Author: jmm-guest Date: 2007-04-10 22:05:32 +0000 (Tue, 10 Apr 2007) New Revision: 5644 Modified: data/CVE/list Log: dovecot, yacas fixed flyspry sarge not-affected one linux-2.6 issue not-affected mysql fixed in etch sql-ledger only for local setups no-dsa for geoip, xlockmore Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-04-10 21:14:09 UTC (rev 5643) +++ data/CVE/list 2007-04-10 22:05:32 UTC (rev 5644) @@ -6,7 +6,7 @@ CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable] - initramfs-tools 0.85g (low; bug #417995) CVE-2007-XXXX [dovecot zlib plugin directory traversal] - - dovecot <unfixed> + - dovecot 1.0.rc29-1 [sarge] - dovecot <not-affected> (Vulnerable code not present) CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...) - ldap-account-manager <unfixed> (medium) @@ -117,6 +117,7 @@ - flyspray <not-affected> (Code was introduced in 0.9.9, not sensitive anyway) CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or "set to a low ...) - flyspray 0.9.8-10 (medium) + [sarge] - flyspray <not-affected> (Vulnerable code not present) CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in ...) NOT-FOR-US: Time-Assistant CVE-2007-1786 (SQL injection vulnerability in Hitachi Collaboration - Online ...) @@ -992,6 +993,7 @@ NOT-FOR-US: SubDog CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of ...) - mysql-dfsg-5.0 5.0.32-8 (bug #414790) + [etch] - mysql-dfsg-5.0 5.0.32-7etch1 CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation ...) NOT-FOR-US: JMX RMI-IIOP CVE-2007-1418 (Cross-site scripting (XSS) vulnerability in ...) @@ -1187,7 +1189,9 @@ CVE-2007-1330 (Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) ...) NOT-FOR-US: Comodo Firewall Pro CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...) - - sql-ledger <unfixed> (bug #409703) + - sql-ledger <unfixed> (unimportant; bug #409703) + NOTE: It''s documented behaviour that SQL-Ledger should only be run in an + NOTE: authenticated HTTP zone and without untrusted users CVE-2007-1328 (Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard ...) NOT-FOR-US: JOLY BJ Webring CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in ...) @@ -4301,7 +4305,7 @@ - udev 0.105-2 (bug #404927) [sarge] - udev <not-affected> (Doesn''t affect Sarge) CVE-2007-XXXX [yacas insecure rpath] - - yacas <unfixed> (bug #399226; bug #399227; low) + - yacas 1.0.57-3 (bug #399226; bug #399227; low) CVE-2007-XXXX [TXT record parsing overflow with special characters] - pdns <unfixed> (bug #406465) CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows ...) @@ -4428,7 +4432,8 @@ NOTE: fake LiveJournal server. All version of Debian centericq packages have a NOTE: compromised code. CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...) - - geoip 1.3.17-1.1 (bug #406628; medium) + - geoip 1.3.17-1.1 (bug #406628; low) + [sarge] - geoip <no-dsa> (Minor issue) CVE-2007-0158 RESERVED CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for ...) @@ -6761,8 +6766,7 @@ - linux-2.6 <unfixed> (unimportant) NOTE: Mounting filesystem partitions should be limited to root CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on ...) - - linux-2.6 <unfixed> (unimportant) - NOTE: Mounting filesystem partitions should be limited to root + - linux-2.6 <not-affected> (Debian kernels up to 2.6.18 didn''t include GFS) CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when ...) - linux-2.6 2.6.18.dfsg.1-10 (unimportant) NOTE: Mounting filesystem partitions should be limited to root @@ -20947,6 +20951,7 @@ CVE-2006-0061 [xlock segfaults when using libpam-opensc] RESERVED - xlockmore 1:5.22-1.2 (bug #318123; bug #399003; low) + [sarge] - xlockmore <no-dsa> (Minor issue) CVE-2006-0060 RESERVED CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over TCP (RFC ...)