[Secure-testing-commits] r8147 - data/CVE

[joeyh]

Author: joeyh
Date: 2008-02-13 09:14:27 + (Wed, 13 Feb 2008)
New Revision: 8147

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2008-02-12 23:05:04 UTC (rev 8146)
+++ data/CVE/list   2008-02-13 09:14:27 UTC (rev 8147)
@@ -1,3 +1,135 @@
+CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows 
symlinks ...)
+   TODO: check
+CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does 
not ...)
+   TODO: check
+CVE-2008-0730 (The (1) Simplified Chinese, (2) Traditional Chinese, (3) 
Korean, and ...)
+   TODO: check
+CVE-2008-0729 (Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote 
attackers ...)
+   TODO: check
+CVE-2008-0728 (libclamav/mew.c in libclamav in ClamAV before 0.92.1 has 
unknown ...)
+   TODO: check
+CVE-2008-0727
+   RESERVED
+CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier 
allows ...)
+   TODO: check
+CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and 
(2) ...)
+   TODO: check
+CVE-2008-0724 (The Everything Development Engine in The Everything Development 
System ...)
+   TODO: check
+CVE-2008-0723 (Cross-site scripting (XSS) vulnerability in mynews.inc.php in 
MyNews ...)
+   TODO: check
+CVE-2008-0722 (Cross-site scripting (XSS) vulnerability in index.php in 
Pagetool ...)
+   TODO: check
+CVE-2008-0721 (SQL injection vulnerability in index.php in the Sermon 
(com_sermon) ...)
+   TODO: check
+CVE-2008-0720 (Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 
1.390 and ...)
+   TODO: check
+CVE-2008-0719 (SQL injection vulnerability in customer_testimonials.php in the 
...)
+   TODO: check
+CVE-2008-0718 (Unspecified vulnerability in the USB Mouse STREAMS module 
(usbms) in ...)
+   TODO: check
+CVE-2008-0717 (Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 
5.1 ...)
+   TODO: check
+CVE-2008-0716 (The agent in Symantec Altiris Notification Server before 6.0 
SP3 R7 ...)
+   TODO: check
+CVE-2008-0715 (Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 
allows ...)
+   TODO: check
+CVE-2008-0714 (SQL injection vulnerability in users.php in Mihalism Multi Host 
allows ...)
+   TODO: check
+CVE-2008-0713
+   RESERVED
+CVE-2008-0712
+   RESERVED
+CVE-2008-0711
+   RESERVED
+CVE-2008-0710
+   RESERVED
+CVE-2008-0709
+   RESERVED
+CVE-2008-0708
+   RESERVED
+CVE-2008-0707
+   RESERVED
+CVE-2008-0706
+   RESERVED
+CVE-2008-0705
+   RESERVED
+CVE-2008-0704
+   RESERVED
+CVE-2008-0703 (Multiple directory traversal vulnerabilities in sflog! 0.96 
allow ...)
+   TODO: check
+CVE-2008-0702 (Multiple heap-based buffer overflows in Titan FTP Server 6.03 
and ...)
+   TODO: check
+CVE-2008-0701 (ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not 
check ...)
+   TODO: check
+CVE-2008-0700 (Cross-site scripting (XSS) vulnerability in search.php in Crux 
...)
+   TODO: check
+CVE-2008-0699 (Unspecified vulnerability in SYSPROC.ADMIN_SP_C in IBM DB2 UDB 
before ...)
+   TODO: check
+CVE-2008-0698 (Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 
Fixpak 16 ...)
+   TODO: check
+CVE-2008-0697 (Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 
Fixpak 16 ...)
+   TODO: check
+CVE-2008-0696 (IBM DB2 UDB before 8.2 Fixpak 16 does not properly check 
authorization ...)
+   TODO: check
+CVE-2008-0695 (SQL injection vulnerability in index.php in BookmarkX script 
2007 ...)
+   TODO: check
+CVE-2008-0694 (Cross-site scripting (XSS) vulnerability in the HTTP Server in 
IBM ...)
+   TODO: check
+CVE-2008-0693 (Stack-based buffer overflow in PQCore.exe in Print Manager Plus 
2008 ...)
+   TODO: check
+CVE-2008-0692 (SQL injection vulnerability in bidhistory.php in iTechBids 3 
Gold and ...)
+   TODO: check
+CVE-2008-0691 (Multiple cross-site scripting (XSS) vulnerabilities in 
admin_panel.php ...)
+   TODO: check
+CVE-2008-0690 (SQL injection vulnerability in index.php in the mosDirectory 
...)
+   TODO: check
+CVE-2008-0689 (SQL injection vulnerability in index.php in the Marketplace ...)
+   TODO: check
+CVE-2008-0688 (Cross-site scripting (XSS) vulnerability in catalog.php in 
Smartscript ...)
+   TODO: check
+CVE-2008-0687 (Cross-site scripting (XSS) vulnerability in ...)
+   TODO: check
+CVE-2008-0686 (SQL injection vulnerability in index.php in the NeoReferences 
...)
+   TODO: check
+CVE-2008-0685 (SQL injection vulnerability in ViewCat.php in iTechClassifieds 
3.0 ...)
+   TODO: check
+CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in ...)
+   TODO: check
+CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ...)
+   TODO: check
+CVE-2008-0682 (SQL injection vulnerability in 

[Secure-testing-commits] r8148 - data/CVE

[jmm-guest]

Author: jmm-guest
Date: 2008-02-13 13:58:52 + (Wed, 13 Feb 2008)
New Revision: 8148

Modified:
   data/CVE/list
Log:
two NFUs


Modified: data/CVE/list
===
--- data/CVE/list   2008-02-13 09:14:27 UTC (rev 8147)
+++ data/CVE/list   2008-02-13 13:58:52 UTC (rev 8148)
@@ -11,7 +11,7 @@
 CVE-2008-0727
RESERVED
 CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier 
allows ...)
-   TODO: check
+   NOT-FOR-US: Adobe Acrobat Reader
 CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and 
(2) ...)
TODO: check
 CVE-2008-0724 (The Everything Development Engine in The Everything Development 
System ...)
@@ -129,7 +129,7 @@
 CVE-2008-0668 (The excel_read_HLINK function in plugins/excel/ms-excel-read.c 
in ...)
TODO: check
 CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by 
Adobe ...)
-   TODO: check
+   NOT-FOR-US: Adobe Acrobat Reader
 CVE-2008-0663 (Novell Challenge Response Client (LCM) 2.7.5 and earlier, as 
used with ...)
NOT-FOR-US: Novell Challenge Response Client
 CVE-2008-0662 (The Auto Local Logon feature in Check Point VPN-1 ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r8149 - data/CVE

[nion]

Author: nion
Date: 2008-02-13 14:28:23 + (Wed, 13 Feb 2008)
New Revision: 8149

Modified:
   data/CVE/list
Log:
CVE-2005-1039 fixed in coreutils 6.10-1

Modified: data/CVE/list
===
--- data/CVE/list   2008-02-13 13:58:52 UTC (rev 8148)
+++ data/CVE/list   2008-02-13 14:28:23 UTC (rev 8149)
@@ -47519,7 +47519,7 @@
 CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux 
Desktop ...)
- netapplet not-affected (Not vulerable, see bug #310833)
 CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) 
mkdir, ...)
-   - coreutils unfixed (bug #304556; unimportant)
+   - coreutils 6.10-1 (bug #304556; unimportant)
NOTE: Minor issue, generic UNIX design issue, see discussion in #304556)
 CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, 
allows ...)
NOTE: long fixed in Debian's cron


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r8150 - data/CVE

[nion]

Author: nion
Date: 2008-02-13 16:14:46 + (Wed, 13 Feb 2008)
New Revision: 8150

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-0728 fixed in clamav 0.92.1~dfsg-1
CVE-2008-0720 webmin has an itp


Modified: data/CVE/list
===
--- data/CVE/list   2008-02-13 14:28:23 UTC (rev 8149)
+++ data/CVE/list   2008-02-13 16:14:46 UTC (rev 8150)
@@ -1,41 +1,41 @@
 CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows 
symlinks ...)
-   TODO: check
+   NOT-FOR-US: Apache Geronimo
 CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does 
not ...)
-   TODO: check
+   NOT-FOR-US: SuSE kernel/apparmor
 CVE-2008-0730 (The (1) Simplified Chinese, (2) Traditional Chinese, (3) 
Korean, and ...)
-   TODO: check
+   NOT-FOR-US: Sun Solaris
 CVE-2008-0729 (Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote 
attackers ...)
-   TODO: check
+   NOT-FOR-US: Apple iPhone
 CVE-2008-0728 (libclamav/mew.c in libclamav in ClamAV before 0.92.1 has 
unknown ...)
-   TODO: check
+   - clamav 0.92.1~dfsg-1
 CVE-2008-0727
RESERVED
 CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier 
allows ...)
NOT-FOR-US: Adobe Acrobat Reader
 CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and 
(2) ...)
-   TODO: check
+   NOT-FOR-US: Titan FTP Server
 CVE-2008-0724 (The Everything Development Engine in The Everything Development 
System ...)
-   TODO: check
+   NOT-FOR-US: The Everything Development System
 CVE-2008-0723 (Cross-site scripting (XSS) vulnerability in mynews.inc.php in 
MyNews ...)
-   TODO: check
+   NOT-FOR-US: MyNews
 CVE-2008-0722 (Cross-site scripting (XSS) vulnerability in index.php in 
Pagetool ...)
-   TODO: check
+   NOT-FOR-US: Pagetool
 CVE-2008-0721 (SQL injection vulnerability in index.php in the Sermon 
(com_sermon) ...)
-   TODO: check
+   NOT-FOR-US: Sermon component for Mambo
 CVE-2008-0720 (Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 
1.390 and ...)
-   TODO: check
+   - webmin itp (bug #377948)
 CVE-2008-0719 (SQL injection vulnerability in customer_testimonials.php in the 
...)
-   TODO: check
+   NOT-FOR-US: osCommerce Online Merchant
 CVE-2008-0718 (Unspecified vulnerability in the USB Mouse STREAMS module 
(usbms) in ...)
-   TODO: check
+   NOT-FOR-US: Sun Solaris
 CVE-2008-0717 (Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 
5.1 ...)
-   TODO: check
+   NOT-FOR-US: IBM WebSphere Edge Server
 CVE-2008-0716 (The agent in Symantec Altiris Notification Server before 6.0 
SP3 R7 ...)
-   TODO: check
+   NOT-FOR-US: Symantec Altiris Notification Server
 CVE-2008-0715 (Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 
allows ...)
-   TODO: check
+   NOT-FOR-US: ACDSee
 CVE-2008-0714 (SQL injection vulnerability in users.php in Mihalism Multi Host 
allows ...)
-   TODO: check
+   NOT-FOR-US: Mihalism Multi Host
 CVE-2008-0713
RESERVED
 CVE-2008-0712
@@ -57,35 +57,35 @@
 CVE-2008-0704
RESERVED
 CVE-2008-0703 (Multiple directory traversal vulnerabilities in sflog! 0.96 
allow ...)
-   TODO: check
+   NOT-FOR-US: sflog!
 CVE-2008-0702 (Multiple heap-based buffer overflows in Titan FTP Server 6.03 
and ...)
-   TODO: check
+   NOT-FOR-US: Titan FTP Server
 CVE-2008-0701 (ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not 
check ...)
-   TODO: check
+   NOT-FOR-US: Magnolia CE
 CVE-2008-0700 (Cross-site scripting (XSS) vulnerability in search.php in Crux 
...)
-   TODO: check
+   NOT-FOR-US: CruxCMS
 CVE-2008-0699 (Unspecified vulnerability in SYSPROC.ADMIN_SP_C in IBM DB2 UDB 
before ...)
-   TODO: check
+   NOT-FOR-US: IBM DB2
 CVE-2008-0698 (Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 
Fixpak 16 ...)
-   TODO: check
+   NOT-FOR-US: IBM DB2
 CVE-2008-0697 (Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 
Fixpak 16 ...)
-   TODO: check
+   NOT-FOR-US: IBM DB2
 CVE-2008-0696 (IBM DB2 UDB before 8.2 Fixpak 16 does not properly check 
authorization ...)
-   TODO: check
+   NOT-FOR-US: IBM DB2
 CVE-2008-0695 (SQL injection vulnerability in index.php in BookmarkX script 
2007 ...)
-   TODO: check
+   NOT-FOR-US: BookmarkX
 CVE-2008-0694 (Cross-site scripting (XSS) vulnerability in the HTTP Server in 
IBM ...)
-   TODO: check
+   NOT-FOR-US: IBM OS/400 V5R3M0 and V5R4M0
 CVE-2008-0693 (Stack-based buffer overflow in PQCore.exe in Print Manager Plus 
2008 ...)
-   TODO: check
+   NOT-FOR-US: Print Manager Plus
 CVE-2008-0692 (SQL injection vulnerability in bidhistory.php in iTechBids 3 
Gold and ...)
-   TODO: check
+   NOT-FOR-US: iTechBids
 CVE-2008-0691 (Multiple cross-site scripting (XSS) vulnerabilities in 

[Secure-testing-commits] r8151 - data/CVE

[nion]

Author: nion
Date: 2008-02-13 17:29:32 + (Wed, 13 Feb 2008)
New Revision: 8151

Modified:
   data/CVE/list
Log:
NFUs
3 tintin++ issues (CVE-2008-067[1-3])
CVE-2008-0668 fixed in gnumeric 1.8.1-1
CVE-2008-0318 dup?
CVE-2008-0318 fixed in clamav 0.92.1~dfsg-1
two new tomcat issues (CVE-2007-6286, CVE-2007-5333)


Modified: data/CVE/list
===
--- data/CVE/list   2008-02-13 16:14:46 UTC (rev 8150)
+++ data/CVE/list   2008-02-13 17:29:32 UTC (rev 8151)
@@ -87,47 +87,47 @@
 CVE-2008-0689 (SQL injection vulnerability in index.php in the Marketplace ...)
NOT-FOR-US: Marketplace component for Joomla!
 CVE-2008-0688 (Cross-site scripting (XSS) vulnerability in catalog.php in 
Smartscript ...)
-   TODO: check
+   NOT-FOR-US: Smartscript Domain Trader
 CVE-2008-0687 (Cross-site scripting (XSS) vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: Youtube Clone Script
 CVE-2008-0686 (SQL injection vulnerability in index.php in the NeoReferences 
...)
-   TODO: check
+   NOT-FOR-US: NeoReferences component for Joomla!
 CVE-2008-0685 (SQL injection vulnerability in ViewCat.php in iTechClassifieds 
3.0 ...)
-   TODO: check
+   NOT-FOR-US: iTechClassifieds
 CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in ...)
-   TODO: check
+   NOT-FOR-US: iTechClassifieds
 CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ...)
-   TODO: check
+   NOT-FOR-US: st_newsletter plugin for WordPress
 CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew 
plugin ...)
-   TODO: check
+   NOT-FOR-US: Wordspew plugin for Wordpress
 CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 
allows ...)
-   TODO: check
+   NOT-FOR-US: PHPShop
 CVE-2008-0680 (SNMPd in MicroTik RouterOS 3.2 and earlier allows remote 
attackers to ...)
-   TODO: check
+   NOT-FOR-US: MicroTik RouterOS
 CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in 
BlogPHP 2.0 ...)
-   TODO: check
+   NOT-FOR-US: BlogPHP
 CVE-2008-0678 (SQL injection vulnerability in index.php in BlogPHP 2.0 allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: BlogPHP
 CVE-2008-0677 (SQL injection vulnerability in blog.php in A-Blog 2 allows 
remote ...)
-   TODO: check
+   NOT-FOR-US: A-Blog
 CVE-2008-0676 (Cross-site scripting (XSS) vulnerability in search.php in 
A-Blog 2 ...)
-   TODO: check
+   NOT-FOR-US: A-Blog
 CVE-2008-0675 (SQL injection vulnerability in cms/index.pl in The Everything 
...)
-   TODO: check
+   NOT-FOR-US: Everything Development System
 CVE-2008-0674
RESERVED
 CVE-2008-0673 (TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of 
an ...)
-   TODO: check
+   - tintin++ unfixed (low; bug #465643)
 CVE-2008-0672 (The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 
1.97.9 ...)
-   TODO: check
+   - tintin++ unfixed (low; bug #465643)
 CVE-2008-0671 (Stack-based buffer overflow in the add_line_buffer function in 
...)
-   TODO: check
+   - tintin++ unfixed (medium; bug #465643)
 CVE-2008-0670 (SQL injection vulnerability in index.php in the Noticias ...)
-   TODO: check
+   NOT-FOR-US: Noticias component for Joomla!
 CVE-2008-0669 (Cross-site scripting (XSS) vulnerability in search.cgi in Sift 
Unity ...)
-   TODO: check
+   NOT-FOR-US: Sift Unity
 CVE-2008-0668 (The excel_read_HLINK function in plugins/excel/ms-excel-read.c 
in ...)
-   TODO: check
+   - gnumeric 1.8.1-1 (medium)
 CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by 
Adobe ...)
NOT-FOR-US: Adobe Acrobat Reader
 CVE-2008-0663 (Novell Challenge Response Client (LCM) 2.7.5 and earlier, as 
used with ...)
@@ -182,7 +182,7 @@
 CVE-2008-0641
RESERVED
 CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, 
and 2.0.1 ...)
-   TODO: check
+   NOT-FOR-US: Symantec Ghost Solution Suite
 CVE-2008-0639
RESERVED
 CVE-2008-0638
@@ -190,7 +190,7 @@
 CVE-2008-0637
RESERVED
 CVE-2008-0636 (Level Platforms, Inc. (LPI) Managed Workplace Service Center 
4.x, 5.x ...)
-   TODO: check
+   NOT-FOR-US: Managed Workplace Service Center
 CVE-2008-0635 (Unspecified vulnerability in the delivery engine in Openads 
2.4.0 ...)
NOT-FOR-US: Openads
 CVE-2008-0634 (Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX 
control in ...)
@@ -600,7 +600,7 @@
 CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in 
SLAED CMS ...)
NOT-FOR-US: SLAED CMS
 CVE-2008-0457 (Unrestricted file upload vulnerability in the FileUpload class 
running ...)
-   TODO: check
+   NOT-FOR-US: Symantec LiveState Apache Tomcat server
 CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in 
the ...)
- apache unfixed (low)

[Secure-testing-commits] Processing r8151 failed

[secure-testing]

The error message was:

data/CVE/list:25: ITPed package webmin is in the archive
Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 
'close' in bound method DB.__del__ of security_db.DB instance at 
0x3ac97ecc ignored
make: *** [all] Error 1

___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] Processing r8151 failed

[secure-testing]

The error message was:

data/CVE/list:25: ITPed package webmin is in the archive
Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 
'close' in bound method DB.__del__ of security_db.DB instance at 
0x3ac97ecc ignored
make: *** [all] Error 1

___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r8152 - data/CVE

[nion]

Author: nion
Date: 2008-02-13 20:32:33 + (Wed, 13 Feb 2008)
New Revision: 8152

Modified:
   data/CVE/list
Log:
fix tag

Modified: data/CVE/list
===
--- data/CVE/list   2008-02-13 17:29:32 UTC (rev 8151)
+++ data/CVE/list   2008-02-13 20:32:33 UTC (rev 8152)
@@ -5719,7 +5719,7 @@
- iceape 1.1.5
NOTE: MFSA2007-33
 CVE-2007-5333 (Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 
4.1.0 ...)
-   - tomcat5.5 unfixed (medium; bug #465645)
+   - tomcat5.5 unfixed (medium; bug #465645)
- tomcat5 removed
 CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) 
caloggerd ...)
NOT-FOR-US: ARCServe BackUp


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r8153 - data/CVE

[jmm-guest]

Author: jmm-guest
Date: 2008-02-13 20:47:29 + (Wed, 13 Feb 2008)
New Revision: 8153

Modified:
   data/CVE/list
Log:
webmin is still present in Sarge (and was removed for good)


Modified: data/CVE/list
===
--- data/CVE/list   2008-02-13 20:32:33 UTC (rev 8152)
+++ data/CVE/list   2008-02-13 20:47:29 UTC (rev 8153)
@@ -23,7 +23,7 @@
 CVE-2008-0721 (SQL injection vulnerability in index.php in the Sermon 
(com_sermon) ...)
NOT-FOR-US: Sermon component for Mambo
 CVE-2008-0720 (Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 
1.390 and ...)
-   - webmin itp (bug #377948)
+   - webmin removed
 CVE-2008-0719 (SQL injection vulnerability in customer_testimonials.php in the 
...)
NOT-FOR-US: osCommerce Online Merchant
 CVE-2008-0718 (Unspecified vulnerability in the USB Mouse STREAMS module 
(usbms) in ...)
@@ -5810,7 +5810,7 @@
RESERVED
 CVE-2007-5301 (Buffer overflow in the vorbis_stream_info function in ...)
{DTSA-66-1}
-   - alsaplayer 0.99.80~rc4-1 (medium; bug #446034)
+   - alsaplayer 0.99.80~rc4-1 (low; bug #446034)
 CVE-2007-5288
REJECTED
 CVE-2007-5287


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] Processing r8152 failed

[secure-testing]

The error message was:

data/CVE/list:25: ITPed package webmin is in the archive
Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 
'close' in bound method DB.__del__ of security_db.DB instance at 
0x3ac97ecc ignored
make: *** [all] Error 1

___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r8154 - data/CVE

[nion]

Author: nion
Date: 2008-02-13 20:48:55 + (Wed, 13 Feb 2008)
New Revision: 8154

Modified:
   data/CVE/list
Log:
update on CVE-2007-6286, copied wrong CVE id first

Modified: data/CVE/list
===
--- data/CVE/list   2008-02-13 20:47:29 UTC (rev 8153)
+++ data/CVE/list   2008-02-13 20:48:55 UTC (rev 8154)
@@ -2556,8 +2556,9 @@
 CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in 
Lxlabs ...)
NOT-FOR-US: HyperVM
 CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, 
when the ...)
-   - tomcat5.5 unfixed (medium; bug #465644)
-   - tomcat5 removed
+   TODO: check
+   NOTE: poked maintainer if we make use of the apr backend, I guess not 
because
+   NOTE: libapr is not the build-deps
 CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux 
...)
NOTE: maintainer will patch autofs5 in upload to unstable
TODO: check when autofs5 hits unstable


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r8155 - data/CVE

[nion]

Author: nion
Date: 2008-02-13 21:12:56 + (Wed, 13 Feb 2008)
New Revision: 8155

Modified:
   data/CVE/list
Log:
CVE-2007-6286 does not affect tomcat5.5, tomcat5 removed

Modified: data/CVE/list
===
--- data/CVE/list   2008-02-13 20:48:55 UTC (rev 8154)
+++ data/CVE/list   2008-02-13 21:12:56 UTC (rev 8155)
@@ -2556,9 +2556,8 @@
 CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in 
Lxlabs ...)
NOT-FOR-US: HyperVM
 CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, 
when the ...)
-   TODO: check
-   NOTE: poked maintainer if we make use of the apr backend, I guess not 
because
-   NOTE: libapr is not the build-deps
+   - tomcat5.5 not-affected (Does not use apr connector)
+   - tomcat5 removed
 CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux 
...)
NOTE: maintainer will patch autofs5 in upload to unstable
TODO: check when autofs5 hits unstable


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits