[Secure-testing-commits] r64 - sarge-checks/CVE

SALVETTI Djoum?? djoume-guest@haydn.debian.org
Wed, 03 Nov 2004 07:22:04 -0700 

Author: djoume-guest
Date: 2004-11-03 07:21:47 -0700 (Wed, 03 Nov 2004)
New Revision: 64

Modified:
   sarge-checks/CVE/list
Log:
* update CVE-2003-0067 and CVE-2003-0024 about aterm
* I have some doubt about package version that fixed 
  CVE-2003-0070, I've mailed maintainers.


Modified: sarge-checks/CVE/list
===================================================================
--- sarge-checks/CVE/list	2004-11-02 23:35:38 UTC (rev 63)
+++ sarge-checks/CVE/list	2004-11-03 14:21:47 UTC (rev 64)
@@ -271,6 +271,8 @@
 	NOTE: covered by DSA-380
 CVE-2003-0070
 	- vte 0.11.10-1
+	NOTE: I have mailed maintainer to be 100% sure.
+	TODO: check
 CVE-2003-0069
 	- putty 0.54-1
 CVE-2003-0068
@@ -279,7 +281,9 @@
 CVE-2003-0067
 	NOTE: don't know if still vulnerable
 	NOTE: I have mailed Göran Weinholt <weinholt@debian.org> about this. 
-	TODO: check
+	NOTE: Göran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was 
+	NOTE: never vulnerable to the problem described. 
+	NOTE: this CVE is bogus.
 CVE-2003-0066
 	- rxvt 2.6.4-6.1
 	NOTE: woody version are still vulnerable.
@@ -316,6 +320,10 @@
 	NOTE: covered by DSA-228
 CVE-2003-0027
 CVE-2003-0024
+	NOTE: I have mailed Göran Weinholt <weinholt@debian.org> about this. 
+	NOTE: Göran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was 
+	NOTE: never vulnerable to the problem described.
+	NOTE: this CVE is bogus.
 CVE-2003-0023
 CVE-2003-0022
 CVE-2003-0021