thr3ads.net - Secure testing commits - [Secure-testing-commits] r5756

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2007-May-01 10:18 UTC
[Secure-testing-commits] r5756 - data/CVE

Author: jmm-guest
Date: 2007-05-01 10:18:48 +0000 (Tue, 01 May 2007)
New Revision: 5756

Modified:
   data/CVE/list
Log:
no-dsa for minor openssh information leak
update one php status
one older php issue is a non-issue
older vserver issue fixed
record one kernel issue as fixed
one older kernel issue fixed before linux-2.6 upload
no-dsa for minor apg issue


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-05-01 10:12:29 UTC (rev 5755)
+++ data/CVE/list	2007-05-01 10:18:48 UTC (rev 5756)
@@ -180,6 +180,7 @@
 	NOT-FOR-US: Adobe Photoshop
 CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is
...)
 	- openssh <unfixed> (low)
+	[sarge] - openssh <no-dsa> (Minor issue)
 CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of
service ...)
 	- linux-2.6 <unfixed> (low; bug #421595)
 	- kfreebsd-5 <unfixed> (low)
@@ -798,9 +799,9 @@
 CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads
...)
 	NOT-FOR-US: Rha7 Downloads
 CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in ...)
-	- tinymux <unfixed> (medium)
+	- tinymux <unfixed>
 CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause
a ...)
-	- tinymux <unfixed> (medium)
+	- tinymux <unfixed>
 CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion
Sylvain ...)
 	NOT-FOR-US: Portail Web Php
 CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee
UBB.threads ...)
@@ -1384,9 +1385,12 @@
 	NOTE: Dupe of CVE-2007-0910
 CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before
5.2.1, ...)
 	{DSA-1283-1}
-	- php4 <unfixed> (low)
-	- php5 5.2.0-11 (low)
-	NOTE: Should be fixed, if remotely exploitable
+	- php5 5.2.0-9
+	- php4 6:4.4.4-9
+	[etch] - php5 5.2.0-8+etch1
+	[etch] - php4 6:4.4.4-8+etch1
+	NOTE: This was fixed as a side-effect of previous security fixes, noting the
+	NOTE: status as of DSA-1286 as fixed version
 CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu
...)
 	NOT-FOR-US: Mambo module SWmenu
 CVE-2007-1698 (download.php in Philex 0.2.3 and earlier allows remote attackers
to ...)
@@ -1479,7 +1483,7 @@
 CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog
Plyt ...)
 	NOT-FOR-US: Plyt Audio
 CVE-2007-1655 (Buffer overflow in the fun_ladd function in funmath.cpp in
TinyMUX ...)
-	- tinymux <unfixed> (medium)
+	- tinymux <unfixed>
 CVE-2007-1654 (Buffer overflow in the Ne7sshSftp::addOpenHandle function in
...)
 	NOT-FOR-US: ne7ssh
 CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a
denial ...)
@@ -2104,7 +2108,8 @@
 CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick
and (2) ...)
 	NOT-FOR-US: FiSH IRC Encryption
 CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through
5.2.1, when ...)
-	- php5 <unfixed>
+	- php5 <unfixed> (unimportant)
+	NOTE: Non-issue
 CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin
2.8.0 ...)
 	- phpmyadmin <unfixed> (medium)
 CVE-2007-1394 (Direct static code injection vulnerability in startsession.php
in Flat ...)
@@ -3196,9 +3201,10 @@
 CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before
isakmpd-20020403_1, and ...)
 	NOT-FOR-US: FreeBSD
 CVE-2007-XXXX [vserver patch allows renice of processes in different context]
-	- linux-2.6 <unfixed> (bug #412143)
+	- linux-2.6 2.6.18.dfsg.1-12 (bug #412143)
 CVE-2007-XXXX [apg generates insecure passwords on 64-bit architectures]
 	- apg <unfixed> (bug #412618)
+	[etch] - apg <no-dsa> (Minor issue)
 	NOTE: This is not reproducible after a recompile on amd64.
 CVE-2007-XXXX [mt-daapd remote access & default password]
 	- mt-daapd <unfixed> (unimportant; bug #404640)
@@ -5351,7 +5357,7 @@
 CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System
...)
 	NOT-FOR-US: Deadlock
 CVE-2006-6921 (Unspecified versions of the Linux kernel allows local users to
cause a ...)
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.18-1 (low)
 CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP
...)
 	NOT-FOR-US: HP
 CVE-2007-XXXX [udev wrong permissions on raid devices]
@@ -8469,7 +8475,7 @@
 CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does
not ...)
 	- linux-2.6 2.6.18.dfsg.1-10
 CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly
...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 <not-affected> (Fixed before initial upload; 2.6.10)
 CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux
...)
 	- linux-2.6 <unfixed>
 CVE-2006-5752
Secure testing commits - May 2007 - r5756 - data/CVE

[Secure-testing-commits] r5756 - data/CVE
