thr3ads.net - Secure testing commits - [Secure-testing-commits] r8376

If this information is useful, please help other people find it:
Share via:

jmm-guest at alioth.debian.org

2008-Mar-20 14:11 UTC

[Secure-testing-commits] r8376 - in data: CVE DSA

Author: jmm-guest
Date: 2008-03-20 14:11:00 +0000 (Thu, 20 Mar 2008)
New Revision: 8376

Modified:
   data/CVE/list
   data/DSA/list
Log:
latest asterisk DSA


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-03-19 21:31:59 UTC (rev 8375)
+++ data/CVE/list	2008-03-20 14:11:00 UTC (rev 8376)
@@ -1,7 +1,10 @@
 CVE-2008-1391
 	RESERVED
-CVE-2008-1390
+CVE-2008-1390 [AST-2008-005: HTTP Manager ID is predictable]
 	RESERVED
+        - asterisk <unfixed> (low)
+        [etch] - asterisk <not-affected> (Only 1.4.x affected)
+        [sarge] - asterisk <not-affected> (Only 1.4.x affected)
 CVE-2008-1389
 	RESERVED
 CVE-2008-1388
@@ -116,10 +119,12 @@
 	NOT-FOR-US: NetBSD
 CVE-2008-1334 (cgi/b on the BT Home Hub router allows remote attackers to
bypass ...)
 	NOT-FOR-US: BT Home Hub router
-CVE-2008-1333
+CVE-2008-1333 [AST-2008-004: Format String Vulnerability in Logger and Manager]
 	RESERVED
 	- asterisk 1:1.4.18.1~dfsg-1 (medium)
-CVE-2008-1332
+        NOTE: Etch''s release is unimportant, since not exploitable,
but was fixed anyway
+        [sarge] - asterisk <not-affected> (Only 1.6.x affected)
+CVE-2008-1332 [AST-2008-003: Unauthenticated calls allowed from SIP channel
driver]
 	RESERVED
 	- asterisk 1:1.4.18.1~dfsg-1 (medium)
 CVE-2008-1331
@@ -200,9 +205,11 @@
 	RESERVED
 CVE-2008-1290
 	RESERVED
-CVE-2008-1289
+CVE-2008-1289 [AST-2008-002: Two buffer overflows in RTP Codec Payload
Handling]
 	RESERVED
 	- asterisk 1:1.4.18.1~dfsg-1 (medium)
+        [etch] - asterisk <not-affected> (Only 1.4.x and above affected)
+        [sarge] - asterisk <not-affected> (Only 1.4.x and above affected)
 CVE-2007-6710
 	RESERVED
 CVE-2007-6709 (The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03
and ...)

Modified: data/DSA/list
==================================================================---
data/DSA/list	2008-03-19 21:31:59 UTC (rev 8375)
+++ data/DSA/list	2008-03-20 14:11:00 UTC (rev 8376)
@@ -1,3 +1,6 @@
+[20 Mar 2008] DSA-1525-1 asterisk
+	{CVE-2007-6430 CVE-2008-1332 CVE-2008-1333}
+	[etch] - asterisk 1:1.2.13~dfsg-2etch3
 [18 Mar 2008] DSA-1524-1 krb5 - multiple vulnerabilities
 	{CVE-2008-0062 CVE-2008-0063 CVE-2008-0947}
 	[sarge] - krb5 1.3.6-2sarge6

Secure testing commits - Mar 2008 - r8376 - in data: CVE DSA

[Secure-testing-commits] r8376 - in data: CVE DSA