jmm-guest at alioth.debian.org
2007-Aug-26 08:05 UTC
[Secure-testing-commits] r6404 - data/CVE
Author: jmm-guest Date: 2007-08-26 08:05:54 +0000 (Sun, 26 Aug 2007) New Revision: 6404 Modified: data/CVE/list Log: mark asterisk dupe Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-24 19:22:07 UTC (rev 6403) +++ data/CVE/list 2007-08-26 08:05:54 UTC (rev 6404) @@ -50,7 +50,7 @@ CVE-2007-4442 (Stack-based buffer overflow in the logging function in the Unreal ...) TODO: check CVE-2007-4441 (Buffer overflow in php_win32std.dll in the win32std extension for PHP ...) - NOT-FOR-US: PHP + - php5 <not-affected> (Windows-specific) CVE-2007-4440 (Stack-based buffer overflow in the SMTP server in Mercury Mail ...) TODO: check CVE-2007-4439 (PHP remote file inclusion vulnerability in popup_window.php in ...) @@ -60,7 +60,7 @@ CVE-2007-4437 (SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 ...) TODO: check CVE-2007-4436 (The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and ...) - - drupal <not-affected> (bug #439379) + - drupal <not-affected> (External addon, see bug #439379) CVE-2007-4435 (Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 ...) TODO: check CVE-2007-4434 (Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the ...) @@ -4986,7 +4986,8 @@ CVE-2007-2298 (Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 ...) NOT-FOR-US: Garennes CVE-2007-2297 (The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x ...) - - asterisk 1:1.4.3~dfsg-1 (high; bug #420864) + - asterisk 1:1.4.2~dfsg-1 (medium; bug #419820) + [sarge] - asterisk <not-affected> (correctly logs a warning) CVE-2007-2296 (Integer overflow in the FlipFileTypeAtom_BtoN function in Apple ...) NOT-FOR-US: Apple QuickTime CVE-2007-2295 (Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple ...) @@ -6820,11 +6821,7 @@ - asterisk 1:1.4.2~dfsg-5 (bug #415466; medium) NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 ...) - - asterisk 1:1.4.2~dfsg-1 (medium; bug #419820) - [sarge] - asterisk <not-affected> (correctly logs a warning) - NOTE: Etch affected - NOTE: http://ftp.digium.com/pub/asa/ASA-2007-011.html - NOTE: http://bugs.digium.com/view.php?id=9313 + NOTE: Duplicate of CVE-2007-2297 CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php in ...) NOT-FOR-US: CcMail CVE-2007-1515 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 ...)