diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2007-08-03 15:04:21 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2007-08-03 15:04:21 +0000 |
commit | e45c3a3b7603ae44fd728430c994f1c701de83f9 (patch) | |
tree | 13929d3e7f95ce7075906fc0776976b933d5d089 /data/CVE | |
parent | 54157f621864f0bfce273c26fd3db8d9cfe8e84e (diff) |
CVE-2007-4049 is a dupe
clamav sarge not-affected
xpdf updates are being prepared
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@6219 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/list.2000 | 3 | ||||
-rw-r--r-- | data/CVE/list.2007 | 12 |
2 files changed, 9 insertions, 6 deletions
diff --git a/data/CVE/list.2000 b/data/CVE/list.2000 index 866851fdaa..23c162c954 100644 --- a/data/CVE/list.2000 +++ b/data/CVE/list.2000 @@ -1688,7 +1688,8 @@ CVE-2000-1207 (userhelper in the usermode package on Red Hat Linux executes ...) CVE-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for mass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 ...) - NOT-FOR-US: Data pre-dating the Security Tracker + - apache 1.3.11 (unimportant) + NOTE: only an example script /usr/share/doc/apache-common/examples/ CVE-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for Apache ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable ...) diff --git a/data/CVE/list.2007 b/data/CVE/list.2007 index a382705b8b..f1dbc7559f 100644 --- a/data/CVE/list.2007 +++ b/data/CVE/list.2007 @@ -143,8 +143,7 @@ CVE-2007-4051 (Heap-based buffer overflow in the FindFiles function in UltraDefr CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta ...) NOT-FOR-US: ADempiere Bazaar CVE-2007-4049 (Cross-site scripting (XSS) vulnerability in the printenv.pl test CGI ...) - - apache <unfixed> (unimportant) - NOTE: only an example script /usr/share/doc/apache-common/examples/ + NOTE: Rediscovery / dupe of CVE-2000-1205 CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...) TODO: check CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) ...) @@ -849,6 +848,7 @@ CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp i CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows ...) {DSA-1340-1 DTSA-43-1} - clamav 0.91-1 + [sarge] - clamav <not-affected> (Vulnerable code was introduced in 0.9x) CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does not make ...) TODO: check CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make use of ...) @@ -1552,10 +1552,12 @@ CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function - xpdf <unfixed> (bug #435462) - kdegraphics 4:3.5.7-3 - koffice <unfixed> - TODO: check pdftohtml/sarge (current poppler source package has a ported version, replaced in Etch) - TODO: check tetex-bin/sarge (links to poppler since 3.0-12) + - pdftohtml <removed> + - tetex-bin 3.0-12 + NOTE: links to poppler since 3.0-12, thus marking as fixed + - pdfkit.framework 0.8-4 + NOTE: links to poppler since 0.8-4, thus marking as fixed TODO: check libextractor/sarge (uses internal pdf decoder since 0.5.12-1) - TODO: check pdfkit.framework/sarge (links to poppler since 0.8-4) TODO: check ipe (only small parts, but with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp) CVE-2007-3386 RESERVED |