thr3ads.net - Secure testing commits - [Secure-testing-commits] r6251

If this information is useful, please help other people find it:
Share via:
jmm-guest at alioth.debian.org
2007-Aug-06 19:19 UTC
[Secure-testing-commits] r6251 - data/CVE

Author: jmm-guest
Date: 2007-08-06 19:19:42 +0000 (Mon, 06 Aug 2007)
New Revision: 6251

Modified:
   data/CVE/list
Log:
cupsys not-affected
another iceweasel fix
gdm no-dsa
xine-ui fixed in etch
NFUs
php5 not affectd
wordpress yet again


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-08-06 19:17:45 UTC (rev 6250)
+++ data/CVE/list	2007-08-06 19:19:42 UTC (rev 6251)
@@ -153,7 +153,7 @@
 CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery
...)
 	NOT-FOR-US: Pony Gallery
 CVE-2007-4045 (The CUPS service on SUSE Linux before 20070720 allows remote
attackers ...)
-	TODO: check
+	- cupsys <not-affected> (SuSE-specific regression)
 CVE-2007-4044 (Incomplete blacklist vulnerability in the MS-RPC functionality
in smbd ...)
 	NOTE: I''ve contacted SuSE: It''s a functional regression in
SuSE, not a security problem
 CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network
Security ...)
@@ -168,7 +168,7 @@
 CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain
URIs ...)
 	TODO: check
 CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before
2.0.0.5, ...)
-	TODO: check
+	- iceweasel 2.0.0.5-1
 CVE-2007-4037 (** DISPUTED ** Guidance Software EnCase allows user-assisted
remote ...)
 	NOT-FOR-US: Guidance Software
 CVE-2007-4036 (** DISPUTED ** Guidance Software EnCase allows user-assisted
remote ...)
@@ -204,7 +204,7 @@
 CVE-2007-4021 (Multiple cross-site scripting (XSS) vulnerabilities in login.php
in ...)
 	NOT-FOR-US: Brain Book Software Secure
 CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php
in ...)
-	TODO: check
+	NOT-FOR-US: AdMan
 CVE-2007-4019
 	RESERVED
 CVE-2007-5645
@@ -227,7 +227,7 @@
 CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750
...)
 	NOT-FOR-US: Cisco
 CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode
and ...)
-	TODO: check
+	- php5 <not-affected> (Windows-specific issue)
 CVE-2007-4009 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: SWSoft Confixx
 CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment
Media ...)
@@ -235,7 +235,7 @@
 CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article
...)
 	NOT-FOR-US: Article Directory
 CVE-2007-4006 (Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has
...)
-	TODO: check
+	NOT-FOR-US: Mike Dubman Windows RSH daemon
 CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon
(rshd) ...)
 	NOT-FOR-US: Mike Dubman Windows RSH daemon
 CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0
allows ...)
@@ -839,7 +839,7 @@
 CVE-2007-3731
 	RESERVED
 CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services
5.6 for ...)
-	TODO: check
+	NOT-FOR-US: HP OpenVMS
 CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services
5.6 for ...)
 	NOT-FOR-US: HP OpenVMS
 CVE-2007-3728 (Buffer overflow in lib/silcclient/client_notify.c of SILC Client
and ...)
@@ -857,7 +857,7 @@
 CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does
not make ...)
 	NOT-FOR-US: Microsoft Windows XP
 CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make
use of ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs
scheduling ...)
 	TODO: check
 CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives preference
to ...)
@@ -1033,7 +1033,7 @@
 CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows
context-dependent ...)
 	NOT-FOR-US: Adobe Apollo
 CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect
visitors to ...)
-	TODO: check
+	- wordpress 2.2.2-1
 CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted
remote ...)
 	NOT-FOR-US: Yahoo! Messenger
 CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote
attackers ...)
@@ -1645,7 +1645,9 @@
 	RESERVED
 CVE-2007-3381 [gdm DoS]
 	RESERVED
-	- gdm 2.18.4-1
+	- gdm 2.18.4-1 (low)
+	[sarge] - gdm <no-dsa> (Minor issue)
+	[etch] - gdm <no-dsa> (Minor issue)
 CVE-2007-3380 (The Distributed Lock Manager (DLM) in the cluster manager for
Linux ...)
 	TODO: check
 CVE-2007-3379
@@ -9455,7 +9457,8 @@
 	NOTE: I''ve been looking into this, but I can''t find a copy
of the VLC code anywhere
 	NOTE: This appears to be a generic crash
 CVE-2007-0254 (Format string vulnerability in the errors_create_window function
in ...)
-	- xine-ui 0.99.4+dfsg+cvs20061111-2 (low; bug #407369)
+	- xine-ui 0.99.4+dfsg+cvs20061111-1 (low; bug #407369)
+	NOTE: If''ve verified the Etch version to contain the necessary format
strings
 CVE-2007-0253 (** DISPUTED ** ...)
 	- kernel-patch-grsecurity2 <unfixed> (unimportant; bug #407350)
 	NOTE: See CVE-2007-0257
Secure testing commits - Aug 2007 - r6251 - data/CVE

[Secure-testing-commits] r6251 - data/CVE
