Author: joeyh
Date: 2007-06-16 21:14:07 +0000 (Sat, 16 Jun 2007)
New Revision: 6025
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-06-16 20:59:16 UTC (rev 6024)
+++ data/CVE/list 2007-06-16 21:14:07 UTC (rev 6025)
@@ -794,7 +794,7 @@
- php5 <unfixed>
NOTE: Fix from 5.2.3 was ineffective
CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4,
and ...)
- {DSA-1306-1 DSA-1300-1}
+ {DSA-1308-1 DSA-1306-1 DSA-1300-1}
NOTE: MFSA2007-17
- iceweasel 2.0.0.4-1 (low)
- iceape 1.1.2-1 (low)
@@ -802,7 +802,7 @@
- mozilla <removed> (low)
- xulrunner 1.8.1.4-1 (low)
CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4,
and ...)
- {DSA-1306-1 DSA-1300-1}
+ {DSA-1308-1 DSA-1306-1 DSA-1300-1}
NOTE: MFSA2007-16
- iceweasel 2.0.0.4-1 (medium)
- iceape 1.1.2-1 (medium)
@@ -810,7 +810,7 @@
- mozilla <removed> (medium)
- xulrunner 1.8.1.4-1 (medium)
CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before
...)
- {DSA-1306-1}
+ {DSA-1308-1 DSA-1306-1}
NOTE: MFSA2007-13
- iceweasel 2.0.0.4-1 (unimportant)
- iceape 1.1.2-1 (unimportant)
@@ -818,7 +818,7 @@
- mozilla <removed> (unimportant)
- xulrunner 1.8.1.4-1 (unimportant)
CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla
Firefox ...)
- {DSA-1306-1 DSA-1300-1}
+ {DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1}
NOTE: MFSA2007-12
- iceweasel 2.0.0.4-1 (high)
- iceape 1.1.2-1 (high)
@@ -829,7 +829,7 @@
- xulrunner 1.8.1.4-1 (high)
[sarge] - mozilla-thunderbird <unfixed> (low)
CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla
Firefox ...)
- {DSA-1306-1 DSA-1300-1}
+ {DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1}
NOTE: MFSA2007-12
- iceweasel 2.0.0.4-1 (high)
- iceape 1.1.2-1 (high)
@@ -3698,7 +3698,7 @@
CVE-2007-1593 (The administrative service in Symantec Veritas Volume
Replicator (VVR) ...)
NOT-FOR-US: Symantec
CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
- {DSA-1286-1}
+ {DSA-1304 DSA-1286-1}
- linux-2.6 2.6.20-1 (medium)
CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus
...)
NOT-FOR-US: Trend Micro
@@ -3799,7 +3799,7 @@
CVE-2007-1559 (Stack-based buffer overflow in SonicDVDDashVRNav.dll in Roxio
...)
NOT-FOR-US: Roxio
CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3
...)
- {DSA-1300-1}
+ {DSA-1305-1 DSA-1300-1}
NOTE: Affects various clients, but no practical security implications
NOTE: MFSA2007-15
- icedove 2.0.0.4-1 (unimportant)
@@ -4291,7 +4291,7 @@
CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1
allow ...)
NOT-FOR-US: DropAFew
CVE-2007-1362 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4,
and ...)
- {DSA-1306-1 DSA-1300-1}
+ {DSA-1308-1 DSA-1306-1 DSA-1300-1}
NOTE: MFSA2007-14
- iceape 1.1.2-1 (low)
- iceweasel 2.0.0.4-1 (low)
@@ -4305,7 +4305,7 @@
CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain
applications using ...)
- tomcat4 <removed> (low)
CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x
before ...)
- {DSA-1286-1}
+ {DSA-1304 DSA-1286-1}
- linux-2.6 2.6.20-1
CVE-2007-1356
RESERVED
@@ -4995,6 +4995,7 @@
CVE-2007-1117 (Unspecified vulnerability in Publisher 2007 in Microsoft Office
2007 ...)
NOT-FOR-US: Microsoft Office
CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the
about: URI ...)
+ {DSA-1300-1}
- iceweasel 2.0.0.4-1 (low)
- iceape 1.1.2-1 (low)
- xulrunner 1.8.1.4-1 (bug #415919; bug #415944; bug #415945; low)
@@ -5527,7 +5528,7 @@
CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2,
when ...)
NOT-FOR-US: Cisco
CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read
unreadable ...)
- {DSA-1286-1}
+ {DSA-1304 DSA-1286-1}
- linux-2.6 2.6.20-1 (unimportant)
CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in
the ...)
{DSA-1276-1}
@@ -8846,6 +8847,7 @@
CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem
Haber ...)
NOT-FOR-US: Cilem Haber Free Edition
CVE-2006-6535 (The dev_queue_xmit function in Linux kernel 2.6 can fail before
...)
+ {DSA-1304}
- linux-2.6 <not-affected> (Fixed before upload into the archive;
2.6.10)
CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in
osCommerce ...)
NOT-FOR-US: osCommerce
@@ -9838,6 +9840,7 @@
- dbus 1.0.2-1 (low)
[sarge] - dbus <no-dsa> (Minor issue)
CVE-2006-6106 (Multiple buffer overflows in the cmtp_recv_interopmsg function
in the ...)
+ {DSA-1304}
- linux-2.6 2.6.18.dfsg.1-9
CVE-2006-6105 (Format string vulnerability in the host chooser window
(gdmchooser) in ...)
- gdm 2.16.4-1 (medium; bug #403219)
@@ -9942,6 +9945,7 @@
CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8,
and ...)
NOT-FOR-US: Apple Mac OS X
CVE-2006-6060 (The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18,
and ...)
+ {DSA-1304}
- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for
NetGear ...)
@@ -9952,6 +9956,7 @@
CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other
versions, on ...)
- linux-2.6 <not-affected> (Debian kernels up to 2.6.18 didn't include
GFS)
CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions,
when ...)
+ {DSA-1304}
- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the
D-Link ...)
@@ -9960,6 +9965,7 @@
- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local
users ...)
+ {DSA-1304}
- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error
messages ...)
@@ -10595,14 +10601,17 @@
CVE-2006-5758 (The Graphics Rendering Engine in Microsoft Windows 2000 through
2000 ...)
NOT-FOR-US: Microsoft
CVE-2006-5757 (Race condition in the __find_get_block_slow function in the
ISO9660 ...)
+ {DSA-1304}
- linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5756
REJECTED
CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems,
does not ...)
- linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly
...)
+ {DSA-1304}
- linux-2.6 <not-affected> (Fixed before initial upload; 2.6.10)
CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux
...)
+ {DSA-1304}
- linux-2.6 <unfixed>
CVE-2006-5752
RESERVED
@@ -12414,6 +12423,7 @@
CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and
earlier, ...)
NOT-FOR-US: SISCO OSI stack for Windows
CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly
2.6.12 and ...)
+ {DSA-1304}
- linux-2.6 2.6.14
CVE-2006-4925 (packet.c in ssh in OpenSSH allows remote attackers to cause a
denial ...)
- openssh <unfixed> (unimportant)
@@ -12647,6 +12657,7 @@
CVE-2006-4815
RESERVED
CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does
not ...)
+ {DSA-1304}
- linux-2.6 2.6.18.dfsg.1-9 (low)
- kernel-patch-openvz 028.18.1
CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux
kernel ...)
@@ -13064,6 +13075,7 @@
{DSA-1188-1}
- mailman 1:2.1.8-3
CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE)
decapsulation ...)
+ {DSA-1304}
- linux-2.6 2.6.18-1
CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web
Server ...)
NOT-FOR-US: Data pre-dating the Security Tracker
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
