~wgrant/ubuntu-cve-tracker/mainold

« back to all changes in this revision

Viewing changes to active/CVE-2007-5825

Committer: William Grant
Date: 2008-06-22 00:32:31 UTC
mfrom: (1065.2.136 ubuntu-cve)
Revision ID: william@qeuni.net-20080622003231-wungenas9mpv90zg

Merge from master.

files added:
active/00boilerplate.postgres

active/CVE-2007-5624

active/CVE-2007-5671

active/CVE-2007-5824

active/CVE-2007-5825

active/CVE-2008-0169

active/CVE-2008-0960

active/CVE-2008-0967

active/CVE-2008-1673

active/CVE-2008-1947

active/CVE-2008-2098

active/CVE-2008-2099

active/CVE-2008-2100

active/CVE-2008-2119

active/CVE-2008-2230

active/CVE-2008-2231

active/CVE-2008-2358

active/CVE-2008-2363

active/CVE-2008-2364

active/CVE-2008-2426

active/CVE-2008-2516

active/CVE-2008-2543

active/CVE-2008-2549

active/CVE-2008-2553

active/CVE-2008-2575

active/CVE-2008-2713

retired/CVE-2008-1108

retired/CVE-2008-1109

retired/CVE-2008-1377

retired/CVE-2008-1379

retired/CVE-2008-2152

retired/CVE-2008-2360

retired/CVE-2008-2361

retired/CVE-2008-2362

retired/CVE-2008-2570

retired/CVE-2008-2571

files renamed:
active/CVE-2007-4571 => retired/CVE-2007-4571

active/CVE-2007-4572 => retired/CVE-2007-4572

active/CVE-2007-5536 => retired/CVE-2007-5536

active/CVE-2007-5904 => retired/CVE-2007-5904

active/CVE-2007-6694 => retired/CVE-2007-6694

active/CVE-2008-0007 => retired/CVE-2008-0007

active/CVE-2008-1105 => retired/CVE-2008-1105

active/CVE-2008-1294 => retired/CVE-2008-1294

active/CVE-2008-1375 => retired/CVE-2008-1375

active/CVE-2008-1669 => retired/CVE-2008-1669

files modified:
active/CVE-2005-2097

active/CVE-2005-3863

active/CVE-2006-3619

active/CVE-2007-0175

active/CVE-2007-0540

active/CVE-2007-2138

active/CVE-2007-2727

active/CVE-2007-3639

active/CVE-2007-4153

active/CVE-2007-4154

active/CVE-2007-4352

active/CVE-2007-4769

active/CVE-2007-4772

active/CVE-2007-4829

active/CVE-2007-5051

active/CVE-2007-5333

active/CVE-2007-5392

active/CVE-2007-5393

active/CVE-2007-5803

active/CVE-2007-6067

active/CVE-2007-6203

active/CVE-2007-6420

active/CVE-2007-6600

active/CVE-2007-6601

active/CVE-2008-0165

active/CVE-2008-0444

active/CVE-2008-0445

active/CVE-2008-0554

active/CVE-2008-0891

active/CVE-2008-1102

active/CVE-2008-1103

active/CVE-2008-1360

active/CVE-2008-1382

active/CVE-2008-1419

active/CVE-2008-1420

active/CVE-2008-1423

active/CVE-2008-1474

active/CVE-2008-1567

active/CVE-2008-1633

active/CVE-2008-1672

active/CVE-2008-1675

active/CVE-2008-1679

active/CVE-2008-1693

active/CVE-2008-1721

active/CVE-2008-1767

active/CVE-2008-1771

active/CVE-2008-1801

active/CVE-2008-1802

active/CVE-2008-1803

active/CVE-2008-1804

active/CVE-2008-1878

active/CVE-2008-1887

active/CVE-2008-1897

active/CVE-2008-1922

active/CVE-2008-1924

active/CVE-2008-1926

active/CVE-2008-1927

active/CVE-2008-1974

active/CVE-2008-2142

active/CVE-2008-2302

ignored/not-for-us.txt

retired/CVE-2007-1742

scripts/active_edit

Show diffs side-by-side

added added

removed removed

active/CVE-2007-5825

Candidate: CVE-2007-5825

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5825

Description:

Format string vulnerability in the ws_addarg function in webserver.c in

mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to

execute arbitrary code via a stats method action to /xml-rpc with format string

specifiers in the (1) username or (2) password portion of base64-encoded data

on the "Authorization: Basic" HTTP header line.

Ubuntu-Description:

Notes:

Bugs:

Priority: medium

Discovered-by:

Assigned-to:

Patches_mt-daapd:

upstream_mt-daapd: released (0.9~r1696-1)

dapper_mt-daapd: DNE

feisty_mt-daapd: needed

gutsy_mt-daapd: needed

hardy_mt-daapd: not-affected (0.9~r1696-1.1)

devel_mt-daapd: not-affected (0.9~r1696-1.3build1)

Older »