jmm-guest at alioth.debian.org
2008-Jan-05 00:59 UTC
[Secure-testing-commits] r7833 - data/CVE
Author: jmm-guest Date: 2008-01-05 00:59:57 +0000 (Sat, 05 Jan 2008) New Revision: 7833 Modified: data/CVE/list Log: stable fixes should only be marked as fixed when the point update has been released flash not supported one vlc issue unimportant Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-01-05 00:59:43 UTC (rev 7832) +++ data/CVE/list 2008-01-05 00:59:57 UTC (rev 7833) @@ -182,6 +182,8 @@ NOT-FOR-US: March Networks CVE-2007-6637 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash ...) - flashplugin-nonfree <unfixed> (bug #459071) + [sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported) + [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported) NOTE: http://www.adobe.com/support/security/advisories/apsa07-06.html CVE-2007-6636 (Unspecified vulnerability in the StorageFarabDb module in Bitflu ...) NOT-FOR-US: Bitflu @@ -351,7 +353,8 @@ - vlc <unfixed> (low; bug #458318) NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded CVE-2007-XXXX [vlc remote denial of service in rtsp module] - - vlc <unfixed> (low; bug #458318) + - vlc <unfixed> (unimportant; bug #458318) + NOTE: That''s hardly a security problem, just a bug CVE-2007-XXXX [vlc insecure handling of vlcopt] - vlc <unfixed> (medium; bug #458318) CVE-2007-6598 (Dovecot before 1.0.10, with certain configuration options including ...) @@ -1242,8 +1245,10 @@ NOT-FOR-US: Neocrome Seditio CMS CVE-2007-6211 (Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users ...) - sing 1.1-16 (low; bug #454167) - [etch] - sing 1.1-13etch1 - [sarge] - sing 1.1-9sarge1 + [etch] - sing <no-dsa> (Only exploitable in inherently broken setups) + [sarge] - sing <no-dsa> (Only exploitable in inherently broken setups) + TODO: r3 [etch] - sing 1.1-13etch1 + TODO: r3 [sarge] - sing 1.1-9sarge1 CVE-2007-6209 (Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary ...) - zsh 4.3.4-dev-3-2 (low; bug #454073) [etch] - zsh <no-dsa> (Minor issue)