thr3ads.net - Secure testing commits - [Secure-testing-commits] r6081

If this information is useful, please help other people find it:
Share via:
jmm-guest at alioth.debian.org
2007-Jul-02 17:29 UTC
[Secure-testing-commits] r6081 - data/CVE

Author: jmm-guest
Date: 2007-07-02 17:29:18 +0000 (Mon, 02 Jul 2007)
New Revision: 6081

Modified:
   data/CVE/list
Log:
cleaned up iceweasel issues list
zvbi non-issue
new kernel issue
no-dsa for proprietary java
hiki/sarge not affected
NFUs
bugzilla no-dsa
php non-issue
removed some historic TODOs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-07-02 16:24:40 UTC (rev 6080)
+++ data/CVE/list	2007-07-02 17:29:18 UTC (rev 6081)
@@ -213,7 +213,8 @@
 CVE-2007-3361 (The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows
...)
 	NOT-FOR-US: Nortel PC Client SIP Soft Phone
 CVE-2007-3360 (hook.c in BitchX 1.1-final allows remote IRC servers to execute
...)
-	- ircii-pana <unfixed> (low)
+	- ircii-pana <unfixed> (medium)
+	TODO: File bug
 CVE-2007-3359 (Multiple PHP remote file inclusion vulnerabilities in SerWeb
0.9.6 and ...)
 	NOT-FOR-US: SerWeb
 CVE-2007-3358 (PHP remote file inclusion vulnerability in html/load_lang.php in
...)
@@ -562,8 +563,9 @@
 CVE-2007-3206
 	RESERVED
 CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3)
Subhosin, ...)
-	- php4 <unfixed> (low)
-	- php5 <unfixed> (low)
+	- php4 <unfixed> (unimportant)
+	- php5 <unfixed> (unimportant)
+	NOTE: That''s by design
 CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network
...)
 	- jffnms <unfixed> (high)
 	NOTE: the fix for CVE-2007-3190 is incomplete (the ''pass''
param can still contain an injection)
@@ -692,6 +694,7 @@
 	- galeon <unfixed> (low; bug #429216)
 CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote
...)
 	- iceweasel <unfixed> (low)
+	[etch] - iceweasel <no-dsa> (Minor issue)
 	- iceape <unfixed> (low)
 	- firefox <removed> (low)
 	- mozilla <removed> (low)
@@ -754,7 +757,9 @@
 	{DSA-1320-1}
 	- clamav 0.90.3-1
 CVE-2007-3121 (Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in
the ...)
-	- zvbi 0.2.25-1 (bug #429221)
+	- zvbi 0.2.25-1 (bug #429221; unimportant)
+	NOTE: Only exploitable through malformed closed captions
+	NOTE: Malicious TV networks have more subtle methods to control people...
 CVE-2007-3120 (Cross-site scripting (XSS) vulnerability in
public/code/cp_dpage.php ...)
 	NOT-FOR-US: All In One Control Panel (AIOCP)
 CVE-2007-3119 (SQL injection vulnerability in news.asp in Kartli Alisveris
Sistemi ...)
@@ -798,7 +803,7 @@
 CVE-2007-3105
 	RESERVED
 CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat
Enterprise ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2007-3103
 	RESERVED
 CVE-2007-3102
@@ -1013,9 +1018,11 @@
 CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows
user-assisted ...)
 	NOT-FOR-US: Acoustica MP3 CD Burner
 CVE-2007-3005 (Unspecified vulnerability in the Sun Java Runtime Environment in
JDK ...)
+	[etch] - sun-java <no-dsa> (Non-free not supported)
 	- sun-java5 1.5.0-11-1 (low)
 	- sun-java6 <unfixed> (low)
 CVE-2007-3004 (Buffer overflow in the image parsing implementation in the Sun
Java ...)
+	[etch] - sun-java <no-dsa> (Non-free not supported)
 	- sun-java5 1.5.0-11-1 (medium)
 	- sun-java6 <unfixed> (medium)
 CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and
earlier ...)
@@ -1410,6 +1417,7 @@
 CVE-2007-2836 [hiki file deletion vulnerability]
 	RESERVED
 	- hiki 0.8.7-1 (bug #430691; medium)
+	[sarge] - hiki <not-affected> (Vulnerable code not present)
 CVE-2007-2835
 	RESERVED
 CVE-2007-2834
@@ -2294,6 +2302,7 @@
 	NOT-FOR-US: Caucho Resin Professional
 CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1)
writefile, ...)
 	- vim <unfixed> (medium)
+	TODO: File bug
 	NOTE: Exploitable through modelines.
 CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0,
7.1, ...)
 	- xorg-server 2:1.3.0.0.dfsg-4 (unimportant; bug #422936)
@@ -2382,11 +2391,11 @@
 CVE-2007-2402
 	RESERVED
 CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X
10.3.9, and ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X,
...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, and 10.4.9 and later performs
an ...)
-	TODO: check
+	NOT-FOR-US: Apple
 CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote
attackers ...)
 	NOT-FOR-US: Apple Safari
 CVE-2007-2397
@@ -2639,6 +2648,7 @@
 	NOTE: only in 1.4.x
 CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication
support for ...)
 	- iceweasel (low)
+	[etch] - iceweasel <no-dsa> (Minor issue)
 	- firefox <removed> (low)
 	- mozilla <removed> (low)
 CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication
support for ...)
@@ -3356,6 +3366,7 @@
 	NOT-FOR-US: fotokategori.asp
 CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an
HTTPS ...)
 	- iceweasel <unfixed> (low)
+	[etch] - iceweasel <no-dsa> (Minor issue)
 CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in
Sam ...)
 	NOT-FOR-US: MyBlog
 CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew
...)
@@ -3846,6 +3857,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize
URLs ...)
 	- iceweasel <unfixed> (low)
+	[etch] - iceweasel <no-dsa> (Minor issue)
 CVE-2007-1761
 	RESERVED
 CVE-2007-1760
@@ -3900,6 +3912,7 @@
 	NOT-FOR-US: Opera
 CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1)
object or ...)
 	- iceweasel <unfixed> (low)
+	[etch] - iceweasel <no-dsa> (Minor issue)
 CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 ...)
 	NOT-FOR-US: Corel WordPerfect
 CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in ...)
@@ -4995,6 +5008,7 @@
 CVE-2006-7162 (PuTTY 0.59 and earlier uses weak file permissions for (1) ppk
files ...)
 	- putty 0.59-1 (bug #400804; unimportant)
 	NOTE: Unsafe default, but not a vulnerability
+	NOTE: Sensitive operations like key generation should only be done in private
home
 CVE-2006-7161 (SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0
allows ...)
 	NOT-FOR-US: Hazir Site
 CVE-2006-7160 (The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly
...)
@@ -5595,6 +5609,7 @@
 	NOT-FOR-US: Google Desktop
 CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before
...)
 	- iceweasel <unfixed> (low)
+	[etch] - iceweasel <no-dsa> (Minor issue)
 	- iceape <unfixed> (low)
 	NOTE: xulrunner by itself is not affeced, but other browsers based on
xulrunner may be affected
 	TODO: check epiphany, galeon and kazehakase
@@ -5938,6 +5953,7 @@
 	NOT-FOR-US: eTrust Intrusion Detection
 CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing
and ...)
 	- iceweasel <unfixed> (low)
+	[etch] - iceweasel <no-dsa> (Minor issue)
 	- iceape <unfixed> (low)
 	- xulrunner <unfixed> (low)
 	NOTE: maintainer notes that this may affect browsers based on xulrunner
@@ -6509,6 +6525,7 @@
 	[sarge] - stlport5 <not-affected> (Vulnerable code not compiled in)
 CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the
Phishing ...)
 	- iceweasel <unfixed> (low)
+	[etch] - iceweasel <no-dsa> (Minor issue)
 CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla
Firefox ...)
 	- iceweasel 2.0.0.2+dfsg-1 (low)
 	- firefox <removed> (low)
@@ -6540,6 +6557,7 @@
 	- bugzilla <not-affected> (Only development version 2.23.3 is affected)
 CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in
Bugzilla ...)
 	- bugzilla <unfixed> (bug #409824; low)
+	[etch] - bugzilla <no-dsa> (Minor issue, far-fetched attack, minor
impact)
 	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
 CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote
FTP ...)
 	NOT-FOR-US: SmartFTP
@@ -9054,7 +9072,6 @@
 CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2
(gtk2) ...)
 	{DSA-1256-1}
 	- gtk+2.0 2.8.20-5
-	TODO: check gdk-pixbuf
 CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla
Network ...)
 	NOTE: MFSA-2007-06
 	- iceweasel 2.0.0.2+dfsg-1 (low)
@@ -9250,7 +9267,6 @@
 CVE-2006-6585 (The Extensions manager in Mozilla Firefox 2.0 does not properly
...)
 	- iceweasel 2.0.0.1+dfsg-1
 	- firefox <removed>
-	TODO: check iceape, sarge''s firefox
 CVE-2006-6584 (Multiple buffer overflows in italkplus (Italk+) before 0.92.1
allow ...)
 	NOT-FOR-US: italkplus (Italk+)
 CVE-2006-6583 (ScriptMate User Manager 2.1 and earlier allow remote attackers
to ...)
@@ -20483,7 +20499,6 @@
 CVE-2005-4778 (The powersave daemon in SUSE Linux 10.0 before 20051007 has an
...)
 	- powersave 0.12.7-1
 	NOTE:
https://bugzilla.novell.com/show_bug.cgi?id=119628&x=18&y=11&=Find
-	TODO: Pinged maintainer.  Not clear if this bug has indeed been fixed.
 CVE-2005-4777 (Tashcom ASPEdit 2.9 stores the administration password (aka the
FTP ...)
 	NOT-FOR-US: Tashcom ASPEdit
 CVE-2005-4776 (Integer overflow in the FreeBSD compatibility code
(freebsd_misc.c) in ...)
@@ -28333,10 +28348,8 @@
 	- gnutls12 <not-affected> (fixed before upload)
 CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote
attackers ...)
 	NOT-FOR-US: Gadu-Gadu
-	TODO: Check, whether vulnerable code is shared with ekg
 CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the &quot;image
send&quot; option by ...)
 	NOT-FOR-US: Gadu-Gadu
-	TODO: Check, whether vulnerable code is shared with ekg
 CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in
Webcam ...)
 	NOT-FOR-US: Webcam Watchdog
 CVE-2004-2527 (The local and remote desktop login screens in Microsoft Windows
XP ...)
@@ -28972,7 +28985,6 @@
 	- linux-2.6 2.6.12-1
 CVE-2005-XXXX [Minor local DoS as libldap]
 	- openldap <unfixed> (bug #253838; low)
-	TODO: Check, whether openldap2.2 is affected as well
 CVE-2005-XXXX [Insecure bounds checking in mpack''s content parser]
 	- mpack 1.6-1 (bug #216566)
 CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and
mknod]
@@ -29185,7 +29197,6 @@
 	NOT-FOR-US: My Little Forum
 CVE-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing
Lisp ...)
 	- emacs21 21.3-1 (bug #286183; medium)
-	TODO: check xemacs21
 CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
 	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
 	[sarge] - egroupware <no-dsa> (Minor issue)
@@ -36597,11 +36608,9 @@
 	NOT-FOR-US: AIX
 CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC)
in MIT ...)
 	{DSA-757-1}
-	TODO: check krb4
 	- krb5 1.3.6-4 (bug #318437; medium)
 CVE-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center
(KDC) ...)
 	{DSA-757-1}
-	TODO: check krb4
 	- krb5 1.3.6-4 (bug #318437; medium)
 CVE-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2
package ...)
 	NOT-FOR-US: Oracle
@@ -38559,7 +38568,7 @@
 	- curl 7.13.0-2
 CVE-2005-0489 (The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17
allows ...)
 	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
-	TODO: check
+	- linux-2.6 <not-affected> (Fixed before initial release)
 CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine
2.0.0 to ...)
 	- cfengine2 2.1.8-1
 CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue
function in ...)
@@ -38690,7 +38699,6 @@
 CVE-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable
modem ...)
 	NOT-FOR-US: Thomson cable modem
 CVE-2005-0488 (Certain BSD-based Telnet clients, including those used on
Solaris and ...)
-	TODO: check heimdal, netkit-telnet-ssl
 	- krb4 <unfixed> (unimportant)
 	[woody] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
 	[sarge] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
@@ -38953,7 +38961,6 @@
 	{DSA-731-1 DSA-703-1}
 	- krb5 1.3.6-2
 	- krb4 1.2.2-11.2 (bug #306141)
-	TODO: check netkit-telnet, netkit-telnet-ssl
 CVE-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2)
...)
 	- putty 0.57-1
 CVE-2005-0466
@@ -40000,7 +40007,7 @@
 	- kernel-source-2.4.27 <not-affected> (intlen and outlen are unsigned in
2.4)
 CVE-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a
denial of ...)
 	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was only
introduced in 2.6.9)
-	TODO: Check, when this was fixed in 2.6
+	- linux-2.6 <not-affected> (Fixed before initial release)
 CVE-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1
allows ...)
 	- kernel-source-2.4.27 <not-affected> (v2.4 is safe because back there
current->signal was not shared.)
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
@@ -40653,7 +40660,6 @@
 CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for
libtiff ...)
 	{DSA-617-1}
 	- tiff 3.6.1-4
-	TODO: other packages containing libtiff code may be vulnerable, e.g. kfax
 CVE-2004-1307 (Integer overflow in the TIFFFetchStripThing function in
tif_dirread.c ...)
 	- tiff 3.7.0 (low)
 CVE-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT,
Windows 2000 ...)
Secure testing commits - Jul 2007 - r6081 - data/CVE

[Secure-testing-commits] r6081 - data/CVE
