jmm-guest at alioth.debian.org
2007-Jul-30 15:49 UTC
[Secure-testing-commits] r6190 - data/CVE
Author: jmm-guest
Date: 2007-07-30 15:49:27 +0000 (Mon, 30 Jul 2007)
New Revision: 6190
Modified:
data/CVE/list
Log:
dokuwiki non-issue
no-dsa for konqueror, jailer, xscreensaver
asterisk CVEfied
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-07-29 10:23:01 UTC (rev 6189)
+++ data/CVE/list 2007-07-30 15:49:27 UTC (rev 6190)
@@ -332,7 +332,8 @@
- asterisk 1:1.4.9~dfsg-1
NOTE: ASA-2007-018
CVE-2007-XXXX [dokuwiki XSS in spellchecker]
- - dokuwiki 0.0.20070626b-1 (bug #434134)
+ - dokuwiki 0.0.20070626b-1 (unimportant; bug #434134)
+ NOTE: IE browser bug are not treated as security issues in packages
applications
CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital
Management ...)
TODO: check
CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer
Relationship ...)
@@ -557,6 +558,8 @@
NOTE: ASA-2007-014
CVE-2007-XXXX [konqueror data: URL address bar spoofing]
- kdebase <unfixed> (bug #433072; low)
+ [sarge] - kdebase <no-dsa> (Minor issue)
+ [etch] - kdebase <no-dsa> (Minor issue)
NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2
CVE-2007-3761
RESERVED
@@ -1473,7 +1476,9 @@
- wireshark 0.99.6pre1-1
- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-XXXX [jailer unsave tempfile usage]
- - jailer 0.4-10 (bug #410548)
+ - jailer 0.4-10 (bug #410548; low)
+ [sarge] - jailer <no-dsa> (Minor issue)
+ [etch] - jailer <no-dsa> (Minor issue)
CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to
cause a ...)
- avahi <unfixed> (low)
[etch] - avahi <no-dsa> (Minor issue, only affects local users)
@@ -4935,6 +4940,8 @@
- libapache-mod-jk 1:1.2.23-1 (bug #425836)
CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for
...)
- xscreensaver 5.03-1 (low; bug #433964)
+ [etch] - xscreensaver <no-dsa> (Minor issue, requires attacker with high
level of control, see #433964)
+ [sarge] - xscreensaver <no-dsa> (Minor issue, requires attacker with
high level of control, see #433964)
CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28
through ...)
NOTE: insecure ciphers should not be (and usually are not) enabled in browsers
[sarge] - tomcat4 <no-dsa> (low)
@@ -6776,8 +6783,6 @@
CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the
...)
{DSA-1272-1}
- tcpdump 3.9.5-2 (bug #413430; low)
-CVE-2007-XXXX [asterisk remote SIP security hole]
- - asterisk 1:1.2.16~dfsg-1
CVE-2007-1160 (webSPELL 4.0, and possibly later versions, allows remote
attackers to ...)
NOT-FOR-US: webSPELL
CVE-2007-1159 (Cross-site scripting (XSS) vulnerability in modules/out.php in
...)