Moritz Muehlenhoff
2007-Mar-04 18:02 UTC
[Secure-testing-commits] r5507 - in data: CVE DSA
Author: jmm-guest
Date: 2007-03-04 18:02:12 +0000 (Sun, 04 Mar 2007)
New Revision: 5507
Modified:
data/CVE/list
data/DSA/list
Log:
postgres / gnomemeeting DSAs
dropbear issue not treated as a vulnerability
gnomemeeting removed from sid
mark etch as not affected for php5 5.2.1 regression
firefox-sage not-affected
amarok magnatune issue unimportant
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-03-04 16:16:29 UTC (rev 5506)
+++ data/CVE/list 2007-03-04 18:02:12 UTC (rev 5507)
@@ -130,7 +130,8 @@
CVE-2007-1100 (Directory traversal vulnerability in download.php in Pickle
allows ...)
NOT-FOR-US: Pickle
CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not
sufficiently warn ...)
- - dropbear 0.49-1 (bug #412899)
+ - dropbear 0.49-1 (unimportant; bug #412899)
+ NOTE: security feature enhancement, not a vulnerability per se
[etch] - dropbear 0.48.1-2
CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11
have ...)
NOT-FOR-US: ScryMUD
@@ -493,7 +494,7 @@
CVE-2007-1008 (Apple iTunes 7.0.2 allows user-assisted remote attackers to
cause a ...)
NOT-FOR-US: Apple iTunes
CVE-2007-1007 (Format string vulnerability in GnomeMeeting 1.0.2 and earlier
allows ...)
- - gnomemeeting <unfixed> (high)
+ - gnomemeeting <removed> (high)
CVE-2007-1006 (Multiple format string vulnerabilities in the ...)
- ekiga 2.0.3-2.1 (bug #411944; high)
CVE-2007-1005
@@ -734,6 +735,7 @@
NOT-FOR-US: JPortal
CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might
allow ...)
- php5 <unfixed> (bug #410561; bug #410995; medium)
+ [etch] - php5 <not-affected> (A regression only affecting 5.2.1)
NOTE: this is a regression in the 5.2.1 release which is not yet uploaded.
NOTE: so we should just make sure we patch 5.2.1. Leaving open in the
NOTE: meantime, so we don''t forget about it.
@@ -802,6 +804,7 @@
[etch] - clamav 0.88.7-2
CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before
...)
- firefox-sage 1.3.10-1
+ [etch] - firefox-sage <not-affected> (HTML mode not enabled in Etch)
NOTE: http://secunia.com/advisories/24086/
NOTE: might not affect Debian version because HTML mode is disabled. sf:
pinged maintainer
CVE-2007-0451 (Apache SpamAssassin before 3.1.8 allows remote attackers to
cause a ...)
@@ -1184,7 +1187,8 @@
CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used,
allows ...)
NOT-FOR-US: 3proxy
CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to
cause a ...)
- - amarok 1.4.4-4 (bug #410850; low)
+ - amarok 1.4.4-4 (bug #410850; unimportant)
+ NOTE: This could only be exploited through the Magnatune shop
CVE-2006-6979 (The ruby handlers in Amarok do not properly quote text in
certain ...)
- amarok 1.4.4-1 (bug #410850; low)
CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the "Basic
Toolbar ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2007-03-04 16:16:29 UTC (rev 5506)
+++ data/DSA/list 2007-03-04 18:02:12 UTC (rev 5507)
@@ -1,10 +1,16 @@
-[14 Jan 2007] DSA-1260 imagemagick
+[04 Mar 2007] DSA-1262-1 gnomemeeting
+ {CVE-2007-1007}
+ [sarge] - gnomemeeting 1.2.1-1sarge1
+[16 Feb 2007] DSA-1261-1 postgresql
+ {CVE-2007-0555}
+ [sarge] - postgresql 7.4.7-6sarge4
+[14 Feb 2007] DSA-1260 imagemagick
{CVE-2007-0770}
[sarge] - imagemagick 6:6.0.6.2-2.9
-[14 Jan 2007] DSA-1259-1 fetchmail
+[14 Feb 2007] DSA-1259-1 fetchmail
{CVE-2006-5867}
[sarge] - fetchmail 6.2.5-12sarge5
-[07 Jan 2007] DSA-1258-1 mozilla-thunderbird
+[07 Feb 2007] DSA-1258-1 mozilla-thunderbird
{CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502
CVE-2006-6503}
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8e.2
[05 Feb 2007] DSA-1257 samba