jmm-guest at alioth.debian.org
2007-May-20 13:04 UTC
[Secure-testing-commits] r5886 - data/CVE
Author: jmm-guest
Date: 2007-05-20 13:04:38 +0000 (Sun, 20 May 2007)
New Revision: 5886
Modified:
data/CVE/list
Log:
xserver crash not a security problem
browser crashes not considered security problems
record kernel fix for unstable
fix bugnum for wu-ftpd
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-05-19 21:14:09 UTC (rev 5885)
+++ data/CVE/list 2007-05-20 13:04:38 UTC (rev 5886)
@@ -261,7 +261,7 @@
CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php
in ...)
- squirrelmail 2:1.4.10a-1 (low)
CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and
...)
- - wu-ftpd <unfixed> (bug #423524)
+ - wu-ftpd <unfixed> (bug #425162)
CVE-2006-XXXX [PHP SOAP Extension HTTP Authentication Weak Nonce]
NOTE: see http://secunia.com/advisories/25306/
- php5 <unfixed> (low)
@@ -591,10 +591,13 @@
- vim <unfixed> (medium)
NOTE: Exploitable through modelines.
CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0,
7.1, ...)
- - xorg-server 2:1.3.0.0.dfsg-4 (medium; bug #422936)
+ - xorg-server 2:1.3.0.0.dfsg-4 (unimportant; bug #422936)
NOTE: etch vulnerable (patch below applies)
NOTE: git url to fix the issue
NOTE:
http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=71fc5b3e9309182978ead676965d65ca93a4e3b9
+ NOTE: Not considered a security problem, only exploitable by authenticated
users
+ NOTE: If an attacker convinces such a user to run his exploit code blindly she
could
+ NOTE: just as well provide a binary which does more harm
CVE-2007-2436
REJECTED
NOTE: duplicate of CVE-2007-1861
@@ -1199,11 +1202,13 @@
CVE-2007-2165 (The Auth API in ProFTPD before 20070417, when multiple
simultaneous ...)
- proftpd 1.3.0-22 (low)
CVE-2007-2164 (Konqueror 3.5.5 release 45.4 allows remote attackers to cause a
denial ...)
- - kdelibs <unfixed> (low)
+ - kdelibs <unfixed> (unimportant)
+ NOTE: Browser crashes are not treated as security problems
CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of
service ...)
NOT-FOR-US: Apple Safari
CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow
remote ...)
- - iceweasel <unfixed> (low)
+ - iceweasel <unfixed> (unimportant)
+ NOTE: Browser crashes are not treated as security problems
CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2160 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
@@ -1874,7 +1879,7 @@
RESERVED
CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux
Kernel ...)
{DSA-1289-1}
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.21-1
CVE-2007-1860
RESERVED
CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for
...)