jmm-guest at alioth.debian.org
2007-Jul-24 00:24 UTC
[Secure-testing-commits] r6157 - data/CVE
Author: jmm-guest
Date: 2007-07-24 00:24:01 +0000 (Tue, 24 Jul 2007)
New Revision: 6157
Modified:
data/CVE/list
Log:
track removals
libgd no-dsa
imager-perl non-issue
record gimp fix in sid
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-07-21 06:38:49 UTC (rev 6156)
+++ data/CVE/list 2007-07-24 00:24:01 UTC (rev 6157)
@@ -2319,7 +2319,7 @@
CVE-2007-2850 (The Session Reliability Service (XTE) in Citrix MetaFrame
Presentation ...)
NOT-FOR-US: Citrix
CVE-2007-2849 (KnowledgeTree Document Management (aka KnowledgeTree Open
Source) ...)
- - knowledgetree <unfixed> (bug #432123)
+ - knowledgetree <removed> (bug #432123)
CVE-2007-2848 (Stack-based buffer overflow in the SetPath function in the
shComboBox ...)
NOT-FOR-US: Sky Software
CVE-2007-2847 (Multiple cross-site scripting (XSS) vulnerabilities in
hlstats.php in ...)
@@ -2548,7 +2548,11 @@
NOT-FOR-US: Redoable
CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted
...)
- libgd <unfixed> (bug #426099; low)
+ [etch] - libgd <no-dsa> (Minor issue)
+ [sarge] - libgd <no-dsa> (Minor issue)
- libgd2 <unfixed> (bug #426100; low)
+ [etch] - libgd2 <no-dsa> (Minor issue)
+ [sarge] - libgd2 <no-dsa> (Minor issue)
NOTE: http://bugs.libgd.org/?do=details&task_id=86
CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...)
NOT-FOR-US: PrecisionID
@@ -3187,8 +3191,8 @@
CVE-2007-2460 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: FireFly
CVE-2007-2459 (Buffer overflow in the read_4bit_bmp function in bmp.c in Imager
0.56 ...)
- - libimager-perl 0.58-1 (medium; bug #421582)
- NOTE: http://rt.cpan.org/Ticket/Display.html?id=26811
+ - libimager-perl 0.58-1 (unimportant; bug #421582)
+ NOTE: Only CVE-2007-2413 is exploitable per upstream
CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria
Gallery ...)
NOT-FOR-US: Pixaria Gallery
CVE-2007-2457 (PHP remote file inclusion vulnerability in ...)
@@ -5519,8 +5523,10 @@
NOT-FOR-US: dproxy
CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in
...)
- inkscape <unfixed> (medium)
+ TODO: File bug
CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows
...)
- inkscape <unfixed> (low)
+ TODO: File bug
CVE-2007-1462 (The luci server component in conga preserves the password
between page ...)
NOT-FOR-US: conga
CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension
in PHP ...)
@@ -10585,7 +10591,7 @@
CVE-2006-6458 (The Trend Micro scan engine before 8.320 for Windows and before
8.150 ...)
NOT-FOR-US: Trend Micro (Windows)
CVE-2006-6457 (tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other
...)
- - tikiwiki <unfixed> (bug #404472)
+ - tikiwiki <removed> (bug #404472)
NOTE: Might be a mis-report, check with upstream
CVE-2006-6456 (Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003
and ...)
NOT-FOR-US: Microsoft Word
@@ -14850,7 +14856,8 @@
NOT-FOR-US: Novell eDirectory
CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP
before ...)
{DSA-1335-1}
- TODO: check
+ - gimp 2.2.16-1 (medium)
+ NOTE: Security problems were fixed in 2.2.16, but only 2.2.17 fixes a PSD
regression
CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause
a ...)
NOT-FOR-US: Qbik WinGate
CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a
...)
@@ -18573,9 +18580,9 @@
CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and
...)
NOT-FOR-US: myNewsletter
CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows
remote ...)
- - knowledgetree <unfixed> (bug #373137; low)
+ - knowledgetree <removed> (bug #373137; low)
CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in
KnowledgeTree ...)
- - knowledgetree <unfixed> (bug #373137; low)
+ - knowledgetree <removed> (bug #373137; low)
CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows
...)
NOT-FOR-US: Kmita
CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita
FAQ ...)