jmm-guest at alioth.debian.org
2007-Dec-04 21:19 UTC
[Secure-testing-commits] r7505 - data/CVE
Author: jmm-guest
Date: 2007-12-04 21:19:30 +0000 (Tue, 04 Dec 2007)
New Revision: 7505
Modified:
data/CVE/list
Log:
sing not critical
fix name of claws-mail src pkg
zsh, mp, kfreebsd no-dsa
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-12-04 21:14:09 UTC (rev 7504)
+++ data/CVE/list 2007-12-04 21:19:30 UTC (rev 7505)
@@ -29,15 +29,18 @@
CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP
Method ...)
TODO: check
CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local
users ...)
- - claws-mail-tools 3.1.0-2 (low; bug #454089)
+ - claws-mail 3.1.0-2 (low; bug #454089)
CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX runs
"UserParameter" scripts with gid 0, ...)
- zabbix <unfixed> (bug #452682)
CVE-2007-6202 (SQL injection vulnerability in plugins/search/search.php in
Neocrome ...)
NOT-FOR-US: Neocrome Seditio CMS
CVE-2007-6211 (Send Nasty ICMP Garbage (sing) on Debian GNU/Linux allows local
users ...)
- - sing <unfixed> (high; bug #454167)
+ - sing <unfixed> (low; bug #454167)
CVE-2007-6209 (difflog.pl in zsh 4.3.4 allows local users to overwrite
arbitrary ...)
- zsh 4.3.4-dev-3-2 (low; bug #454073)
+ [etch] - zsh <no-dsa> (Minor issue)
+ [sarge] - zsh <no-dsa> (Minor issue)
+ NOTE: Can be fixed in a point update
CVE-2007-6201 (Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and
1.3.x ...)
- wesnoth 1:1.2.8-1 (low)
CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when
running a ...)
@@ -179,7 +182,8 @@
{DSA-1417-1}
- asterisk <unfixed> (medium)
CVE-2007-6150 (The "internal state tracking" code for the
random and urandom devices ...)
- - kfreebsd-5 <unfixed> (high; bug #453944)
+ - kfreebsd-5 <unfixed> (medium; bug #453944)
+ [etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-6132
REJECTED
CVE-2007-6131 (buttonpressed.sh in scanbuttond 0.2.3 allows local users to
overwrite ...)
@@ -3687,7 +3691,10 @@
CVE-2001-1582 (Buffer overflow in the LDAP naming services library (libsldap)
in Sun ...)
NOT-FOR-US: Solaris
CVE-2007-XXXX [mimep insecure tempfile usage and insecure calls to LaTeX and
dvips]
- - mp 3.7.1-8
+ - mp 3.7.1-8 (low)
+ [sarge] - mp <no-dsa> (Minor issue)
+ [etch] - mp <no-dsa> (Minor issue)
+ NOTE: Can be fixed in a point update
CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in
Java ...)
- sun-java6-jre <unfixed> (unimportant)
- sun-java5-jre <unfixed> (unimportant)