thr3ads.net - Secure testing commits - [Secure-testing-commits] r8284

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Mar-06 21:14 UTC
[Secure-testing-commits] r8284 - data/CVE

Author: joeyh
Date: 2008-03-06 21:14:09 +0000 (Thu, 06 Mar 2008)
New Revision: 8284

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-03-06 19:06:39 UTC (rev 8283)
+++ data/CVE/list	2008-03-06 21:14:09 UTC (rev 8284)
@@ -166,6 +166,7 @@
 	NOT-FOR-US: nukestyles.com addon for PHP-Nuke
 CVE-2008-1111 [lighttpd sends cgi source if it fails to fork the cgi handler]
 	RESERVED
+	{DSA-1513-1}
 	- lighttpd <unfixed> (low; bug #469307)
 CVE-2008-1142 [insecure default behaviour in rxvt for handling DISPLAY
variable]
 	- rxvt <unfixed> (unimportant; bug #469296)
@@ -1607,7 +1608,7 @@
 	{DSA-1510-1}
 	- ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190)
 CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel
2.4.21 ...)
-	{DSA-1504-1 DSA-1503-1}
+	{DSA-1503-2 DSA-1504-1 DSA-1503-1}
 	- linux-2.6 <unfixed>
 CVE-2008-XXXX [openssh local users may hijack forwarded X connections]
 	- openssh <unfixed> (bug #463011)
@@ -3638,7 +3639,7 @@
 	{DSA-1476-1}
 	- pulseaudio 0.9.9-1
 CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that
...)
-	{DSA-1504-1 DSA-1503-1}
+	{DSA-1503-2 DSA-1504-1 DSA-1503-1}
 	- linux-2.6 2.6.24-4
 CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the
libfont ...)
 	{DSA-1466-2 DTSA-110-1}
@@ -3664,7 +3665,7 @@
 CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems,
does not ...)
 	- xen-3 3.1.2-1
 CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and
2.6.x ...)
-	{DSA-1504-1 DSA-1503-1 DSA-1436-1}
+	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
 	- linux-2.6 <unfixed>
 	NOTE: kernel-sec already tracks this
 CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS
sidebar ...)
@@ -3795,7 +3796,7 @@
 CVE-2007-6152
 	RESERVED
 CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23
allows ...)
-	{DSA-1504-1 DSA-1503-1 DSA-1479-1}
+	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1479-1}
 	- linux-2.6 2.6.23-2
 CVE-2007-6149 (Multiple integer overflows in the Edge server in Adobe Flash
Media ...)
 	NOT-FOR-US: Adobe Flash Media Server
@@ -3976,7 +3977,7 @@
 CVE-2007-6064
 	RESERVED
 CVE-2007-6063 (Buffer overflow in the isdn_net_setcfg function in isdn_net.c in
Linux ...)
-	{DSA-1504-1 DSA-1503-1 DSA-1436-1}
+	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
 	- linux-2.6 2.6.23-2
 	NOTE: kernel-sec is aware of this
 CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to
cause ...)
@@ -6797,7 +6798,7 @@
 CVE-2004-2732 (nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain
...)
 	NOT-FOR-US: Netbilling
 CVE-2004-2731 (Multiple integer overflows in Sbus PROM driver ...)
-	{DSA-1503-1}
+	{DSA-1503-2 DSA-1503-1}
 	- linux-2.6 2.6.18-1
 	NOTE: bufsize is unsigned since (at least) 2.6.18, might be fixed in prior
versions
 CVE-2004-2730 (Sysinternals PsTools before 2.05, including (1) PsExec before
1.54, ...)
@@ -7305,7 +7306,7 @@
 CVE-2007-5094 (Heap-based buffer overflow in iaspam.dll in the SMTP Server in
...)
 	NOT-FOR-US: Ipswitch IMail Server
 CVE-2007-5093 (The disconnect method in the Philips USB Webcam (pwc) driver in
Linux ...)
-	{DSA-1504-1 DSA-1503-1 DSA-1381-2}
+	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1381-2}
 	- linux-2.6 2.6.23-1
 CVE-2007-5092 (Directory traversal vulnerability in index.php in the Dance
Music ...)
 	NOT-FOR-US: phpNuke module
@@ -9204,14 +9205,14 @@
 CVE-2007-4312 (SQL injection vulnerability in index.php in Php Blue Dragon CMS
3.0.0 ...)
 	NOT-FOR-US: Php Blue Dragon CMS
 CVE-2007-4311 (The xfer_secondary_pool function in drivers/char/random.c in the
Linux ...)
-	{DSA-1503-1}
+	{DSA-1503-2 DSA-1503-1}
 	- linux-2.6 <not-affected> (buffer is local to the function that uses
sizeof on it)
 CVE-2007-4310 (The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows
...)
 	NOT-FOR-US: Solaris
 CVE-2007-4309 (IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote
...)
 	NOT-FOR-US: IBM Lotus Notes
 CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the
SCSI ...)
-	{DSA-1504-1 DSA-1503-1 DSA-1363-1}
+	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1}
 	- linux-2.6 2.6.22-4 (medium; bug #443694)
 CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in
Storesprite 7 ...)
 	NOT-FOR-US: Storesprite
@@ -10236,7 +10237,7 @@
 CVE-2007-3849 (Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced
...)
 	NOT-FOR-US: RedHat Advanced Intrusion Detection Environment
 CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to
send ...)
-	{DSA-1504-1 DSA-1503-1 DSA-1356-1}
+	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
 	- linux-2.6 2.6.22-4
 CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy)
in ...)
 	- apache2 2.2.6-1 (bug #441845; low)
@@ -13458,7 +13459,7 @@
 CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC
...)
 	NOT-FOR-US: VNC Viewer ActiveX control
 CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket
implementation in ...)
-	{DSA-1504-1 DSA-1503-1 DSA-1356-1}
+	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
 	- linux-2.6 2.6.22-1
 	NOTE: Fixed in commit 202a03acf9994076055df40ae093a5c5474ad0bd in
 	NOTE: Linus'' tree.
@@ -14291,7 +14292,7 @@
 CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and
(2) ...)
 	NOT-FOR-US: Gentoo''s packaging of courier
 CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before
2.4.35 ...)
-	{DSA-1504-1 DSA-1503-1 DSA-1363-1 DSA-1356-1}
+	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1 DSA-1356-1}
 	- linux-2.6 2.6.21-1 (medium)
 CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in
...)
 	NOT-FOR-US: Novell GroupWise
@@ -15657,7 +15658,7 @@
 CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator
(VVR) ...)
 	NOT-FOR-US: Symantec
 CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
-	{DSA-1503-1 DSA-1304 DSA-1286-1}
+	{DSA-1503-2 DSA-1503-1 DSA-1304 DSA-1286-1}
 	- linux-2.6 2.6.20-1 (medium)
 CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus
...)
 	NOT-FOR-US: Trend Micro
@@ -16290,7 +16291,7 @@
 CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in
JMX ...)
 	NOT-FOR-US: JBoss Application Server
 CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support
in the ...)
-	{DSA-1504-1 DSA-1503-1 DSA-1356-1}
+	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
 	- linux-2.6 2.6.22-1 (low)
 CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org
libXfont ...)
 	{DSA-1294-1}
@@ -21869,7 +21870,7 @@
 	- dbus 1.0.2-1 (low)
 	[sarge] - dbus <no-dsa> (Minor issue)
 CVE-2006-6106 (Multiple buffer overflows in the cmtp_recv_interopmsg function
in the ...)
-	{DSA-1503-1 DSA-1304}
+	{DSA-1503-2 DSA-1503-1 DSA-1304}
 	- linux-2.6 2.6.18.dfsg.1-9
 CVE-2006-6105 (Format string vulnerability in the host chooser window
(gdmchooser) in ...)
 	- gdm 2.16.4-1 (medium; bug #403219)
@@ -21994,11 +21995,11 @@
 CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link
...)
 	NOT-FOR-US: D-Link
 CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local
users to ...)
-	{DSA-1504-1 DSA-1503-1}
+	{DSA-1503-2 DSA-1504-1 DSA-1503-1}
 	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
 	NOTE: Mounting filesystem partitions should be limited to root
 CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local
users ...)
-	{DSA-1503-1 DSA-1304}
+	{DSA-1503-2 DSA-1503-1 DSA-1304}
 	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
 	NOTE: Mounting filesystem partitions should be limited to root
 CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error
messages ...)
@@ -22488,7 +22489,7 @@
 	- kfreebsd-5 <unfixed>
 	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
 CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local
users to ...)
-	{DSA-1504-1 DSA-1503-1}
+	{DSA-1503-2 DSA-1504-1 DSA-1503-1}
 	- linux-2.6 2.6.18.dfsg.1-10 (low)
 CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon
(bpcd.exe) in ...)
 	NOT-FOR-US: Symantec Veritas NetBackup
@@ -22645,7 +22646,7 @@
 	{DSA-1304}
 	- linux-2.6 <not-affected> (Fixed before initial upload; 2.6.10)
 CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux
...)
-	{DSA-1503-1 DSA-1356-1 DSA-1304}
+	{DSA-1503-2 DSA-1503-1 DSA-1356-1 DSA-1304}
 	- linux-2.6 2.6.20-1
 CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the
...)
 	- apache2 2.2.4-2 (low)
@@ -24696,7 +24697,7 @@
 CVE-2006-4815
 	RESERVED
 CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does
not ...)
-	{DSA-1503-1 DSA-1304}
+	{DSA-1503-2 DSA-1503-1 DSA-1304}
 	- linux-2.6 2.6.18.dfsg.1-9 (low)
 	- kernel-patch-openvz 028.18.1
 CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux
kernel ...)
Secure testing commits - Mar 2008 - r8284 - data/CVE

[Secure-testing-commits] r8284 - data/CVE
