thr3ads.net - Secure testing commits - [Secure-testing-commits] r7079

If this information is useful, please help other people find it:
Share via:
jmm-guest at alioth.debian.org
2007-Oct-23 20:38 UTC
[Secure-testing-commits] r7079 - data/CVE

Author: jmm-guest
Date: 2007-10-23 20:38:33 +0000 (Tue, 23 Oct 2007)
New Revision: 7079

Modified:
   data/CVE/list
Log:
- new kernel issue
- asterisk voicemail overflow only not in sarge/etch
- mozilla cleanup for sarge
- pam fixed in point update
- correct older entries; don''t use not-affected if a fixed version is
available


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-23 15:42:27 UTC (rev 7078)
+++ data/CVE/list	2007-10-23 20:38:33 UTC (rev 7079)
@@ -358,7 +358,7 @@
 CVE-2002-2268 (Buffer overflow in Webster HTTP Server allows remote attackers
to ...)
 	NOT-FOR-US: Webster HTTP Server
 CVE-2002-2267 (bogopass in bogofilter 0.9.0.4 allows local users to overwrite
...)
-	- bogofilter <not-affected> (debian versions are all fixed)
+	- bogofilter 0.9.0.5
 CVE-2002-2266 (NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or
...)
 	NOT-FOR-US: NetScreen
 CVE-2002-2265 (Unspecified vulnerability in LDAP Module in System
Authentication of Open ...)
@@ -370,7 +370,7 @@
 CVE-2002-2262 (Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11
allows ...)
 	NOT-FOR-US: HP-UX xntpd
 CVE-2002-2261 (Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass
...)
-	- sendmail <not-affected> (debian versions are all fixed)
+	- sendmail 8.12.7
 CVE-2002-2260 (Cross-site scripting (XSS) vulnerability in the quips feature in
...)
 	{DSA-218}
 	- bugzilla 2.14.2-1
@@ -898,6 +898,8 @@
 	RESERVED
 CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in
Asterisk ...)
 	- asterisk 1:1.4.13~dfsg-1 (medium)
+	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
+	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
 CVE-2007-5357
 	RESERVED
 CVE-2007-5356
@@ -1847,8 +1849,9 @@
 	RESERVED
 CVE-2007-4998
 	RESERVED
-CVE-2007-4997
+CVE-2007-4997 [kernel ieee80211 DoS]
 	RESERVED
+	- linux-2.6 <unfixed>
 CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN
nudge ...)
 	- pidgin 2.2.1-1 (medium)
 	NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0
@@ -2119,8 +2122,6 @@
 CVE-2007-4879 (Mozilla Firefox 2.0.x can automatically install TLS client ...)
 	- iceweasel <unfixed> (low; bug #444803)
 	- iceape <unfixed> (low; bug #444805)
-	- mozilla-firefox <removed>
-	- mozilla <removed>
 CVE-2007-4878
 	RESERVED
 CVE-2007-4877
@@ -2204,10 +2205,6 @@
 	{DTSA-69-1}
 	- iceweasel 2.0.0.8-1
 	- iceape <unfixed>
-	- mozilla-firefox <removed>
-	- mozilla <removed>
-	NOTE: this vulnerability is unspecified
-	NOTE: likely affects only windows and Mac OS
 CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to
cause a ...)
 	- php5 <unfixed> (unimportant) 
 	NOTE: Only triggerable by malicious script
@@ -6813,23 +6810,20 @@
 	NOTE: MFSA2007-17
 	- iceweasel 2.0.0.4-1 (low)
 	- iceape 1.1.2-1 (low)
-	- firefox <removed> (low)
-	- mozilla <removed> (low)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 	- xulrunner 1.8.1.4-1 (low)
 CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4,
and ...)
 	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
 	NOTE: MFSA2007-16
 	- iceweasel 2.0.0.4-1 (medium)
 	- iceape 1.1.2-1 (medium)
-	- firefox <removed> (medium)
-	- mozilla <removed> (medium)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 	- xulrunner 1.8.1.4-1 (medium)
 CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before
...)
 	{DSA-1308-1 DSA-1306-1 DTSA-45-1 DTSA-51-1}
 	NOTE: MFSA2007-13
 	- iceweasel 2.0.0.4-1 (unimportant)
 	- iceape 1.1.2-1 (unimportant)
-	- firefox <removed> (unimportant)
 	- mozilla <removed> (unimportant)
 	- xulrunner 1.8.1.4-1 (unimportant)
 CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla
Firefox ...)
@@ -6837,23 +6831,19 @@
 	NOTE: MFSA2007-12
 	- iceweasel 2.0.0.4-1 (high)
 	- iceape 1.1.2-1 (high)
-	- firefox <removed> (high)
-	- mozilla <removed> (high)
-	- thunderbird <removed> (low)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 	- icedove 2.0.0.4-1 (low)
 	- xulrunner 1.8.1.4-1 (high)
-	[sarge] - mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no
longer supported)
 CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla
Firefox ...)
 	{DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1
DTSA-51-1}
 	NOTE: MFSA2007-12
 	- iceweasel 2.0.0.4-1 (high)
 	- iceape 1.1.2-1 (high)
-	- firefox <removed> (high)
-	- mozilla <removed> (high)
-	- thunderbird <removed> (low)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 	- icedove 2.0.0.4-1 (low)
 	- xulrunner 1.8.1.4-1 (high)
-	[sarge] - mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no
longer supported)
 CVE-2007-2866 (Multiple SQL injection vulnerabilities in ...)
 	NOT-FOR-US: PHPEcho CMS
 CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in
phpPgAdmin ...)
@@ -11630,9 +11620,8 @@
 	- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
 	- xulrunner 1.8.0.10-1 (high)
 	- iceape 1.0.8-1 (high)
-	- mozilla-firefox <removed> (high)
-	- mozilla <removed> (high)
-	- firefox <removed> (high)
+	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged
for ...)
 	NOT-FOR-US: HP Serviceguard
 CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2
before ...)
@@ -12209,7 +12198,7 @@
 	- iceape 1.0.8-1 (low)
 	- xulrunner 1.8.0.10-1 (low)
 	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
-	[sarge] - mozilla <unfixed> (low)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x
...)
 	NOTE: MFSA-2007-01
 	- iceweasel 2.0.0.2+dfsg-1 (high)
@@ -12217,8 +12206,8 @@
 	- icedove 1.5.0.10.dfsg1-1 (low)
 	- xulrunner 1.8.0.10-1 (high)
 	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
-	[sarge] - mozilla-thunderbird <unfixed> (low)
-	[sarge] - mozilla <unfixed> (high)
+	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no
longer supported)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in
Mozilla ...)
 	NOTE: MFSA-2007-01
 	- iceweasel 2.0.0.2+dfsg-1 (high)
@@ -14696,21 +14685,19 @@
 	NOTE: MFSA-2007-06
 	- iceweasel 2.0.0.2+dfsg-1 (low)
 	- iceape 1.0.8-1 (low)
-	- xulrunner 1.8.0.10-1 (high)
+	- xulrunner 1.8.0.10-1 (low)
 	- icedove 1.5.0.10.dfsg1-1
 	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
-	[sarge] - mozilla <unfixed> (high)
-	- firefox <removed> (high)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network
Security ...)
 	{DSA-1336-1}
 	NOTE: MFSA-2007-06
 	- iceweasel 2.0.0.2+dfsg-1 (low)
 	- iceape 1.0.8-1 (low)
-	- xulrunner 1.8.0.10-1 (high)
+	- xulrunner 1.8.0.10-1 (low)
 	- icedove 1.5.0.10.dfsg1-1
 	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
-	[sarge] - mozilla <unfixed> (high)
-	- firefox <removed> (high)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite
arbitrary ...)
 	- gnucash 2.0.5-1 (bug #411942; medium)
 CVE-2007-0006 (The key serial number collision avoidance code in the
key_alloc_serial ...)
@@ -16074,7 +16061,7 @@
 	- iceweasel 2.0.0.2+dfsg-1 (high; bug #409220)
 	- iceape 1.0.8-1 (high)
 	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
-	[sarge] - mozilla <unfixed> (high)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 	- xulrunner 1.8.0.10-1 (medium)
 	NOTE: Epiphany affected by xulrunner
 CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly
...)
@@ -23229,9 +23216,7 @@
 	- mediawiki <not-affected> (Affects only 1.6.0-1.6.6)
 CVE-2006-2894 (Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite
1.7.13, ...)
 	{DSA-1392-1 DTSA-69-1}
-	- iceweasel 2.0.0.8-1
-	NOTE: There are very few scenarios, where this could be exploited
-	NOTE: We can probably ignore this
+	- iceweasel 2.0.0.4-1
 CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the
full ...)
 	NOT-FOR-US: GANTTy
 CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy
1.0.3 ...)
@@ -34996,6 +34981,8 @@
 	- netpbm-free 2:10.0-10
 CVE-2005-2977 (The SELinux version of PAM before 0.78 r3 allows local users to
...)
 	- pam 0.99.7.1-2 (bug #336344; low)
+	[etch] - pam <no-dsa> (Scheduled for next point release)
+	NOTE: [etch] - pam 0.79-5
 	[sarge] - pam <not-affected> (Does not contain SELinux support)
 	[woody] - pam <not-affected> (Does not contain SELinux support)
 CVE-2005-2976 (Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before
2.8.7 ...)
Secure testing commits - Oct 2007 - r7079 - data/CVE

[Secure-testing-commits] r7079 - data/CVE
