joeyh at alioth.debian.org
2007-Nov-10 21:14 UTC
[Secure-testing-commits] r7270 - data/CVE
Author: joeyh
Date: 2007-11-10 21:14:08 +0000 (Sat, 10 Nov 2007)
New Revision: 7270
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-11-10 19:52:10 UTC (rev 7269)
+++ data/CVE/list 2007-11-10 21:14:08 UTC (rev 7270)
@@ -242,6 +242,7 @@
CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows
local ...)
- ircii-pana <unfixed> (low; bug #449149)
CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when
...)
+ {DTSA-79-1}
- emacs22 22.1+1-2.1 (medium; bug #449008)
NOTE: Emacs 21 is not affected
CVE-2007-5793 (Stonesoft StoneGate IPS before 4.0 does not properly decode ...)
@@ -347,6 +348,7 @@
CVE-2007-5742
RESERVED
CVE-2007-5741 (Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote
attackers ...)
+ {DSA-1405-1}
- zope-cmfplone 2.5.2-2 (bug #449523)
[sarge] - zope-cmfplone <not-affected> (Upstream confirms that 2.0
branch is not vulnerable)
NOTE: Fix available:
@@ -2693,7 +2695,7 @@
CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in
FrontAccounting ...)
NOT-FOR-US: FrontAccounting
CVE-2007-5116 (Buffer overflow in the polymorphic opcode support in the Regular
...)
- {DSA-1400-1}
+ {DSA-1400-1 DTSA-78-1}
- perl <unfixed> (medium; bug #450794)
NOTE: http://public.activestate.com/cgi-bin/perlbrowse/30647
CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi
PHP-Nuke 5.6 ...)
@@ -5877,25 +5879,25 @@
{DSA-1378-2 DSA-1378-1}
- linux-2.6 <unfixed>
CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before
2.0.0.5 ...)
- {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+ {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
- iceape 1.1.3-1 (medium)
- xulrunner 1.8.1.5-1 (medium)
- iceweasel 2.0.0.5-1 (medium)
NOTE: MFSA2007-25
CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to
execute ...)
- {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+ {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
- iceweasel 2.0.0.5-1 (high)
NOTE: MFSA2007-21
CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
- {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+ {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
- iceweasel 2.0.0.5-1 (high)
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
NOTE: MFSA2007-19
CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
- {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1
DTSA-71-1}
+ {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1
DTSA-71-1 DTSA-80-1}
- iceweasel 2.0.0.5-1 (high)
- icedove <unfixed> (low)
NOTE: Affects only broken setups, enabling js in Icedove is strongly not
recommended
@@ -5903,7 +5905,7 @@
- xulrunner 1.8.1.5-1 (high)
NOTE: MFSA2007-18
CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1
DTSA-71-1}
+ {DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1
DTSA-71-1 DTSA-80-1}
- iceweasel 2.0.0.5-1 (high)
- icedove 2.0.0.6-1 (high; bug #444010)
- iceape 1.1.3-1 (high)
@@ -6084,7 +6086,7 @@
CVE-2007-3657 (** DISPUTED ** ...)
NOTE: Disputed Firefox issue, browser crashes not treated as security problems
anyway
CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does
not ...)
- {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+ {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
- iceweasel 2.0.0.5-1 (high)
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
@@ -7001,6 +7003,7 @@
CVE-2007-3286 (Multiple buffer overflows in unspecified ActiveX controls in COM
...)
NOT-FOR-US: Avaya IP Softphone
CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows
remote ...)
+ {DTSA-80-1}
- iceweasel <not-affected> (Affects only Firefox in Windows)
NOTE: MFSA2007-22
CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows
allows ...)
@@ -7496,7 +7499,7 @@
[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
- xulrunner <unfixed> (medium)
CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of
document.write ...)
- {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
+ {DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-80-1}
- iceweasel 2.0.0.5-1 (low; bug #427691)
- iceape 1.1.3-1 (low)
- xulrunner 1.8.1.5-1 (low)
@@ -11300,8 +11303,10 @@
- php4 <unfixed> (unimportant)
NOTE: Can only be triggered by malicious script
CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in
Horde ...)
+ {DSA-1406-1}
- horde3 3.1.3-4 (medium)
CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in
framework/NLS/NLS.php in ...)
+ {DSA-1406-1}
- horde3 3.1.4-1 (low; bug #434045)
CVE-2007-1472 (Variable overwrite vulnerability in
groupit/base/groupit.start.inc in ...)
NOT-FOR-US: Groupit
@@ -21303,6 +21308,7 @@
CVE-2006-4257 (IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows
remote ...)
NOT-FOR-US: IBM DB2
CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows
remote ...)
+ {DSA-1406-1}
- horde3 3.1.3-1 (low; bug #383416)
CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php
in ...)
- imp4 4.1.3-1 (low; bug #383416)
@@ -22974,8 +22980,10 @@
CVE-2006-3550 (Multiple cross-site scripting (XSS) vulnerabilities in F5
Networks ...)
NOT-FOR-US: F5 Netowrks FirePass
CVE-2006-3549 (services/go.php in Horde Application Framework 3.0.0 through
3.0.10 ...)
+ {DSA-1406-1}
- horde3 3.1.2-1 (bug #378281; low)
CVE-2006-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
...)
+ {DSA-1406-1}
- horde3 3.1.2-1 (bug #378281; low)
CVE-2006-3547 (** DISPUTED ** ...)
NOT-FOR-US: EMC VMware Player