thr3ads.net - Secure testing commits - [Secure-testing-commits] r7681

If this information is useful, please help other people find it:
Share via:
jmm-guest at alioth.debian.org
2007-Dec-22 12:29 UTC
[Secure-testing-commits] r7681 - in data: . CVE DSA

Author: jmm-guest
Date: 2007-12-22 12:29:08 +0000 (Sat, 22 Dec 2007)
New Revision: 7681

Modified:
   data/CVE/list
   data/DSA/list
   data/spu-candidates.txt
Log:
remove rejected ID from qemu DSA
remove some notes on rejected entries
one older php issue unimportant per PHP security policy


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-12-21 21:14:10 UTC (rev 7680)
+++ data/CVE/list	2007-12-22 12:29:08 UTC (rev 7681)
@@ -341,7 +341,6 @@
 	NOT-FOR-US: Nokia N95
 CVE-2007-6370
 	REJECTED
-	NOT-FOR-US: Cisco IP Phone 7940
 CVE-2007-6369 (Multiple directory traversal vulnerabilities in resize.php in
the ...)
 	NOT-FOR-US: PictPress
 CVE-2007-6368 (Directory traversal vulnerability in index.php in ezContents
1.4.5 ...)
@@ -2609,7 +2608,6 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2007-5586
 	REJECTED
-	NOT-FOR-US: Microsoft Windows
 CVE-2007-5585 (xscreensaver 5.03 and earlier, when running without ...)
 	{DTSA-83-1}
 	- xscreensaver 5.03-3.1 (medium; bug #448157)
@@ -2740,7 +2738,6 @@
 	NOT-FOR-US: Oracle
 CVE-2007-5553
 	REJECTED
-	NOT-FOR-US: TIBCO Rendezvous
 CVE-2007-5552 (Integer overflow in Cisco IOS allows remote attackers to execute
...)
 	NOT-FOR-US: Cisco
 CVE-2007-5551 (Off-by-one error in Cisco IOS allows remote attackers to execute
...)
@@ -6748,7 +6745,6 @@
 	NOT-FOR-US: Citrix
 CVE-2007-4015
 	REJECTED
-	NOT-FOR-US: Citrix
 CVE-2007-4014 (Cross-site scripting (XSS) vulnerability in a certain index.php
...)
 	NOT-FOR-US: Blix themes for WordPress
 CVE-2007-4013 (Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka
...)
@@ -7747,7 +7743,6 @@
 	NOT-FOR-US: phpVideoPro
 CVE-2007-3595
 	REJECTED
-	NOT-FOR-US: PowerPhlogger
 CVE-2007-3594 (Multiple cross-site scripting (XSS) vulnerabilities in AdventNet
...)
 	NOT-FOR-US: ManageEngine OpManager
 CVE-2007-3593 (Multiple cross-site scripting (XSS) vulnerabilities in
ManageEngine ...)
@@ -12452,7 +12447,6 @@
 	NOT-FOR-US: Study planner
 CVE-2007-1627
 	REJECTED
-	NOT-FOR-US: php-revista
 CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the
iFrame ...)
 	NOT-FOR-US: iFrame Module for PHP-NUKE
 CVE-2007-1625 (Cross-site scripting (XSS) vulnerability in save_entry.php in
...)
@@ -13228,7 +13222,6 @@
 	NOT-FOR-US: SnapGear
 CVE-2007-1323
 	REJECTED
-	{DSA-1284-1 DTSA-38-1}
 CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by
executing ...)
 	{DSA-1284-1 DTSA-38-1}
 	- qemu 0.9.0-2 (bug #424070)
@@ -25163,7 +25156,6 @@
 	NOT-FOR-US: Phorum
 CVE-2006-3248
 	REJECTED
-	NOT-FOR-US: PHP Event Calendar
 CVE-2006-3247 (Multiple cross-site scripting (XSS) vulnerabilities in show.php
in ...)
 	NOT-FOR-US: GL-SH Deaf Forum
 CVE-2006-3246 (Cross-site scripting (XSS) vulnerability in show.php in GL-SH
Deaf ...)
@@ -25690,7 +25682,6 @@
 	NOT-FOR-US: not packaged for Debian
 CVE-2006-3008
 	REJECTED
-	NOT-FOR-US: Particle Links
 CVE-2006-3007 (Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast
1.9.5 ...)
 	NOT-FOR-US: not packaged for Debian
 CVE-2006-3006 (Cross-site scripting (XSS) vulnerability in iFoto 0.20, and
possibly ...)
@@ -27230,7 +27221,6 @@
 	NOT-FOR-US: Ipswitch WhatsUp
 CVE-2006-2350
 	REJECTED
-	NOT-FOR-US: AliPAGER
 CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote
attackers to ...)
 	NOT-FOR-US: E-Business Designer
 CVE-2006-2348 (Cross-site scripting (XSS) vulnerability in form_grupo.html in
...)
@@ -27538,7 +27528,6 @@
 	NOT-FOR-US: OpenBB
 CVE-2006-2215
 	REJECTED
-	NOT-FOR-US: Albinator
 CVE-2005-4797 (Directory traversal vulnerability in printd line printer daemon
(lpd) ...)
 	NOT-FOR-US: Solaris
 CVE-2005-4796 (Unspecified vulnerability in the XView library (libxview.so) in
...)
@@ -37151,9 +37140,9 @@
 	- linux-2.6 2.6.13+2.6.14-rc4-0experimental1 (low)
 	- kernel-source-2.4.27 <not-affected> (2.4 kernels don''t have
CONFIG_AUDITSYSCALL)
 CVE-2005-XXXX [Missing safemode checks in PHP''s _php_image_output
functions]
-	- php5 5.0.5-2 (low)
-	- php4 4:4.4.0-3 (low)
-	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
+	- php5 5.0.5-2 (unimportant)
+	- php4 4:4.4.0-3 (unimportant)
+	NOTE: Safe mode violations not supported
 CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and
earlier does ...)
 	{DSA-1017-1}
 	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)

Modified: data/DSA/list
==================================================================---
data/DSA/list	2007-12-21 21:14:10 UTC (rev 7680)
+++ data/DSA/list	2007-12-22 12:29:08 UTC (rev 7681)
@@ -571,7 +571,7 @@
 	{CVE-2007-1622 CVE-2007-1893 CVE-2007-1894 CVE-2007-1897}
 	[etch] - wordpress 2.0.10-1
 [01 May 2007] DSA-1284-1 qemu
-	{CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1323 CVE-2007-1366
CVE-2007-5729 CVE-2007-5730}
+	{CVE-2007-1320 CVE-2007-1321 CVE-2007-1322 CVE-2007-1366 CVE-2007-5729
CVE-2007-5730}
 	[sarge] - qemu 0.6.1+20050407-1sarge1
 	[etch] - qemu 0.8.2-4etch1
 [29 Apr 2007] DSA-1283-1 php5

Modified: data/spu-candidates.txt
==================================================================---
data/spu-candidates.txt	2007-12-21 21:14:10 UTC (rev 7680)
+++ data/spu-candidates.txt	2007-12-22 12:29:08 UTC (rev 7681)
@@ -19,6 +19,11 @@
 
 --
 
+python2.4, python2.5 (CVE-2007-4965)
+http://bugs.python.org/issue1179
+
+--
+
 slocate (CVE-2007-0227)
 #411937
Secure testing commits - Dec 2007 - r7681 - in data: . CVE DSA

[Secure-testing-commits] r7681 - in data: . CVE DSA
