Author: jmm-guest Date: 2007-03-22 22:07:56 +0000 (Thu, 22 Mar 2007) New Revision: 5575 Modified: data/CVE/list Log: webcalendar requested for removal from the archive rhapsody not in release quality, removal from Etch necessary mark two issues as nonimportant Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-03-22 20:33:10 UTC (rev 5574) +++ data/CVE/list 2007-03-22 22:07:56 UTC (rev 5575) @@ -34,8 +34,10 @@ NOT-FOR-US: Fujitsu Interstage Application Server CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b ...) - rhapsody <unfixed> (medium) + NOTE: Removal from Etch requested CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers ...) - rhapsody <unfixed> (medium) + NOTE: Removal from Etch requested CVE-2007-1501 (Stack-based buffer overflow in Avant Browser 11.0 build 26 allows ...) NOT-FOR-US: Avant Browse CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to ...) @@ -73,7 +75,8 @@ CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...) TODO: check CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar ...) - - webcalendar <unfixed> (bug #404297; high) + - webcalendar <unfixed> (high) + NOTE: Requested removal from the archive CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...) NOT-FOR-US: WBBlog CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote ...) @@ -496,7 +499,8 @@ CVE-2006-7163 (DreameeSoft Password Master 1.0 stores the database in an unencrypted ...) NOT-FOR-US: DreameeSoft Password Master CVE-2006-7162 (PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files ...) - - putty 0.59-1 (bug #400804; medium) + - putty 0.59-1 (bug #400804; unimportant) + NOTE: Unsafe default, but not a vulnerability CVE-2006-7161 (SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows ...) NOT-FOR-US: Hazir Site CVE-2006-7160 (The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly ...) @@ -542,7 +546,8 @@ CVE-2006-7140 (The libike library, as used by in.iked, elfsign, and kcfd in Sun ...) NOT-FOR-US: Sun Solaris CVE-2006-7139 (Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, ...) - - kdepim <unfixed> (low) + - kdepim <unfixed> (unimportant) + NOTE: Annoying bug, but neglectable "security implications" CVE-2006-7138 (SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in ...) NOT-FOR-US: Oracle APEX CVE-2006-7137 (Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 ...)