jmm-guest at alioth.debian.org
2007-May-23 21:29 UTC
[Secure-testing-commits] r5908 - in data: CVE DSA
Author: jmm-guest
Date: 2007-05-23 21:29:09 +0000 (Wed, 23 May 2007)
New Revision: 5908
Modified:
data/CVE/list
data/DSA/list
Log:
- CVE-2007-1583 was fixed in DSA-1282
- madwifi non-free -> no-dsa
- no-dsa for minor gnupg issue
- correctly assign CVE-2007-1001 libgd2, our php5 links dynamically
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-05-23 21:07:52 UTC (rev 5907)
+++ data/CVE/list 2007-05-23 21:29:09 UTC (rev 5908)
@@ -1,5 +1,6 @@
CVE-2007-XXXX [MadWifi several DoS, one of them remote]
- madwifi 1:0.9.3-2
+ [etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2007-XXXX [mantis multiple issues fixed in 1.0.7]
- mantis 1.0.7+dfsg-1
NOTE: "email notifications bypass security on custom fields" and
"XSS vulnerabilities"
@@ -3608,6 +3609,8 @@
- gnupg 1.4.6-2 (bug #413922; low)
- gpgme1.0 1.1.2-3 (bug #414170; low)
- gnupg2 2.0.3-1
+ [sarge] - gnupg2 <no-dsa> (Minor issue)
+ [etch] - gnupg2 <no-dsa> (Minor issue)
CVE-2007-1262 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML
filter ...)
{DSA-1290-1}
- squirrelmail 2:1.4.10a-1
@@ -4384,7 +4387,9 @@
- evolution <unfixed>
[sarge] - evolution <not-affected> (Vulnerable code not present)
CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2)
readwbmp ...)
- - php5 <unfixed> (medium)
+ - libgd2 <unfixed> (medium)
+ NOTE: Although reported initially for PHP5, this needs to be fixed in gd2, our
+ NOTE: PHP5 links dynamically
CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c
in the ...)
- linux-2.6 2.6.18.dfsg.1-12 (medium)
CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other
...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2007-05-23 21:07:52 UTC (rev 5907)
+++ data/DSA/list 2007-05-23 21:29:09 UTC (rev 5908)
@@ -42,7 +42,7 @@
{CVE-2007-1286 CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453
CVE-2007-1454 CVE-2007-1521 CVE-2007-1583 CVE-2007-1700 CVE-2007-1711
CVE-2007-1718 CVE-2007-1777 CVE-2007-1824 CVE-2007-1887 CVE-2007-1889
CVE-2007-1900 CVE-2007-1522}
[etch] - php5 5.2.0-8+etch3
[26 Apr 2007] DSA-1282-1 php4
- {CVE-2007-1286 CVE-2007-1380 CVE-2007-1521 CVE-2007-1711 CVE-2007-1718
CVE-2007-1777}
+ {CVE-2007-1286 CVE-2007-1380 CVE-2007-1521 CVE-2007-1583 CVE-2007-1711
CVE-2007-1718 CVE-2007-1777}
[sarge] - php4 4:4.3.10-20
[etch] - php4 6:4.4.4-8+etch2
[25 Apr 2007] DSA-1281-1 clamav - several vulnerabilities