Secure testing commits - Feb 2007 - r5478 - data/CVE

Author: stef-guest
Date: 2007-02-21 23:20:11 +0100 (Wed, 21 Feb 2007)
New Revision: 5478

Modified:
   data/CVE/list
Log:
- CVE-2007-089[789]: new clamav issues fixed
- CVE-2007-0772: new linux issue fixed
- CVE-2007-1049: new wordpress issue fixed (low)
- new mediawiki issue fixed (low)
- iceweasel fixed


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-02-21 20:14:13 UTC (rev 5477)
+++ data/CVE/list	2007-02-21 22:20:11 UTC (rev 5478)
@@ -1,3 +1,7 @@
+CVE-2007-XXXX [MediaWiki XSS based on Microsoft Internet Explorer''s
UTF-7 charset autodetection]
+	- mediawiki1.7 1.7.1-9 (low)
+CVE-2007-1049 [wordpress security issue related to code used to prevent XSS]
+	- wordpress 2.1.1-1 (low)
 CVE-2007-1070 (Multiple stack-based buffer overflows in Trend Micro
ServerProtect for ...)
 	TODO: check
 CVE-2007-1036 (The default configuration of JBoss does not restrict access to
the (1) ...)
@@ -115,7 +119,7 @@
 	- asterisk-chan-capi <unfixed> (bug #411293)
 	- linux-2.6 <unfixed> (bug #411294)
 CVE-2007-0981 (Mozilla based browsers, including Firefox, allow remote
attackers to ...)
-	- iceweasel <unfixed> (bug #411192; high)
+	- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
 	- xulrunner <unfixed> (high)
 	- iceape <unfixed> (high)
 	- icedove <unfixed>
@@ -342,12 +346,13 @@
 	NOTE: this is a version information disclosure.
 CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt!
Tagboard ...)
 	NOT-FOR-US: TagIt! Tagboard
-CVE-2007-0899
+CVE-2007-0899 [Possible heap overflow in libclamav/fsg.c]
 	RESERVED
+	- clamav 0.90-1
 CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus
ClamAV before ...)
-	TODO: check
+	- clamav 0.90-1
 CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file
descriptors under ...)
-	TODO: check
+	- clamav 0.90-1
 CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before
...)
 	- firefox-sage 1.3.10-1
 CVE-2007-0451 (Unspecified vulnerability in Apache SpamAssassin before 3.1.8
allows remote ...)
@@ -681,7 +686,7 @@
 CVE-2007-0773
 	RESERVED
 CVE-2007-0772 (The Linux kernel before 2.6.20.1 allows remote attackers to
cause a ...)
-	TODO: check
+	- linux-2.6 2.6.18.dfsg.1-11
 CVE-2007-0771
 	RESERVED
 CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows
user-assisted ...)