Moritz Muehlenhoff
2007-Feb-27 23:36 UTC
[Secure-testing-commits] r5490 - in data: CVE DSA
Author: jmm-guest
Date: 2007-02-27 23:36:27 +0100 (Tue, 27 Feb 2007)
New Revision: 5490
Modified:
data/CVE/list
data/DSA/list
Log:
two new DSAs
etch fix for stlport issue
gnucash fixed in sid, unfixed in etch
correct fetchmail fix
ISDN issue only exploitable in obscure environments
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-02-27 22:24:57 UTC (rev 5489)
+++ data/CVE/list 2007-02-27 22:36:27 UTC (rev 5490)
@@ -139,6 +139,7 @@
- isdnutils 1:3.9.20060704-3 (bug #408530)
- asterisk-chan-capi <unfixed> (bug #411293)
- linux-2.6 <unfixed> (bug #411294)
+ NOTE: Not exploitable over ISDN network, only through a CAPI server
CVE-2007-0981 (Mozilla based browsers, including Firefox, allow remote
attackers to ...)
NOTE: MFSA-2007-07
- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
@@ -643,6 +644,7 @@
NOT-FOR-US: GGCMS
CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote
...)
- stlport5 5.0.3-1 (bug #410864; low)
+ [etch] - stlport5 5.0.2-12
CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the
Phishing ...)
- iceweasel <unfixed> (low)
CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla
Firefox ...)
@@ -3174,7 +3176,7 @@
[sarge] - mozilla <unfixed> (high)
- firefox <removed> (high)
CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite
arbitrary ...)
- - gnucash <unfixed> (bug #411942; medium)
+ - gnucash 2.0.5-1 (bug #411942; medium)
CVE-2007-0006 (The key serial number collision avoidance code in the
key_alloc_serial ...)
- linux-2.6 <unfixed>
CVE-2007-0005
@@ -4989,7 +4991,7 @@
{DSA-1213}
- imagemagick 7:6.2.4.5.dfsg1-0.11
CVE-2006-5867 (fetchmail before 6.3.6-rc4 does not properly enforce TLS and may
transmit ...)
- - fetchmail 6.3.6~rc5-1 (low)
+ - fetchmail 6.3.6-1 (low)
CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php
for ...)
NOT-FOR-US: phpManta
CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php for
Script ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2007-02-27 22:24:57 UTC (rev 5489)
+++ data/DSA/list 2007-02-27 22:36:27 UTC (rev 5490)
@@ -1,3 +1,9 @@
+[14 Jan 2007] DSA-1260 imagemagick
+ {CVE-2007-0770}
+ [sarge] - imagemagick 6:6.0.6.2-2.9
+[14 Jan 2007] DSA-1259-1 fetchmail
+ {CVE-2006-5867}
+ [sarge] - fetchmail 6.2.5-12sarge5
[07 Jan 2007] DSA-1258-1 mozilla-thunderbird
{CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502
CVE-2006-6503}
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8e.2