joeyh at alioth.debian.org
2007-Dec-02 21:14 UTC
[Secure-testing-commits] r7473 - data/CVE
Author: joeyh
Date: 2007-12-02 21:14:08 +0000 (Sun, 02 Dec 2007)
New Revision: 7473
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-12-02 18:43:06 UTC (rev 7472)
+++ data/CVE/list 2007-12-02 21:14:08 UTC (rev 7473)
@@ -137,6 +137,7 @@
[sarge] - asterisk <not-affected> (Vulnerable code not present)
[etch] - asterisk <not-affected> (Vulnerable code not present)
CVE-2007-6170 (SQL injection vulnerability in the Call Detail Record Postgres
logging ...)
+ {DSA-1417-1}
- asterisk <unfixed> (medium)
CVE-2007-6150 (The "internal state tracking" code for the
random and urandom devices ...)
- kfreebsd-5 <unfixed> (high; bug #453944)
@@ -422,6 +423,7 @@
CVE-2002-2426 (Cross-site request forgery (CSRF) vulnerability in Citrix
Presentation ...)
NOT-FOR-US: predating security tracker
CVE-2007-6035 (SQL injection vulnerability in graph.php in Cacti before 0.8.7a
allows ...)
+ {DSA-1418-1}
- cacti 0.8.7a-1 (medium; bug #452085)
CVE-2007-6011 (Unspecified vulnerability in main.php of BugHotel Reservation
System ...)
NOT-FOR-US: BugHotel
@@ -2231,8 +2233,8 @@
CVE-2007-5503 (Multiple integer overflows in Cairo before 1.4.12 might allow
remote ...)
- libcairo <unfixed> (medium; bug #453686)
CVE-2007-5502 [programming error in openssl fips object module leading to
possible disclosure of information]
+ RESERVED
NOT-FOR-US: OpenSSL Fips object module
- RESERVED
CVE-2007-5501 (The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in
Linux ...)
- linux-2.6 <unfixed> (high)
[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in
2.6.21)