thr3ads.net - Secure testing commits - [Secure-testing-commits] r8400

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Mar-24 21:14 UTC
[Secure-testing-commits] r8400 - data/CVE

Author: joeyh
Date: 2008-03-24 21:14:09 +0000 (Mon, 24 Mar 2008)
New Revision: 8400

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-03-24 20:41:07 UTC (rev 8399)
+++ data/CVE/list	2008-03-24 21:14:09 UTC (rev 8400)
@@ -2110,7 +2110,7 @@
 	NOT-FOR-US: Flinx
 CVE-2008-0467 (Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x
before ...)
 	- firebird2 <removed>
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	- firebird2.0 2.0.3.12981.ds1-5 (medium; bug #463596)
 CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text
Editor ...)
 	NOT-FOR-US: Web Wiz Rich Text Editor
@@ -2333,7 +2333,7 @@
 	- firebird2.0 2.0.3.12981.ds1-4 (bug #460048)
 	[lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1
 	- firebird2 <removed>
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 CVE-2008-0386 (Xdg-utils 1.0.2 and earlier allows user-assisted remote
attackers to ...)
 	- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable
code and uses sed secure)
 	NOTE: xdg-open-generic replaces the vulnerable code and runs view-mailcap or
sensible-browser
@@ -2960,6 +2960,7 @@
 CVE-2008-0125
 	RESERVED
 CVE-2008-0124 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y)
before ...)
+	{DSA-1528-1}
 	- serendipity 1.3~b1-1 (low; bug #469667)
 CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for
Moodle ...)
 	- moodle <unfixed> (unimportant)
@@ -4337,6 +4338,7 @@
 	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
 	- linux-2.6 2.6.24-1
 CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS
sidebar ...)
+	{DSA-1528-1}
 	- serendipity 1.2.1-1 (low)
 	[etch] - serendipity <no-dsa> (Can only be exploited in rare conditions)
 CVE-2007-6204 (Multiple stack-based buffer overflows in HP OpenView Network
Node ...)
@@ -8978,27 +8980,27 @@
 	NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285
and a non-issue
 CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote
authenticated ...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
 CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2
...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
 CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before
2.0.2 ...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
 CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before
2.0.2, when ...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
 CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2
...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
 CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2)
create ...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
 CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows
attackers ...)
 	- php5 <unfixed> (unimportant)
@@ -10457,7 +10459,7 @@
 	NOT-FOR-US: Pony Gallery
 CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and
other ...)
 	- cupsys 1.2 
-        NOTE: Since 1.2 allocation has changed and this issue is no longer
exploitable
+	NOTE: Since 1.2 allocation has changed and this issue is no longer exploitable
 CVE-2007-4044
 	REJECTED
 CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network
Security ...)
@@ -10768,6 +10770,7 @@
 	{DSA-1369-1 DTSA-57-1}
 	- gforge 4.6.99+svn6086-1
 CVE-2007-3912 (checkrestart in debian-goodies before 0.34 allows local users to
gain ...)
+	{DSA-1527-1}
 	- debian-goodies 0.34 (bug #440411; medium)
 CVE-2007-3911 (Multiple heap-based buffer overflows in (1) clsscheduler.exe
(aka ...)
 	NOT-FOR-US: BakBone NetVault Reporter
@@ -11675,7 +11678,7 @@
 	[sarge] - dar <no-dsa> (Minor issue)
 CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated
users ...)
 	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed>
 CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and
earlier ...)
 	NOT-FOR-US: Buddy Zone
@@ -11891,22 +11894,22 @@
 CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow
remote ...)
 	- firebird1.5 <removed> (bug #432753)
 	- firebird2 <removed>
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	- firebird2.0 <not-affected> (fixed in 2.0)
 CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA
and ...)
 	- firebird1.5 <removed> (bug #432753)
 	- firebird2 <removed>
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	- firebird2.0 <not-affected> (fixed in 2.0)
 CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects
WNET, ...)
 	- firebird1.5 <removed> (bug #432753)
 	- firebird2 <removed>
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	- firebird2.0 <not-affected> (fixed in 2.0)
 CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the
...)
 	- firebird1.5 <not-affected> (fixed before rename to firebird1.5)
 	- firebird2 1.5.3.4870-4 (low; bug #362001)
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	- firebird2.0 <not-affected> (fixed in 2.0)
 	[sarge] - firebird2 <no-dsa> (Minor issue)
 CVE-2006-7210 (Microsoft Windows 2000, XP, and Server 2003 allows remote
attackers to ...)
@@ -12575,7 +12578,7 @@
 	NOT-FOR-US: Calendarix
 CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1
allows ...)
 	- firebird2.0 2.0.3.12981.ds1-1 (medium)
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed> (medium)
 	NOTE: maybe fixed prior to 2.0.3.12981.ds1-1 (2.0.1) but couldn''t
find any earlier source code
 	NOTE: in the pool to check and since this version is in testing and
unstable...
@@ -13956,7 +13959,7 @@
 	NOT-FOR-US: LaVague
 CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to
trigger ...)
 	- firebird2.0 2.0.3.12981.ds1-1 (low; bug #444976)
-        [etch] - firebird2 <no-dsa> (Fixed packages have been released
through backports.org, see #1529)
+	[etch] - firebird2 <no-dsa> (Fixed packages have been released through
backports.org, see #1529)
 	[sarge] - firebird2 <unfixed> (low)
 	NOTE: Minor issue, because conffile is restricted
 CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in
...)
Secure testing commits - Mar 2008 - r8400 - data/CVE

[Secure-testing-commits] r8400 - data/CVE
