jmm-guest at alioth.debian.org
2007-Oct-12 20:18 UTC
[Secure-testing-commits] r6920 - in data: CVE DSA
Author: jmm-guest
Date: 2007-10-12 20:18:30 +0000 (Fri, 12 Oct 2007)
New Revision: 6920
Modified:
data/CVE/list
data/DSA/list
Log:
sql-ledger not an issue
add more fixed source packages to openssl DSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-10-12 19:27:31 UTC (rev 6919)
+++ data/CVE/list 2007-10-12 20:18:30 UTC (rev 6920)
@@ -5,7 +5,9 @@
CVE-2007-5373 (ldapscripts 1.4 and 1.7 sends a password as a command line
argument ...)
- ldapscripts <unfixed> (bug #445582; medium)
CVE-2007-5372 (Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0
through ...)
- - sql-ledger <unfixed> (low; bug #446366)
+ - sql-ledger <unfixed> (unimportant; bug #409703)
+ NOTE: It''s documented behaviour that SQL-Ledger should only be run in
an
+ NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-5371 (Multiple SQL injection vulnerabilities in
mutate_content.dynamic.php ...)
NOT-FOR-US: MODx
CVE-2007-5370 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
@@ -19,7 +21,7 @@
CVE-2007-5366 (The Tomcat 4.1-based Servlet Service in Fujitsu Interstage
Application ...)
NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2007-5365 (Stack-based buffer overflow in the cons_options function in
options.c ...)
- - dhcp <unfixed> (high; bug #446354)
+ - dhcp <unfixed> (medium; bug #446354)
TODO: check for code duplication
CVE-2007-5364 (** DISPUTED ** ...)
NOT-FOR-US: ViArt Shopping Cart
Modified: data/DSA/list
==================================================================---
data/DSA/list 2007-10-12 19:27:31 UTC (rev 6919)
+++ data/DSA/list 2007-10-12 20:18:30 UTC (rev 6920)
@@ -22,7 +22,9 @@
[02 Oct 2007] DSA-1379-1 openssl - arbitrary code execution
{CVE-2007-5135}
[sarge] - openssl 0.9.7e-3sarge5
+ [sarge] - openssl096 0.9.6m-1sarge5
[etch] - openssl 0.9.8c-4etch1
+ [etch] - openssl097 0.9.7k-3.1etch1
[02 Oct 2007] DSA-1365-3 id3lib3.8.3 - denial of service
{CVE-2007-4460}
[sarge] - id3lib3.8.3 3.8.3-4.1sarge1