jmm-guest at alioth.debian.org
2008-Jan-20 12:11 UTC
[Secure-testing-commits] r7986 - in data: . CVE
Author: jmm-guest Date: 2008-01-20 12:11:17 +0000 (Sun, 20 Jan 2008) New Revision: 7986 Modified: data/CVE/list data/spu-candidates.txt Log: libcdio no-dsa older tomcat issue only affecting examples, rewriting Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-01-20 10:31:59 UTC (rev 7985) +++ data/CVE/list 2008-01-20 12:11:17 UTC (rev 7986) @@ -856,6 +856,8 @@ NOT-FOR-US: Agares Media phpAutoVideo CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in ...) - libcdio 0.78.2+dfsg1-2 (low; bug #459129) + [sarge] - libcdio <no-dsa> (Minor issue) + [etch] - libcdio <no-dsa> (Minor issue) NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly escape ...) - unp 1.0.13 (bug #448437) @@ -14444,12 +14446,10 @@ CVE-2007-1356 REJECTED CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...) - - tomcat4 <removed> (low) - [etch] - tomcat5 <no-dsa> (Just an example, no enduser app) - [etch] - tomcat5.5 <no-dsa> (Just an example, no enduser app) - [sarge] - tomcat4 <no-dsa> (Contrib not supported) - - tomcat5 <unfixed> (low) - - tomcat5.5 5.5.25-1 (low) + - tomcat4 <removed> (unimportant) + - tomcat5 <removed> (unimportant) + - tomcat5.5 5.5.25-1 (unimportant) + NOTE: Just an example application for documentation purposes CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in JMX ...) NOT-FOR-US: JBoss Application Server CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the ...) Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2008-01-20 10:31:59 UTC (rev 7985) +++ data/spu-candidates.txt 2008-01-20 12:11:17 UTC (rev 7986) @@ -39,6 +39,17 @@ -- +libcdio (CVE-2007-6613) +https://bugs.gentoo.org/show_bug.cgi?id=203777 +http://savannah.gnu.org/bugs/?21910 +http://lists.gnu.org/archive/html/libcdio-devel/2007-12/msg00009.html +http://cvs.savannah.gnu.org/viewvc/libcdio/src/iso-info.c?root=libcdio&r1=1.35&r2=1.36 +http://cvs.savannah.gnu.org/viewvc/libcdio/src/cd-info.c?root=libcdio&r1=1.149&r2=1.150 +http://cvs.savannah.gnu.org/viewvc/libcdio/src/iso-info.c?root=libcdio&r1=1.36&r2=1.37 +http://cvs.savannah.gnu.org/viewvc/libcdio/src/cd-info.c?root=libcdio&r1=1.150&r2=1.151 + +-- + libpam-ssh (CVE-2007-0844) #410236 notified maintainer