Author: jmm-guest
Date: 2007-01-31 20:38:54 +0100 (Wed, 31 Jan 2007)
New Revision: 5390
Modified:
data/CVE/list
Log:
iceweasel unimportant
update bind fix
mplayer fixed
ffmpeg fixed
wget not a security problem
some NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-01-31 18:51:43 UTC (rev 5389)
+++ data/CVE/list 2007-01-31 19:38:54 UTC (rev 5390)
@@ -188,7 +188,8 @@
CVE-2006-6955 (Opera allows remote attackers to cause a denial of service ...)
NOT-FOR-US: Opera
CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of
service ...)
- TODO: check iceweasel
+ - iceweasel <unfixed> (unimportant)
+ NOTE: Browser crashes not treated as security problems
NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash.
CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility
Manager ...)
NOT-FOR-US: GlobeTrotter Mobility Manager
@@ -206,16 +207,18 @@
- chmlib 2:0.39-1 (bug #408603; medium)
CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3,
9.4.0a1 ...)
{DSA-1254-1}
- - bind9 1:9.3.4-1
+ - bind9 1:9.3.4-2
- bind <not-affected>
CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3,
9.4.0a1 up to ...)
- - bind9 1:9.3.4-1
+ - bind9 1:9.3.4-2
+ [sarge] - bind9 <not-affected> (Vulnerable code not present)
- bind <not-affected>
CVE-2007-XXXX [gstreamer ffmpeg missing checks of packet sizes, chunk sizes,
and fragment positions]
- gstreamer0.10-ffmpeg 0.10.1-6
- gst-ffmpeg 0.8.7-10
+ [etch] - ffmpeg 0.cvs20060823-5
- ffmpeg <unfixed>
- TODO: check other ffmpeg related packages
+ - mplayer 1.0~rc1-12
CVE-2007-0471 (sre/params.php in Check Point Connectra NGX R62 and earlier
allows ...)
NOT-FOR-US: Check Point
CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9,
and ...)
@@ -233,9 +236,9 @@
CVE-2007-0464
RESERVED
CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on
Mac OS X ...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by
...)
- TODO: check
+ NOT-FOR-US: Apple
CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module
before ...)
- dazuko-source <unfixed> (bug #408300)
CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to
10.1, and ...)
@@ -471,7 +474,9 @@
CVE-2007-XXXX [gstreamer-ffmpeg unspecified issue related to sps and pps ids]
- gstreamer0.10-ffmpeg 0.10.1-5
- gst-ffmpeg 0.8.7-9
- TODO: check other ffmpeg related packages
+ - mplayer 1.0~rc1-12
+ [etch] - ffmpeg 0.cvs20060823-5
+ - ffmpeg <unfixed>
CVE-2007-XXXX [netpbm heap corruption]
- netpbm-free 2:10.0-11 (bug #407605)
CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in
(1) ...)
@@ -1125,7 +1130,6 @@
NOTE: of imagination. I suppose KDE Security only issued an update for it
NOTE: because the shared underlying code was part of the Month of Apple Bugs
NOTE: and they wanted to debunk claims of code injection.
- TODO: Check the other usual suspects
CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat
...)
NOT-FOR-US: Acrobat Reader
CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS
X ...)
@@ -1748,7 +1752,6 @@
CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation
(FSF) ...)
- wget <unfixed> (unimportant)
NOTE: An FTP server crashing a download utility is a bug, but not a DoS
security issue
- TODO: insufficient info, check, whether code injection is possible
CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default
password ...)
NOT-FOR-US: Allied Telesis
CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management
...)
@@ -2370,7 +2373,7 @@
CVE-2006-6490
RESERVED
CVE-2006-6489 (The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for
...)
- TODO: check
+ NOT-FOR-US: SISCO OSI stack
CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the
Dialog Wrapper ...)
NOT-FOR-US: ICONICS
CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT
Guestbook ...)