thr3ads.net - Secure testing commits - [Secure-testing-commits] r10059

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Oct-11 09:14 UTC
[Secure-testing-commits] r10059 - data/CVE

Author: joeyh
Date: 2008-10-11 09:14:12 +0000 (Sat, 11 Oct 2008)
New Revision: 10059

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-10-11 06:29:05 UTC (rev 10058)
+++ data/CVE/list	2008-10-11 09:14:12 UTC (rev 10059)
@@ -3347,8 +3347,8 @@
 	NOTE: several DoS fixed in 1.2.4 according to upstream
 	NOTE: http://sourceforge.net/project/shownotes.php?release_id=610253
 	TODO: check imagemagick
-        NOTE: *magick don''t really meet the robustness/quality
criteria to treat such crashes as
-        NOTE: security issues
+	NOTE: *magick don''t really meet the robustness/quality criteria to
treat such crashes as
+	NOTE: security issues
 CVE-2008-3133 (SQL injection vulnerability in admin/index.php in BareNuked CMS
1.1.0, ...)
 	NOT-FOR-US: BareNuked CMS
 CVE-2008-3132 (SQL injection vulnerability in the beamospetition
(com_beamospetition) ...)
@@ -7271,10 +7271,10 @@
 	- udns <unfixed> (bug #493599)
 	- libnet-dns-perl 0.63-2 (low; bug #492700)
 	NOTE: Source port randomization from Lenny kernel should provide sufficient
protection
-        NOTE: since this is just a Perl nodule for DNS queries and not a
high-profile server app like
-        NOTE: Bind, it''s unlikely that a home-grown fix will provide
an implementation of higher
-        NOTE: cryptographical quality. Marking the version from Lenny as fixed,
since Lenny includes
-        NOTE: a kernel which provides source port randomization
+	NOTE: since this is just a Perl nodule for DNS queries and not a high-profile
server app like
+	NOTE: Bind, it''s unlikely that a home-grown fix will provide an
implementation of higher
+	NOTE: cryptographical quality. Marking the version from Lenny as fixed, since
Lenny includes
+	NOTE: a kernel which provides source port randomization
 	- ruby1.9 1.9.0.2-6 (low)
 	NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying
protocol issue, but
 	NOTE: already use source port randomization.
@@ -9502,7 +9502,7 @@
 	- openldap2 <not-affected> (slapd not built)
 CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in
WebCalendar ...)
 	- webcalendar 1.1.6-7 (bug #466935)
-        [lenny] - webcalendar <not-affected> (See
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466935#37)
+	[lenny] - webcalendar <not-affected> (See
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466935#37)
 CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake
CMS ...)
 	NOT-FOR-US: Drake CMS
 CVE-2008-0664 (The XML-RPC implementation (xmlrpc.php) in WordPress before
2.3.3, ...)
@@ -20256,8 +20256,8 @@
 	NOT-FOR-US: Zen Help Desk
 CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote
...)
 	- galeon <unfixed> (unimportant; bug #429216)
-        NOTE: Hardly a problem, Galeon''s rotting any way and
doesn''t offer up-to-date
-        NOTE: phishing protections anyway
+	NOTE: Hardly a problem, Galeon''s rotting any way and doesn''t
offer up-to-date
+	NOTE: phishing protections anyway
 CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote
...)
 	- iceweasel <unfixed> (low)
 	[etch] - iceweasel <no-dsa> (Minor issue)
@@ -23539,9 +23539,9 @@
 	NOT-FOR-US: Microsoft
 CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize
URLs ...)
 	- iceweasel <unfixed> (unimportant; bug #445515)
-        NOTE: I don''t believe this has relevant security impact, such
a black list
-        NOTE: will register URLs found in the wild and the used adresses will
be
-        NOTE: volatile anyway
+	NOTE: I don''t believe this has relevant security impact, such a black
list
+	NOTE: will register URLs found in the wild and the used adresses will be
+	NOTE: volatile anyway
 CVE-2007-1761
 	RESERVED
 CVE-2007-1760
@@ -23595,9 +23595,9 @@
 	NOT-FOR-US: Opera
 CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1)
object or ...)
 	- iceweasel <unfixed> (unimportant)
-        NOTE: I don''t believe this has relevant security impact, such
a black list
-        NOTE: will register URLs found in the wild and the used adresses will
be
-        NOTE: volatile anyway
+	NOTE: I don''t believe this has relevant security impact, such a black
list
+	NOTE: will register URLs found in the wild and the used adresses will be
+	NOTE: volatile anyway
 CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 ...)
 	NOT-FOR-US: Corel WordPerfect
 CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in ...)
@@ -26279,7 +26279,7 @@
 	[sarge] - stlport5 <not-affected> (Vulnerable code not compiled in)
 CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the
Phishing ...)
 	- iceweasel 2.0.0.16-1 (low)
-        NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=367538
+	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=367538
 CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla
Firefox ...)
 	- iceweasel 2.0.0.2+dfsg-1 (low)
 	- firefox <removed> (low)
Secure testing commits - Oct 2008 - r10059 - data/CVE

[Secure-testing-commits] r10059 - data/CVE
