thr3ads.net - Secure testing commits - [Secure-testing-commits] r7531

If this information is useful, please help other people find it:
Share via:
jmm-guest at alioth.debian.org
2007-Dec-06 17:58 UTC
[Secure-testing-commits] r7531 - data/CVE

Author: jmm-guest
Date: 2007-12-06 17:58:51 +0000 (Thu, 06 Dec 2007)
New Revision: 7531

Modified:
   data/CVE/list
Log:
one lighttpd issue already resolved
tar/perl, audacity, wesnoth, tomboy no-dsa
gnump3d doesn''t affect etch or sarge
bandersnatch unimportant


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-12-06 17:21:20 UTC (rev 7530)
+++ data/CVE/list	2007-12-06 17:58:51 UTC (rev 7531)
@@ -142,9 +142,10 @@
 	- zsh 4.3.4-dev-3-2 (low; bug #454073)
 	[etch] - zsh <no-dsa> (Minor issue)
 	[sarge] - zsh <no-dsa> (Minor issue)
-	NOTE: Can be fixed in a point update
 CVE-2007-6201 (Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and
1.3.x ...)
 	- wesnoth 1:1.2.8-1 (low)
+	[etch] - wesnoth <no-dsa> (Minor issue)
+	[sarge] - wesnoth <no-dsa> (Minor issue)
 CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when
running a ...)
 	- rsync 2.6.9-5.1 (low; bug #453652)
 CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon
that is ...)
@@ -293,7 +294,9 @@
 	NOTE: this is just an example script, maintainer adds a note about it
 	NOTE: 0.2.3-6 adds a security note about this script
 CVE-2007-6130 (gnump3d 2.9final does not apply password protection to its
plugins, ...)
-	- gnump3d 3.0-1 (low)
+	- gnump3d 3.0-1 (medium)
+	[sarge] - gnump3d <not-affected> (Vulnerable code not present) 
+	[etch] - gnump3d <not-affected> (Vulnerable code not present) 
 CVE-2007-6129 (Directory traversal vulnerability in
scripts/include/show_content.php ...)
 	NOT-FOR-US: Amber script
 CVE-2007-6128 (SQL injection vulnerability in events.php in WorkingOnWeb
2.0.1400 ...)
@@ -413,6 +416,7 @@
 	[etch] - ngircd <no-dsa> (Minor issue)
 CVE-2007-6061 (Audacity 1.3.2 creates a temporary directory with a predictable
name ...)
 	- audacity <unfixed> (bug #453283; low)
+	[etch] - audacity <no-dsa> (Minor issue)
 CVE-2007-6060 (AhnLab Antivirus 3 Internet Security 2008 Platinum appends data
to a ...)
 	NOT-FOR-US: AhnLab Antivirus 3 Internet Security 2008 Platinum
 CVE-2007-6059 (Javamail does not properly handle a series of invalid login
attempts ...)
@@ -746,7 +750,8 @@
 CVE-2007-5943 (Simple Machines Forum (SMF) 1.1.4 allows remote attackers to
read a ...)
 	NOT-FOR-US: Simple Machines Forum
 CVE-2007-5942 (Bandersnatch 0.4 allows remote attackers to obtain sensitive
...)
-	- bandersnatch <removed> (low; bug #451365)
+	- bandersnatch <removed> (unimportant; bug #451365)
+	NOTE: Installation path disclosure not treated as a security issue
 CVE-2007-5941 (Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control
in ...)
 	NOT-FOR-US: Adobe Shockwave
 CVE-2007-5940 (feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local
users ...)
@@ -1426,6 +1431,7 @@
 CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary
file, ...)
 	- vobcopy <unfixed> (low; bug #448319)
 	[etch] - vobcopy <no-dsa> (Minor issue)
+	[sarge] - vobcopy <no-dsa> (Minor issue)
 CVE-2007-5706 (Absolute path traversal vulnerability in download.php in Jeebles
...)
 	NOT-FOR-US: Jeebles
 CVE-2007-5705 (Unspecified vulnerability in the Settings component in the ...)
@@ -4239,6 +4245,8 @@
 	NOT-FOR-US: DirectAdmin
 CVE-2007-4829 (Directory traversal vulnerability in the Archive::Tar Perl
module 1.36 ...)
 	- libarchive-tar-perl (low; bug #449544)
+        [sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
+        [etch] - libarchive-tar-perl <no-dsa> (Minor issue)
 CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API
pretty-printing ...)
 	- mediawiki 1.10.2-1 (low; bug #442255)
 	[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
@@ -6286,7 +6294,7 @@
 	- lighttpd 1.4.16-1 (bug #434888)
 CVE-2007-3947 (request.c in lighttpd 1.4.15 allows remote attackers to cause a
denial ...)
 	{DSA-1362-1}
-	- lighttpd 1.4.16-1 (bug #434888)
+	- lighttpd 1.4.16-1 (bug #428368)
 CVE-2007-3946 (mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote
...)
 	{DSA-1362-1}
 	- lighttpd 1.4.16-1 (bug #434888)
@@ -8991,7 +8999,8 @@
 	RESERVED
 CVE-2007-2841 [lighttpd DoS]
 	RESERVED
-	- lighttpd 1.4.15-1.1 (bug #428368)
+	NOTE: Duplicate of CVE-2007-3947, was assigned from Debian CNA and clashed
with MITRE
+	NOTE: assignment
 CVE-2007-2840
 	RESERVED
 CVE-2007-2839 (gfax 0.4.2 and probably other versions creates temporary files
...)
@@ -27380,7 +27389,8 @@
 	TODO: check all packages
 	NOTE: lintian bug filed: #451559
 CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3
and ...)
-	- tomboy 0.8.1-2
+	- tomboy 0.8.1-2 (low)
+	[etch] - tomboy <no-dsa> (Minor issue)
 CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other
distributions, ...)
 	- resmgr <not-affected>
 CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other
distributions, ...)
Secure testing commits - Dec 2007 - r7531 - data/CVE

[Secure-testing-commits] r7531 - data/CVE
