Author: jmm-guest
Date: 2007-05-06 20:53:19 +0000 (Sun, 06 May 2007)
New Revision: 5802
Modified:
data/CVE/list
Log:
schroot limited to unstable
new kernel issues
lftp is a non-issue
older ekg issue don''t affect sarge
some not-affected states of mozilla
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-05-06 12:52:45 UTC (rev 5801)
+++ data/CVE/list 2007-05-06 20:53:19 UTC (rev 5802)
@@ -1,8 +1,11 @@
CVE-2007-XXXX [schroot may use outdated configuration information]
- schroot <unfixed> (low; bug #422354)
+ [etch] - schroot <not-affected> (Only exploitable in unstable)
CVE-2007-2488
- asterisk <unfixed> (low)
NOTE: ASA-2007-013
+CVE-2007-2480 [port bind info leak]
+ - linux-2.6 <unfixed> (medium)
CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote
attackers ...)
NOT-FOR-US: Cerulean Trillian
CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in
Cerulean ...)
@@ -276,7 +279,8 @@
CVE-2007-2349 (Cross-site scripting (XSS) vulnerability in Invision Power Board
...)
NOT-FOR-US: Invision Power Board
CVE-2007-2348 (mirror --script in lftp before 3.5.9 does not properly quote
shell ...)
- - lftp <unfixed> (low)
+ - lftp <unfixed> (unimportant)
+ NOTE: Non-issue, also already documented as potentially risky
CVE-2007-2347 (PHP remote file inclusion vulnerability in
main/forum/komentar.php in ...)
NOT-FOR-US: OneClick CMS
CVE-2007-2346 (Multiple PHP remote file inclusion vulnerabilities in
PHP-Generics 1.0 ...)
@@ -1796,12 +1800,15 @@
CVE-2007-1665
RESERVED
- ekg 1:1.7~rc2-2
+ [sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1664
RESERVED
- ekg 1:1.7~rc2-2
+ [sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1663
RESERVED
- ekg 1:1.7~rc2-2
+ [sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1662
RESERVED
CVE-2007-1661
@@ -2549,7 +2556,7 @@
CVE-2007-1354
RESERVED
CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support
in the ...)
- TODO: check
+ - linux-2.6 <unfixed> (low)
CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org
libXfont ...)
- libxfont 1:1.2.2-2 (medium)
CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c
in (1) ...)
@@ -4266,8 +4273,8 @@
- iceweasel 2.0.0.2+dfsg-1 (medium)
- iceape 1.0.8-1 (medium)
- xulrunner 1.8.0.10-1 (medium)
- [sarge] - mozilla-firefox <unfixed> (medium)
- [sarge] - mozilla <unfixed> (medium)
+ [sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
+ [sarge] - mozilla <not-affected> (Vulnerable code not present)
CVE-2007-0779 (GUI overlay vulnerability in Mozilla Firefox 1.5.x before
1.5.0.10 and ...)
NOTE: MFSA-2007-04
- iceweasel 2.0.0.2+dfsg-1 (low)
@@ -4306,9 +4313,10 @@
- iceape 1.0.8-1 (high)
- icedove 1.5.0.10.dfsg1-1 (low)
- xulrunner 1.8.0.10-1 (high)
- [sarge] - mozilla-firefox <unfixed> (high)
+ [sarge] - mozilla-firefox <unfixed> (low)
[sarge] - mozilla-thunderbird <unfixed> (low)
- [sarge] - mozilla <unfixed> (high)
+ [sarge] - mozilla <unfixed> (low)
+ NOTE: Only one of the crashes can be triggered in Sarge, 326864
CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function
...)
- tomcat5.5 <unfixed> (medium)
CVE-2007-0773
@@ -28855,9 +28863,6 @@
{DSA-813-1 DTSA-2-1 DTSA-4-1}
- ekg 1:1.5+20050718+1.6rc3-1 (low)
- centericq 4.20.0-9 (bug #323185; medium)
- [sarge] - ekg <not-affected>
- NOTE: I checked the ekg source from Sarge and all fixes from the centericq DSA
813
- NOTE: are already included.
CVE-2005-2447
REJECTED
CVE-2005-2446
@@ -29061,8 +29066,6 @@
- gaim 1:1.4.0-5 (low)
- centericq 4.20.0-9 (bug #323185; low)
- ekg 1:1.5+20050712+1.6rc2-1 (low)
- [sarge] - ekg <no-dsa> (Minor issue)
- NOTE: ekg in Sarge is affected (Not in Woody, gaim and centericq had DSAs)
CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg
before ...)
{DSA-813-1 DTSA-2-1}
- centericq 4.20.0-9 (bug #323185; medium)