stef-guest at alioth.debian.org
2007-May-28 14:15 UTC
[Secure-testing-commits] r5940 - data/CVE
Author: stef-guest Date: 2007-05-28 14:15:11 +0000 (Mon, 28 May 2007) New Revision: 5940 Modified: data/CVE/list Log: fixed: libgems-ruby xulrunner pulseaudio linux-2.6 one asterisk issue is only in sid Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-05-26 12:11:31 UTC (rev 5939) +++ data/CVE/list 2007-05-28 14:15:11 UTC (rev 5940) @@ -739,8 +739,9 @@ RESERVED CVE-2007-2452 RESERVED -CVE-2007-2451 +CVE-2007-2451 [linux geode-aes security issue] RESERVED + - linux-2.6 2.6.21-3 CVE-2007-2450 RESERVED CVE-2007-2449 @@ -1111,6 +1112,9 @@ - asterisk 1:1.4.3~dfsg-1 (low) CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp function in ...) - asterisk 1:1.4.3~dfsg-1 (high) + [sarge] - asterisk <not-affected> (vulnerable code not present) + [etch] - asterisk <not-affected> (vulnerable code not present) + NOTE: only in 1.4.x CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for ...) - iceweasel (low) - firefox <removed> (low) @@ -2196,7 +2200,7 @@ CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and ...) NOT-FOR-US: debaser module for Xoops CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service ...) - - pulseaudio <unfixed> (medium) + - pulseaudio 0.9.6-1 (medium) CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote ...) NOT-FOR-US: MailDwarf CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...) @@ -3975,7 +3979,7 @@ CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI ...) - iceweasel <unfixed> (medium) - iceape <unfixed> (medium) - - xulrunner <unfixed> (bug #415919; bug #415944; bug #415945; medium) + - xulrunner 1.8.1.4-1 (bug #415919; bug #415944; bug #415945; medium) NOTE: according to a blog comment at http://www.gnucitizen.org/projects/hscan-redux/, NOTE: older mozillas are not vulnerable TODO: this should be checked @@ -5813,7 +5817,7 @@ CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and ...) NOT-FOR-US: Sun Solaris CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 ...) - - libgems-ruby <unfixed> (low; bug #408299) + - libgems-ruby 0.9.3-1 (low; bug #408299) CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ ...) NOT-FOR-US: Visual C++ CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin ...)