jmm-guest at alioth.debian.org
2007-Jun-23 12:34 UTC
[Secure-testing-commits] r6048 - in data: CVE DSA
Author: jmm-guest
Date: 2007-06-23 12:34:38 +0000 (Sat, 23 Jun 2007)
New Revision: 6048
Modified:
data/CVE/list
data/DSA/list
Log:
five new DSAs
did some php5 triage with Sean
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-06-23 11:25:38 UTC (rev 6047)
+++ data/CVE/list 2007-06-23 12:34:38 UTC (rev 6048)
@@ -359,8 +359,8 @@
CVE-2007-3206
RESERVED
CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3)
Subhosin, ...)
- - php4 <unfixed> (low)
- - php5 <unfixed> (low)
+ - php4 <unfixed> (low)
+ - php5 <unfixed> (low)
CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network
...)
- jffnms <unfixed> (high)
NOTE: the fix for CVE-2007-3190 is incomplete (the ''pass''
param can still contain an injection)
@@ -1067,7 +1067,8 @@
CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when
running as ...)
- spamassassin 3.2.1-1 (low)
CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5
before ...)
- - php5 <unfixed>
+ - php5 <unfixed> (unimportant)
+ NOTE: Only triggerable by malicious script
NOTE: Fix from 5.2.3 was ineffective
CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4,
and ...)
{DSA-1308-1 DSA-1306-1 DSA-1300-1}
@@ -1161,8 +1162,8 @@
CVE-2007-2845 (Heap-based buffer overflow in the CAB unpacker in avast!
Anti-Virus ...)
NOT-FOR-US: Avast
CVE-2007-2844 (PHP 4.x and 5.x before 5.2.1, when running on multi-threaded
systems, ...)
- - php5 5.2.1-1 (low)
- - php4 <unfixed> (low)
+ - php5 <not-affected> (Multi-threaded operation nut supported in Debian)
+ - php4 <not-affected> (Multi-threaded operation nut supported in Debian)
CVE-2007-2843 (Cross-domain vulnerability in Apple Safari 2.0.4 allows remote
...)
NOT-FOR-US: Apple Safari
NOTE: Does not seem to work with Konqueror.
@@ -1385,8 +1386,8 @@
CVE-2007-2749 (SQL injection vulnerability in question.php in FAQEngine 4.16.03
and ...)
NOT-FOR-US: FAQEngine
CVE-2007-2748 (The substr_count function in PHP 5.2.1 and earlier allows ...)
- - php5 5.2.0-11
- - php4 <unfixed>
+ - php4 <not-affected> (Debian shipped the correct fix from the
beginning)
+ - php5 <not-affected> (Debian shipped the correct fix from the
beginning)
CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb
before ...)
NOT-FOR-US: rdiffWeb
CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in
Plain ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2007-06-23 11:25:38 UTC (rev 6047)
+++ data/DSA/list 2007-06-23 12:34:38 UTC (rev 6048)
@@ -1,3 +1,20 @@
+[23 Jun 2007] DSA-1320-1 clamav
+ {CVE-2007-2650 CVE-2007-3023 CVE-2007-3024 CVE-2007-3122 CVE-2007-3123}
+ [sarge] - clamav 0.84-2.sarge.17
+ [etch] - 0.90.1-3etch3
+[23 Jun 2007] DSA-1319-1 maradns
+ {CVE-2007-3114 CVE-2007-3115 CVE-2007-3116}
+ [etch] - maradns 1.2.12.04-1etch1
+[23 Jun 2007] DSA-1318-1 ekg
+ {CVE-2005-2370 CVE-2005-2448 CVE-2007-1663 CVE-2007-1664 CVE-2007-1665}
+ [sarge] - ekg 1:1.5+20050411-7
+ [etch] - ekg 1:1.7~rc2-1etch1
+[23 Jun 2007] DSA-1317-1 tinymux
+ {CVE-2007-1655}
+ [etch] - tinymux 2.4.3.31-1etch1
+[21 Jun 2007] DSA-1316-1 emacs21
+ {CVE-2007-2833}
+ [etch] - emacs21 21.4a+1-3etch1
[19 Jun 2007] DSA-1315-1 libphp-phpmailer
{CVE-2007-3215}
[etch] - libphp-phpmailer 1.73-2etch1