stef-guest at alioth.debian.org
2007-Jun-02 08:38 UTC
[Secure-testing-commits] r5969 - data/CVE
Author: stef-guest Date: 2007-06-02 08:38:18 +0000 (Sat, 02 Jun 2007) New Revision: 5969 Modified: data/CVE/list Log: - we have knowledgetree in unstable - remove clamav duplicate Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-06-02 08:20:16 UTC (rev 5968) +++ data/CVE/list 2007-06-02 08:38:18 UTC (rev 5969) @@ -250,7 +250,8 @@ CVE-2007-2850 (The Session Reliability Service (XTE) in Citrix MetaFrame Presentation ...) NOT-FOR-US: Citrix CVE-2007-2849 (KnowledgeTree Document Management (aka KnowledgeTree Open Source) ...) - NOT-FOR-US: KnowledgeTree + - knowledgetree <unfixed> + TODO: file bug CVE-2007-2848 (Stack-based buffer overflow in the SetPath function in the shComboBox ...) NOT-FOR-US: Sky Software CVE-2007-2847 (Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in ...) @@ -1887,10 +1888,6 @@ - mixmaster 3.0b2-5 (low; bug #418662) [etch] - mixmaster 3.0b2-4.etch1 [sarge] - mixmaster <not-affected> (Code generation in Sarge pads over this) -CVE-2007-XXXX [unspecified vulnerability in Clamav''s PDF parser] - - clamav 0.90.2-1 (unimportant; bug #418849) - NOTE: closed report: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=459 - NOTE: Commit r3021 looks as if it''s just a null pointer dereference. CVE-2007-XXXX [heap-based buffer overflow in git-blame with long file names] - git-core 1.5.1.2-1 (low) NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb
Florian Weimer
2007-Jun-02 09:46 UTC
[Secure-testing-team] [Secure-testing-commits] r5969 - data/CVE
> CVE-2007-2849 (KnowledgeTree Document Management (aka KnowledgeTree Open Source) ...) > - NOT-FOR-US: KnowledgeTree > + - knowledgetree <unfixed> > + TODO: file bugOops. Does it have Active Directory support? Or should the advisory actually read "LDAP" instead?
Stefan Fritsch
2007-Jun-02 16:09 UTC
[Secure-testing-team] [Secure-testing-commits] r5969 - data/CVE
On Samstag, 2. Juni 2007, Florian Weimer wrote:> > CVE-2007-2849 (KnowledgeTree Document Management (aka > > KnowledgeTree Open Source) ...) - NOT-FOR-US: KnowledgeTree > > + - knowledgetree <unfixed> > > + TODO: file bug > > Oops. Does it have Active Directory support? Or should the > advisory actually read "LDAP" instead?I suspect the latter, but I don''t really know. I don''t think it''s that important since the package is only in unstable and more or less orphaned ATM, anyway. Stefan
Moritz Muehlenhoff
2007-Jun-03 16:30 UTC
[Secure-testing-team] [Secure-testing-commits] r5969 - data/CVE
On Sat, Jun 02, 2007 at 06:09:37PM +0200, Stefan Fritsch wrote:> On Samstag, 2. Juni 2007, Florian Weimer wrote: > > > CVE-2007-2849 (KnowledgeTree Document Management (aka > > > KnowledgeTree Open Source) ...) - NOT-FOR-US: KnowledgeTree > > > + - knowledgetree <unfixed> > > > + TODO: file bug > > > > Oops. Does it have Active Directory support? Or should the > > advisory actually read "LDAP" instead? > > I suspect the latter, but I don''t really know. I don''t think it''s > that important since the package is only in unstable and more or less > orphaned ATM, anyway.I''ve filed a removal bug. Cheers, Moritz