joeyh at alioth.debian.org
2007-Jun-16 21:14 UTC
[Secure-testing-commits] r6025 - data/CVE
Author: joeyh Date: 2007-06-16 21:14:07 +0000 (Sat, 16 Jun 2007) New Revision: 6025 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-06-16 20:59:16 UTC (rev 6024) +++ data/CVE/list 2007-06-16 21:14:07 UTC (rev 6025) @@ -794,7 +794,7 @@ - php5 <unfixed> NOTE: Fix from 5.2.3 was ineffective CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...) - {DSA-1306-1 DSA-1300-1} + {DSA-1308-1 DSA-1306-1 DSA-1300-1} NOTE: MFSA2007-17 - iceweasel 2.0.0.4-1 (low) - iceape 1.1.2-1 (low) @@ -802,7 +802,7 @@ - mozilla <removed> (low) - xulrunner 1.8.1.4-1 (low) CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...) - {DSA-1306-1 DSA-1300-1} + {DSA-1308-1 DSA-1306-1 DSA-1300-1} NOTE: MFSA2007-16 - iceweasel 2.0.0.4-1 (medium) - iceape 1.1.2-1 (medium) @@ -810,7 +810,7 @@ - mozilla <removed> (medium) - xulrunner 1.8.1.4-1 (medium) CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before ...) - {DSA-1306-1} + {DSA-1308-1 DSA-1306-1} NOTE: MFSA2007-13 - iceweasel 2.0.0.4-1 (unimportant) - iceape 1.1.2-1 (unimportant) @@ -818,7 +818,7 @@ - mozilla <removed> (unimportant) - xulrunner 1.8.1.4-1 (unimportant) CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox ...) - {DSA-1306-1 DSA-1300-1} + {DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1} NOTE: MFSA2007-12 - iceweasel 2.0.0.4-1 (high) - iceape 1.1.2-1 (high) @@ -829,7 +829,7 @@ - xulrunner 1.8.1.4-1 (high) [sarge] - mozilla-thunderbird <unfixed> (low) CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla Firefox ...) - {DSA-1306-1 DSA-1300-1} + {DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1} NOTE: MFSA2007-12 - iceweasel 2.0.0.4-1 (high) - iceape 1.1.2-1 (high) @@ -3698,7 +3698,7 @@ CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator (VVR) ...) NOT-FOR-US: Symantec CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...) - {DSA-1286-1} + {DSA-1304 DSA-1286-1} - linux-2.6 2.6.20-1 (medium) CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus ...) NOT-FOR-US: Trend Micro @@ -3799,7 +3799,7 @@ CVE-2007-1559 (Stack-based buffer overflow in SonicDVDDashVRNav.dll in Roxio ...) NOT-FOR-US: Roxio CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3 ...) - {DSA-1300-1} + {DSA-1305-1 DSA-1300-1} NOTE: Affects various clients, but no practical security implications NOTE: MFSA2007-15 - icedove 2.0.0.4-1 (unimportant) @@ -4291,7 +4291,7 @@ CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow ...) NOT-FOR-US: DropAFew CVE-2007-1362 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...) - {DSA-1306-1 DSA-1300-1} + {DSA-1308-1 DSA-1306-1 DSA-1300-1} NOTE: MFSA2007-14 - iceape 1.1.2-1 (low) - iceweasel 2.0.0.4-1 (low) @@ -4305,7 +4305,7 @@ CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using ...) - tomcat4 <removed> (low) CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before ...) - {DSA-1286-1} + {DSA-1304 DSA-1286-1} - linux-2.6 2.6.20-1 CVE-2007-1356 RESERVED @@ -4995,6 +4995,7 @@ CVE-2007-1117 (Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 ...) NOT-FOR-US: Microsoft Office CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI ...) + {DSA-1300-1} - iceweasel 2.0.0.4-1 (low) - iceape 1.1.2-1 (low) - xulrunner 1.8.1.4-1 (bug #415919; bug #415944; bug #415945; low) @@ -5527,7 +5528,7 @@ CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when ...) NOT-FOR-US: Cisco CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...) - {DSA-1286-1} + {DSA-1304 DSA-1286-1} - linux-2.6 2.6.20-1 (unimportant) CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in the ...) {DSA-1276-1} @@ -8846,6 +8847,7 @@ CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber ...) NOT-FOR-US: Cilem Haber Free Edition CVE-2006-6535 (The dev_queue_xmit function in Linux kernel 2.6 can fail before ...) + {DSA-1304} - linux-2.6 <not-affected> (Fixed before upload into the archive; 2.6.10) CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce ...) NOT-FOR-US: osCommerce @@ -9838,6 +9840,7 @@ - dbus 1.0.2-1 (low) [sarge] - dbus <no-dsa> (Minor issue) CVE-2006-6106 (Multiple buffer overflows in the cmtp_recv_interopmsg function in the ...) + {DSA-1304} - linux-2.6 2.6.18.dfsg.1-9 CVE-2006-6105 (Format string vulnerability in the host chooser window (gdmchooser) in ...) - gdm 2.16.4-1 (medium; bug #403219) @@ -9942,6 +9945,7 @@ CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and ...) NOT-FOR-US: Apple Mac OS X CVE-2006-6060 (The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and ...) + {DSA-1304} - linux-2.6 2.6.18.dfsg.1-10 (unimportant) NOTE: Mounting filesystem partitions should be limited to root CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear ...) @@ -9952,6 +9956,7 @@ CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on ...) - linux-2.6 <not-affected> (Debian kernels up to 2.6.18 didn''t include GFS) CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when ...) + {DSA-1304} - linux-2.6 2.6.18.dfsg.1-10 (unimportant) NOTE: Mounting filesystem partitions should be limited to root CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link ...) @@ -9960,6 +9965,7 @@ - linux-2.6 2.6.18.dfsg.1-10 (unimportant) NOTE: Mounting filesystem partitions should be limited to root CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local users ...) + {DSA-1304} - linux-2.6 2.6.18.dfsg.1-10 (unimportant) NOTE: Mounting filesystem partitions should be limited to root CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error messages ...) @@ -10595,14 +10601,17 @@ CVE-2006-5758 (The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 ...) NOT-FOR-US: Microsoft CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO9660 ...) + {DSA-1304} - linux-2.6 2.6.18.dfsg.1-10 (low) CVE-2006-5756 REJECTED CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not ...) - linux-2.6 2.6.18.dfsg.1-10 CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly ...) + {DSA-1304} - linux-2.6 <not-affected> (Fixed before initial upload; 2.6.10) CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux ...) + {DSA-1304} - linux-2.6 <unfixed> CVE-2006-5752 RESERVED @@ -12414,6 +12423,7 @@ CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, ...) NOT-FOR-US: SISCO OSI stack for Windows CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...) + {DSA-1304} - linux-2.6 2.6.14 CVE-2006-4925 (packet.c in ssh in OpenSSH allows remote attackers to cause a denial ...) - openssh <unfixed> (unimportant) @@ -12647,6 +12657,7 @@ CVE-2006-4815 RESERVED CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does not ...) + {DSA-1304} - linux-2.6 2.6.18.dfsg.1-9 (low) - kernel-patch-openvz 028.18.1 CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux kernel ...) @@ -13064,6 +13075,7 @@ {DSA-1188-1} - mailman 1:2.1.8-3 CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation ...) + {DSA-1304} - linux-2.6 2.6.18-1 CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server ...) NOT-FOR-US: Data pre-dating the Security Tracker