[Secure-testing-commits] r62 - sarge-checks/CVE
SALVETTI Djoum??
djoume-guest@haydn.debian.org
Tue, 02 Nov 2004 15:39:27 -0700
Author: djoume-guest
Date: 2004-11-02 15:39:20 -0700 (Tue, 02 Nov 2004)
New Revision: 62
Modified:
sarge-checks/CVE/list
Log:
processed a block of CVEs
claimed a little bit more CVEs
Modified: sarge-checks/CVE/list
===================================================================
--- sarge-checks/CVE/list 2004-11-02 17:47:20 UTC (rev 61)
+++ sarge-checks/CVE/list 2004-11-02 22:39:20 UTC (rev 62)
@@ -172,75 +172,131 @@
begin claimed by djoume
CVE-2003-1328
+ NOTE: not-for-us (windows)
CVE-2003-1326
+ NOTE: not-for-us (windows)
CVE-2003-1022
+ - fsp 2.81.b18-1
+ NOTE: covered by DSA-416
CVE-2003-0994
+ NOTE: not-for-us (norton)
CVE-2003-0993
+ - apache 1.3.29.0.2-4
CVE-2003-0991
+ - mailman 2.1-1
NOTE: covered by DSA-436
+ NOTE: don't know if still vulnerable
+ NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this.
+ NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable
CVE-2003-0988
+ - kdepim 3.1.5-1
CVE-2003-0985
+ NOTE: fixed in 2.4.24-rc1
NOTE: covered by DSA-413
CVE-2003-0969
+ - mpg321 0.2.10.3
NOTE: covered by DSA-411
CVE-2003-0966
+ NOTE: not-for-us (elm)
CVE-2003-0924
+ - netpbm-free 2:9.25-9
NOTE: covered by DSA-426
CVE-2003-0905
+ NOTE: not-for-us (microsoft)
CVE-2003-0903
+ NOTE: not-for-us (microsoft)
CVE-2003-0825
+ NOTE: not-for-us (microsoft)
CVE-2003-0145
+ - tcpdump 3.7.2-1
NOTE: covered by DSA-261
CVE-2003-0143
+ - qpopper 4.0.4-9
NOTE: covered by DSA-259
CVE-2003-0125
+ NOTE: not-for-us (SOHO Routefinder)
CVE-2003-0124
+ NOTE: not-for-us (man before 1.51)
CVE-2003-0123
+ NOTE: not-for-us (lotus notes)
CVE-2003-0122
+ NOTE: not-for-us (lotus notes)
CVE-2003-0120
+ - mhc 0.25+20030224-1
NOTE: covered by DSA-256
CVE-2003-0108
+ - tcpdump 3.7.1-1.2
NOTE: covered by DSA-255
CVE-2003-0107
+ - zlib 1.1.4-10
CVE-2003-0104
+ NOTE: not-for-us (peopletools)
CVE-2003-0103
+ NOTE: not-for-us (nokia handset)
CVE-2003-0102
+ - file 3.40-1.1
NOTE: covered by DSA-260
CVE-2003-0100
+ NOTE: not-for-us (cisco)
CVE-2003-0097
+ - php4 4.3.2+rc3-1
CVE-2003-0095
+ NOTE: not-for-us (oracle)
CVE-2003-0094
+ NOTE: not-for-us (mandrake specific)
CVE-2003-0093
+ - tcpdump 3.7.1-1
NOTE: covered by DSA-261
CVE-2003-0088
+ NOTE: not-for-us (macosX)
CVE-2003-0087
+ NOTE: not-for-us (AIX)
CVE-2003-0081
+ - ethereal 0.9.9-2
NOTE: covered by DSA-258
CVE-2003-0079
+ NOTE: not-for-us (hanterm before 2.0.5)
CVE-2003-0078
+ - openssl 0.9.7a-1
NOTE: covered by DSA-253
CVE-2003-0077
+ NOTE: not-for-us (hanterm before 2.0.5)
CVE-2003-0075
+ NOTE: not-for-us (blade encoder not in Debian)
CVE-2003-0073
+ - mysql 4.0.12-2
NOTE: covered by DSA-303
CVE-2003-0071
+ - xfree86 4.2.1-11
NOTE: covered by DSA-380
CVE-2003-0070
+ - vte 0.11.10-1
CVE-2003-0069
+ - putty 0.54-1
CVE-2003-0068
+ - eterm 0.9.2-6
NOTE: covered by DSA-496
CVE-2003-0067
+ NOTE: don't know if still vulnerable
+ NOTE: I have mailed Göran Weinholt <weinholt@debian.org> about this.
+ TODO: check
CVE-2003-0066
+ - rxvt 2.6.4-6.1
+ NOTE: woody version are still vulnerable.
CVE-2003-0065
+ NOTE: not-for-us (uxterm not in Debian)
CVE-2003-0064
+ NOTE: not-for-us (dtterm not in Debian)
CVE-2003-0063
+ - xfree86 4.2.1-11
NOTE: covered by DSA-380
CVE-2003-0062
+ NOTE: not-for-us (NOD32 not in Debian)
CVE-2003-0059
+ TODO: unchecked
CVE-2003-0058
+ TODO: unchecked
-end claimed by djoume
-
CVE-2003-0055
CVE-2003-0054
CVE-2003-0053
@@ -280,6 +336,9 @@
CVE-2003-0004
CVE-2003-0003
CVE-2003-0002
+
+end claimed by djoume
+
CVE-2002-1574
CVE-2002-1560
CVE-2002-1552
@@ -3259,4 +3318,4 @@
CVE-1999-0006
CVE-1999-0005
CVE-1999-0003
-CVE-1999-0002
+aVE-1999-0002