[Secure-testing-commits] r118 - sarge-checks/CVE
SALVETTI Djoum??
djoume-guest@haydn.debian.org
Sun, 14 Nov 2004 11:58:53 -0700
Author: djoume-guest
Date: 2004-11-14 11:58:49 -0700 (Sun, 14 Nov 2004)
New Revision: 118
Modified:
sarge-checks/CVE/list
Log:
* processed my block
* claimed some more
Modified: sarge-checks/CVE/list
===================================================================
--- sarge-checks/CVE/list 2004-11-14 16:01:11 UTC (rev 117)
+++ sarge-checks/CVE/list 2004-11-14 18:58:49 UTC (rev 118)
@@ -492,97 +492,131 @@
CVE-2002-1447
NOTE: not-for-us (Cisco vpn client for UNIX)
CVE-2002-1446
- TODO: check
+ NOTE: not-for-us (nCipher PKCS#11 library)
CVE-2002-1443
- TODO: check
+ NOTE: not-for-us (Google toolbar)
CVE-2002-1438
- TODO: check
+ NOTE: not-for-us (Perl on Novell)
CVE-2002-1437
- TODO: check
+ NOTE: not-for-us (Perl on Novell)
CVE-2002-1436
- TODO: check
+ NOTE: not-for-us (Perl on Novell)
CVE-2002-1435
- TODO: check
+ NOTE: not-for-us (Achievo not in Debian)
CVE-2002-1430
- TODO: check
+ NOTE: not-for-us (Sympoll not in Debian)
CVE-2002-1425
+ - mpack 1.5-9
NOTE: covered by DSA-141
CVE-2002-1424
- TODO: check
+ - mpack 1.5-9
+ NOTE: covered by DSA-141
CVE-2002-1420
- TODO: check
+ NOTE: not-for-us (OpenBSD)
CVE-2002-1419
- TODO: check
+ NOTE: not-for-us (IRIX on Origin)
CVE-2002-1418
- TODO: check
+ NOTE: not-for-us (Novell NetBasic Scripting Server)
CVE-2002-1417
- TODO: check
+ NOTE: not-for-us (Novell NetBasic Scripting Server)
CVE-2002-1414
- TODO: check
+ - qmailadmin 1.0.6-1
CVE-2002-1413
- TODO: check
+ NOTE: not-for-us (RCONAG6 for Novell Netware SP2)
CVE-2002-1412
+ - gallery 1.3-3
NOTE: covered by DSA-138
CVE-2002-1407
- TODO: check
+ NOTE: not-for-us (TinySSL not in Debian)
CVE-2002-1405
+ - lynx 2.8.4.1b-4
NOTE: covered by DSA-210
CVE-2002-1403
+ - dhcpd 1.3.22pl2-2
NOTE: covered by DSA-219
CVE-2002-1396
- TODO: check
+ - php4 4:4.3.2+rc3-1
+ NOTE: according to http://www.securityfocus.com/bid/6488
+ NOTE: woody is not vulnerable
CVE-2002-1394
+ - tomcat4 4.1.9-1
NOTE: covered by DSA-225
CVE-2002-1392
- TODO: check
+ - mgetty 1.1.30-1
+ NOTE: woody version seems to be vulnerable see bug #199351
CVE-2002-1391
- TODO: check
+ - mgetty 1.1.30-1
+ NOTE: woody version seems to be vulnerable see bug #199351
CVE-2002-1390
+ - geneweb 4.09-1
NOTE: covered by DSA-223
CVE-2002-1389
+ - typespeed 0.4.2-2
NOTE: covered by DSA-217
CVE-2002-1388
+ - mhonarc 2.5.14-1
NOTE: covered by DSA-221
CVE-2002-1385
- TODO: check
+ - openwebmail 1.90-1
CVE-2002-1384
+ - xpdf 2.01-2
NOTE: covered by DSA-222
CVE-2002-1382
- TODO: check
+ - flashplugin-nonfree 6.0.69-1
CVE-2002-1381
+ - exim4 4.11-0.0.1
+ NOTE: exim 3.x is still vulnerable in woody, sarge and sid see bug #171774
TODO: check
CVE-2002-1380
+ - kernel-source-2.2.25
NOTE: covered by DSA-336
CVE-2002-1377
+ - vim 6.1.263-1
+ NOTE: woody seems to be still vulnerable
+ NOTE: according to bug #178102 a fixed package was uploaded to the security team in January 2003
+ NOTE: but no advisory (nor fixed package) have been published yet.
+ NOTE: I've mailed maintainer Luca Filipozzi <lfilipoz@debian.org> about this.
TODO: check
CVE-2002-1375
+ - mysql-dfsg 4.0.7.gamma-1
NOTE: covered by DSA-212
CVE-2002-1374
+ - mysql-dfsg 4.0.7.gamma-1
NOTE: covered by DSA-212
CVE-2002-1373
+ - mysql-dfsg 4.0.7.gamma-1
NOTE: covered by DSA-212
CVE-2002-1372
+ - cupsys 1.1.18-1
NOTE: covered by DSA-232
CVE-2002-1371
+ - cupsys 1.1.18-1
NOTE: covered by DSA-232
CVE-2002-1369
+ - cupsys 1.1.18-1
NOTE: covered by DSA-232
CVE-2002-1367
+ - cupsys 1.1.18-1
NOTE: covered by DSA-232
CVE-2002-1366
+ - cupsys 1.1.18-1
NOTE: covered by DSA-232
CVE-2002-1365
+ - fetchmail 6.2.0-1
NOTE: covered by DSA-216
CVE-2002-1364
+ - traceroute-nanog 6.3.0-1
NOTE: covered by DSA-254
CVE-2002-1363
+ - libpng 1.0.12-7
+ - libpng3 1.2.5-8
NOTE: covered by DSA-213
CVE-2002-1362
+ - micq 0.4.9.4-1
+ NOTE: micq not in sarge
NOTE: covered by DSA-211
CVE-2002-1361
-
-end claimed by djoume
-
+ NOTE: not-for-us (sun)
CVE-2002-1350
NOTE: covered by DSA-206
CVE-2002-1349
@@ -707,6 +741,9 @@
NOTE: covered by DSA-172
CVE-2002-1189
TODO: check
+
+end claimed by djoume
+
CVE-2002-1188
TODO: check
CVE-2002-1187