jmm-guest at alioth.debian.org
2007-Nov-04 17:32 UTC
[Secure-testing-commits] r7213 - data/CVE
Author: jmm-guest Date: 2007-11-04 17:32:29 +0000 (Sun, 04 Nov 2007) New Revision: 7213 Modified: data/CVE/list Log: vobcopy no-dsa browser crashes not security-relevant contrib and non-free as usual Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-11-04 17:30:38 UTC (rev 7212) +++ data/CVE/list 2007-11-04 17:32:29 UTC (rev 7213) @@ -304,6 +304,7 @@ NOT-FOR-US: Sony SonicStage CONNECT Player CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary file, ...) - vobcopy <unfixed> (low; bug #448319) + [etch] - vobcopy <no-dsa> (Minor issue) CVE-2007-5706 (Absolute path traversal vulnerability in download.php in Jeebles ...) NOT-FOR-US: Jeebles CVE-2007-5705 (Unspecified vulnerability in the Settings component in the ...) @@ -336,8 +337,8 @@ CVE-2007-5692 (Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 ...) - sitebar <unfixed> (low; bug #448689) CVE-2007-5691 (ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers ...) - - iceweasel 2.0.0.8-1 (low) - TODO: check other ice-* + - iceweasel 2.0.0.8-1 (unimportant) + NOTE: Browser crashes not treated as security problems CVE-2007-5690 (Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1 might ...) - zaptel <unfixed> (unimportant; bug #448763) NOTE: zaptel does copy argv[1] into ifr_name but zaptel is not suid root or something @@ -345,6 +346,7 @@ CVE-2007-5689 (The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) ...) - sun-java6 6-03-1 (medium) - sun-java5 1.5.0-13-1 (medium) + [etch] - sun-java5 <no-dsa> (Non-free not supported) CVE-2007-5688 (Multiple SQL injection vulnerabilities in directory.php in the ...) NOT-FOR-US: Multi Host Forum Pro CVE-2007-5687 (Multiple buffer overflows in the rich text processing functionality in ...) @@ -1910,7 +1912,8 @@ NOT-FOR-US: Opera CVE-2007-5275 (The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause ...) - flashplugin-nonfree <unfixed> (bug #449110) - NOTE: no upstream fix yet + [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported) + [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported) CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and ...) - sun-java6 6-03-1 (low) - sun-java5 1.5.0-13-1 (low)