jmm-guest at alioth.debian.org
2007-Oct-20 13:11 UTC
[Secure-testing-commits] r7039 - data/CVE
Author: jmm-guest
Date: 2007-10-20 13:11:18 +0000 (Sat, 20 Oct 2007)
New Revision: 7039
Modified:
data/CVE/list
Log:
add not-affected for krb5 issue in sarge
remove kernel-source-* entries, handled through kernel-sec, only
linux-2.6 is used in the tracker
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-10-20 13:05:48 UTC (rev 7038)
+++ data/CVE/list 2007-10-20 13:11:18 UTC (rev 7039)
@@ -2295,6 +2295,7 @@
CVE-2007-4743 (The original patch for CVE-2007-3999 in svc_auth_gss.c in the
...)
{DSA-1387-1 DSA-1367-1}
- krb5 1.6.dfsg.1-7 (high; bug #441209)
+ [sarge] - krb5 <not-affected> (Vulnerable code not present)
- librpcsecgss 0.14-4 (high; bug #441393)
NOTE: http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
NOTE: 1.6.dfsg.1-7 somehow already includes the updated version
@@ -3271,7 +3272,7 @@
CVE-2007-4312 (SQL injection vulnerability in index.php in Php Blue Dragon CMS
3.0.0 ...)
NOT-FOR-US: Php Blue Dragon CMS
CVE-2007-4311 (The xfer_secondary_pool function in drivers/char/random.c in the
Linux ...)
- - kernel-source-2.4.27 <unfixed>
+ - linux-2.6 <unfixed>
CVE-2007-4310 (The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows
...)
NOT-FOR-US: Solaris
CVE-2007-4309 (IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote
...)
@@ -8309,8 +8310,6 @@
CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before
2.4.35 ...)
{DSA-1363-1 DSA-1356-1}
- linux-2.6 2.6.21-1 (medium)
- - kernel-source-2.4.27 (medium; bug #439224)
- - kernel-source-2.6.8 (medium; bug #439225)
CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in
...)
NOT-FOR-US: Novell GroupWise
CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does
not ...)