[Secure-testing-commits] r5407 - data/CVE
Author: luk Date: 2007-02-04 16:58:18 +0100 (Sun, 04 Feb 2007) New Revision: 5407 Modified: data/CVE/list Log: gosa fixed in etch Modified: data/CVE/list === --- data/CVE/list 2007-02-03 18:06:37 UTC (rev 5406) +++ data/CVE/list 2007-02-04 15:58:18 UTC (rev 5407) @@ -845,6 +845,7 @@ NOT-FOR-US: Article System CVE-2007-0313 (Unspecified vulnerability in GONICUS System Administration (GOsa) ...) - gosa 2.5.8-1 (medium) + [etch] - gosa 2.5.6-2.1 CVE-2007-0312 (wcSimple Poll stores sensitive information under the web root with ...) NOT-FOR-US: wcSimple CVE-2007-0311 (Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5408 - data/CVE
Author: jmm-guest
Date: 2007-02-04 19:35:38 +0100 (Sun, 04 Feb 2007)
New Revision: 5408
Modified:
data/CVE/list
Log:
mpg123 unimportant
flash issue windows-only
added unstable entry for elog
bbclone fixed
Modified: data/CVE/list
===
--- data/CVE/list 2007-02-04 15:58:18 UTC (rev 5407)
+++ data/CVE/list 2007-02-04 18:35:38 UTC (rev 5408)
@@ -225,7 +225,9 @@
CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde
Groupware ...)
NOT-FOR-US: Horde Groupware
CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64
allows ...)
- - mpg123 unfixed (bug #409296; low)
+ - mpg123 unfixed (bug #409296; unimportant)
+ NOTE: Not much of a security problem; user will abort mpg123 and never
listen to
+ NOTE: the faulty stream again
CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in
...)
NOT-FOR-US: ACGVclick
CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in
Xt-Stats ...)
@@ -470,7 +472,7 @@
CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in
WebRoot Spy ...)
NOT-FOR-US: WebRoot Spy Sweeper
CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php
in ...)
- - bbclone unfixed (bug #408839; medium)
+ - bbclone 0.4.6-8 (bug #408839; medium)
CVE-2007- [hinfo code injection]
- hinfo 1.02-3.1 (bug #402316)
CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3,
9.4.0a1 ...)
@@ -1779,7 +1781,7 @@
CVE-2006-6828 (Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and
earlier ...)
NOT-FOR-US: Efkan Forum
CVE-2006-6827 (Flash8b.ocx in Macromedia Flash 8 allows remote attackers to
cause a ...)
- TODO: check
+ - flashplugin-nonfree not-affected (Windows-specific)
CVE-2006-6826 (Unspecified vulnerability in the tab editor for Personal .NET
Portal ...)
NOT-FOR-US: Personal .NET Portal
CVE-2006-6825 (Calendar MX BASIC 1.0.2 and earlier store sensitive information
under ...)
@@ -2999,7 +3001,7 @@
RESERVED
CVE-2006-6318 (The show_elog_list function in elogd.c in elog 2.6.2 and
earlier ...)
{DSA-1242-1}
- TODO: check
+ - elog 2.6.2+r1754-1
CVE-2006-6317
RESERVED
CVE-2006-6316
@@ -12574,9 +12576,9 @@
CVE-2006-2078 (Multiple unspecified vulnerabilities in multiple FITELnet
products, ...)
NOT-FOR-US: FITELnet
CVE-2006-2077 (Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown
impact ...)
- - pdnsd 1.2.4par-0.1 (bug #368268; high)
+ - pdnsd 1.2.4par-0.1 (bug #368268; medium)
CVE-2006-2076 (Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote
...)
- - pdnsd 1.2.4par-0.1 (bug #368268; high)
+ - pdnsd 1.2.4par-0.1 (bug #368268; medium)
CVE-2006-2075 (Unspecified vulnerability in MyDNS 1.1.0 allows remote
attackers to ...)
[sarge] - mydns 1.0.0-4sarge1
- mydns 1.1.0+pre-3 (medium; bug #348826)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5409 - data/CVE
Author: stef-guest
Date: 2007-02-04 19:51:33 +0100 (Sun, 04 Feb 2007)
New Revision: 5409
Modified:
data/CVE/list
Log:
- new remctl issue fixed
- new ejabberd issue fixed
- viewvc fixed
- some linux issues fixed
Modified: data/CVE/list
===
--- data/CVE/list 2007-02-04 18:35:38 UTC (rev 5408)
+++ data/CVE/list 2007-02-04 18:51:33 UTC (rev 5409)
@@ -1,3 +1,7 @@
+CVE-2007- [remctl ACL bypass vulnverability]
+ - remctl 2.2-2
+CVE-2007- [ejabberd unspecified vulnerability in mod_roster_odbc]
+ - ejabberd 1.1.2-5
CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru
Scripti ...)
TODO: check
CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J
Dropcalc ...)
@@ -3562,7 +3566,7 @@
CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8,
and ...)
NOT-FOR-US: Apple Mac OS X
CVE-2006-6060 (The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18,
and ...)
- - linux-2.6 unfixed (unimportant)
+ - linux-2.6 2.6.18.dfsg.1-10 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for
NetGear ...)
NOT-FOR-US: NetGear
@@ -3573,15 +3577,15 @@
- linux-2.6 unfixed (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions,
when ...)
- - linux-2.6 unfixed (unimportant)
+ - linux-2.6 2.6.18.dfsg.1-10 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the
D-Link ...)
NOT-FOR-US: D-Link
CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local
users to ...)
- - linux-2.6 unfixed (unimportant)
+ - linux-2.6 2.6.18.dfsg.1-10 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local
users ...)
- - linux-2.6 unfixed (unimportant)
+ - linux-2.6 2.6.18.dfsg.1-10 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error
messages ...)
NOT-FOR-US: NetEpi Case Manager
@@ -4069,7 +4073,7 @@
- kfreebsd-5 unfixed
[etch] - kfreebsd-5 no-dsa (no security support for freebsd)
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local
users to ...)
- - linux-2.6 unfixed (low)
+ - linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon
(bpcd.exe) in ...)
NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1
function in ...)
@@ -4214,11 +4218,11 @@
CVE-2006-5758 (Microsoft Windows 2000 through 2000 SP4 and Windows XP through
SP2 ...)
NOT-FOR-US: Microsoft
CVE-2006-5757 (Race condition in the __find_get_block_slow function in the
ISO9660 ...)
- - linux-2.6 unfixed (low)
+ - linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5756
RESERVED
CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems,
does not ...)
- - linux-2.6 2.6.18-1
+ - linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly
...)
TODO: check
CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux
...)
@@ -4231,7 +4235,7 @@
CVE-2006-5750 (Directory traversal vulnerability in the
DeploymentFileRepository ...)
NOT-FOR-US: JBoss
CVE-2006-5749 (The isdn_ppp_ccp_reset_alloc_state function in
drivers/isdn/isdn_ppp.c ...)
- - linux-2.6 unfixed
+ - linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine
in ...)
{DSA-1227-1 DSA-1225-1 DSA-1224-1}
NOTE: MFSA-2006-65
@@ -4937,7 +4941,7 @@
CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive
Mathematics ...)
- wims 3.60-1 (bug #395102)
CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP
...)
- - viewvc unfixed (medium; bug #397669)
+ - viewvc 1.0.3-1 (medium; bug #397669)
CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in
Comdev Web ...)
NOT-FOR-US: Comdev Web Blogger
CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in
Comdev ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5410 - data/CVE
Author: jmm-guest Date: 2007-02-04 22:14:25 +0100 (Sun, 04 Feb 2007) New Revision: 5410 Modified: data/CVE/list Log: remctl issues doesm't affect sarge Modified: data/CVE/list === --- data/CVE/list 2007-02-04 18:51:33 UTC (rev 5409) +++ data/CVE/list 2007-02-04 21:14:25 UTC (rev 5410) @@ -1,5 +1,6 @@ -CVE-2007- [remctl ACL bypass vulnverability] +CVE-2007- [remctl ACL bypass vulnerability] - remctl 2.2-2 + [sarge] - remctl not-affected (Vulnerable code not present) CVE-2007- [ejabberd unspecified vulnerability in mod_roster_odbc] - ejabberd 1.1.2-5 CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5411 - data/CVE
Author: enerv-guest Date: 2007-02-04 22:24:11 +0100 (Sun, 04 Feb 2007) New Revision: 5411 Modified: data/CVE/list Log: CVE-2007-0640 zabbix unfixed. CVE-2007-0664 thttp nof-affected. CVE-2007-0650 tetex-bin unfixed. some NFUs. Modified: data/CVE/list === --- data/CVE/list 2007-02-04 21:14:25 UTC (rev 5410) +++ data/CVE/list 2007-02-04 21:24:11 UTC (rev 5411) @@ -4,11 +4,11 @@ CVE-2007- [ejabberd unspecified vulnerability in mod_roster_odbc] - ejabberd 1.1.2-5 CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti ...) - TODO: check + NOT-FOR-US: Hunkaray Duyuru Scripti CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc ...) - TODO: check + NOT-FOR-US: L2J Dropcalc CVE-2007-0686 (The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) ...) - TODO: check + NOT-FOR-US: Intel 2200BG Cards drive. CVE-2007-0685 (Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and ...) NOT-FOR-US: Internet Explorer CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean ...) @@ -34,27 +34,28 @@ CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and ...) NOT-FOR-US: Windows Mobile CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops amp; Desktops ...) - TODO: check + NOT-FOR-US: (CA) BrightStor CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers ...) - TODO: check + NOT-FOR-US: (CA) BrightStor CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, and 2003 allows ...) NOT-FOR-US: Microsoft Excel CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.3 allows local users to ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2007-0669 RESERVED CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...) - TODO: check + NOT-FOR-US: Sun Solaris. CVE-2007-0667 (Unspecified vulnerability in (1) LedgerSMB before 1.1.5 and (2) ...) - TODO: check + - sql-ledger unfixed (bug #409703; ) CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows attackers to execute arbitrary code ...) - TODO: check + NOT-FOR-US: WS_FTP Server CVE-2007-0665 (Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 ...) - TODO: check + NOT-FOR-US: WS_FTP Server CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root ...) - TODO: check + - thttpd not-affected + NOTE: In accordance with Debian Policy is not possible start Webserver in root directory (/). CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs ...) - TODO: check + NOT-FOR-US: Eclectic Designs CascadianFAQ CVE-2007-0662 (PHP remote file inclusion vulnerability in ...) TODO: check CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), ...) @@ -80,29 +81,29 @@ CVE-2007-0651 RESERVED CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 ...) - TODO: check + - tetex-bin unfixed CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR ...) - TODO: check + NOT-FOR-US: OpenEMR CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice ...) - TODO: check + NOT-FOR-US: Cisco CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote ...) - TODO: check + NOT-FOR-US: AppleKit CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3 allows remote ...) - TODO: check + NOT-FOR-US: iMovie CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote ...) - TODO: check + NOT-FOR-US: iPhoto CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows ...) - TODO: check + NOT-FOR-US: Bloodshed Dev-C++ CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU ...) - TODO: check + NOT-FOR-US: Raymond BERTHOU script collection CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 ...) - TODO: check + NOT-FOR-US: Shaffer Solutions (SSC) CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack ...) - TODO: check + - zabbix unfixed (bug #409257) CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in GuppY ...) - TODO: check + NOT-FOR-US: GuppY CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers ...) TODO:
[Secure-testing-commits] Processing r5411 failed
The error message was: error: unknown package note '' make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5412 - data/CVE
Author: enerv-guest Date: 2007-02-04 22:31:55 +0100 (Sun, 04 Feb 2007) New Revision: 5412 Modified: data/CVE/list Log: fixups. Modified: data/CVE/list === --- data/CVE/list 2007-02-04 21:24:11 UTC (rev 5411) +++ data/CVE/list 2007-02-04 21:31:55 UTC (rev 5412) @@ -20,7 +20,8 @@ CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to ...) NOT-FOR-US: ExtCalendar CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in ...) - TODO: check PHPBB + - phpbb2 not-affected + NOTE: This vulnerability is for CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in ...) NOT-FOR-US: PHPMyRing CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting ...) @@ -46,14 +47,15 @@ CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...) NOT-FOR-US: Sun Solaris. CVE-2007-0667 (Unspecified vulnerability in (1) LedgerSMB before 1.1.5 and (2) ...) - - sql-ledger unfixed (bug #409703; ) + - sql-ledger unfixed (bug #409703) CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows attackers to execute arbitrary code ...) NOT-FOR-US: WS_FTP Server CVE-2007-0665 (Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 ...) NOT-FOR-US: WS_FTP Server CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root ...) - thttpd not-affected - NOTE: In accordance with Debian Policy is not possible start Webserver in root directory (/). + NOTE: In accordance with Debian Policy is not possible start Webserver + NOTE: in root directory (/). CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs ...) NOT-FOR-US: Eclectic Designs CascadianFAQ CVE-2007-0662 (PHP remote file inclusion vulnerability in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5413 - data/CVE
Author: enerv-guest Date: 2007-02-04 22:34:09 +0100 (Sun, 04 Feb 2007) New Revision: 5413 Modified: data/CVE/list Log: CVE-2007-0680 phpbb2 not affected. Modified: data/CVE/list === --- data/CVE/list 2007-02-04 21:31:55 UTC (rev 5412) +++ data/CVE/list 2007-02-04 21:34:09 UTC (rev 5413) @@ -21,7 +21,7 @@ NOT-FOR-US: ExtCalendar CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in ...) - phpbb2 not-affected - NOTE: This vulnerability is for + NOTE: Phpbb Tweaked it is a module to phpbb. CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in ...) NOT-FOR-US: PHPMyRing CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
