joeyh at alioth.debian.org
2007-Aug-26 09:14 UTC
[Secure-testing-commits] r6406 - data/CVE
Author: joeyh
Date: 2007-08-26 09:14:07 +0000 (Sun, 26 Aug 2007)
New Revision: 6406
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-08-26 08:07:19 UTC (rev 6405)
+++ data/CVE/list 2007-08-26 09:14:07 UTC (rev 6406)
@@ -1513,14 +1513,17 @@
[etch] - asterisk <not-affected> (1.2.x not affected)
NOTE: http://ftp.digium.com/pub/asa/ASA-2007-017.html
CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before
1.2.22 and ...)
+ {DSA-1358-1}
- asterisk 1:1.4.8~dfsg-1
NOTE: Etch and Sarge affected
NOTE: http://ftp.digium.com/pub/asa/ASA-2007-016.html
CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22
and ...)
+ {DSA-1358-1}
- asterisk 1:1.4.8~dfsg-1
NOTE: Etch and Sarge affected
NOTE: http://ftp.digium.com/pub/asa/ASA-2007-015.html
CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver
(chan_iax2) in ...)
+ {DSA-1358-1}
- asterisk 1:1.4.8~dfsg-1 (high)
NOTE: Etch and Sarge affected
NOTE: http://ftp.digium.com/pub/asa/ASA-2007-014.html
@@ -4546,6 +4549,7 @@
CVE-2007-XXXX [schroot may use outdated configuration information]
- schroot <not-affected> (Upstream: "This bug was never present in
a Debian release.")
CVE-2007-2488 (The IAX2 channel driver (chan_iax2) in Asterisk before 20070504
does ...)
+ {DSA-1358-1}
- asterisk 1:1.4.5~dfsg-1 (low)
NOTE: no-dsa / unimportant candidate, the opposite side of the telephone line
NOTE: could just as well hang-up
@@ -4986,13 +4990,15 @@
CVE-2007-2298 (Multiple PHP remote file inclusion vulnerabilities in Garennes
0.6.1 ...)
NOT-FOR-US: Garennes
CVE-2007-2297 (The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and
1.4.x ...)
- - asterisk 1:1.4.2~dfsg-1 (medium; bug #419820)
- [sarge] - asterisk <not-affected> (correctly logs a warning)
+ {DSA-1358-1}
+ - asterisk 1:1.4.2~dfsg-1 (medium; bug #419820)
+ [sarge] - asterisk <not-affected> (correctly logs a warning)
CVE-2007-2296 (Integer overflow in the FlipFileTypeAtom_BtoN function in Apple
...)
NOT-FOR-US: Apple QuickTime
CVE-2007-2295 (Heap-based buffer overflow in the JVTCompEncodeFrame function in
Apple ...)
NOT-FOR-US: Apple QuickTime
CVE-2007-2294 (The Manager Interface in Asterisk before 1.2.18 and 1.4.x before
1.4.3 ...)
+ {DSA-1358-1}
- asterisk 1:1.4.3~dfsg-1 (low)
NOTE: Etch and Sarge affected
NOTE: http://ftp.digium.com/pub/asa/ASA-2007-012.html
@@ -6818,6 +6824,7 @@
CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in
MERCUR ...)
NOT-FOR-US: MERCUR IMAPD
CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before
1.4.2 ...)
+ {DSA-1358-1}
- asterisk 1:1.4.2~dfsg-5 (bug #415466; medium)
NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before
1.2.17 ...)
@@ -7341,6 +7348,7 @@
CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter
before ...)
NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN
CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote
...)
+ {DSA-1358-1}
- asterisk 1:1.2.16~dfsg-1 (medium)
CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php
in ...)
NOT-FOR-US: Sava''s Guestbook