stef-guest at alioth.debian.org
2007-Dec-22 13:02 UTC
[Secure-testing-commits] r7682 - data/CVE
Author: stef-guest
Date: 2007-12-22 13:02:18 +0000 (Sat, 22 Dec 2007)
New Revision: 7682
Modified:
data/CVE/list
Log:
- new wireshark issues fixed
- new unp issue fixed
- adjust clamav version for volatile
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-12-22 12:29:08 UTC (rev 7681)
+++ data/CVE/list 2007-12-22 13:02:18 UTC (rev 7682)
@@ -1,3 +1,5 @@
+CVE-2007-XXXX [unp insufficient escaping of shell meta characters]
+ - unp 1.0.13 (bug #448437)
CVE-2007-6507 (SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for
Windows, ...)
NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-6506 (The HPRulesEngine.ContentCollection.1 ActiveX Control in ...)
@@ -116,9 +118,11 @@
CVE-2007-6452 (Unspecified vulnerability in the benchmark reporting system in
Google ...)
- gwt <itp> (bug #402841)
CVE-2007-6451 (Unspecified vulnerability in the CIP dissector in Wireshark
(formerly ...)
- TODO: Check
+ - wireshark 0.99.7-1
+ [sarge] - ethereal <not-affected> (vulnerable code introduced in 0.8.16)
CVE-2007-6450 (The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to
0.99.6 ...)
- TODO: Check
+ - wireshark 0.99.7-1
+ [sarge] - ethereal <not-affected> (vulnerable code introduced in 0.8.16)
CVE-2007-6449
REJECTED
CVE-2007-6448
@@ -140,9 +144,11 @@
CVE-2007-6440
REJECTED
CVE-2007-6439 (Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to
cause ...)
- TODO: check
+ - wireshark 0.99.7-1
+ [sarge] - ethereal <not-affected> (vulnerable code introduced in 0.8.16)
CVE-2007-6438 (Unspecified vulnerability in the SMB dissector in Wireshark
(formerly ...)
- TODO: check
+ - wireshark 0.99.7-1
+ [sarge] - ethereal <not-affected> (vulnerable code introduced in 0.8.16)
CVE-2007-6437 (Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8
allows ...)
- syslog-ng <unfixed> (low; bug #457334)
CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server,
and ...)
@@ -394,13 +400,13 @@
CVE-2007-6337
RESERVED
{DTSA-101-1}
- - clamav 0.92~dfsg-1
+ - clamav 0.92~dfsg-1~volatile2
CVE-2007-6336 (Off-by-one error in ClamAV before 0.92 allows remote attackers
to ...)
{DTSA-101-1}
- - clamav 0.92~dfsg-1
+ - clamav 0.92~dfsg-1~volatile2
CVE-2007-6335 (Integer overflow in libclamav in ClamAV before 0.92 allows
remote ...)
{DTSA-101-1}
- - clamav 0.92~dfsg-1
+ - clamav 0.92~dfsg-1~volatile2
CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products
and ...)
NOT-FOR-US: Ingres on Windows
CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as
...)