jmm-guest at alioth.debian.org
2007-Jul-05 22:38 UTC
[Secure-testing-commits] r6098 - data/CVE
Author: jmm-guest Date: 2007-07-05 22:38:40 +0000 (Thu, 05 Jul 2007) New Revision: 6098 Modified: data/CVE/list Log: one PHP non-issue we need to file bugs for every new issue. if an issue is only marked as unfixed in the tracker, no maintainer will notice it. So, bugs need to be filed. Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-07-05 15:21:44 UTC (rev 6097) +++ data/CVE/list 2007-07-05 22:38:40 UTC (rev 6098) @@ -16,8 +16,10 @@ NOTE: Not security-relevant CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...) - flac123 <unfixed> (medium) + TODO: File bug CVE-2007-3506 (The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType ...) - freetype <unfixed> (medium) + TODO: File bug CVE-2007-3505 (Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 ...) NOT-FOR-US: QuickTalk forum CVE-2007-3504 (Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java ...) @@ -232,8 +234,7 @@ CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause ...) - libnet-dns-perl 0.60-1 (low) CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have ...) - - dia <not-affected> - NOTE: Windows packaging with bundled FreeType libs + - dia <not-affected> (Windows packaging with bundled FreeType libs) CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to ...) NOT-FOR-US: Simple HTTPD CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft Internet ...) @@ -498,7 +499,8 @@ CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...) NOT-FOR-US: YaBB CVE-2007-3294 (Multiple buffer overflows in the Tidy extension for PHP 5.2.3 allow ...) - TODO: check + - php5 <unfixed> (unimportant) + NOTE: Only exploitable by malicious script CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and ...) NOT-FOR-US: LiveCMS CVE-2007-3292 (Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier ...) @@ -530,17 +532,14 @@ CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting ...) NOT-FOR-US: Php Hosting Biller CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements ...) - - postgresql-8.1 <not-affected> - - postgresql-8.2 <not-affected> - NOTE: Neither PL/pgsql nor dblink are enabled by default. + - postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default) + - postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default) CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL ...) - - postgresql-8.1 <not-affected> - - postgresql-8.2 <not-affected> - NOTE: Neither PL/pgsql nor dblink are enabled by default. + - postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default) + - postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default) CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust ...) - - postgresql-8.1 <not-affected> - - postgresql-8.2 <not-affected> - NOTE: local trust authentication is not enabled in Debian. + - postgresql-8.1 <not-affected> (local trust authentication is not enabled in Debian) + - postgresql-8.2 <not-affected> (local trust authentication is not enabled in Debian) CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module for ...) NOT-FOR-US: localization module for WIKINDX CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site at School ...)