diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2007-01-31 19:38:54 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2007-01-31 19:38:54 +0000 |
| commit | fc7965097a88dc45bd356ec0ed3275c0b38fa642 (patch) | |
| tree | 0ea1a55bd18bcfafa297164d02879b14ebdd7002 /data | |
| parent | cf225dbc45c7361428cf61e4bf3d04806a02389b (diff) | |
iceweasel unimportant
update bind fix
mplayer fixed
ffmpeg fixed
wget not a security problem
some NFUs
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@5390 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/data/CVE/list b/data/CVE/list index 3d1409a24d..a669133d70 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -188,7 +188,8 @@ CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a de CVE-2006-6955 (Opera allows remote attackers to cause a denial of service ...) NOT-FOR-US: Opera CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of service ...) - TODO: check iceweasel + - iceweasel <unfixed> (unimportant) + NOTE: Browser crashes not treated as security problems NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash. CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility Manager ...) NOT-FOR-US: GlobeTrotter Mobility Manager @@ -206,16 +207,18 @@ CVE-2007-XXXX [unsafe alloca() call in chmlib] - chmlib 2:0.39-1 (bug #408603; medium) CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 ...) {DSA-1254-1} - - bind9 1:9.3.4-1 + - bind9 1:9.3.4-2 - bind <not-affected> CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to ...) - - bind9 1:9.3.4-1 + - bind9 1:9.3.4-2 + [sarge] - bind9 <not-affected> (Vulnerable code not present) - bind <not-affected> CVE-2007-XXXX [gstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions] - gstreamer0.10-ffmpeg 0.10.1-6 - gst-ffmpeg 0.8.7-10 + [etch] - ffmpeg 0.cvs20060823-5 - ffmpeg <unfixed> - TODO: check other ffmpeg related packages + - mplayer 1.0~rc1-12 CVE-2007-0471 (sre/params.php in Check Point Connectra NGX R62 and earlier allows ...) NOT-FOR-US: Check Point CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and ...) @@ -233,9 +236,9 @@ CVE-2007-0465 CVE-2007-0464 RESERVED CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X ...) - TODO: check + NOT-FOR-US: Apple CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by ...) - TODO: check + NOT-FOR-US: Apple CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module before ...) - dazuko-source <unfixed> (bug #408300) CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and ...) @@ -471,7 +474,9 @@ CVE-2007-XXXX [python-django flup/FastCGI/debugging issue] CVE-2007-XXXX [gstreamer-ffmpeg unspecified issue related to sps and pps ids] - gstreamer0.10-ffmpeg 0.10.1-5 - gst-ffmpeg 0.8.7-9 - TODO: check other ffmpeg related packages + - mplayer 1.0~rc1-12 + [etch] - ffmpeg 0.cvs20060823-5 + - ffmpeg <unfixed> CVE-2007-XXXX [netpbm heap corruption] - netpbm-free 2:10.0-11 (bug #407605) CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) ...) @@ -1125,7 +1130,6 @@ CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 pat NOTE: of imagination. I suppose KDE Security only issued an update for it NOTE: because the shared underlying code was part of the Month of Apple Bugs NOTE: and they wanted to debunk claims of code injection. - TODO: Check the other usual suspects CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat ...) NOT-FOR-US: Acrobat Reader CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X ...) @@ -1748,7 +1752,6 @@ CVE-2006-6720 (PHP remote file inclusion vulnerability in admin/index_sitios.php CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) ...) - wget <unfixed> (unimportant) NOTE: An FTP server crashing a download utility is a bug, but not a DoS security issue - TODO: insufficient info, check, whether code injection is possible CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default password ...) NOT-FOR-US: Allied Telesis CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management ...) @@ -2370,7 +2373,7 @@ CVE-2006-6491 CVE-2006-6490 RESERVED CVE-2006-6489 (The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for ...) - TODO: check + NOT-FOR-US: SISCO OSI stack CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the Dialog Wrapper ...) NOT-FOR-US: ICONICS CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook ...) |