[Secure-testing-commits] r94 - sarge-checks/CVE
SALVETTI Djoum??
djoume-guest@haydn.debian.org
Sun, 07 Nov 2004 05:56:57 -0700
Author: djoume-guest
Date: 2004-11-07 05:56:52 -0700 (Sun, 07 Nov 2004)
New Revision: 94
Modified:
sarge-checks/CVE/list
Log:
* Processed my block
* Claimed some more
Modified: sarge-checks/CVE/list
===================================================================
--- sarge-checks/CVE/list 2004-11-06 23:05:02 UTC (rev 93)
+++ sarge-checks/CVE/list 2004-11-07 12:56:52 UTC (rev 94)
@@ -185,7 +185,6 @@
CVE-2003-0991
- mailman 2.1-1
NOTE: covered by DSA-436
- NOTE: don't know if still vulnerable
NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this.
NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable
CVE-2003-0988
@@ -279,14 +278,13 @@
- eterm 0.9.2-6
NOTE: covered by DSA-496
CVE-2003-0067
- NOTE: don't know if still vulnerable
NOTE: I have mailed Göran Weinholt <weinholt@debian.org> about this.
NOTE: Göran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
NOTE: never vulnerable to the problem described.
NOTE: this CVE is bogus.
CVE-2003-0066
- rxvt 2.6.4-6.1
- NOTE: woody version are still vulnerable.
+ NOTE: woody version are still vulnerable (bug #244810).
CVE-2003-0065
NOTE: not-for-us (uxterm not in Debian)
CVE-2003-0064
@@ -297,67 +295,110 @@
CVE-2003-0062
NOTE: not-for-us (NOD32 not in Debian)
CVE-2003-0059
- TODO: unchecked
+ - krb5 1.2.5-1
CVE-2003-0058
- TODO: unchecked
-
+ - krb5 1.2.5-1
CVE-2003-0055
+ NOTE: not-for-us (apple)
CVE-2003-0054
+ NOTE: not-for-us (apple)
CVE-2003-0053
+ NOTE: not-for-us (apple)
CVE-2003-0052
+ NOTE: not-for-us (apple)
CVE-2003-0051
+ NOTE: not-for-us (apple)
CVE-2003-0050
+ NOTE: not-for-us (apple)
CVE-2003-0045
+ NOTE: not-for-us (windows)
CVE-2003-0043
+ - tomcat 3.3.1a-1
NOTE: covered by DSA-246
CVE-2003-0040
+ - courier-ssl 0.40.2-3
NOTE: covered by DSA-247
CVE-2003-0039
+ - dhcp3 1.1.2-1
NOTE: covered by DSA-245
CVE-2003-0033
+ - snort 2.0.0-1
NOTE: covered by DSA-297
CVE-2003-0032
+ - libmcrypt 2.5.5-1
NOTE: covered by DSA-228
CVE-2003-0027
+ NOTE: not-for-us (sun)
CVE-2003-0024
NOTE: I have mailed Göran Weinholt <weinholt@debian.org> about this.
NOTE: Göran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
NOTE: never vulnerable to the problem described.
NOTE: this CVE is bogus.
CVE-2003-0023
+ NOTE: I'm not sure if this is fix in rxvt 2.6.4-6.1
+ NOTE: I've mailed maintainers
+ TODO: check
CVE-2003-0022
+ NOTE: I'm not sure if this is fix in rxvt 2.6.4-6.1
+ NOTE: I've mailed maintainers
+ TODO: check
CVE-2003-0021
+ NOTE: I'm not sure if this is fix in eterm 0.9.2-6
+ NOTE: I've mailed maintainers
+ TODO: check
CVE-2003-0020
+ - apache 1.3.29.0.2-4
CVE-2003-0019
+ NOTE: not-for-us (redhat 8.0 only)
CVE-2003-0018
+ NOTE: fixed after 2.6/2.4.21 kernel
NOTE: covered by DSA-358
+ NOTE: covered by DSA-423
CVE-2003-0017
+ NOTE: not-for-us (apache on windows)
CVE-2003-0016
+ NOTE: not-for-us (apache on windows)
CVE-2003-0015
+ - cvs 1.11.2-5.1
NOTE: covered by DSA-233
CVE-2003-0013
+ - bugzilla 2.16.2-1
NOTE: covered by DSA-230
CVE-2003-0012
+ - bugzilla 2.16.2-1
NOTE: covered by DSA-230
CVE-2003-0009
+ NOTE: not-for-us (windows)
CVE-2003-0007
+ NOTE: not-for-us (windows)
CVE-2003-0004
+ NOTE: not-for-us (windows)
CVE-2003-0003
+ NOTE: not-for-us (windows)
CVE-2003-0002
-
-end claimed by djoume
-
+ NOTE: not-for-us (windows)
CVE-2002-1574
+ NOTE: fixed after 2.6/2.4.20 kernel
CVE-2002-1560
+ NOTE: not-for-us (gbook not in Debian)
CVE-2002-1552
+ NOTE: not-for-us (novell)
CVE-2002-1550
+ NOTE: not-for-us (AIX)
CVE-2002-1549
+ NOTE: not-for-us (lhttpd not in Debian)
CVE-2002-1548
+ NOTE: not-for-us (AIX)
CVE-2002-1547
+ NOTE: not-for-us (Netscreen)
CVE-2002-1543
+ NOTE: not-for-us (NetBSD)
CVE-2002-1541
+ NOTE: not-for-us (BadBlue not in Debian)
CVE-2002-1540
+ NOTE: not-for-us (norton)
CVE-2002-1538
+ NOTE: not-for-us (acusend not in Debian)
CVE-2002-1537
CVE-2002-1534
CVE-2002-1532
@@ -466,6 +507,9 @@
CVE-2002-1362
NOTE: covered by DSA-211
CVE-2002-1361
+
+end claimed by djoume
+
CVE-2002-1350
NOTE: covered by DSA-206
CVE-2002-1349