Secure testing commits - Oct 2007 - r6773 - data/CVE

Author: joeyh
Date: 2007-10-03 09:14:07 +0000 (Wed, 03 Oct 2007)
New Revision: 6773

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-03 07:59:29 UTC (rev 6772)
+++ data/CVE/list	2007-10-03 09:14:07 UTC (rev 6773)
@@ -111,6 +111,7 @@
 CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi
PHP-Nuke 5.6 ...)
 	NOT-FOR-US: Php-Nuke
 CVE-2007-5135 (Off-by-one error in the SSL_get_shared_ciphers function in
OpenSSL ...)
+	{DSA-1379-1}
 	- openssl 0.9.8e-9 (high; bug #444435)
 	NOTE: see https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/146269
 CVE-2007-5115 (Multiple PHP remote file inclusion vulnerabilities in Ekke
Doerre ...)
@@ -284,6 +285,7 @@
 CVE-2007-5035 (** DISPUTED ** ...)
 	NOT-FOR-US: openEngine
 CVE-2007-5034 (ELinks before 0.11.3, when sending a POST request for an https
URL, ...)
+	{DSA-1380-1}
 	- elinks 0.11.1-1.5 (low; bug #443914)
 CVE-2007-5033 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB
XS 2 ...)
 	NOT-FOR-US: phpBB XS
@@ -714,6 +716,7 @@
 CVE-2007-4850
 	RESERVED
 CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and
possibly ...)
+	{DSA-1378-2 DSA-1378-1}
 	- linux-2.6 <unfixed> (bug #442245; low)
 CVE-2007-4848 (Microsoft Internet Explorer 4.0 through 7 allows remote
attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
@@ -1349,6 +1352,7 @@
 CVE-2007-4574
 	RESERVED
 CVE-2007-4573 (The IA32 system call emulation functionality in Linux kernel
2.4.x and ...)
+	{DSA-1378-2 DSA-1378-1}
 	- linux-2.6 <unfixed> (medium)
 CVE-2007-4572
 	RESERVED
@@ -1608,7 +1612,7 @@
 	- nufw 2.2.4-1 (bug #439227)
 	[etch] - nufw <not-affected>
 CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka
libid3) ...)
-	{DSA-1365-2 DSA-1365-1}
+	{DSA-1365-3 DSA-1365-2 DSA-1365-1}
 	- id3lib3.8.3 3.8.3-7 (low; bug #438540)
 CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and
other SIP ...)
 	NOT-FOR-US: Cisco IP Phone
@@ -2800,6 +2804,7 @@
 CVE-2007-3919
 	RESERVED
 CVE-2007-3918 [gforge xss]
+	RESERVED
 	- gforge 4.6.99+svn6094-1
 CVE-2007-3917
 	RESERVED
@@ -3216,8 +3221,10 @@
 	- gimp <unfixed> 
 	NOTE: maintainer states that this is not an issue
 CVE-2007-3740 (The CIFS filesystem, when Unix extension support is enabled,
does not ...)
+	{DSA-1378-2 DSA-1378-1}
 	- linux-2.6 <unfixed>
 CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems,
does not ...)
+	{DSA-1378-2 DSA-1378-1}
 	- linux-2.6 <unfixed>
 CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before
2.0.0.5 ...)
 	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
@@ -3252,6 +3259,7 @@
 CVE-2007-3732
 	RESERVED
 CVE-2007-3731 (The Linux kernel 2.6.20 and 2.6.21 does not properly handle an
invalid ...)
+	{DSA-1378-2 DSA-1378-1}
 	- linux-2.6 <unfixed>
 CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services
5.6 for ...)
 	NOT-FOR-US: HP OpenVMS