diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2007-07-03 21:16:33 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2007-07-03 21:16:33 +0000 |
| commit | 06ed8b09caea6afbe5753133311cb9070715386c (patch) | |
| tree | c3c50ef3b329a8b8b132e2f866aea06a5f75e38f | |
| parent | 4da183444280158f17a9a2cb5e57c3d7b878a703 (diff) | |
add two CVEs to previous icefoo DSAs, which were missed back then
remove hiki dupe
non-free no-dsa as usual
no-dsa for obscure, minor subversion issue
no-dsa for minor icefoo issue
NFUs
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6091 e39458fd-73e7-0310-bf30-c45bca0a0e42
| -rw-r--r-- | data/CVE/2001.list | 2 | ||||
| -rw-r--r-- | data/CVE/2003.list | 2 | ||||
| -rw-r--r-- | data/CVE/2006.list | 2 | ||||
| -rw-r--r-- | data/CVE/2007.list | 31 | ||||
| -rw-r--r-- | data/DSA/list | 4 |
5 files changed, 21 insertions, 20 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list index b27c8b7a2e..0f59d0c8d5 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -1,5 +1,5 @@ CVE-2001-1581 (The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows ...) - TODO: check + NOT-FOR-US: MAILsweeper CVE-2001-XXXX [crypt++ passes passwords through the command line] - crypt++el 2.91-2.1 (bug #105562; low) CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local] diff --git a/data/CVE/2003.list b/data/CVE/2003.list index e6d21456ac..3ff2770a21 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -3,7 +3,7 @@ CVE-2003-1332 (Stack-based buffer overflow in the reply_nttrans function in Samb CVE-2003-1331 (Stack-based buffer overflow in the mysql_real_connect function in the ...) TODO: check CVE-2003-1330 (Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on ...) - TODO: check + NOT-FOR-US: MAILsweeper CVE-2003-1329 (ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only ...) - wu-ftpd 2.6.2-4 CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and ...) diff --git a/data/CVE/2006.list b/data/CVE/2006.list index e409ca39a1..57b21a9dde 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -15,7 +15,7 @@ CVE-2006-7208 (PHP remote file inclusion vulnerability in download.php in the Ad CVE-2006-7207 (Buffer overflow in ageet AGEphone before 1.4.0 might allow remote ...) NOT-FOR-US: AGEphone CVE-2006-7206 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2006-XXXX [Owl Intranet Engine multiple cross-site scripting, SQL-injection] - owl-dms 0.94-1 (medium; bug #416296) CVE-2006-7205 (The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...) diff --git a/data/CVE/2007.list b/data/CVE/2007.list index b275ce3594..245c5b17f2 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -155,7 +155,7 @@ CVE-2007-3438 (Buffer overflow in the SIP header parsing module in the Nortel PC CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote ...) TODO: check CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a certain ...) TODO: check CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attackers to ...) @@ -215,7 +215,7 @@ CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to ...) NOT-FOR-US: Simple HTTPD CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft Internet ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2007-3405 (Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp ...) NOT-FOR-US: Lebisoft zdefter CVE-2007-3404 (Directory traversal vulnerability in ShowImage.php in SiteDepth CMS ...) @@ -238,8 +238,7 @@ CVE-2007-3396 (Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus NOT-FOR-US: KeyFocus CVE-2007-3395 REJECTED - - hiki 0.8.7-1 (bug #430691; medium) - NOTE: Duplicate of CVE-2007-2836 + NOTE: Duplicate of CVE-2007-2836 (hiki, bu# 430691) CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote ...) NOT-FOR-US: eNdonesia CVE-2007-3388 @@ -462,7 +461,7 @@ CVE-2007-3298 (SQL injection vulnerability in Spey before 0.4.1 allows remote .. CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow ...) NOT-FOR-US: Musoo CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web ...) - TODO: check + NOT-FOR-US: Web Thunderbolt CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...) NOT-FOR-US: YaBB CVE-2007-3294 (Multiple buffer overflows in the Tidy extension for PHP 5.2.3 allow ...) @@ -494,7 +493,7 @@ CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows a CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root ...) - xscreensaver <not-affected> (Not a security issue: works as documented) CVE-2007-3282 (Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting ...) NOT-FOR-US: Php Hosting Biller CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements ...) @@ -839,7 +838,6 @@ CVE-2007-3126 (Gimp 2.3.14 allows context-dependent attackers to cause a denial - gimp <unfixed> (unimportant) CVE-2007-3125 REJECTED - NOTE: Duplicate of CVE-2006-6772 CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in ...) NOT-FOR-US: FreeVMS CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...) @@ -973,8 +971,7 @@ CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to re CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and ...) TODO: check CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...) - - iceweasel <not-affected> - NOTE: Windows only + - iceweasel <not-affected> (Only affects Windows versions of Firefox) CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX ...) NOT-FOR-US: eSellerate CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in BDigital Web ...) @@ -1110,11 +1107,11 @@ CVE-2007-3007 (PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted ...) NOT-FOR-US: Acoustica MP3 CD Burner CVE-2007-3005 (Unspecified vulnerability in the Sun Java Runtime Environment in JDK ...) - [etch] - sun-java <no-dsa> (Non-free not supported) + [etch] - sun-java5 <no-dsa> (Non-free not supported) - sun-java5 1.5.0-11-1 (low) - sun-java6 <unfixed> (low) CVE-2007-3004 (Buffer overflow in the image parsing implementation in the Sun Java ...) - [etch] - sun-java <no-dsa> (Non-free not supported) + [etch] - sun-java5 <no-dsa> (Non-free not supported) - sun-java5 1.5.0-11-1 (medium) - sun-java6 <unfixed> (medium) CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier ...) @@ -1284,9 +1281,9 @@ CVE-2007-2926 CVE-2007-2925 RESERVED CVE-2007-2924 (Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX ...) - TODO: check + NOT-FOR-US: RealNetworks GameHouse CVE-2007-2923 (The launch method in the LocalExec ActiveX control (LocalExec.ocx) in ...) - TODO: check + NOT-FOR-US: LocalExec ActiveX control CVE-2007-2922 RESERVED CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx ...) @@ -2348,6 +2345,8 @@ CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JS - tomcat5.5 <unfixed> (low) CVE-2007-2448 (Subversion 1.4.3 and earlier does not properly implement the "partial ...) - subversion 1.4.4dfsg1-1 (bug #428194; low) + [etch] - subversion <no-dsa> (Minor issue) + [sarge] - subversion <no-dsa> (Minor issue) CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 ...) {DSA-1291-2 DTSA-41-1} - samba 3.0.25-1 (high) @@ -3778,7 +3777,7 @@ CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft Gallery CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and ...) NOT-FOR-US: debaser module for Xoops CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service ...) - - pulseaudio 0.9.6-1 (medium) + - pulseaudio 0.9.6-1 (low) CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote ...) NOT-FOR-US: MailDwarf CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...) @@ -5396,7 +5395,7 @@ CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles funct CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart ...) NOT-FOR-US: VirtueMart CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload ...) - - iceweasel <unfixed> (medium) + - iceweasel <unfixed> (low) CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...) NOT-FOR-US: Microsoft IE CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ...) @@ -5605,7 +5604,9 @@ CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing - iceweasel <unfixed> (low) [etch] - iceweasel <no-dsa> (Minor issue) - iceape <unfixed> (low) + [etch] - iceape <no-dsa> (Minor issue) - xulrunner <unfixed> (low) + [etch] - xulrunner <no-dsa> (Minor issue) NOTE: maintainer notes that this may affect browsers based on xulrunner CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList ...) {DSA-1294-1} diff --git a/data/DSA/list b/data/DSA/list index 7476741111..2625dd1d41 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -67,14 +67,14 @@ {CVE-2007-2138} [etch] - postgresql-8.1 8.1.9-0etch1 [14 Jun 2007] DSA-1308-1 iceweasel - several vulnerabilities - {CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871} + {CVE-2007-1116 CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871} [etch] - iceweasel 2.0.0.4-0etch1 [12 Jun 2007] DSA-1307-1 openoffice.org - heap overflow {CVE-2007-0245} [sarge] - openoffice.org 1.1.3-9sarge7 [etch] - openoffice.org 2.0.4.dfsg.2-7etch1 [12 Jun 2007] DSA-1306-1 xulrunner - {CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871} + {CVE-2007-1116 CVE-2007-1362 CVE-2007-2867 CVE-2007-2868 CVE-2007-2869 CVE-2007-2870 CVE-2007-2871} [etch] - xulrunner 1.8.0.12-0etch1 [13 Jun 2007] DSA-1305-1 icedove - several vulnerabilities {CVE-2007-1558 CVE-2007-2867 CVE-2007-2868} |