stef-guest at alioth.debian.org
2007-Aug-29 19:01 UTC
[Secure-testing-commits] r6428 - data/CVE
Author: stef-guest Date: 2007-08-29 19:01:44 +0000 (Wed, 29 Aug 2007) New Revision: 6428 Modified: data/CVE/list Log: new issues: tar, star, python2.[234] wengophone fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-08-29 13:33:16 UTC (rev 6427) +++ data/CVE/list 2007-08-29 19:01:44 UTC (rev 6428) @@ -51,9 +51,11 @@ CVE-2007-4560 (clamav-milter in ClamAV before 0.91.2, when run in black hole mode, ...) - clamav 0.91.2-1 (high) CVE-2007-4559 (Directory traversal vulnerability in the (1) extract and (2) ...) - TODO: check + - python2.3 <removed> + - python2.4 <unfixed> (bug #440097) + - python2.5 <unfixed> (bug filed) CVE-2007-4558 (Directory traversal vulnerability in extract.c in star before 1.5a84 ...) - TODO: check + - star <unfixed> (bug filed) CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet in ...) TODO: check CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x before ...) @@ -494,7 +496,7 @@ CVE-2007-4367 (Opera before 9.23 allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Opera CVE-2007-4366 (WengoPhone 2.1 allows remote attackers to cause a denial of service ...) - - wengophone <unfixed> (bug #438419) + - wengophone 2.1.1.dfsg0-3 (bug #438419) CVE-2007-4365 (Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier ...) NOT-FOR-US: eXV2 CMS CVE-2007-4364 (Fedora Commons before 2.2.1 does not properly handle certain ...) @@ -993,7 +995,7 @@ CVE-2007-4132 RESERVED CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...) - TODO: check + - tar <unfixed> (high; bug #439335) CVE-2007-4130 RESERVED CVE-2007-4129