jmm-guest at alioth.debian.org
2007-Aug-03 15:04 UTC
[Secure-testing-commits] r6219 - data/CVE
Author: jmm-guest
Date: 2007-08-03 15:04:21 +0000 (Fri, 03 Aug 2007)
New Revision: 6219
Modified:
data/CVE/list
Log:
CVE-2007-4049 is a dupe
clamav sarge not-affected
xpdf updates are being prepared
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-08-02 21:47:47 UTC (rev 6218)
+++ data/CVE/list 2007-08-03 15:04:21 UTC (rev 6219)
@@ -143,8 +143,7 @@
CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before
3.3 beta ...)
NOT-FOR-US: ADempiere Bazaar
CVE-2007-4049 (Cross-site scripting (XSS) vulnerability in the printenv.pl test
CGI ...)
- - apache <unfixed> (unimportant)
- NOTE: only an example script /usr/share/doc/apache-common/examples/
+ NOTE: Rediscovery / dupe of CVE-2000-1205
CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in
phpSysInfo ...)
TODO: check
CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for
(1) ...)
@@ -851,6 +850,7 @@
CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91
allows ...)
{DSA-1340-1 DTSA-43-1}
- clamav 0.91-1
+ [sarge] - clamav <not-affected> (Vulnerable code was introduced in 0.9x)
CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does
not make ...)
TODO: check
CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make
use of ...)
@@ -1616,10 +1616,12 @@
- xpdf <unfixed> (bug #435462)
- kdegraphics 4:3.5.7-3
- koffice <unfixed>
- TODO: check pdftohtml/sarge (current poppler source package has a ported
version, replaced in Etch)
- TODO: check tetex-bin/sarge (links to poppler since 3.0-12)
+ - pdftohtml <removed>
+ - tetex-bin 3.0-12
+ NOTE: links to poppler since 3.0-12, thus marking as fixed
+ - pdfkit.framework 0.8-4
+ NOTE: links to poppler since 0.8-4, thus marking as fixed
TODO: check libextractor/sarge (uses internal pdf decoder since 0.5.12-1)
- TODO: check pdfkit.framework/sarge (links to poppler since 0.8-4)
TODO: check ipe (only small parts, but with renamed source files:
ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp)
CVE-2007-3386
RESERVED
@@ -57299,7 +57301,8 @@
CVE-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for
mass ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through
1.3.11 ...)
- NOT-FOR-US: Data pre-dating the Security Tracker
+ - apache 1.3.11 (unimportant)
+ NOTE: only an example script /usr/share/doc/apache-common/examples/
CVE-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for
Apache ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental
variable ...)