thijs at alioth.debian.org
2008-Jan-14 20:55 UTC
[Secure-testing-commits] r7921 - data/CVE
Author: thijs Date: 2008-01-14 20:55:01 +0000 (Mon, 14 Jan 2008) New Revision: 7921 Modified: data/CVE/list Log: eliminate 3 TEMP issues that have CVE''s Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-01-14 20:17:21 UTC (rev 7920) +++ data/CVE/list 2008-01-14 20:55:01 UTC (rev 7921) @@ -8804,7 +8804,7 @@ CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web root with ...) NOT-FOR-US: Liesbeth CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 ...) - - moodle 1.8.2-1 (low) + - moodle 1.8.2-1 (low; bug #432264) CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control ...) NOT-FOR-US: HP CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web Server ...) @@ -8931,8 +8931,6 @@ - matrixssl 1.1-1 CVE-1999-1591 (Microsoft Internet Information Services (IIS) server 4.0 SP4, without ...) NOT-FOR-US: Microsoft IIS -CVE-2007-XXXX [moodle several XSS] - - moodle 1.8.2-1 (bug #432264) CVE-2007-3514 (Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows ...) NOT-FOR-US: Apple Safari CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the Linux ...) @@ -9094,6 +9092,7 @@ - firebird1.5 <not-affected> (fixed before rename to firebird1.5) - firebird2 1.5.3.4870-4 (low; bug #362001) - firebird2.0 <not-affected> (fixed in 2.0) + [sarge] - firebird2 <no-dsa> (Minor issue) CVE-2006-7210 (Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to ...) NOT-FOR-US: Windows CVE-2005-4848 (Buffer overflow in the decompression algorithm in Research in Motion ...) @@ -10270,10 +10269,6 @@ NOTE: This is not a vulnerability, but an additional precaution function for NOTE: a development framework. If someone wants to have this updated in Etch, this NOTE: needs to go through a point update -CVE-2007-XXXX [dar choosing weak IV when encrypting] - - dar 2.3.3-1 (bug #425335; low) - [sarge] - dar <no-dsa> (minor issue) - [etch] - dar <no-dsa> (minor issue) CVE-2006-XXXX [Owl Intranet Engine multiple cross-site scripting, SQL-injection] - owl-dms 0.94-1 (medium; bug #416296) CVE-2007-2967 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...) @@ -29865,9 +29860,6 @@ NOT-FOR-US: VMware CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like ...) - slash <not-affected> (Vulnerable code introduced in 2002, while Debian''s is older!, see #390469) -CVE-2006-XXXX [firebird local DoS] - - firebird2 1.5.3.4870-4 (bug #362001) - [sarge] - firebird2 <no-dsa> (Minor issue) CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows ...) {DSA-1036-1} - bsdgames 2.17-7 (bug #360989)