Secure testing commits - Oct 2007 - r6996 - data/CVE

Author: jmm-guest
Date: 2007-10-17 17:53:48 +0000 (Wed, 17 Oct 2007)
New Revision: 6996

Modified:
   data/CVE/list
Log:
fix typo
jspwiki no-dsa for sarge
rar no-dsa


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-17 17:52:45 UTC (rev 6995)
+++ data/CVE/list	2007-10-17 17:53:48 UTC (rev 6996)
@@ -45,7 +45,7 @@
 	NOT-FOR-US: Softbiz Recipes Portal Script
 CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a
denial ...)
 	- madwifi 1:0.9.3.2-2 (medium; bug #446824)
-	[etch] - madwidi <no-dsa> (Non-free not supported)
+	[etch] - madwifi <no-dsa> (Non-free not supported)
 	NOTE: this results in a kernel panic
 CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension
for PHP ...)
 	NOT-FOR-US: ionCube
@@ -990,12 +990,15 @@
 	NOT-FOR-US: SoftBiz Classifieds PLUS
 CVE-2007-5121 (Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta
...)
 	- jspwiki <unfixed> (medium; bug #445477)
+	[sarge] - jspwiki <no-dsa> (Contrib not supported)
 	TODO: check, if affected at all
 CVE-2007-5120 (Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki
2.4.103 ...)
 	- jspwiki <unfixed> (medium; bug #445477)
+	[sarge] - jspwiki <no-dsa> (Contrib not supported)
 	TODO: check, if affected at all
 CVE-2007-5119 (JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to
obtain ...)
 	- jspwiki <unfixed> (medium; bug #445477)
+	[sarge] - jspwiki <no-dsa> (Contrib not supported)
 	TODO: check, if affected at all
 CVE-2007-5118 (Unspecified vulnerability in the HID (Human Interface Device)
class ...)
 	NOT-FOR-US: Solaris
@@ -4199,6 +4202,7 @@
 	[sarge] - unrar-nonfree <no-dsa> (Non-free not supported)
 	- rar <unfixed> (low; bug #437704)
 	[etch] - rar <no-dsa> (Non-free not supported)
+	[sarge] - rar <no-dsa> (Non-free not supported)
 CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91
allows ...)
 	{DSA-1340-1 DTSA-43-1}
 	- clamav 0.91-1
@@ -9824,7 +9828,7 @@
 CVE-2007-1372 (PHP remote file inclusion vulnerability in
styles/internal/header.php ...)
 	NOT-FOR-US: PostGuestbook
 CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow
local ...)
-	- conquest 8.2b-1 (medium)
+	- conquest 8.2b-1 (low)
 CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for
scd.sh and ...)
 	NOT-FOR-US: Zend Platform
 CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier
allows ...)