[Secure-testing-commits] r110 - sarge-checks/CVE
SALVETTI Djoum??
djoume-guest@haydn.debian.org
Fri, 12 Nov 2004 04:11:55 -0700
Author: djoume-guest
Date: 2004-11-12 04:11:39 -0700 (Fri, 12 Nov 2004)
New Revision: 110
Modified:
sarge-checks/CVE/list
Log:
* processed some CVEs.
Modified: sarge-checks/CVE/list
===================================================================
--- sarge-checks/CVE/list 2004-11-12 07:43:27 UTC (rev 109)
+++ sarge-checks/CVE/list 2004-11-12 11:11:39 UTC (rev 110)
@@ -336,15 +336,17 @@
CVE-2003-0023
NOTE: I'm not sure if this is fix in rxvt 2.6.4-6.1
NOTE: I've mailed maintainers
+ NOTE: No response from maintainers, I've open bug #280873
TODO: check
CVE-2003-0022
NOTE: I'm not sure if this is fix in rxvt 2.6.4-6.1
NOTE: I've mailed maintainers
+ NOTE: No response from maintainers, I've open bug #280873
TODO: check
CVE-2003-0021
- NOTE: I'm not sure if this is fix in eterm 0.9.2-6
- NOTE: I've mailed maintainers
- TODO: check
+ - eterm 0.9.2-1
+ NOTE: According to upstream changelog and http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
+ NOTE: this is fixed in eterm 0.9.2
CVE-2003-0020
- apache 1.3.29.0.2-4
CVE-2003-0019
@@ -399,83 +401,96 @@
CVE-2002-1538
NOTE: not-for-us (acusend not in Debian)
CVE-2002-1537
- TODO: check
+ - phpbb2 2.0.6c-1
+ NOTE: according to http://www.securityfocus.com/archive/1/297419
+ NOTE: phpBB versions above 2.0.0 are not vulnerable.
CVE-2002-1534
+ NOTE: Don't know if macromedia flash player is still vulnerable
+ NOTE: see: http://www.securityfocus.com/archive/1/294206
TODO: check
CVE-2002-1532
- TODO: check
+ NOTE: not-for-us (surfcontrol)
CVE-2002-1531
- TODO: check
+ NOTE: not-for-us (surfcontrol)
CVE-2002-1530
- TODO: check
+ NOTE: not-for-us (surfcontrol)
CVE-2002-1529
- TODO: check
+ NOTE: not-for-us (surfcontrol)
CVE-2002-1528
- TODO: check
+ NOTE: not-for-us (mondosearch)
CVE-2002-1524
- TODO: check
+ NOTE: not-for-us (winamp)
CVE-2002-1521
- TODO: check
+ NOTE: not-for-us (webserver 4D)
CVE-2002-1520
- TODO: check
+ NOTE: not-for-us (WatchGuard)
CVE-2002-1519
- TODO: check
+ NOTE: not-for-us (WatchGuard)
CVE-2002-1518
- TODO: check
+ NOTE: not-for-us (IRIX)
CVE-2002-1517
- TODO: check
+ NOTE: not-for-us (IRIX)
CVE-2002-1516
- TODO: check
+ NOTE: not-for-us (IRIX)
CVE-2002-1514
- TODO: check
+ NOTE: not-for-us (interbase)
CVE-2002-1513
- TODO: check
+ NOTE: not-for-us (OpenVMS)
CVE-2002-1511
- TODO: check
+ - vnc 3.3.3r2-21
CVE-2002-1510
- TODO: check
+ - xfree86 4.1.0-7
CVE-2002-1509
- TODO: check
+ NOTE: not-for-us (redhat and mandrake only)
CVE-2002-1505
- TODO: check
+ NOTE: not-for-us (WoltLab Burning Board not in Debian)
CVE-2002-1502
- TODO: check
+ NOTE: not-for-us (xbreaky not in Debian)
CVE-2002-1501
- TODO: check
+ NOTE: not-for-us (Enterasys)
CVE-2002-1497
- TODO: check
+ NOTE: not-for-us (Null HTTP Server not in Debian)
CVE-2002-1496
- TODO: check
+ NOTE: not-for-us (Null HTTP Server not in Debian)
CVE-2002-1494
- TODO: check
+ NOTE: not-for-us (Aestiva)
CVE-2002-1493
- TODO: check
+ NOTE: not-for-us (Lycos)
CVE-2002-1491
- TODO: check
+ NOTE: not-for-us (Cisco VPN 5000 Client for MacOS)
CVE-2002-1490
- TODO: check
+ NOTE: not-for-us (NetBSD)
CVE-2002-1479
- TODO: check
+ - cacti 0.6.8-1
CVE-2002-1478
+ - cacti 0.6.8a-2
NOTE: covered by DSA-164
CVE-2002-1477
+ - cacti 0.6.8a-2
NOTE: covered by DSA-164
CVE-2002-1476
- TODO: check
+ NOTE: not-for-us (NetBSD)
CVE-2002-1472
- TODO: check
+ - xfree86 4.2.1-1
+ NOTE: Accordong to http://www.securityfocus.com/bid/5735/info/
+ NOTE: woody is still vulnerable
+ NOTE: open bug #280872
CVE-2002-1471
- TODO: check
+ - evolution 1.2.0-1
+ NOTE: woody seems to be still vulnerable
+ NOTE: open bug #280883
CVE-2002-1469
- TODO: check
+ - scponly 3.8-1
+ NOTE: according to http://sublimation.org/scponly/ (scponly home page)
+ NOTE: only versions of scponly older than scponly-2.4 are affected
CVE-2002-1468
- TODO: check
+ NOTE: not-for-us (AIX)
CVE-2002-1463
- TODO: check
+ NOTE: not-for-us (symantec)
CVE-2002-1448
- TODO: check
+ NOTE: not-for-us (Avaya P330, P130, and M770-ATM Cajun products)
CVE-2002-1447
- TODO: check
+ NOTE: not-for-us (Cisco vpn client for UNIX)
CVE-2002-1446
TODO: check
CVE-2002-1443