jmm-guest at alioth.debian.org
2007-Dec-23 10:58 UTC
[Secure-testing-commits] r7700 - in data: . CVE DSA
Author: jmm-guest
Date: 2007-12-23 10:58:57 +0000 (Sun, 23 Dec 2007)
New Revision: 7700
Modified:
data/CVE/list
data/DSA/list
data/embedded-code-copies
Log:
clamav DSA
asterisk issue postponed
one cups issue still affects sarge, though not really severe
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-12-22 21:14:16 UTC (rev 7699)
+++ data/CVE/list 2007-12-23 10:58:57 UTC (rev 7700)
@@ -185,6 +185,8 @@
RESERVED
CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before
1.4.16, and ...)
- asterisk <unfixed> (low; bug #457063)
+ [etch] - asterisk <no-dsa> (Minor issue, eventually fix in a later DSA)
+ [sarge] - asterisk <not-affected> (Vulnerable code not present)
CVE-2007-6429
RESERVED
CVE-2007-6428
@@ -413,9 +415,11 @@
CVE-2007-6336 (Off-by-one error in ClamAV before 0.92 allows remote attackers
to ...)
{DTSA-101-1}
- clamav 0.92~dfsg-1~volatile2
+ [sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6335 (Integer overflow in libclamav in ClamAV before 0.92 allows
remote ...)
{DTSA-101-1}
- clamav 0.92~dfsg-1~volatile2
+ [sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products
and ...)
NOT-FOR-US: Ingres on Windows
CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as
...)
@@ -1620,7 +1624,9 @@
- cupsys <unfixed> (medium; bug #457453)
[sarge] - cupsys <not-affected> (Vulnerable code not present)
CVE-2007-5848 (Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local
admin ...)
- - cupsys <not-affected> (Mac driver specific problem)
+ - cupsys 1.2.0
+ NOTE: This only affects the Cups 1.1 series
+ [sarge] - cupsys <no-dsa> (Minor issue, may only lead to an infinite
loop)
CVE-2007-5847 (Race condition in the CFURLWriteDataAndPropertiesToResource API
in ...)
NOT-FOR-US: Core Foundation (Apple Mac OS X)
CVE-2007-5846 (The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows
remote ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2007-12-22 21:14:16 UTC (rev 7699)
+++ data/DSA/list 2007-12-23 10:58:57 UTC (rev 7700)
@@ -3,6 +3,9 @@
[etch] - linux-2.6 2.6.18.dfsg.1-13etch6
[etch] - fai-kernels 1.17+etch.13etch6
[etch] - user-mode-linux 2.6.18-1um-2etch.13etch6
+[19 Dec 2007] DSA-1435-1 clamav
+ {CVE-2007-6335 CVE-2007-6336}
+ [etch] - clamav 0.90.1-3etch8
[16 Dec 2007] DSA-1434-1 mydns - denial of service
{CVE-2007-2362}
[etch] - mydns 1:1.1.0-7etch1
Modified: data/embedded-code-copies
==================================================================---
data/embedded-code-copies 2007-12-22 21:14:16 UTC (rev 7699)
+++ data/embedded-code-copies 2007-12-23 10:58:57 UTC (rev 7700)
@@ -43,7 +43,7 @@
silc-client (uses libsilc and libsilcclient)
dietlibc:
-ccontrol (links statically)
+ccontrol (linked statically until 0.9.1+20071204-1, affects Etch only)
libiax:
iaxmodem