jmm-guest at alioth.debian.org
2008-Jul-23 20:24 UTC
[Secure-testing-commits] r9401 - data/CVE
Author: jmm-guest
Date: 2008-07-23 20:24:36 +0000 (Wed, 23 Jul 2008)
New Revision: 9401
Modified:
data/CVE/list
Log:
iceape fixed
bluez-utils fixed
slightly rewrite bugzilla entries
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-07-23 20:07:42 UTC (rev 9400)
+++ data/CVE/list 2008-07-23 20:24:36 UTC (rev 9401)
@@ -989,7 +989,7 @@
CVE-2008-2785 (Unspecified vulnerability in Firefox 3.0 and 2.0.x has unknown
impact ...)
- iceweasel 3.0 (medium; bug #488358)
- icedove <unfixed>
- - iceape <unfixed> (bug #491163)
+ - iceape 1.1.11-1 (bug #491163)
- xulrunner 1.9.0.1-1 (bug #491161)
NOTE: Since 3.0 iceweasel links against xulrunner, marking it as fixed, since
also need to track etch
NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
@@ -1871,7 +1871,7 @@
- vsftpd <not-affected> (debian versions all include the fix)
CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs
before ...)
- bluez-libs <unfixed> (low)
- - bluez-utils <unfixed> (low)
+ - bluez-utils 3.34 (low)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
CVE-2008-2373
RESERVED
@@ -12378,8 +12378,7 @@
CVE-2007-5039 (Ghost Security Suite beta 1.110 does not properly validate
certain ...)
NOT-FOR-US: Ghost Security Suite
CVE-2007-5038 (The offer_account_by_email function in User.pm in the WebService
for ...)
- - bugzilla <not-affected> (Vulnerable code not present in the version we
ship)
- TODO: check when newer upstream version enters the pool (> 2.22.1-2.2)
+ - bugzilla <not-affected> (Affected versions were never present in the
archive)
CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in ...)
{DSA-1440-1}
- inotify-tools 3.11-1 (medium; bug #443913)
@@ -13630,9 +13629,9 @@
CVE-2007-4540 (Multiple SQL injection vulnerabilities in download.php in Olate
...)
NOT-FOR-US: Olate Download
CVE-2007-4539 (The WebService (XML-RPC) interface in Bugzilla 2.23.3 through
3.0.0 ...)
- - bugzilla <not-affected> (source code is too old to inlude this
vulnerability)
+ - bugzilla <not-affected> (Affected versions were never present in the
archive)
CVE-2007-4538 (email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote
attackers ...)
- - bugzilla <not-affected> (source code is too old to inlude this
vulnerability)
+ - bugzilla <not-affected> (Affected versions were never present in the
archive)
CVE-2007-4537 (Heap-based buffer overflow in the Huffman decompression
algorithm ...)
NOT-FOR-US: Skulltag
CVE-2007-4536 (TorrentTrader 1.07 and earlier sets insecure permissions for
files in ...)
@@ -16943,7 +16942,6 @@
NOTE: Given the state of Linux'' NTFS support it seems highly unlikely
NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based
NOTE: web server with NTFS
- TODO: Check, whether NTFS on Linux is affected at all, I doubt so
CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX
...)
NOT-FOR-US: Internet Download Accelerator
CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted,
remote ...)