stef-guest at alioth.debian.org
2007-Aug-31 19:16 UTC
[Secure-testing-commits] r6455 - data/CVE
Author: stef-guest
Date: 2007-08-31 19:16:19 +0000 (Fri, 31 Aug 2007)
New Revision: 6455
Modified:
data/CVE/list
Log:
new issues fixed: mapserver, backup-manager
fixed: linux, konversation
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-08-31 15:39:52 UTC (rev 6454)
+++ data/CVE/list 2007-08-31 19:16:19 UTC (rev 6455)
@@ -1,3 +1,6 @@
+CVE-2007-XXXX [backup-manager discloses FTP passwords]
+ - backup-manager 0.7.6-3 (bug #439392)
+ NOTE: similar to CVE-2007-2766, but for FTP
CVE-2007-4630 (Cross-site scripting (XSS) vulnerability in xlaapmview.asp in
Absolute ...)
TODO: check
CVE-2007-4629 (Buffer overflow in the processLine funtion in maptemplate.c in
...)
@@ -182,7 +185,7 @@
- bugzilla <unfixed> (low; bug #440106)
[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-4542 (Multiple cross-site scripting (XSS) vulnerabilities in MapServer
...)
- TODO: check
+ - mapserver 4.10.3-1 (bug #439346)
CVE-2007-4541 (Multiple cross-site scripting (XSS) vulnerabilities in Olate
Download ...)
NOT-FOR-US: Olate Download
CVE-2007-4540 (Multiple SQL injection vulnerabilities in download.php in Olate
...)
@@ -492,7 +495,7 @@
CVE-2007-4401 (Multiple CRLF injection vulnerabilities in the Advanced mIRC
...)
NOT-FOR-US: mirc
CVE-2007-4400 (CRLF injection vulnerability in the included media script in
...)
- - konversation <unfixed> (low; bug #439837)
+ - konversation 1.0.1-4 (low; bug #439837)
[etch] - konversation <no-dsa> (minor issue)
[sarge] - konversation <no-dsa> (minor issue)
CVE-2007-4399 (CRLF injection vulnerability in the xmms.bx 1.0 script for
BitchX ...)
@@ -1679,14 +1682,14 @@
- sysstat <not-affected> (We have our own init script not prone to this
vulnerability)
CVE-2007-3851 (The drm/i915 component in the Linux kernel before 2.6.22.2, when
used ...)
{DSA-1356-1}
- TODO: check
+ - linux-2.6 2.6.22-4
CVE-2007-3850
RESERVED
CVE-2007-3849
RESERVED
CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to
send ...)
{DSA-1356-1}
- TODO: check
+ - linux-2.6 2.6.22-4
CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy)
in ...)
TODO: check
CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as
used ...)