[Secure-testing-commits] r5214 - data/CVE
Author: jmm-guest Date: 2007-01-07 12:55:30 +0100 (Sun, 07 Jan 2007) New Revision: 5214 Modified: data/CVE/list Log: xulrunner fixed Modified: data/CVE/list === --- data/CVE/list 2007-01-06 21:00:29 UTC (rev 5213) +++ data/CVE/list 2007-01-07 11:55:30 UTC (rev 5214) @@ -908,7 +908,7 @@ CVE-2006-6504 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and ...) NOTE: MFSA-2006-73 - iceweasel 2.0.0.1+dfsg-1 (high) - - xulrunner unfixed (high) + - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox removed (high) NOTE: Flaw was introduced in Firefox 1.5.0.4 @@ -917,7 +917,7 @@ CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...) NOTE: MFSA-2006-72 - iceweasel 2.0.0.1+dfsg-1 (high) - - xulrunner unfixed (high) + - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox removed (high) - mozilla removed (high) @@ -927,7 +927,7 @@ CVE-2006-6502 (Use-after-free vulnerability in the LiveConnect bridge code for ...) NOTE: MFSA-2006-71 - iceweasel 2.0.0.1+dfsg-1 (high) - - xulrunner unfixed (high) + - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox removed (high) - mozilla removed (high) @@ -938,7 +938,7 @@ CVE-2006-6501 (Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...) NOTE: MFSA-2006-70 - iceweasel 2.0.0.1+dfsg-1 (high) - - xulrunner unfixed (high) + - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox removed (high) - mozilla removed (high) @@ -948,7 +948,7 @@ CVE-2006-6500 (Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, ...) NOTE: MFSA-2006-69 - iceweasel not-affected (windows only) - - xulrunner not-affected (windows only) + - xulrunner 1.8.0.9-1 (windows only) - iceape not-affected (windows only) - firefox not-affected (windows only) - mozilla not-affected (windows only) @@ -958,7 +958,7 @@ CVE-2006-6499 (The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...) NOTE: MFSA-2006-68 - iceweasel 2.0.0.1+dfsg-1 (high) - - xulrunner unfixed (high) + - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox removed (high) - mozilla removed (high) @@ -970,7 +970,7 @@ CVE-2006-6498 (Multiple unspecified vulnerabilities in the JavaScript engine for ...) NOTE: MFSA-2006-68 - iceweasel 2.0.0.1+dfsg-1 (high) - - xulrunner unfixed (high) + - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox removed (high) - mozilla removed (high) @@ -980,7 +980,7 @@ CVE-2006-6497 (Multiple unspecified vulnerabilities in the layout engine for Mozilla ...) NOTE: MFSA-2006-68 - iceweasel 2.0.0.1+dfsg-1 (medium) - - xulrunner unfixed (medium) + - xulrunner 1.8.0.9-1 (medium) - iceape 1.0.7-1 (medium) - firefox removed (medium) - mozilla removed (medium) @@ -1238,7 +1238,7 @@ CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...) - phpmyadmin unfixed (unimportant; bug #404744) [sarge] - phpmyadmin no-dsa (CRLF not backportable to Sarge) - [etch] - phpmyadmin no-dsa (not exploitable with Etch's php versions) + [etch] - phpmyadmin not-affected (not exploitable with Etch's php versions) NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+ CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...) - phpmyadmin unfixed (unimportant) @@ -4560,7 +4560,7 @@ CVE-2006-4843 RESERVED CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in ...) - - xulrunner unfixed (low; bug #405062) + - xulrunner 1.8.0.9-1 (low; bug #405062) [sarge] - mozilla unfixed (low) NOTE: could not find setuid binary in sid, but evolution-data-server has a setgid mail binary NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=351470 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r5214 failed
The error message was: error: unknown package note 'windows only' make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5216 - in data: CVE DSA
Author: jmm-guest Date: 2007-01-07 13:55:26 +0100 (Sun, 07 Jan 2007) New Revision: 5216 Modified: data/CVE/list data/DSA/list Log: new proftpd DSA NFUs Modified: data/CVE/list === --- data/CVE/list 2007-01-07 12:41:09 UTC (rev 5215) +++ data/CVE/list 2007-01-07 12:55:26 UTC (rev 5216) @@ -11,11 +11,11 @@ CVE-2007-0047 (CRLF injection vulnerability in Adobe Acrobat Reader Plugin before ...) NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer CVE-2007-0046 (Double free vulnerability in the Adobe Acrobat Reader Plugin before ...) - TODO: check + NOT-FOR-US: Adobe Acrobat Reader Plugin CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat ...) - TODO: check + NOT-FOR-US: Adobe Acrobat Reader Plugin CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet ...) - TODO: check + NOT-FOR-US: Adobe Acrobat Reader Plugin CVE-2007-0043 RESERVED CVE-2007-0042 @@ -95,7 +95,7 @@ CVE-2006-6848 (SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows ...) NOT-FOR-US: ASPTicker CVE-2006-6847 (An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 ...) - TODO: check + NOT-FOR-US: RealPlayer for Windows CVE-2006-6846 (Multiple SQL injection vulnerabilities in WYWO - InOut Board 1.0 allow ...) NOT-FOR-US: WYWO - InOut Board CVE-2006-6845 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...) @@ -121,7 +121,7 @@ CVE-2007- [libsoup parse_headers_DoS] - libsoup 2.2.98-2 (bug #405197) CVE-2007-0015 (Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Apple Quicktime CVE-2007-0014 RESERVED CVE-2007-0013 Modified: data/DSA/list === --- data/DSA/list 2007-01-07 12:41:09 UTC (rev 5215) +++ data/DSA/list 2007-01-07 12:55:26 UTC (rev 5216) @@ -1,3 +1,6 @@ +[07 Dec 2007] DSA-1245-1 proftpd + {CVE-2005-4816} + [sarge] - proftpd 1.2.10-15sarge4 [28 Dec 2006] DSA-1244-1 xine-lib {CVE-2006-6172} [sarge] - xine-lib 1.0.1-1sarge5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5217 - data/CVE
Author: stef-guest Date: 2007-01-07 17:03:04 +0100 (Sun, 07 Jan 2007) New Revision: 5217 Modified: data/CVE/list Log: - vlc fixed - miredo fixed Modified: data/CVE/list === --- data/CVE/list 2007-01-07 12:55:26 UTC (rev 5216) +++ data/CVE/list 2007-01-07 16:03:04 UTC (rev 5217) @@ -69,11 +69,11 @@ CVE-2007-0018 RESERVED CVE-2007-0017 (Format string vulnerability in VideoLAN VLC 0.8.6 allows user-assisted ...) - - vlc unfixed (bug #405425; medium) + - vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium) CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers ...) NOT-FOR-US: MoviePlay CVE-2006-6858 (Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo ...) - - miredo unfixed (bug #405412; bug #405111) + - miredo 1.0.4-2 (bug #405412; bug #405111) CVE-2006-6857 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Docebo LMS CVE-2006-6856 (Direct static code injection vulnerability in WebText CMS 0.4.5.2 and ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5219 - data/CVE
Author: stef-guest Date: 2007-01-07 19:38:58 +0100 (Sun, 07 Jan 2007) New Revision: 5219 Modified: data/CVE/list Log: - CVE-2006-5870: new openoffice issue (medium) - CVE-2006-6839 to -6841: new phpbb2 issues - two new drupal issues fixed (low) - cacti CVEified - tmsnc issue already fixed - interchange issue already fixed - some NFUs Modified: data/CVE/list === --- data/CVE/list 2007-01-07 17:50:16 UTC (rev 5218) +++ data/CVE/list 2007-01-07 18:38:58 UTC (rev 5219) @@ -1,3 +1,9 @@ +CVE-2007- [drupal XSS] + - drupal 4.7.5-1 (low) + NOTE: DRUPAL-SA-2007-001 +CVE-2007- [drupal DoS] + - drupal 4.7.5-1 (low) + NOTE: DRUPAL-SA-2007-002 CVE-2007- WordPress Trackback Charset Decoding SQL Injection Vulnerability - wordpress unfixed (medium) NOTE: http://www.hardened-php.net/advisory_022007.141.html @@ -83,7 +89,7 @@ CVE-2006-6855 (AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to ...) NOT-FOR-US: AIDeX Mini-WebServer CVE-2006-6854 (The qcamvc_video_init function in qcamvc.c in De Marchi Daniele ...) - TODO: check + NOT-FOR-US: QuickCam VC (linux-uvc and qc-usb in Debian are not related) CVE-2006-6853 (Buffer overflow in Durian Web Application Server 3.02 freeware on ...) NOT-FOR-US: Durian Web Application Server CVE-2006-6852 (Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 ...) @@ -109,11 +115,11 @@ CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the Acronym ...) NOT-FOR-US: Acronym Mod for phpBB2 CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which has ...) - TODO: check + - phpbb2 unfixed (bug #405980) CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...) - TODO: check + - phpbb2 unfixed (bug #405980) CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...) - TODO: check + - phpbb2 unfixed (bug #405980) CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to ...) NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2) ...) @@ -145,7 +151,7 @@ CVE-2006-6831 (SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote ...) NOT-FOR-US: aFAQ CVE-2006-6830 (PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog ...) - TODO: check + NOT-FOR-US: b2 Blog CVE-2006-6829 (Efkan Forum 1.0 and earlier store sensitive information under the web ...) NOT-FOR-US: Efkan Forum CVE-2006-6828 (Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier ...) @@ -191,106 +197,104 @@ CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...) - wordpress unfixed (bug #405299) CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda ...) - TODO: check + NOT-FOR-US: Ananda Real Estate CVE-2006-6806 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates ...) - TODO: check + NOT-FOR-US: Enthrallweb eMates CVE-2006-6805 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs ...) - TODO: check + NOT-FOR-US: Enthrallweb eJobs CVE-2006-6804 (SQL injection vulnerability in bus_details.asp in Dragon Business ...) - TODO: check + NOT-FOR-US: Dragon Business Directory - Pro CVE-2006-6803 (SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 ...) - TODO: check + NOT-FOR-US: Enthrallweb eCars CVE-2006-6802 (SQL injection vulnerability in actualpic.asp in Enthrallweb ePages ...) - TODO: check + NOT-FOR-US: Enthrallweb ePages CVE-2006-6801 (PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, ...) - TODO: check + NOT-FOR-US: SH-News CVE-2006-6800 (PHP remote file inclusion in eventcal/mod_eventcal.php in the event ...) - TODO: check + NOT-FOR-US: Limbo CMS CVE-2006-6799 (SQL injection vulnerability in Cacti 0.8.6i and earlier, when ...) - TODO: check + - cacti unfixed (bug #404818; medium) CVE-2006-6798 RESERVED CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2006-6796 (PHP remote file inclusion vulnerability in admin/admin_settings.php in ...) - TODO: check + NOT-FOR-US: MTCMS CVE-2006-6795 (PHP remote file inclusion vulnerability in gallery/displayCategory.php ...) - TODO: check + NOT-FOR-US: myPHPNuke CVE-2006-6794 (SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows ...) - TODO: check + NOT-FOR-US: Efkan Forum CVE-2006-6793 (PHP remote file inclusion vulnerability in ataturk.php in Okul
[Secure-testing-commits] r5220 - data/CVE
Author: stef-guest Date: 2007-01-07 19:45:32 +0100 (Sun, 07 Jan 2007) New Revision: 5220 Modified: data/CVE/list Log: marking phpmyadmin not-affected instead of unimportant Modified: data/CVE/list === --- data/CVE/list 2007-01-07 18:38:58 UTC (rev 5219) +++ data/CVE/list 2007-01-07 18:45:32 UTC (rev 5220) @@ -1242,7 +1242,7 @@ CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in Simple ...) NOT-FOR-US: Simple machines Forum CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...) - - phpmyadmin unfixed (unimportant; bug #404744) + - phpmyadmin not-affected (low; bug #404744) [sarge] - phpmyadmin no-dsa (CRLF not backportable to Sarge) [etch] - phpmyadmin not-affected (not exploitable with Etch's php versions) NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5221 - data/CVE
Author: stef-guest Date: 2007-01-07 19:56:49 +0100 (Sun, 07 Jan 2007) New Revision: 5221 Modified: data/CVE/list Log: bugnum Modified: data/CVE/list === --- data/CVE/list 2007-01-07 18:45:32 UTC (rev 5220) +++ data/CVE/list 2007-01-07 18:56:49 UTC (rev 5221) @@ -2328,7 +2328,7 @@ {DSA-1237 DSA-1233} - linux-2.6 not-affected (Current Linux versions already implement intended behaviour) CVE-2006-5870 (Multiple integer overflows in OpenOffice.org 2.0.4 and earlier, and ...) - - openoffice.org unfixed (medium; bug filed) + - openoffice.org unfixed (medium; bug #405986) CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute ...) {DSA-1220} - pstotext 1.9-4 (bug #356988; medium) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5222 - data/CVE
Author: stef-guest Date: 2007-01-07 20:28:17 +0100 (Sun, 07 Jan 2007) New Revision: 5222 Modified: data/CVE/list Log: openoffice already fixed Modified: data/CVE/list === --- data/CVE/list 2007-01-07 18:56:49 UTC (rev 5221) +++ data/CVE/list 2007-01-07 19:28:17 UTC (rev 5222) @@ -2328,7 +2328,7 @@ {DSA-1237 DSA-1233} - linux-2.6 not-affected (Current Linux versions already implement intended behaviour) CVE-2006-5870 (Multiple integer overflows in OpenOffice.org 2.0.4 and earlier, and ...) - - openoffice.org unfixed (medium; bug #405986) + - openoffice.org 2.0.4-1 (medium; bug #405986; bug #405679) CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute ...) {DSA-1220} - pstotext 1.9-4 (bug #356988; medium) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits