jmm-guest at alioth.debian.org
2007-Nov-15 22:21 UTC
[Secure-testing-commits] r7313 - data/CVE
Author: jmm-guest Date: 2007-11-15 22:21:35 +0000 (Thu, 15 Nov 2007) New Revision: 7313 Modified: data/CVE/list Log: one of the tk issues is a regression to an incorrect security fix, the other one is pending fix ezpublish entry Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-11-15 21:40:20 UTC (rev 7312) +++ data/CVE/list 2007-11-15 22:21:35 UTC (rev 7313) @@ -2848,7 +2848,9 @@ NOT-FOR-US: lustig.cms CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl ...) - tk8.4 8.4.16-1 - - tk8.3 8.3.5-9 (medium; bug #445303) + [etch] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13) + [sarge] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13) + - tk8.3 <not-affected> (Vulnerability was introduced in 8.4.13) CVE-2007-5136 (Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier ...) NOT-FOR-US: DFD Cart CVE-2007-5134 (Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP ...) @@ -6602,9 +6604,9 @@ CVE-2005-4858 (Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in ...) NOT-FOR-US: mimicboard2 CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and ...) - - ezpublish <not-affected> (Debian''s version is too old) + - ezpublish <removed> CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, ...) - - ezpublish <not-affected> (Debian''s version is too old) + - ezpublish <removed> CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...) - ezpublish <removed> (bug #424790) CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder''s ...)