge] - po4a 0.20-2sarge1
 CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote
...)
 	- nufw 2.2.4-1 (bug #439227)
 	[etch] - nufw <not-affected>
@@ -11989,7 +11983,6 @@
 	- apache2 2.2.4-2 (low)
 	[etch] - apache2 2.2.3-4+etch2
 	[sarge] - apache2 2.0.54-5sarge2 (low)
-	[etch] - apache <no-dsa> (scheduled for next point release)
 	[etch] - apache 1.3.34-4.1+etch1
 CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module,
allows ...)
 	- apache2 <unfixed> (unimportant)
@@ -23032,7 +23025,6 @@
 	[sarge] - apache2 2.0.54-5sarge2
 	[etch] - apache2 2.2.3-4+etch2
 	- apache <removed> (low)
-	[etch] - apache <no-dsa> (scheduled for stable point release)
 	[etch] - apache 1.3.34-4.1+etch1
 CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
 	{DSA-1233}
Secure testing commits - Mar 2008 - r8354 - data/CVE

[Secure-testing-commits] r8354 - data/CVE
