stef-guest at alioth.debian.org
2007-Jul-25 20:53 UTC
[Secure-testing-commits] r6171 - data/CVE
Author: stef-guest Date: 2007-07-25 20:53:35 +0000 (Wed, 25 Jul 2007) New Revision: 6171 Modified: data/CVE/list Log: fixed: dokuwiki, asterisk, linux Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-07-25 20:33:27 UTC (rev 6170) +++ data/CVE/list 2007-07-25 20:53:35 UTC (rev 6171) @@ -1,3 +1,5 @@ +CVE-2007-XXXX [dokuwiki XSS in spellchecker] + - dokuwiki 0.0.20070626b-1 (bug #434134) CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital Management ...) TODO: check CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer Relationship ...) @@ -209,13 +211,17 @@ CVE-2007-3766 RESERVED CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW ...) - TODO: check + - asterisk 1:1.4.8~dfsg-1 (bug #433681) + NOTE: ASA-2007-017 CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and ...) - TODO: check + - asterisk 1:1.4.8~dfsg-1 + NOTE: ASA-2007-016 CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and ...) - TODO: check + - asterisk 1:1.4.8~dfsg-1 + NOTE: ASA-2007-015 CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in ...) - TODO: check + - asterisk 1:1.4.8~dfsg-1 (high) + NOTE: ASA-2007-014 CVE-2007-XXXX [konqueror data: URL address bar spoofing] - kdebase <unfixed> (bug #433072; low) NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2 @@ -483,7 +489,7 @@ CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...) TODO: check CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c ...) - TODO: check + - linux-2.6 2.6.22-2 CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not ...) - libarchive 2.2.4-1 (bug #432924; low) CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...) @@ -1289,8 +1295,6 @@ - apache2 2.2.4-2 (low) [etch] - apache2 <unfixed> (low) [sarge] - apache2 2.0.54-5sarge2 (low) - NOTE: Apache 2.0 likely not exploitable, see - NOTE: http://mail-archives.apache.org/mod_mbox/httpd-dev/200706.mbox/<20070622162353.GA15396%40redhat.com> CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...) - apache2 <unfixed> (unimportant) NOTE: If you can execute arbitrary code, a DoS is not a problem.