[Secure-testing-commits] r7682 - data/CVE

Sat, 22 Dec 2007 05:02:16 -0800 

Author: stef-guest
Date: 2007-12-22 13:02:18 +0000 (Sat, 22 Dec 2007)
New Revision: 7682

Modified:
   data/CVE/list
Log:
- new wireshark issues fixed
- new unp issue fixed
- adjust clamav version for volatile


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-12-22 12:29:08 UTC (rev 7681)
+++ data/CVE/list       2007-12-22 13:02:18 UTC (rev 7682)
@@ -1,3 +1,5 @@
+CVE-2007-XXXX [unp insufficient escaping of shell meta characters]
+       - unp 1.0.13 (bug #448437)
 CVE-2007-6507 (SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for 
Windows, ...)
        NOT-FOR-US: Trend Micro ServerProtect
 CVE-2007-6506 (The HPRulesEngine.ContentCollection.1 ActiveX Control in ...)
@@ -116,9 +118,11 @@
 CVE-2007-6452 (Unspecified vulnerability in the benchmark reporting system in 
Google ...)
        - gwt <itp> (bug #402841)
 CVE-2007-6451 (Unspecified vulnerability in the CIP dissector in Wireshark 
(formerly ...)
-       TODO: Check
+       - wireshark 0.99.7-1
+       [sarge] - ethereal <not-affected> (vulnerable code introduced in 0.8.16)
 CVE-2007-6450 (The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 
0.99.6 ...)
-       TODO: Check
+       - wireshark 0.99.7-1
+       [sarge] - ethereal <not-affected> (vulnerable code introduced in 0.8.16)
 CVE-2007-6449
        REJECTED
 CVE-2007-6448
@@ -140,9 +144,11 @@
 CVE-2007-6440
        REJECTED
 CVE-2007-6439 (Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to 
cause ...)
-       TODO: check
+       - wireshark 0.99.7-1
+       [sarge] - ethereal <not-affected> (vulnerable code introduced in 0.8.16)
 CVE-2007-6438 (Unspecified vulnerability in the SMB dissector in Wireshark 
(formerly ...)
-       TODO: check
+       - wireshark 0.99.7-1
+       [sarge] - ethereal <not-affected> (vulnerable code introduced in 0.8.16)
 CVE-2007-6437 (Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 
allows ...)
        - syslog-ng <unfixed> (low; bug #457334)
 CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, 
and ...)
@@ -394,13 +400,13 @@
 CVE-2007-6337
        RESERVED
        {DTSA-101-1}
-       - clamav 0.92~dfsg-1
+       - clamav 0.92~dfsg-1~volatile2
 CVE-2007-6336 (Off-by-one error in ClamAV before 0.92 allows remote attackers 
to ...)
        {DTSA-101-1}
-       - clamav 0.92~dfsg-1
+       - clamav 0.92~dfsg-1~volatile2
 CVE-2007-6335 (Integer overflow in libclamav in ClamAV before 0.92 allows 
remote ...)
        {DTSA-101-1}
-       - clamav 0.92~dfsg-1
+       - clamav 0.92~dfsg-1~volatile2
 CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products 
and ...)
        NOT-FOR-US: Ingres on Windows
 CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as 
...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to