jmm-guest at alioth.debian.org
2007-May-29 21:05 UTC
[Secure-testing-commits] r5948 - data/CVE
Author: jmm-guest Date: 2007-05-29 21:05:42 +0000 (Tue, 29 May 2007) New Revision: 5948 Modified: data/CVE/list Log: no-dsa for openssh, zoo, unzoo, gems-installer browser crash unimportant mark bogus CVE entry as such kernel issue doesn''t affect etch Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-05-29 19:34:59 UTC (rev 5947) +++ data/CVE/list 2007-05-29 21:05:42 UTC (rev 5948) @@ -72,7 +72,9 @@ CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly ...) NOT-FOR-US: OPeNDAP CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...) - TODO: check + - openssh <unfixed> (low) + [etch] - openssh <no-dsa> (Minor issue) + [sarge] - openssh <no-dsa> (Minor issue) CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) ...) NOT-FOR-US: OPeNDAP CVE-2007-2766 (Backup Manager before 0.7.6 provides the MySQL password as a plaintext ...) @@ -283,7 +285,8 @@ CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 ...) NOT-FOR-US: PHP Coupon Script CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of ...) - TODO: check + - iceweasel <unfixed> (unimportant) + NOTE: Browser crashes not treated as security problems CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the ...) NOT-FOR-US: PHPChain CVE-2007-2669 (Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 ...) @@ -319,7 +322,7 @@ CVE-2007-2654 (xfs_fsr in xfsdump creates a temporary directory with insecure ...) - xfsdump 2.2.45-1 (bug #417894; low) CVE-2007-2653 (Unspecified vulnerability in Vim (Vi IMproved) before 7.1 has ...) - TODO: check + NOT-FOR-US: This is bogus, the annoucement refers to the recently discovered modelines issues CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow ...) NOT-FOR-US: Free-SA CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow ...) @@ -745,6 +748,7 @@ CVE-2007-2451 [linux geode-aes security issue] RESERVED - linux-2.6 2.6.21-3 + [etch] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.20) CVE-2007-2450 RESERVED CVE-2007-2449 @@ -2520,8 +2524,12 @@ CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in ...) NOT-FOR-US: LANDesk Management Suite CVE-2007-1673 (unzoo.c allows remote attackers to cause a denial of service (infinite ...) + [sarge] - zoo <no-dsa> (Minor issue) + [etch] - zoo <no-dsa> (Minor issue) - zoo 2.10-19 (bug #424686) - unzoo <unfixed> (bug #424690) + [sarge] - unzoo <no-dsa> (Minor issue) + [etch] - unzoo <no-dsa> (Minor issue) CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a ...) NOT-FOR-US: avast CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers ...) @@ -5821,6 +5829,7 @@ NOT-FOR-US: Sun Solaris CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 ...) - libgems-ruby 0.9.3-1 (low; bug #408299) + [etch] - libgems-ruby <no-dsa> (Minor issue, needs implicit trust on installed data) CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ ...) NOT-FOR-US: Visual C++ CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin ...)