jmm-guest at alioth.debian.org
2007-Dec-27 17:55 UTC
[Secure-testing-commits] r7736 - data/CVE
Author: jmm-guest Date: 2007-12-27 17:55:18 +0000 (Thu, 27 Dec 2007) New Revision: 7736 Modified: data/CVE/list Log: - knowledgeroot issue should rather be fixed in thr httpd instead of worked around - ardour from sarge and etch doesn''t include libsndfile yet Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-12-27 16:57:43 UTC (rev 7735) +++ data/CVE/list 2007-12-27 17:55:18 UTC (rev 7736) @@ -4201,8 +4201,10 @@ CVE-2007-5157 (PHP remote file inclusion vulnerability in phfito-post.php in Alex ...) NOT-FOR-US: PHP Fidonet Tosser CVE-2007-5156 (Incomplete blacklist vulnerability in ...) - - knowledgeroot 0.9.8.4-1.1 (medium; bug #444928) - - moin 1.5.8-4.1 + - knowledgeroot 0.9.8.4-1.1 (unimportant; bug #444928) + - moin 1.5.8-4.1 (unimportant) + NOTE: This problem should rather be addressed by proper httpd config + NOTE: The change only adds a workaround for insecure configs - karrigell <not-affected> (Does not include vulnerable php code) - gforge 4.6.99+svn6169-1 (low; bug #447590) [etch] - gforge <not-affected> (fckeditor is not shipped in these versions) @@ -4641,6 +4643,8 @@ CVE-2007-4974 (Heap-based buffer overflow in the flac_buffer_copy function in ...) - libsndfile 1.0.17-4 (bug #443386; medium) - ardour 1:2.1-1.1 (medium; bug #445889) + [sarge] - ardour <not-affected> (Vulnerable code not present) + [etch] - ardour <not-affected> (Vulnerable code not present) CVE-2007-4973 RESERVED CVE-2007-4972 (RegMon 7.04 does not properly validate certain parameters to System ...) @@ -4942,7 +4946,7 @@ NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=394974 CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...) - glibc 2.7-1 (unimportant) - NOTE: Only triggerable by malicious script + NOTE: Original PHP issue only triggerable by malicious script CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...) NOT-FOR-US: IBM WebSphere CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier ...)