Secure testing commits - Nov 2007 - r7256 - data/CVE

Author: nion
Date: 2007-11-09 10:37:56 +0000 (Fri, 09 Nov 2007)
New Revision: 7256

Modified:
   data/CVE/list
Log:
NFUs
CVE-2007-5156 and CVE-2007-3921 will be fixed in gforge 4.6.99+svn6169-1 (when
ftp-master is back)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-11-09 10:20:47 UTC (rev 7255)
+++ data/CVE/list	2007-11-09 10:37:56 UTC (rev 7256)
@@ -2565,7 +2565,7 @@
 	- knowledgeroot 0.9.8.4-1.1 (medium; bug #444928)
 	- moin 1.5.8-4.1
 	- karrigell <not-affected> (Does not include vulnerable php code)
-	- gforge <unfixed> (low; bug #447590)
+	- gforge 4.6.99+svn6169-1 (low; bug #447590)
 	[etch] - gforge <not-affected> (fckeditor is not shipped in these
versions)
 	[sarge] - gforge <not-affected> (fckeditor is not shipped in these
versions)
 CVE-2007-5155 (IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect
...)
@@ -3649,17 +3649,17 @@
 CVE-2007-4678
 	RESERVED
 CVE-2007-4677 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2007-4676 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2007-4675 (Heap-based buffer overflow in the QuickTime VR extension
7.2.0.240 in ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2007-4674
 	RESERVED
 CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for
Windows XP ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2007-4672 (Stack-based buffer overflow in Apple QuickTime before 7.3 allows
...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1 allows
...)
 	NOT-FOR-US: Safari
 CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact
and ...)
@@ -4714,7 +4714,7 @@
 	[sarge] - kdebase <no-dsa> (Minor issue)
 	[etch] - kdebase <no-dsa> (Minor issue)
 CVE-2007-4223 (Dbgv.sys in Microsoft Sysinternals DebugView before 4.72
provides an ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Sysinternals DebugView
 CVE-2007-4222 (Buffer overflow in the TagAttributeListCopy function in
nnotes.dll in ...)
 	NOT-FOR-US: IBM Lotus Notes
 CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5
for ...)
@@ -5383,7 +5383,7 @@
 	- sun-java6 6-02-1
 CVE-2007-3921 (gforge 3.1 and 4.5.14 allows local users to truncate arbitrary
files ...)
 	{DSA-1402-1}
-	TODO: check
+	- gforge 4.6.99+svn6169-1
 CVE-2007-3920 (GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz,
does not ...)
 	{DTSA-75-1}
 	- gnome-screensaver 2.20.0-1.1