jmm-guest at alioth.debian.org
2007-Jul-10 17:30 UTC
[Secure-testing-commits] r6128 - in data: CVE DSA
Author: jmm-guest
Date: 2007-07-10 17:30:39 +0000 (Tue, 10 Jul 2007)
New Revision: 6128
Modified:
data/CVE/list
data/DSA/list
Log:
vlc DSA
gfax only affected sarge
glibc bug only
wz_tooltip apparently bogus
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-07-10 12:23:02 UTC (rev 6127)
+++ data/CVE/list 2007-07-10 17:30:39 UTC (rev 6128)
@@ -12,7 +12,7 @@
RESERVED
CVE-2007-3508 [glibc hwcaps integer overflow]
RESERVED
- - glibc <unfixed> (unimportant; bug #431858)
+ - glibc 2.6-2 (unimportant; bug #431858)
NOTE: Not security-relevant
CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value
function ...)
- flac123 <unfixed> (medium; bug #432008)
@@ -106,9 +106,9 @@
CVE-2007-3469 (Unspecified vulnerability in the TCP Loopback/Fusion
implementation in ...)
NOT-FOR-US: Sun Solaris
CVE-2007-3468 (input.c in VideoLAN VLC Media Player before 0.8.6c allows remote
...)
- - vlc 0.8.6.c.debian-1 (bug #429726)
+ - vlc 0.8.6.c.debian-1 (unimportant; bug #429726)
CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c
VideoLAN ...)
- - vlc 0.8.6.c.debian-1 (bug #429726)
+ - vlc 0.8.6.c.debian-1 (unknown; bug #429726)
CVE-2007-3466
RESERVED
CVE-2007-3465 (Check Point SofaWare Safe at Office, with firmware before
Embedded NGX ...)
@@ -450,7 +450,7 @@
CVE-2007-3317 (The Session Initiation Protocol (SIP) User Access Client (UAC)
message ...)
NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2007-3316 (Multiple format string vulnerabilities in plugins in VideoLAN
VLC ...)
- - vlc 0.8.6.c.debian-1 (bug #429726)
+ - vlc 0.8.6.c.debian-1 (medium; bug #429726)
CVE-2007-3315 (Multiple PHP remote file inclusion vulnerabilities in
YourFreeScreamer ...)
NOT-FOR-US: YourFreeScreamer
CVE-2007-3314 (Stack-based buffer overflow in peviewer.spl in Altap Servant
...)
@@ -816,10 +816,8 @@
CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has
unknown ...)
- egroupware <unfixed> (bug #429208)
CVE-2007-3154 (Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka ...)
- - ktorrent 2.1.4.dfsg.1-3 (bug #429209)
- - dtc-common <unfixed> (bug #429214)
- - egroupware-core <unfixed> (bug #429215)
- - gallery <unfixed> (bug #429213)
+ NOTE: Apparently a bogus issue; upstream developer of wz_tooltip.js
isn''t aware
+ NOTE: of any security problem, see #429215, #429209, #429214, #429213
CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms
other ...)
NOT-FOR-US: c-ares
CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random
number ...)
@@ -1556,7 +1554,8 @@
CVE-2007-2839 [gfax: local users can maniplate root''s contrab]
RESERVED
{DSA-1329-1}
- - gfax <unfixed> (bug #431893; low)
+ - gfax 0.6 (bug #431893; low)
+ NOTE: Vulnerable code no longer present since 0.6, so marking this as fixed
version
CVE-2007-2838 (The populate_conns function in src/populate_conns.c in GSAMBAD
0.1.4 ...)
{DSA-1327-1}
- gsambad 0.1.6-2 (bug #431331)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2007-07-10 12:23:02 UTC (rev 6127)
+++ data/DSA/list 2007-07-10 17:30:39 UTC (rev 6128)
@@ -1,3 +1,7 @@
+[09 Jul 2007] DSA-1332-1 vlc
+ {CVE-2007-3316 CVE-2007-3467 CVE-2007-3468}
+ [sarge] - vlc 0.8.1.svn20050314-1sarge3
+ [etch] - vlc 0.8.6-svn20061012.debian-5etch1
[07 Jul 2007] DSA-1331-1 php4 - several vulnerabilities
{CVE-2006-0207 CVE-2006-4486 CVE-2007-1864}
[sarge] - php4 4:4.3.10-22