Author: jmm-guest
Date: 2007-01-17 21:58:39 +0100 (Wed, 17 Jan 2007)
New Revision: 5290
Modified:
data/CVE/list
Log:
various kernel updates
squid issues do not affect Sarge
wordpress unimportant
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-01-17 20:34:18 UTC (rev 5289)
+++ data/CVE/list 2007-01-17 20:58:39 UTC (rev 5290)
@@ -69,7 +69,7 @@
CVE-2007-0263 (Unspecified vulnerability in Total Commander before 6.5.6 allows
...)
NOT-FOR-US: Total Commander
CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly
verify ...)
- - wordpress <unfixed> (low; bug #407289)
+ - wordpress <unfixed> (unimportant; bug #407289)
CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit
when ...)
NOT-FOR-US: sNews
CVE-2007-0260 (** DISPUTED ** ...)
@@ -100,6 +100,7 @@
NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP
servers ...)
- squid 2.6.5-4 (low)
+ [sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-0246
RESERVED
CVE-2007-0245
@@ -219,7 +220,7 @@
CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System
...)
TODO: check
CVE-2006-6921 (Unspecified versions of the Linux kernel allows local users to
cause a ...)
- TODO: check
+ - linux-2.6 <unfixed> (low)
CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP
...)
TODO: check
CVE-2007-XXXX [udev wrong permissions on raid devices]
@@ -233,7 +234,7 @@
NOTE: http://secunia.com/advisories/23749/
CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows
...)
- squid 2.6.5-4 (low; bug #407202)
- TODO: check if version 2.5.9-10sarge2 have comprimised code.
+ [sarge] - squid <not-affected> (Vulnerable code not present)
NOTE: reference - http://secunia.com/advisories/23767/
CVE-2007-XXXX [libgtop2 "glibtop_get_proc_map_s()" Buffer Overflow]
- libgtop2 2.14.4-3 (medium; bug #407020)
@@ -3303,8 +3304,9 @@
- linux-2.6 2.6.18-1
CVE-2006-5754
RESERVED
-CVE-2006-5753
+CVE-2006-5753 [listxattr syscall memory corruption DoS]
RESERVED
+ - linux-2.6 <unfixed>
CVE-2006-5752
RESERVED
CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
@@ -3313,7 +3315,7 @@
CVE-2006-5750 (Directory traversal vulnerability in the
DeploymentFileRepository ...)
NOT-FOR-US: JBoss
CVE-2006-5749 (The isdn_ppp_ccp_reset_alloc_state function in
drivers/isdn/isdn_ppp.c ...)
- TODO: check
+ - linux-2.6 <unfixed>
CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
{DSA-1227-1 DSA-1225-1 DSA-1224-1}
NOTE: MFSA-2006-65