[Secure-testing-commits] r7739 - data
Author: nion Date: 2007-12-28 14:23:22 + (Fri, 28 Dec 2007) New Revision: 7739 Modified: data/embedded-code-copies Log: use embed/static instead of static/dynamic Modified: data/embedded-code-copies === --- data/embedded-code-copies 2007-12-28 00:40:03 UTC (rev 7738) +++ data/embedded-code-copies 2007-12-28 14:23:22 UTC (rev 7739) @@ -11,7 +11,7 @@ NOTE: optional comments about the linkage of the embedding srcpkg status: version number fixing the embedded copy, unfixed, removed or unknown if the version number can not be determined -sort: static/dynamic +sort: static (linking statically against a lib), embed (embedding a copy of the library into another source package) xpdf (some srcpkgs use xpdf2 code, some xpdf3 code) - gpdf removed @@ -21,22 +21,22 @@ [sarge] - pdftohtml unfixed [etch] - pdftohtml unfixed NOTE: has been replaced by poppler-utils - - kdegraphics unfixed (static; bug #436164) + - kdegraphics unfixed (embed; bug #436164) NOTE: the kpdf replacement in KDE 4 is using poppler - - tetex-bin 3.0-12 (dynamic) + - tetex-bin 3.0-12 (embed) NOTE: links to poppler - - texlive-bin unknown (dynamic) + - texlive-bin unknown (embed) NOTE: links to poppler - - koffice unfixed (static; bug #436163) - - libextractor 0.5.12-1 (static) + - koffice unfixed (embed; bug #436163) + - libextractor 0.5.12-1 (embed) NOTE: libextractor is using its own pdf decoder - - libextractor 0.5.12-1 (dynamic) + - libextractor 0.5.12-1 (embed) NOTE: links to poppler - - pdfkit.framework 0.8-4 (dynamic) + - pdfkit.framework 0.8-4 (embed) NOTE: links to poppler - - ipe unfixed (static) + - ipe unfixed (embed) NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp - - ruby-gnome2 unknown (dynamic) + - ruby-gnome2 unknown (embed) NOTE: copy only present in source but links to poppler silc-toolkit: ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7740 - data
Author: nion Date: 2007-12-28 14:34:51 + (Fri, 28 Dec 2007) New Revision: 7740 Modified: data/embedded-code-copies Log: converting more items to the new format Modified: data/embedded-code-copies === --- data/embedded-code-copies 2007-12-28 14:23:22 UTC (rev 7739) +++ data/embedded-code-copies 2007-12-28 14:34:51 UTC (rev 7740) @@ -40,13 +40,13 @@ NOTE: copy only present in source but links to poppler silc-toolkit: -silc-client (uses libsilc and libsilcclient) + - silc-client 1.1~beta6-1 (embed) dietlibc: -ccontrol (linked statically until 0.9.1+20071204-1, affects Etch only) + - ccontrol 0.9.1+20071204-1 (static) libiax: -iaxmodem + - iaxmodem unfixed (embed) zlib code: (lots of apps embed a copy, but link dynamically, but there are a few exceptions) dpkg ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7739 failed
The error message was: data/packages/etch__main_mipsel_Packages:133270: expected package field Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7740 failed
The error message was: data/packages/etch__main_mipsel_Packages:133270: expected package field Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7741 - data/CVE
Author: micah Date: 2007-12-28 15:57:45 + (Fri, 28 Dec 2007) New Revision: 7741 Modified: data/CVE/list Log: severity of roundcube should probably be medium Modified: data/CVE/list === --- data/CVE/list 2007-12-28 14:34:51 UTC (rev 7740) +++ data/CVE/list 2007-12-28 15:57:45 UTC (rev 7741) @@ -591,7 +591,7 @@ - drupal5 5.5-1 - drupal 4.7.10-1 CVE-2007-6321 (Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, ...) - - roundcube unfixed (low; bug #455840) + - roundcube unfixed (medium; bug #455840) NOTE: http://seclists.org/bugtraq/2007/Dec/0107.html CVE-2007-6280 RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7740 failed
The error message was: data/packages/etch__main_mipsel_Packages:133270: expected package field Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7741 failed
The error message was: data/packages/etch__main_mipsel_Packages:133270: expected package field Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7743 - data
Author: jmm-guest Date: 2007-12-28 16:38:52 + (Fri, 28 Dec 2007) New Revision: 7743 Modified: data/embedded-code-copies Log: record fix for texlive simplify a bit Modified: data/embedded-code-copies === --- data/embedded-code-copies 2007-12-28 16:35:44 UTC (rev 7742) +++ data/embedded-code-copies 2007-12-28 16:38:52 UTC (rev 7743) @@ -14,6 +14,7 @@ sort: static (linking statically against a lib), embed (embedding a copy of the library into another source package) xpdf (some srcpkgs use xpdf2 code, some xpdf3 code) + NOTE: Fixed packages link to poppler library unless otherwise noted - gpdf removed [sarge] - gpdf unfixed NOTE: has been replaced by evince in etch @@ -24,16 +25,13 @@ - kdegraphics unfixed (embed; bug #436164) NOTE: the kpdf replacement in KDE 4 is using poppler - tetex-bin 3.0-12 (embed) + - texlive-bin 2007-1 (embed) NOTE: links to poppler - - texlive-bin unknown (embed) - NOTE: links to poppler - koffice unfixed (embed; bug #436163) - libextractor 0.5.12-1 (embed) - NOTE: libextractor is using its own pdf decoder + NOTE: libextractor is using its own pdf decoder now - libextractor 0.5.12-1 (embed) - NOTE: links to poppler - pdfkit.framework 0.8-4 (embed) - NOTE: links to poppler - ipe unfixed (embed) NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp - ruby-gnome2 unknown (embed) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7742 failed
The error message was: data/packages/etch__main_mipsel_Packages:133270: expected package field Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7742 - data/DSA
Author: jmm-guest
Date: 2007-12-28 16:35:44 + (Fri, 28 Dec 2007)
New Revision: 7742
Modified:
data/DSA/list
Log:
four new DSAs
Modified: data/DSA/list
===
--- data/DSA/list 2007-12-28 15:57:45 UTC (rev 7741)
+++ data/DSA/list 2007-12-28 16:35:44 UTC (rev 7742)
@@ -1,3 +1,16 @@
+[28 Dec 2007] DSA-1441-1 peercast
+ {CVE-2007-6454}
+ [etch] - peercast 0.1217.toots.20060314-1etch0
+[28 Dec 2007] DSA-1440-1 inotify-tools
+ {CVE-2007-5037}
+ [etch] - inotify-tools 3.3-2
+[28 Dec 2007] DSA-1439-1 typo3-src
+ {CVE-2007-6381}
+ [etch] - typo3-src 4.0.2+debian-4
+[28 Dec 2007] DSA-1438-1 tar
+ {CVE-2007-4131 CVE-2007-4476}
+ [etch] - tar 1.16-2etch1
+ [sarge] - tar 1.14-2.4
[26 Dec 2007] DSA-1437-1 cupsys
{CVE-2007-5849 CVE-2007-6358}
[etch] - cupsys 1.2.7-4etch2
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7743 failed
The error message was: data/packages/etch__main_mipsel_Packages:133270: expected package field Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7744 - in data: . CVE
Author: jmm-guest
Date: 2007-12-28 17:22:44 + (Fri, 28 Dec 2007)
New Revision: 7744
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- syslog dos does not affect Sarge
- sing candidate for stable update
Modified: data/CVE/list
===
--- data/CVE/list 2007-12-28 16:38:52 UTC (rev 7743)
+++ data/CVE/list 2007-12-28 17:22:44 UTC (rev 7744)
@@ -212,6 +212,7 @@
CVE-2007-6437 (Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8
allows ...)
{DTSA-105-1}
- syslog-ng 2.0.6-1 (low; bug #457334)
+ [sarge] - syslog-ng not-affected (Vulnerable code not present)
CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server,
and ...)
NOT-FOR-US: predating security tracker
CVE-2008-0030
Modified: data/spu-candidates.txt
===
--- data/spu-candidates.txt 2007-12-28 16:38:52 UTC (rev 7743)
+++ data/spu-candidates.txt 2007-12-28 17:22:44 UTC (rev 7744)
@@ -29,6 +29,11 @@
--
+sing (CVE-2007-6211)
+#454167
+
+--
+
tomboy (CVE-2005-4790)
--
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7743 failed
The error message was: data/packages/etch__main_mipsel_Packages:133270: expected package field Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7745 - data/CVE
Author: joeyh Date: 2007-12-28 21:14:13 + (Fri, 28 Dec 2007) New Revision: 7745 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2007-12-28 17:22:44 UTC (rev 7744) +++ data/CVE/list 2007-12-28 21:14:13 UTC (rev 7745) @@ -1,3 +1,83 @@ +CVE-2007-6564 (Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS ...) + TODO: check +CVE-2007-6563 (Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly ...) + TODO: check +CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in TCPreen ...) + TODO: check +CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow user-assisted ...) + TODO: check +CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in Logaholic allow ...) + TODO: check +CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic allow remote ...) + TODO: check +CVE-2007-6558 (TotalPlayer 3.0 allows user-assisted remote attackers to cause a ...) + TODO: check +CVE-2007-6557 (Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote ...) + TODO: check +CVE-2007-6556 (Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow ...) + TODO: check +CVE-2007-6555 (PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php ...) + TODO: check +CVE-2007-6554 (Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 ...) + TODO: check +CVE-2007-6553 (Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro ...) + TODO: check +CVE-2007-6552 (Directory traversal vulnerability in index.php in AuraCMS 2.2 allows ...) + TODO: check +CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4 ...) + TODO: check +CVE-2007-6550 (form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web ...) + TODO: check +CVE-2007-6549 (Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact ...) + TODO: check +CVE-2007-6548 (Multiple direct static code injection vulnerabilities in RunCMS before ...) + TODO: check +CVE-2007-6547 (RunCMS before 1.6.1 does not require entry of the old password during ...) + TODO: check +CVE-2007-6546 (RunCMS before 1.6.1 uses a predictable session id, which makes it ...) + TODO: check +CVE-2007-6545 (Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before ...) + TODO: check +CVE-2007-6544 (Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow ...) + TODO: check +CVE-2007-6543 (SQL injection vulnerability in suggest-link.php in eSyndiCat Link ...) + TODO: check +CVE-2007-6542 (PHP remote file inclusion vulnerability in admin/frontpage_right.php ...) + TODO: check +CVE-2007-6541 (Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 ...) + TODO: check +CVE-2007-6540 (SQL injection vulnerability in neuron news 1.0 allows remote attackers ...) + TODO: check +CVE-2007-6539 (PHP local file inclusion vulnerability in index.php in IDevspot ...) + TODO: check +CVE-2007-6538 (SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php ...) + TODO: check +CVE-2007-6537 (Stack-based buffer overflow in the zfile_gunzip function in zfile.c in ...) + TODO: check +CVE-2007-6536 (The Custom Button Installer dialog in Google Toolbar 4 and 5 beta ...) + TODO: check +CVE-2007-6535 (Buffer overflow in the YShortcut ActiveX control in YShortcut.dll ...) + TODO: check +CVE-2007-6534 (Multiple unspecified vulnerabilities in Microsoft Office Publisher ...) + TODO: check +CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows ...) + TODO: check +CVE-2007-6532 + RESERVED +CVE-2007-6531 + RESERVED +CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits Software ...) + TODO: check +CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have ...) + TODO: check +CVE-2007-6528 (Directory traversal vulnerability in tiki-listmovies.php in TikiWiki ...) + TODO: check +CVE-2007-6527 (uploadimg.php in the Automatic Image Upload with Thumbnails ...) + TODO: check +CVE-2007-6526 (Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in ...) + TODO: check +CVE-2007-6525 (Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) ...) + TODO: check CVE-2007-6524 (Opera before 9.25 allows remote attackers to obtain potentially ...) NOT-FOR-US: Opera CVE-2007-6523 (Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before ...) @@ -163,6 +243,7 @@ NOT-FOR-US: Mambo NOTE: Mambo is in experimental CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp ...) +
[Secure-testing-commits] Processing r7745 failed
The error message was: data/packages/etch__main_mipsel_Packages:133270: expected package field Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7745 failed
The error message was: Traceback (most recent call last): File bin/update-db, line 62, in ? db.readPackages(cursor, 'data/packages') File /home/secure-testing/production/lib/python/security_db.py, line 550, in readPackages self._readBinaryPackages(cursor, directory) File /home/secure-testing/production/lib/python/security_db.py, line 641, in _readBinaryPackages raise ValueError, (invalid architecture %s for package %s ValueError: invalid architecture mips for package 3270-common Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7746 - data/CVE
Author: micah
Date: 2007-12-28 23:43:55 + (Fri, 28 Dec 2007)
New Revision: 7746
Modified:
data/CVE/list
Log:
adjust typo3-src version number
Modified: data/CVE/list
===
--- data/CVE/list 2007-12-28 21:14:13 UTC (rev 7745)
+++ data/CVE/list 2007-12-28 23:43:55 UTC (rev 7746)
@@ -473,7 +473,7 @@
NOT-FOR-US: Robocode
CVE-2007-6381 (SQL injection vulnerability in the indexed_search system
extension in ...)
{DSA-1439-1}
- - typo3-src 4.1.4-1 (low; bug #457446)
+ - typo3-src 4.1.5-1 (low; bug #457446)
NOTE: you need to be a logged in backend user to exploit this
CVE-2007-6380 (Multiple SQL injection vulnerabilities in e-Xoops (exoops)
1.08, and ...)
NOT-FOR-US: e-Xoops
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7746 failed
The error message was: Traceback (most recent call last): File bin/update-db, line 62, in ? db.readPackages(cursor, 'data/packages') File /home/secure-testing/production/lib/python/security_db.py, line 550, in readPackages self._readBinaryPackages(cursor, directory) File /home/secure-testing/production/lib/python/security_db.py, line 641, in _readBinaryPackages raise ValueError, (invalid architecture %s for package %s ValueError: invalid architecture mips for package 3270-common Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7747 - data/CVE
Author: nion
Date: 2007-12-29 01:47:34 + (Sat, 29 Dec 2007)
New Revision: 7747
Modified:
data/CVE/list
Log:
add stable fix for typo3-src
Modified: data/CVE/list
===
--- data/CVE/list 2007-12-28 23:43:55 UTC (rev 7746)
+++ data/CVE/list 2007-12-29 01:47:34 UTC (rev 7747)
@@ -474,6 +474,7 @@
CVE-2007-6381 (SQL injection vulnerability in the indexed_search system
extension in ...)
{DSA-1439-1}
- typo3-src 4.1.5-1 (low; bug #457446)
+ [etch] - typo3-src 4.0.2+debian-4
NOTE: you need to be a logged in backend user to exploit this
CVE-2007-6380 (Multiple SQL injection vulnerabilities in e-Xoops (exoops)
1.08, and ...)
NOT-FOR-US: e-Xoops
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7748 - data/CVE
Author: jmm-guest
Date: 2007-12-29 01:59:51 + (Sat, 29 Dec 2007)
New Revision: 7748
Modified:
data/CVE/list
Log:
remove duplicated entry, the reason why the fix is not showing
up in the tracker is that the mips Packages file cannot
be parsed, Florian will re-fetch it.
Modified: data/CVE/list
===
--- data/CVE/list 2007-12-29 01:47:34 UTC (rev 7747)
+++ data/CVE/list 2007-12-29 01:59:51 UTC (rev 7748)
@@ -474,7 +474,6 @@
CVE-2007-6381 (SQL injection vulnerability in the indexed_search system
extension in ...)
{DSA-1439-1}
- typo3-src 4.1.5-1 (low; bug #457446)
- [etch] - typo3-src 4.0.2+debian-4
NOTE: you need to be a logged in backend user to exploit this
CVE-2007-6380 (Multiple SQL injection vulnerabilities in e-Xoops (exoops)
1.08, and ...)
NOT-FOR-US: e-Xoops
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7749 - data/CVE
Author: nion Date: 2007-12-29 02:00:22 + (Sat, 29 Dec 2007) New Revision: 7749 Modified: data/CVE/list Log: NFUs, tcpreen got cve id Modified: data/CVE/list === --- data/CVE/list 2007-12-29 01:59:51 UTC (rev 7748) +++ data/CVE/list 2007-12-29 02:00:22 UTC (rev 7749) @@ -1,9 +1,9 @@ CVE-2007-6564 (Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS ...) - TODO: check + NOT-FOR-US: Limbo CMS CVE-2007-6563 (Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly ...) - TODO: check + NOT-FOR-US: WinAce CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in TCPreen ...) - TODO: check + - tcpreen 1.4.3-0.3 (medium; bug #457781) CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow user-assisted ...) TODO: check CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in Logaholic allow ...) @@ -94,9 +94,6 @@ NOT-FOR-US: WoltLab Burning Board CVE-2007-6517 (SQL injection vulnerability in the forget password section ...) NOT-FOR-US: Eagle Software Aeries Browser Interface -CVE-2007- [remote buffer overflow in tcpreen] - - tcpreen 1.4.3-0.3 (medium; bug #457781) - NOTE: CVE id pending CVE-2007-6516 (Buffer overflow in RavWare Software MAS Flic ActiveX Control ...) NOT-FOR-US: RavWare Software MAS Flic ActiveX Control CVE-2007-6515 (support/dispatch.cgi in SiteScape Forum allows remote attackers to ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7747 failed
The error message was: Traceback (most recent call last): File bin/update-db, line 62, in ? db.readPackages(cursor, 'data/packages') File /home/secure-testing/production/lib/python/security_db.py, line 550, in readPackages self._readBinaryPackages(cursor, directory) File /home/secure-testing/production/lib/python/security_db.py, line 641, in _readBinaryPackages raise ValueError, (invalid architecture %s for package %s ValueError: invalid architecture mips for package 3270-common Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7750 - in data: CVE DSA
Author: jmm-guest
Date: 2007-12-29 02:14:41 + (Sat, 29 Dec 2007)
New Revision: 7750
Modified:
data/CVE/list
data/DSA/list
Log:
libsndfile DSA
Modified: data/CVE/list
===
--- data/CVE/list 2007-12-29 02:00:22 UTC (rev 7749)
+++ data/CVE/list 2007-12-29 02:14:41 UTC (rev 7750)
@@ -4727,6 +4727,7 @@
NOT-FOR-US: b1gMail
CVE-2007-4974 (Heap-based buffer overflow in the flac_buffer_copy function in
...)
- libsndfile 1.0.17-4 (bug #443386; medium)
+ [sarge] - libsndfile not-affected (Vulnerable code not present)
- ardour 1:2.1-1.1 (medium; bug #445889)
[sarge] - ardour not-affected (Vulnerable code not present)
[etch] - ardour not-affected (Vulnerable code not present)
Modified: data/DSA/list
===
--- data/DSA/list 2007-12-29 02:00:22 UTC (rev 7749)
+++ data/DSA/list 2007-12-29 02:14:41 UTC (rev 7750)
@@ -1,3 +1,6 @@
+[29 Dec 2007] DSA-1442-1 libsndfile
+ {CVE-2007-4974}
+ [etch] - libsndfile 1.0.16-2
[28 Dec 2007] DSA-1441-1 peercast
{CVE-2007-6454}
[etch] - peercast 0.1217.toots.20060314-1etch0
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7749 failed
The error message was: Traceback (most recent call last): File bin/update-db, line 62, in ? db.readPackages(cursor, 'data/packages') File /home/secure-testing/production/lib/python/security_db.py, line 550, in readPackages self._readBinaryPackages(cursor, directory) File /home/secure-testing/production/lib/python/security_db.py, line 641, in _readBinaryPackages raise ValueError, (invalid architecture %s for package %s ValueError: invalid architecture mips for package 3270-common Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7750 failed
The error message was: Traceback (most recent call last): File bin/update-db, line 62, in ? db.readPackages(cursor, 'data/packages') File /home/secure-testing/production/lib/python/security_db.py, line 550, in readPackages self._readBinaryPackages(cursor, directory) File /home/secure-testing/production/lib/python/security_db.py, line 641, in _readBinaryPackages raise ValueError, (invalid architecture %s for package %s ValueError: invalid architecture mips for package 3270-common Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r7751 - data/CVE
Author: nion Date: 2007-12-29 02:38:31 + (Sat, 29 Dec 2007) New Revision: 7751 Modified: data/CVE/list Log: NFUs CVE-2007-6538 does not affect moodle tikiwiki was removed Modified: data/CVE/list === --- data/CVE/list 2007-12-29 02:14:41 UTC (rev 7750) +++ data/CVE/list 2007-12-29 02:38:31 UTC (rev 7751) @@ -5,79 +5,79 @@ CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in TCPreen ...) - tcpreen 1.4.3-0.3 (medium; bug #457781) CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow user-assisted ...) - TODO: check + NOT-FOR-US: PDFLib CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in Logaholic allow ...) - TODO: check + NOT-FOR-US: Logaholic CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic allow remote ...) - TODO: check + NOT-FOR-US: Logaholic CVE-2007-6558 (TotalPlayer 3.0 allows user-assisted remote attackers to cause a ...) - TODO: check + NOT-FOR-US: TotalPlayer CVE-2007-6557 (Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote ...) - TODO: check + NOT-FOR-US: MeGaCheatZ CVE-2007-6556 (Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow ...) - TODO: check + NOT-FOR-US: websihirbazi CVE-2007-6555 (PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php ...) - TODO: check + NOT-FOR-US: Joomla! extension CVE-2007-6554 (Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 ...) - TODO: check + NOT-FOR-US: TeamCal CVE-2007-6553 (Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro ...) - TODO: check + NOT-FOR-US: TeamCal CVE-2007-6552 (Directory traversal vulnerability in index.php in AuraCMS 2.2 allows ...) - TODO: check + NOT-FOR-US: AuraCMS CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4 ...) - TODO: check + NOT-FOR-US: MailMachine CVE-2007-6550 (form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web ...) - TODO: check + NOT-FOR-US: PMOS Help Desk CVE-2007-6549 (Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact ...) - TODO: check + NOT-FOR-US: RunCMS CVE-2007-6548 (Multiple direct static code injection vulnerabilities in RunCMS before ...) - TODO: check + NOT-FOR-US: RunCMS CVE-2007-6547 (RunCMS before 1.6.1 does not require entry of the old password during ...) - TODO: check + NOT-FOR-US: RunCMS CVE-2007-6546 (RunCMS before 1.6.1 uses a predictable session id, which makes it ...) - TODO: check + NOT-FOR-US: RunCMS CVE-2007-6545 (Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before ...) - TODO: check + NOT-FOR-US: RunCMS CVE-2007-6544 (Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow ...) - TODO: check + NOT-FOR-US: RunCMS CVE-2007-6543 (SQL injection vulnerability in suggest-link.php in eSyndiCat Link ...) - TODO: check + NOT-FOR-US: eSyndiCat Link Exchange Script CVE-2007-6542 (PHP remote file inclusion vulnerability in admin/frontpage_right.php ...) - TODO: check + NOT-FOR-US: Arcadem LEArcadem LE CVE-2007-6541 (Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 ...) - TODO: check + NOT-FOR-US: neuron news CVE-2007-6540 (SQL injection vulnerability in neuron news 1.0 allows remote attackers ...) - TODO: check + NOT-FOR-US: neuron news CVE-2007-6539 (PHP local file inclusion vulnerability in index.php in IDevspot ...) - TODO: check + NOT-FOR-US: IDevspot iSupport CVE-2007-6538 (SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php ...) - TODO: check + - moodle not-affected (Vulnerable code not present, third party module) CVE-2007-6537 (Stack-based buffer overflow in the zfile_gunzip function in zfile.c in ...) - TODO: check + NOT-FOR-US: WinUAE CVE-2007-6536 (The Custom Button Installer dialog in Google Toolbar 4 and 5 beta ...) TODO: check CVE-2007-6535 (Buffer overflow in the YShortcut ActiveX control in YShortcut.dll ...) - TODO: check + NOT-FOR-US: YShortcut ActiveX control CVE-2007-6534 (Multiple unspecified vulnerabilities in Microsoft Office Publisher ...) - TODO: check + NOT-FOR-US: Microsoft Office Publisher CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows ...) - TODO: check + NOT-FOR-US: Zoom Player CVE-2007-6532 RESERVED CVE-2007-6531 RESERVED CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits Software ...) - TODO: check + NOT-FOR-US: XUpload CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have ...)
[Secure-testing-commits] Processing r7751 failed
The error message was: Traceback (most recent call last): File bin/update-db, line 62, in ? db.readPackages(cursor, 'data/packages') File /home/secure-testing/production/lib/python/security_db.py, line 550, in readPackages self._readBinaryPackages(cursor, directory) File /home/secure-testing/production/lib/python/security_db.py, line 641, in _readBinaryPackages raise ValueError, (invalid architecture %s for package %s ValueError: invalid architecture mips for package 3270-common Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r7751 failed
The error message was: Traceback (most recent call last): File bin/update-db, line 62, in ? db.readPackages(cursor, 'data/packages') File /home/secure-testing/production/lib/python/security_db.py, line 550, in readPackages self._readBinaryPackages(cursor, directory) File /home/secure-testing/production/lib/python/security_db.py, line 641, in _readBinaryPackages raise ValueError, (invalid architecture %s for package %s ValueError: invalid architecture mips for package 3270-common Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x3ac97ecc ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
