thijs at alioth.debian.org
2007-Aug-24 07:17 UTC
[Secure-testing-commits] r6385 - data/CVE
Author: thijs Date: 2007-08-24 07:17:01 +0000 (Fri, 24 Aug 2007) New Revision: 6385 Modified: data/CVE/list Log: phpmyadmin non-issue po4a fixed in unstable nufw fixed, stable not vulnerable Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-23 22:36:54 UTC (rev 6384) +++ data/CVE/list 2007-08-24 07:17:01 UTC (rev 6385) @@ -5,9 +5,10 @@ CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted ...) NOT-FOR-US: Total Commander CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to ...) - - po4a <unfixed> (bug #439226) + - po4a 0.31-1 (bug #439226) CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote ...) - - nufw <unfixed> (bug #439227) + - nufw 2.2.4-1 (bug #439227) + [etch] - nufw <not-affected> CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) ...) TODO: check CVE-2007-4459 (The Cisco IP Phone 7940 with P0S3-08-6-00 firmware allows remote ...) @@ -347,10 +348,10 @@ CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 ...) NOT-FOR-US: Storesprite CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - - phpmyadmin <unfixed> + - phpmyadmin (unimportant) [sarge] - phpmyadmin <not-affected> NOTE: It seems that this requires knowledge of a unguessable session token. - NOTE: I''m contacting upstream to verify this, but it seems a non issue. + NOTE: Confirmed by upstream. Sarge is not affected at all. CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail ...) NOT-FOR-US: NetBSD and OpenBSD CVE-2007-4304 (CerbNG for FreeBSD 4.8 does not properly implement VM protection when ...)