jmm-guest at alioth.debian.org
2007-Dec-26 13:26 UTC
[Secure-testing-commits] r7723 - in data: CVE DSA
Author: jmm-guest
Date: 2007-12-26 13:26:54 +0000 (Wed, 26 Dec 2007)
New Revision: 7723
Modified:
data/CVE/list
data/DSA/list
Log:
cups DSA
flashplugin not supported
new kernel issue already tracked in kernel-sec
conquest no-dsa
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-12-25 22:28:52 UTC (rev 7722)
+++ data/CVE/list 2007-12-26 13:26:54 UTC (rev 7723)
@@ -305,6 +305,7 @@
RESERVED
CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local
users ...)
- cupsys 1.3.5-1 (low; bug #456960)
+ [sarge] - cupsys <no-dsa> (Minor issue)
NOTE: the debian package is a bit confusing here as it also ships a pdftops
NOTE: wrapper script as an example but the original script is installed
NOTE: under /usr/lib/cups/filters
@@ -443,6 +444,8 @@
RESERVED
{DTSA-101-1}
- clamav 0.92~dfsg-1~volatile2
+ [sarge] - clamav <not-affected> (Vulnerable code not present)
+ [etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6336 (Off-by-one error in ClamAV before 0.92 allows remote attackers
to ...)
{DSA-1435-1 DTSA-101-1}
- clamav 0.92~dfsg-1~volatile2
@@ -639,14 +642,24 @@
RESERVED
CVE-2007-6246 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and
7.x up ...)
- flashplugin-nonfree 9.0.115.0.1
+ [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
+ [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6245 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and
7.x up ...)
- flashplugin-nonfree 9.0.115.0.1
+ [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
+ [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6244 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe
Flash ...)
- flashplugin-nonfree 9.0.115.0.1
+ [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
+ [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6243 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and
7.x up ...)
- flashplugin-nonfree 9.0.115.0.1
+ [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
+ [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6242 (Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and
earlier ...)
- flashplugin-nonfree 9.0.115.0.1
+ [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
+ [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6241 (Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have
...)
NOT-FOR-US: Beehive Forum
CVE-2007-6240 (SQL injection vulnerability in active.asp in Snitz Forums 2000
3.4.06 ...)
@@ -5558,7 +5571,7 @@
{DSA-1385-1}
- xfs 1:1.0.5-1
CVE-2007-4567 (Linux kernel 2.6.22 and earlier, and possibly other versions,
does not ...)
- TODO: check
+ - linux-2.6 2.6.22-1
CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in
Alpha ...)
NOT-FOR-US: SIDVault
CVE-2007-4565 (fetchmail before 6.3.9 allows context-dependent attackers to
cause a ...)
@@ -13180,6 +13193,8 @@
NOT-FOR-US: PostGuestbook
CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow
local ...)
- conquest 8.2b-1 (low)
+ [sarge] - conquest <no-dsa> (Minor issue)
+ [etch] - conquest <no-dsa> (Minor issue)
CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for
scd.sh and ...)
NOT-FOR-US: Zend Platform
CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier
allows ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2007-12-25 22:28:52 UTC (rev 7722)
+++ data/DSA/list 2007-12-26 13:26:54 UTC (rev 7723)
@@ -1,3 +1,6 @@
+[26 Dec 2007] DSA-1437-1 cupsys
+ {CVE-2007-5849 CVE-2007-6358}
+ [etch] - cupsys 1.2.7-4etch2
[20 Dec 2007] DSA-1436-1 linux-2.6 fai-kernels user-mode-linux - several
vulnerabilities
{CVE-2006-6058 CVE-2007-5966 CVE-2007-6063 CVE-2007-6206 CVE-2007-6417}
[etch] - linux-2.6 2.6.18.dfsg.1-13etch6