jmm-guest at alioth.debian.org
2007-Jun-19 20:09 UTC
[Secure-testing-commits] r6034 - data/CVE
Author: jmm-guest Date: 2007-06-19 20:09:28 +0000 (Tue, 19 Jun 2007) New Revision: 6034 Modified: data/CVE/list Log: researched some of the PHP issues no-dsa for obscure older Mozilla issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-06-19 10:27:44 UTC (rev 6033) +++ data/CVE/list 2007-06-19 20:09:28 UTC (rev 6034) @@ -893,7 +893,7 @@ CVE-2007-2845 (Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus ...) NOT-FOR-US: Avast CVE-2007-2844 (PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ...) - - php5 5.2.2-1 (low) + - php5 5.2.1-1 (low) - php4 <unfixed> (low) CVE-2007-2843 (Cross-domain vulnerability in Apple Safari 2.0.4 allows remote ...) NOT-FOR-US: Apple Safari @@ -1158,9 +1158,11 @@ CVE-2007-2729 (Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, ...) NOT-FOR-US: Comodo Personal Firewall CVE-2007-2728 (The soap extension in PHP calls php_rand_r with an uninitialized seed ...) - - php5 <unfixed> (low) + - php5 5.2.3-1 (low) + [etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand()) - php4 <not-affected> (no soap functions in php4) CVE-2007-2727 (The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before ...) + [etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand()) - php5 5.2.2-1 (low) NOTE: Code not present in PHP 4. CVE-2007-2726 (BitsCast 0.13.0 allows remote attackers to cause a denial of service ...) @@ -22890,12 +22892,15 @@ NOT-FOR-US: PHP GEN CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...) - firefox <removed> (bug #349339) - - iceweasel <unfixed> (bug #349339) + - iceweasel <unfixed> (low; bug #349339) + [etch] - iceweasel <no-dsa> (Minor design issue, affects only broken setups) NOTE: mozilla-firefox is now a dummy package, so not vulnerable any more - - mozilla-firefox 1.5.dfsg+1.5.0.3-2 (bug #349339) - - mozilla <unfixed> - - iceape <unfixed> - - xulrunner <unfixed> + - mozilla-firefox 1.5.dfsg+1.5.0.3-2 (low; bug #349339) + - mozilla <unfixed> (low) + - iceape <unfixed> (low) + [etch] - iceape <no-dsa> (Minor design issue, affects only broken setups) + - xulrunner <unfixed> (low) + [etch] - xulrunner <no-dsa> (Minor design issue, affects only broken setups) CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to ...) NOT-FOR-US: MyBB (aka MyBulletinBoard) CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 ...)