Author: jmm-guest
Date: 2007-04-25 22:15:20 +0000 (Wed, 25 Apr 2007)
New Revision: 5733
Modified:
data/CVE/list
Log:
merge some duped CVE entries
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-04-25 21:14:15 UTC (rev 5732)
+++ data/CVE/list 2007-04-25 22:15:20 UTC (rev 5733)
@@ -485,13 +485,16 @@
- lha <unfixed> (low)
[sarge] - lha <no-dsa> (Non-free not supported)
[etch] - lha <no-dsa> (Non-free not supported)
-CVE-2007-2029
- RESERVED
+CVE-2007-2029 [fd leak DoS in Clamav''s PDF parser]
{DSA-1281-1}
+ RESERVED
+ - clamav 0.90.2-1 (low; bug #418849)
+ NOTE: closed report: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=459
+ NOTE: Commit r3021 looks as if it''s just a null pointer dereference.
CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote
attackers to ...)
- freeradius <unfixed> (low)
CVE-2007-2027 (Untrusted search path vulnerability in the
add_filename_to_string ...)
- - elinks <unfixed> (bug #417789; medium)
+ - elinks <unfixed> (bug #417789; low)
CVE-2007-2026 (The gnu regular expression code in file 4.20 allows
context-dependent ...)
- file <unfixed> (low)
[sarge] - file <not-affected> (version too old)
@@ -564,7 +567,10 @@
CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in
CodeBreak, ...)
NOT-FOR-US: CodeBreak
CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and
earlier ...)
- - quagga <unfixed> (low)
+ - quagga 0.99.6-5 (low; bug #418323)
+ NOTE: The attributes are non-transitive, which means that they
+ NOTE: are not propagated via BGP and therefore must originate
+ NOTE: from a peer (which is explicitly configured).
CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter
Area ...)
NOT-FOR-US: HP-UX ARPA transport
CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable
File ...)
@@ -895,11 +901,6 @@
- net-snmp 5.2.2-1 (medium)
CVE-2005-4836
RESERVED
-CVE-2007-XXXX [Dos in quagga''s bgpd through MP_REACH_NLRI and
MP_UNREACH_NLRI]
- - quagga 0.99.6-5 (low; bug #418323)
- NOTE: The attributes are non-transitive, which means that they
- NOTE: are not propagated via BGP and therefore must originate
- NOTE: from a peer (which is explicitly configured).
CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable]
- initramfs-tools 0.85g (low; bug #417995)
CVE-2007-XXXX [dovecot zlib plugin directory traversal]
@@ -5401,7 +5402,7 @@
NOT-FOR-US: Serene Bach
CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal
before ...)
- drupal 4.7.5-1
- NOTE: vendor advisory: http://drupal.org/node/104233
+ NOTE: vendor advisory: http://drupal.org/node/104233, DRUPAL-SA-2007-001
CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in
Aratix ...)
NOT-FOR-US: Aratix
CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0
allow ...)
@@ -5702,9 +5703,6 @@
- ssmtp 2.61-10.1 (bug #369542; low)
CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before
0.6.16 ...)
- avahi 0.6.16-1 (low)
-CVE-2007-XXXX [drupal XSS]
- - drupal 4.7.5-1 (low)
- NOTE: DRUPAL-SA-2007-001
CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection
scheme ...)
- wordpress 2.0.6-1 (bug #405691; medium)
NOTE: http://www.hardened-php.net/advisory_022007.141.html