stef-guest at alioth.debian.org
2007-Jul-10 18:55 UTC
[Secure-testing-commits] r6129 - data/CVE
Author: stef-guest
Date: 2007-07-10 18:55:31 +0000 (Tue, 10 Jul 2007)
New Revision: 6129
Modified:
data/CVE/list
Log:
- fixed: php4, imagemagick
- new issues fixed: graphicsmagick, silc-toolkit, silc-client, moodle
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-07-10 17:30:39 UTC (rev 6128)
+++ data/CVE/list 2007-07-10 18:55:31 UTC (rev 6129)
@@ -1,3 +1,10 @@
+CVE-2007-XXXX [silc-toolkit several buffer overflows]
+ - silc-toolkit 1.1.2-1
+ NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2
+CVE-2007-XXXX [silc-client several buffer overflows]
+ - silc-client 1.1.2-1
+CVE-2007-XXXX [moodle several XSS]
+ - moodle 1.8.2-1 (bug #432264)
CVE-2007-3514 (Cross-domain vulnerability in Apple Safari for Windows 3.0.2
allows ...)
NOT-FOR-US: Apple Safari
CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the Linux
...)
@@ -3911,7 +3918,8 @@
CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3
allows ...)
NOT-FOR-US: IBM AIX
CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow
remote ...)
- - imagemagick <unfixed> (medium)
+ - imagemagick 7:6.2.4.5.dfsg1-1 (medium)
+ - graphicsmagick 1.1.7-15 (medium)
CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before
1.3.2 ...)
NOT-FOR-US: URLshrink
CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute
arbitrary ...)
@@ -4112,7 +4120,7 @@
[sarge] - php4 <not-affected> (Vulnerable code not present)
- php5 5.2.0-11 (medium)
CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through
5.2.1 ...)
- - php4 <unfixed> (unimportant)
+ - php4 6:4.4.6-2 (unimportant)
- php5 <unfixed> (unimportant)
NOTE: This is a regular bug, not a security problem
CVE-2007-1716 (pam_console does not properly restore ownership for certain
console ...)
@@ -4127,7 +4135,7 @@
NOT-FOR-US: Active Auction Pro
CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and
4.4.6 ...)
{DSA-1283-1 DSA-1282-1}
- - php4 <unfixed> (unimportant)
+ - php4 6:4.4.6-2 (unimportant)
- php5 5.2.0-9 (unimportant)
NOTE: register_globals not supported
CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...)
@@ -4589,7 +4597,7 @@
CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before
5.2.2, ...)
{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
- php5 5.2.0-11 (medium)
- - php4 <unfixed> (medium)
+ - php4 6:4.4.6-2 (medium)
CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0
and ...)
NOT-FOR-US: PHP-Nuke
CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in
PHP-Nuke ...)
@@ -6808,6 +6816,8 @@
{DSA-1294-1}
- xfree86 <removed> (bug #414046; medium)
- libx11 2:1.0.3-7 (bug #414045; medium)
+ - graphicsmagick 1.1.7-14 (bug #417862; medium)
+ - imagemagick 7:6.2.4.5.dfsg1-1 (medium)
NOTE: Discovered through CVE-2007-0770.
NOTE: With certain mail user agents, this issue is likely exploitable
NOTE: without much user interaction.