joeyh at alioth.debian.org
2008-Jan-13 21:14 UTC
[Secure-testing-commits] r7908 - data/CVE
Author: joeyh
Date: 2008-01-13 21:14:12 +0000 (Sun, 13 Jan 2008)
New Revision: 7908
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-01-13 18:43:36 UTC (rev 7907)
+++ data/CVE/list 2008-01-13 21:14:12 UTC (rev 7908)
@@ -164,6 +164,7 @@
NOT-FOR-US: ONEdotOH Simple File
CVE-2008-0173 [SQL injection in gforge]
RESERVED
+ {DSA-1459-1}
- gforge 4.6.99+svn6330-1 (unimportant)
NOTE: this is exploitable by unauthenticated users
NOTE: Requires register_globals to be On, unsupported in lenny+sid.
@@ -586,10 +587,12 @@
CVE-2007-6602 (SQL injection vulnerability in app/models/identity.php in
NoseRub ...)
NOT-FOR-US: NoseRub
CVE-2007-6601 (The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before
8.1.11, ...)
+ {DSA-1460-1}
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
CVE-2007-6600 (PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before
8.0.15, 7.4 ...)
+ {DSA-1460-1}
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
@@ -1358,6 +1361,7 @@
- autofs5 <unfixed>
CVE-2007-6284 [infinite loop in libxml2 through crafted UTF-8 sequence]
RESERVED
+ {DSA-1461-1}
- libxml2 <unfixed> (medium; bug #460292)
CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind
/etc/rndc.key ...)
- bind9 <not-affected> (On Debian this file is rw for user bind and just
readable for group bind)
@@ -1853,6 +1857,7 @@
CVE-2007-6068
RESERVED
CVE-2007-6067 (Algorithmic complexity vulnerability in the regular expression
parser ...)
+ {DSA-1460-1}
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
@@ -4899,7 +4904,7 @@
CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools
DriveLock ...)
NOT-FOR-US: CenterTools
CVE-2007-5208 (hpssd in Hewlett-Packard Linux Imaging and Printing Project
(hplip) ...)
- {DTSA-72-1}
+ {DSA-1462-1 DTSA-72-1}
- hplip 1.6.10-4.3 (medium; bug #447341)
[sarge] - hplip <not-affected> (This code was using smtp directly)
CVE-2007-5206
@@ -5919,6 +5924,7 @@
CVE-2007-4773
RESERVED
CVE-2007-4772 (The regular expression parser in TCL before 8.4.17, as used in
...)
+ {DSA-1460-1}
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
@@ -5927,6 +5933,7 @@
CVE-2007-4770
RESERVED
CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in
...)
+ {DSA-1460-1}
- postgresql-8.2 8.2.6-1
- postgresql-8.1 8.1.11-1
NOTE: see http://www.postgresql.org/about/news.905
@@ -9508,6 +9515,7 @@
- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled
by default)
- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled
by default)
CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust
...)
+ {DSA-1460-1}
- postgresql-8.1 <not-affected> (local trust authentication is not
enabled in Debian)
- postgresql-8.2 <not-affected> (local trust authentication is not
enabled in Debian)
CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module
for ...)