joeyh at alioth.debian.org
2007-Sep-01 21:14 UTC
[Secure-testing-commits] r6464 - data/CVE
Author: joeyh
Date: 2007-09-01 21:14:07 +0000 (Sat, 01 Sep 2007)
New Revision: 6464
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-09-01 12:52:44 UTC (rev 6463)
+++ data/CVE/list 2007-09-01 21:14:07 UTC (rev 6464)
@@ -146,6 +146,7 @@
CVE-2007-4561 (Heap-based buffer overflow in the RTSP service in Helix DNA
Server ...)
NOT-FOR-US: Helix DNA Server
CVE-2007-4560 (clamav-milter in ClamAV before 0.91.2, when run in black hole
mode, ...)
+ {DSA-1366-1}
- clamav 0.91.2-1 (high)
CVE-2007-4559 (Directory traversal vulnerability in the (1) extract and (2)
...)
- python2.3 <removed>
@@ -259,6 +260,7 @@
CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not
apply ...)
NOT-FOR-US: Sun Application Server
CVE-2007-4510 (ClamAV before 0.91.2, as used in Kolab Server 2.0 through
2.2beta1 and ...)
+ {DSA-1366-1}
- clamav 0.91.2-1
[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-4509 (SQL injection vulnerability in index.php in the EventList
component ...)
@@ -367,6 +369,7 @@
- nufw 2.2.4-1 (bug #439227)
[etch] - nufw <not-affected>
CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka
libid3) ...)
+ {DSA-1365-1}
- id3lib3.8.3 3.8.3-7 (low; bug #438540)
CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and
other SIP ...)
NOT-FOR-US: Cisco IP Phone
@@ -702,6 +705,7 @@
CVE-2007-4309 (IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote
...)
NOT-FOR-US: IBM Lotus Notes
CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the
SCSI ...)
+ {DSA-1363-1}
- linux-2.6
CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in
Storesprite 7 ...)
NOT-FOR-US: Storesprite
@@ -1702,6 +1706,7 @@
- iceape 1.1.3-2 (medium)
- icedove <unfixed> (medium)
CVE-2007-3843 (The Linux kernel before 2.6.23-rc1 checks the wrong global
variable ...)
+ {DSA-1363-1}
TODO: check
CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000
Enterprise ...)
NOT-FOR-US: 8e6 R3000 Enterprise Filter
@@ -3487,6 +3492,7 @@
CVE-2007-3106 (libvorbis 1.1.2, and possibly other versions before 1.2.0,
allows ...)
- libvorbis 1.2.0.dfsg-1 (medium)
CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG)
...)
+ {DSA-1363-1}
- linux-2.6 <unfixed>
CVE-2007-3104 (The sysfs_readdir function in the Linux kernel in Red Hat
Enterprise ...)
- linux-2.6 <unfixed>
@@ -3828,6 +3834,7 @@
CVE-2007-2954
RESERVED
CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...)
+ {DSA-1364-1}
- vim 1:7.1-056+1 (low)
CVE-2007-2952
RESERVED
@@ -3993,6 +4000,7 @@
{DSA-1356-1}
- linux-2.6 2.6.21-5 (medium)
CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux
...)
+ {DSA-1363-1}
- linux-2.6 2.6.21-5 (medium)
CVE-2007-2874 (Buffer overflow in the wpa_printf function in the debugging code
in ...)
- wpasupplicant <not-affected> (Fedora-only issue)
@@ -5031,6 +5039,7 @@
CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and
earlier for ...)
NOT-FOR-US: Caucho Resin Professional
CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1)
writefile, ...)
+ {DSA-1364-1}
- vim 1:7.1-022+1 (bug #435401; low)
[sarge] - vim <not-affected> (Vulnerable code not present)
NOTE: Exploitable through modelines, needs to be used with care in any case
@@ -5643,7 +5652,7 @@
CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and
(2) ...)
NOT-FOR-US: Gentoo''s packaging of courier
CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before
2.4.35 ...)
- {DSA-1356-1}
+ {DSA-1363-1 DSA-1356-1}
- linux-2.6 <unfixed> (medium)
- kernel-source-2.4.27 (medium; bug #439224)
- kernel-source-2.6.8 (medium; bug #439225)