thr3ads.net - Secure testing commits - [Secure-testing-commits] r6165

If this information is useful, please help other people find it:
Share via:
stef-guest at alioth.debian.org
2007-Jul-24 20:50 UTC
[Secure-testing-commits] r6165 - data/CVE

Author: stef-guest
Date: 2007-07-24 20:50:12 +0000 (Tue, 24 Jul 2007)
New Revision: 6165

Modified:
   data/CVE/list
Log:
old matrixssl issues already fixed
new flashplugin-nonfree issues already fixed
new unicon-imc2 issue
new minor php pear issue
new minor tomcat issue
new linux issue
some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-07-24 20:22:12 UTC (rev 6164)
+++ data/CVE/list	2007-07-24 20:50:12 UTC (rev 6165)
@@ -767,9 +767,9 @@
 CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2)
password ...)
 	TODO: check
 CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding,
which ...)
-	TODO: check
+	- matrixssl 1.1-1
 CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an
indefinitely ...)
-	TODO: check
+	- matrixssl 1.1-1
 CVE-1999-1591 (Microsoft Internet Information Services (IIS) server 4.0 SP4,
without ...)
 	TODO: check
 CVE-2007-XXXX [silc-toolkit several buffer overflows]
@@ -912,9 +912,13 @@
 CVE-2007-3458 (The libsldap library in Sun Solaris 8, 9, and 10 allows local
users to ...)
 	NOT-FOR-US: Sun Solaris libsldap
 CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates
HTTP ...)
-	TODO: check
+	- flashplugin-nonfree 9.0.48.0.1
+	[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
+	[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
 CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier
might ...)
-	TODO: check
+	- flashplugin-nonfree 9.0.48.0.1
+	[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
+	[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
 CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow
remote ...)
 	- firebird1.5 <unfixed> (bug #432753)
 	- firebird2 <removed>
@@ -1072,7 +1076,7 @@
 CVE-2007-3383 [XSS in Tomcat send mail example]
 	RESERVED
 	- tomcat4 <removed> (low)
-	[sarge] tomcat4 <no-dsa> (minor issue)
+	[sarge] - tomcat4 <no-dsa> (minor issue)
 	NOTE: affects example app in tomcat4-webapps
 CVE-2007-3382
 	RESERVED
@@ -1215,7 +1219,7 @@
 CVE-2007-3330 (Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO
4.0 ...)
 	NOT-FOR-US: STphp EasyNews PRO
 CVE-2007-3329 (Multiple array index errors in the (1) get_intra_block, (2) ...)
-	TODO: check
+	NOT-FOR-US: Xvid
 CVE-2007-3328 (Multiple cross-site scripting (XSS) vulnerabilities in Interact
2.4 ...)
 	NOT-FOR-US: Interact
 CVE-2007-3327 (httpsv.exe in HTTP Server 1.6.2 allows remote attackers to
obtain ...)
@@ -1740,7 +1744,7 @@
 CVE-2007-3108
 	RESERVED
 CVE-2007-3107 (The signal handling in the Linux kernel 2.6.2 and later, when
run on ...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2007-3106
 	RESERVED
 CVE-2007-3105
@@ -1890,7 +1894,7 @@
 CVE-2007-3039
 	RESERVED
 CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64
Edition ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-3037
 	RESERVED
 CVE-2007-3036
@@ -1906,11 +1910,11 @@
 CVE-2007-3031
 	RESERVED
 CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer
allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Excel
 CVE-2007-3029 (Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003
SP2 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Excel
 CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft
Windows 2000 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7
allows ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-3026
@@ -2366,7 +2370,7 @@
 	[sarge] - hiki <not-affected> (Vulnerable code not present)
 CVE-2007-2835 (Multiple stack-based buffer overflows in (1) CCE_pinyin.c and
(2) ...)
 	{DSA-1328-1}
-	TODO: check
+	- unicon-imc2 <unfixed> (bug #431336)
 CVE-2007-2834
 	RESERVED
 CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of
service ...)
@@ -3069,7 +3073,13 @@
 CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when
...)
 	NOT-FOR-US: MyNews
 CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0
through ...)
-	TODO: check
+	- php5 <unfixed> (low)
+	- php4 <removed> (low)
+	[sarge] - php5 <no-dsa> (minor issue)
+	[sarge] - php4 <no-dsa> (minor issue)
+	[etch] - php5 <no-dsa> (minor issue)
+	[etch] - php4 <no-dsa> (minor issue)
+	NOTE: not an issue in most use cases
 CVE-2007-2518
 	REJECTED
 CVE-2007-2517
@@ -3318,7 +3328,7 @@
 CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible
Messaging ...)
 	NOT-FOR-US: Cerulean Trillian
 CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software
...)
-	TODO: check
+	NOT-FOR-US: Progress Software Progress and OpenEdge
 CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote
...)
 	NOT-FOR-US: E-Annu
 CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a
denial ...)
@@ -3348,7 +3358,7 @@
 CVE-2007-2403
 	RESERVED
 CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not
perform ...)
-	TODO: check
+	NOT-FOR-US: Apple Quicktime
 CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X
10.3.9, and ...)
 	NOT-FOR-US: Apple
 CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X,
...)
@@ -3358,17 +3368,17 @@
 CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote
attackers ...)
 	NOT-FOR-US: Apple Safari
 CVE-2007-2397 (QuickTime for Java in Apple Quicktime before 7.2 does not
properly ...)
-	TODO: check
+	NOT-FOR-US: Apple Quicktime
 CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime
before ...)
-	TODO: check
+	NOT-FOR-US: Apple Quicktime
 CVE-2007-2395
 	RESERVED
 CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X
10.3.9 and ...)
-	TODO: check
+	NOT-FOR-US: Apple Quicktime
 CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2
allows ...)
-	TODO: check
+	NOT-FOR-US: Apple Quicktime
 CVE-2007-2392 (Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows
...)
-	TODO: check
+	NOT-FOR-US: Apple Quicktime
 CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta
3.0.1 ...)
 	NOT-FOR-US: Apple
 CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9
allows ...)
@@ -4204,9 +4214,9 @@
 CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the
authorization and ...)
 	NOT-FOR-US: Secustick USB flash drive
 CVE-2007-2022 (Adobe Macromedia Flash Player 7 and 9, when used with Opera
before ...)
-	- flashplayer-mozilla <unfixed> (unknown)
-	[sarge] - flashplayer-mozilla <no-dsa> (Non-free not supported)
-	[etch] - flashplayer-mozilla <no-dsa> (Non-free not supported)
+	- flashplugin-nonfree 9.0.48.0.1
+	[sarge] - flashplugin-nonfree <no-dsa> (Non-free not supported)
+	[etch] - flashplugin-nonfree <no-dsa> (Non-free not supported)
 	NOTE: Flash Plugin has a vulnerablity, which will only be disclosed in a few
months
 	NOTE: Some browser vendors produce updates, which fix this issue on the
browser side,
 	NOTE: but that it not of concern for Debian
Secure testing commits - Jul 2007 - r6165 - data/CVE

[Secure-testing-commits] r6165 - data/CVE
