jmm-guest at alioth.debian.org
2007-Sep-19 20:26 UTC
[Secure-testing-commits] r6645 - data/CVE
Author: jmm-guest Date: 2007-09-19 20:26:42 +0000 (Wed, 19 Sep 2007) New Revision: 6645 Modified: data/CVE/list Log: irssi-scripts no-dsa gimp issue not yet fixed, pinged Mandriva for isolated patch Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-09-19 19:45:21 UTC (rev 6644) +++ data/CVE/list 2007-09-19 20:26:42 UTC (rev 6645) @@ -82,7 +82,7 @@ NOT-FOR-US: Microsoft Visual Studio CVE-2007-4889 (The MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...) - php5 <unfixed> (unimportant) - NOTE: Only triggerable by malicious script + NOTE: basedir and safemode not supported CVE-2007-4888 (The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 ...) NOT-FOR-US: Xwiki CVE-2007-4887 (The dl function in PHP 5.2.4 and earlier allows context-dependent ...) @@ -1190,6 +1190,8 @@ NOT-FOR-US: various IRC now_playing scripts CVE-2007-4396 (Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) ...) - irssi-scripts <unfixed> (low; bug #439840) + [etch] - irssi-scripts <no-dsa> (minor issue) + [sarge] - irssi-scripts <no-dsa> (minor issue) NOTE: weechat-scripts does not include the mentioned scripts CVE-2007-4395 (Multiple unspecified vulnerabilities in the Role Based Access Control ...) NOT-FOR-US: Sun Solaris 8 @@ -2653,7 +2655,8 @@ CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before ...) NOT-FOR-US: Apple Safari CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...) - - gimp 2.2.16-1 (low) + - gimp <unfixed> + TODO: Poke maintainer, might be a non-issue, as upstream is fairly well organized CVE-2007-3740 (The CIFS filesystem, when Unix extension support is enabled, does not ...) - linux-2.6 <unfixed> CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not ...)