Author: jmm-guest Date: 2007-04-04 20:12:59 +0000 (Wed, 04 Apr 2007) New Revision: 5621 Modified: data/CVE/list Log: new (harmless) dovecot issue serendipity non-issue new x.org local root exploit one firefox issue doesn''t affect sarge Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-04-04 09:14:13 UTC (rev 5620) +++ data/CVE/list 2007-04-04 20:12:59 UTC (rev 5621) @@ -1,3 +1,6 @@ +CVE-2007-XXXX [dovecot zlib plugin directory traversal] + - dovecot <unfixed> + [sarge] - dovecot <not-affected> (Vulnerable code not present) CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...) TODO: check CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and ...) @@ -1104,10 +1107,10 @@ RESERVED CVE-2007-1352 RESERVED - - libxfont 1:1.2.2-2 + - libxfont 1:1.2.2-2 (medium) CVE-2007-1351 RESERVED - - libxfont 1:1.2.2-2 + - libxfont 1:1.2.2-2 (medium) CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 ...) NOT-FOR-US: Novell NetMail CVE-2007-1349 (PerlRun.pm in Apache mod_perl 1.30 and earlier, and RegistryCooker.pm ...) @@ -1158,7 +1161,8 @@ CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in ...) NOT-FOR-US: silc daemon CVE-2007-1326 (SQL injection vulnerability in index.php in Serendipity 1.1.1 allows ...) - - serendipity <unfixed> + - serendipity <unfixed> (unimportant) + NOTE: http://blog.s9y.org/archives/164-Serendipity-1.1.2-released.html CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in ...) - phpmyadmin <unfixed> CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the ...) @@ -1519,7 +1523,7 @@ CVE-2007-1216 RESERVED {DSA-1276-1} - - krb5 1.4.4-8 + - krb5 1.4.4-8 (high) CVE-2007-1215 RESERVED CVE-2007-1214 @@ -2183,8 +2187,9 @@ - iceape <unfixed> (low) - xulrunner <unfixed> (low) NOTE: maintainer notes that this may affect browsers based on xulrunner -CVE-2007-1003 +CVE-2007-1003 [X.org resource management memory corruption] RESERVED + - xorg-server 2:1.1.1-21 (medium) CVE-2007-1002 (Format string vulnerability in the write_html function in ...) TODO: check CVE-2007-1001 @@ -2294,11 +2299,11 @@ CVE-2007-0957 RESERVED {DSA-1276-1} - - krb5 1.4.4-8 + - krb5 1.4.4-8 (high) CVE-2007-0956 RESERVED {DSA-1276-1} - - krb5 1.4.4-8 + - krb5 1.4.4-8 (high) CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable ...) NOT-FOR-US: Mail Enable Professional CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of ...) @@ -2849,9 +2854,9 @@ - iceape 1.0.8-1 (high) - icedove 1.5.0.10.dfsg1-1 (low) - xulrunner 1.8.0.10-1 (high) - [sarge] - mozilla-firefox <unfixed> (high) - [sarge] - mozilla-thunderbird <unfixed> (low) - [sarge] - mozilla <unfixed> (high) + [sarge] - mozilla-firefox <not-affected> (Only affected Firefox 2.0 et al) + [sarge] - mozilla-thunderbird <not-affected> (Only affected Firefox 2.0 et al) + [sarge] - mozilla <not-affected> (Only affected Firefox 2.0 et al) CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox ...) NOTE: MFSA-2007-01 - iceweasel 2.0.0.2+dfsg-1 (high)