jmm-guest at alioth.debian.org
2007-Dec-29 17:10 UTC
[Secure-testing-commits] r7758 - data/CVE
Author: jmm-guest
Date: 2007-12-29 17:10:53 +0000 (Sat, 29 Dec 2007)
New Revision: 7758
Modified:
data/CVE/list
Log:
bitchx no-dsa
record two dovecot non-issues to avoid wasted work
if otherwise announced as security fixes
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-12-29 16:48:49 UTC (rev 7757)
+++ data/CVE/list 2007-12-29 17:10:53 UTC (rev 7758)
@@ -1,3 +1,10 @@
+CVE-2007-XXXX [dovecot LDAP infinite loop]
+ - dovecot <unfixed> (unimportant)
+ NOTE: Can only be triggered by an attacker being able to disconnect,
+ NOTE: not by normal users, fixed in 1.0.10
+CVE-2007-XXXX [uidlist crash]
+ - dovecot <unfixed> (unimportant)
+ NOTE: Only terminates a single connection, no security impact, fixed in 1.0.10
CVE-2007-XXXX [mongrel remote arbitrary file disclosure]
- mongrel 1.1.3-1 (medium)
CVE-2007-6564 (Cross-site scripting (XSS) vulnerability in admin.php in Limbo
CMS ...)
@@ -1901,6 +1908,8 @@
- libnss-ldap 256-1 (bug #453868)
CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows
local ...)
- ircii-pana <removed> (low; bug #449149)
+ [etch] - ircii-pana <no-dsa> (Minor issue)
+ [sarge] - ircii-pana <no-dsa> (Minor issue)
CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when
...)
{DTSA-79-1}
- emacs22 22.1+1-2.1 (medium; bug #449008)