joeyh at alioth.debian.org
2007-Jun-23 21:14 UTC
[Secure-testing-commits] r6055 - data/CVE
Author: joeyh
Date: 2007-06-23 21:14:08 +0000 (Sat, 23 Jun 2007)
New Revision: 6055
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-06-23 18:49:52 UTC (rev 6054)
+++ data/CVE/list 2007-06-23 21:14:08 UTC (rev 6055)
@@ -239,6 +239,7 @@
CVE-2007-3258
RESERVED
CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for
Evolution Data ...)
+ {DSA-1321-1}
- evolution-data-server 1.10.2-2 (bug #429876)
[sarge] - evolution-data-server <not-affected> (Vulnerable code present
in a different source package)
CVE-2007-3256
@@ -362,8 +363,8 @@
CVE-2007-3206
RESERVED
CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3)
Subhosin, ...)
- - php4 <unfixed> (low)
- - php5 <unfixed> (low)
+ - php4 <unfixed> (low)
+ - php5 <unfixed> (low)
CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network
...)
- jffnms <unfixed> (high)
NOTE: the fix for CVE-2007-3190 is incomplete (the ''pass''
param can still contain an injection)
@@ -549,8 +550,10 @@
CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup
utility) in ...)
NOT-FOR-US: FreeVMS
CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before
0.91rc1 ...)
+ {DSA-1320-1}
- clamav 0.90.3-1
CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before
0.91rc1 ...)
+ {DSA-1320-1}
- clamav 0.90.3-1
CVE-2007-3121 (Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in
the ...)
- zvbi 0.2.25-1 (bug #429221)
@@ -563,12 +566,15 @@
CVE-2007-3117 (Cross-site scripting (XSS) vulnerability in the SEO module in
ADPLAN 3 ...)
NOT-FOR-US: ADPLAN
CVE-2007-3116 (Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05
allows ...)
+ {DSA-1319-1}
- maradns 1.2.12.06-1
[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3115 (Multiple memory leaks in server/MaraDNS.c in MaraDNS before
1.2.12.06, ...)
+ {DSA-1319-1}
- maradns 1.2.12.06-1
[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3114 (Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and
1.3.x ...)
+ {DSA-1319-1}
- maradns 1.2.12.05-1
[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3113 (Cacti 0.8.6i, and possibly other versions, allows remote
authenticated ...)
@@ -756,8 +762,10 @@
CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV
before ...)
- clamav <not-affected> (Solaris-specific bug)
CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before
0.91rc1 ...)
+ {DSA-1320-1}
- clamav 0.90.3-1
CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not
...)
+ {DSA-1320-1}
- clamav 0.90.3-1
CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before
...)
NOT-FOR-US: Symantec
@@ -1193,6 +1201,7 @@
CVE-2007-2834
RESERVED
CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of
service ...)
+ {DSA-1316-1}
TODO: check
CVE-2007-2832 (Cross-site scripting (XSS) vulnerability in the web application
...)
NOT-FOR-US: Cisco
@@ -1608,6 +1617,7 @@
CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27
allow ...)
NOT-FOR-US: VooDoo cIRCle
CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote
attackers to ...)
+ {DSA-1320-1}
- clamav 0.90.2-1
CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays
for ...)
NOT-FOR-US: Speedport W 700v
@@ -3829,14 +3839,17 @@
NOT-FOR-US: IDA Pro
CVE-2007-1665
RESERVED
+ {DSA-1318-1}
- ekg 1:1.7~rc2-2 (low)
[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1664
RESERVED
+ {DSA-1318-1}
- ekg 1:1.7~rc2-2 (low)
[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1663
RESERVED
+ {DSA-1318-1}
- ekg 1:1.7~rc2-2 (low)
[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1662
@@ -3854,6 +3867,7 @@
CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog
Plyt ...)
NOT-FOR-US: Plyt Audio
CVE-2007-1655 (Buffer overflow in the fun_ladd function in funmath.cpp in
TinyMUX ...)
+ {DSA-1317-1}
- tinymux 2.4.3.31-1.1 (bug #417539)
CVE-2007-1654 (Buffer overflow in the Ne7sshSftp::addOpenHandle function in
...)
NOT-FOR-US: ne7ssh
@@ -30932,7 +30946,7 @@
CVE-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to
create ...)
NOT-FOR-US: sandbox
CVE-2005-2448 (Multiple "endianness errors" in libgadu in ekg
before 1.6rc2 allow ...)
- {DSA-813-1 DTSA-2-1 DTSA-4-1}
+ {DSA-1318-1 DSA-813-1 DTSA-2-1 DTSA-4-1}
- ekg 1:1.5+20050718+1.6rc3-1 (low)
- centericq 4.20.0-9 (bug #323185; medium)
CVE-2005-2447
@@ -31134,7 +31148,7 @@
CVE-2005-2371 (Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i,
and ...)
NOT-FOR-US: Oracle Reports
CVE-2005-2370 (Multiple "memory alignment errors" in libgadu,
as used in ekg before ...)
- {DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
+ {DSA-1318-1 DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
- gaim 1:1.4.0-5 (low)
- centericq 4.20.0-9 (bug #323185; low)
- ekg 1:1.5+20050712+1.6rc2-1 (low)