diff options
| author | Thijs Kinkhorst <thijs@debian.org> | 2007-08-28 21:45:54 +0000 |
|---|---|---|
| committer | Thijs Kinkhorst <thijs@debian.org> | 2007-08-28 21:45:54 +0000 |
| commit | edd4d77e2cae5ddbb266fb3dfde0c7207337ef4f (patch) | |
| tree | 63fc41dee6e8933739944a23b392708231ff1b2c | |
| parent | 08f012bc9e9a62a05917915a1eb778b9e78c9be1 (diff) | |
cveify id3lib3.8.3 issue
asterisk issue low priority
link existing bug to nvidia driver issue
some nfu's
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6422 e39458fd-73e7-0310-bf30-c45bca0a0e42
| -rw-r--r-- | data/CVE/list | 19 | ||||
| -rw-r--r-- | doc/how-to-DTSA | 2 | ||||
| -rw-r--r-- | doc/narrative_introduction | 2 |
3 files changed, 11 insertions, 12 deletions
diff --git a/data/CVE/list b/data/CVE/list index e4c2afa107..64e0d2e245 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,11 +1,11 @@ CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows ...) TODO: check CVE-2007-4579 (Heap-based buffer overflow in Microsoft MSN Messenger 7.x and Live ...) - TODO: check + NOT-FOR-US: MSN CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows ...) - TODO: check + NOT-FOR-US: Sophos CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...) - TODO: check + NOT-FOR-US: Sophos CVE-2007-4576 RESERVED TODO: check @@ -127,7 +127,8 @@ CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe Websi CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 ...) TODO: check CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an ...) - TODO: check + - asterisk <unfixed> (low) + NOTE: Patch: http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.html CVE-2007-4520 RESERVED TODO: check @@ -183,7 +184,7 @@ CVE-2007-4500 (Unspecified vulnerability in TunnelRunner in SSHKeychain before 0 CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American ...) TODO: check CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...) - TODO: check + NOT-FOR-US: Grandstream SIP Phone CVE-2007-4497 RESERVED TODO: check @@ -227,7 +228,7 @@ CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in Search CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) TODO: check CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...) - TODO: check + NOT-FOR-US: Planet VC-200M VDSL2 router CVE-2007-4476 RESERVED TODO: check @@ -279,7 +280,7 @@ CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote . - nufw 2.2.4-1 (bug #439227) [etch] - nufw <not-affected> CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) ...) - - id3lib3.8.3 3.8.3-7 (bug #438540) + - id3lib3.8.3 3.8.3-7 (low; bug #438540) CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP ...) NOT-FOR-US: Cisco IP Phone CVE-2007-4458 (PHP remote file inclusion vulnerability in ...) @@ -480,8 +481,6 @@ CVE-2007-XXXX [clamav floating point exception in OLE2 scanner DoS] CVE-2007-XXXX [pam usb wrongly allows authentication without password in ssh sessions] - libpam-usb 0.4.1-1 (medium) NOTE: see http://sourceforge.net/mailarchive/forum.php?thread_name=7D75703BC8E1C149BF78A1E79AAAB169B8A2E4%40svits28.main.ad.rit.edu&forum_name=pamusb-devel -CVE-2007-XXXX [id3lib insecure tempfile creation] - - id3lib3.8.3 3.8.3-7 (low; bug #438540) CVE-2007-XXXX [lwat sometimes logs passwords in access.log] - lwat 0.15-2 (low) CVE-2007-4371 (Unrestricted file upload vulnerability in admin/pages/blog-add.php in ...) @@ -2310,7 +2309,7 @@ CVE-2007-3534 (SQL injection vulnerability in login.php in WebChat 0.78 allows r CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote ...) NOT-FOR-US: 3Com CVE-2007-3532 (NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and ...) - TODO: check + - nvidia-kernel-common <unfixed> (bug #434398) CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...) TODO: check CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and ...) diff --git a/doc/how-to-DTSA b/doc/how-to-DTSA index e63ff5237b..e7d8a5128a 100644 --- a/doc/how-to-DTSA +++ b/doc/how-to-DTSA @@ -51,7 +51,7 @@ A summary which buildlogs have arrived for which packages is at [2]. Some time after the buildd has received the signed .changes, it will upload the packages to klecker to /org/security.debian.org/queue/unembargoed/. "dak queue-report" gives -an overview, what packges have arrived in the queue. +an overview, what packages have arrived in the queue. If a buildd has problems: A list with the admins is at [3]. diff --git a/doc/narrative_introduction b/doc/narrative_introduction index b57ad50a05..52fb853c69 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -109,7 +109,7 @@ issues. Issues Not-For-Us (NFU) ----------------------- -Processing your claimed entires is done by first seeing if the issue +Processing your claimed entries is done by first seeing if the issue is related to any software packaged in Debian, if it isn't a package in Debian and has no ITP then you note that in the file, for example: |