thijs at alioth.debian.org
2007-Aug-28 21:45 UTC
[Secure-testing-commits] r6422 - data/CVE doc
Author: thijs Date: 2007-08-28 21:45:54 +0000 (Tue, 28 Aug 2007) New Revision: 6422 Modified: data/CVE/list doc/how-to-DTSA doc/narrative_introduction Log: cveify id3lib3.8.3 issue asterisk issue low priority link existing bug to nvidia driver issue some nfu''s Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-28 21:22:59 UTC (rev 6421) +++ data/CVE/list 2007-08-28 21:45:54 UTC (rev 6422) @@ -1,11 +1,11 @@ CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows ...) TODO: check CVE-2007-4579 (Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live ...) - TODO: check + NOT-FOR-US: MSN CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows ...) - TODO: check + NOT-FOR-US: Sophos CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...) - TODO: check + NOT-FOR-US: Sophos CVE-2007-4576 RESERVED TODO: check @@ -127,7 +127,8 @@ CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 ...) TODO: check CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an ...) - TODO: check + - asterisk <unfixed> (low) + NOTE: Patch: http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.html CVE-2007-4520 RESERVED TODO: check @@ -183,7 +184,7 @@ CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American ...) TODO: check CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...) - TODO: check + NOT-FOR-US: Grandstream SIP Phone CVE-2007-4497 RESERVED TODO: check @@ -227,7 +228,7 @@ CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) TODO: check CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...) - TODO: check + NOT-FOR-US: Planet VC-200M VDSL2 router CVE-2007-4476 RESERVED TODO: check @@ -279,7 +280,7 @@ - nufw 2.2.4-1 (bug #439227) [etch] - nufw <not-affected> CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) ...) - - id3lib3.8.3 3.8.3-7 (bug #438540) + - id3lib3.8.3 3.8.3-7 (low; bug #438540) CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP ...) NOT-FOR-US: Cisco IP Phone CVE-2007-4458 (PHP remote file inclusion vulnerability in ...) @@ -480,8 +481,6 @@ CVE-2007-XXXX [pam usb wrongly allows authentication without password in ssh sessions] - libpam-usb 0.4.1-1 (medium) NOTE: see http://sourceforge.net/mailarchive/forum.php?thread_name=7D75703BC8E1C149BF78A1E79AAAB169B8A2E4%40svits28.main.ad.rit.edu&forum_name=pamusb-devel -CVE-2007-XXXX [id3lib insecure tempfile creation] - - id3lib3.8.3 3.8.3-7 (low; bug #438540) CVE-2007-XXXX [lwat sometimes logs passwords in access.log] - lwat 0.15-2 (low) CVE-2007-4371 (Unrestricted file upload vulnerability in admin/pages/blog-add.php in ...) @@ -2310,7 +2309,7 @@ CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote ...) NOT-FOR-US: 3Com CVE-2007-3532 (NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and ...) - TODO: check + - nvidia-kernel-common <unfixed> (bug #434398) CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...) TODO: check CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and ...) Modified: doc/how-to-DTSA ==================================================================--- doc/how-to-DTSA 2007-08-28 21:22:59 UTC (rev 6421) +++ doc/how-to-DTSA 2007-08-28 21:45:54 UTC (rev 6422) @@ -51,7 +51,7 @@ Some time after the buildd has received the signed .changes, it will upload the packages to klecker to /org/security.debian.org/queue/unembargoed/. "dak queue-report" gives -an overview, what packges have arrived in the queue. +an overview, what packages have arrived in the queue. If a buildd has problems: A list with the admins is at [3]. Modified: doc/narrative_introduction ==================================================================--- doc/narrative_introduction 2007-08-28 21:22:59 UTC (rev 6421) +++ doc/narrative_introduction 2007-08-28 21:45:54 UTC (rev 6422) @@ -109,7 +109,7 @@ Issues Not-For-Us (NFU) ----------------------- -Processing your claimed entires is done by first seeing if the issue +Processing your claimed entries is done by first seeing if the issue is related to any software packaged in Debian, if it isn''t a package in Debian and has no ITP then you note that in the file, for example: