[Secure-testing-commits] r2930 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Fri Dec 2 23:04:02 UTC 2005
Author: jmm-guest
Date: 2005-12-02 23:03:57 +0000 (Fri, 02 Dec 2005)
New Revision: 2930
Modified:
data/CVE/list
Log:
update more entries to our fancy new syntax
remove some cruft
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-02 22:49:44 UTC (rev 2929)
+++ data/CVE/list 2005-12-02 23:03:57 UTC (rev 2930)
@@ -7831,10 +7831,10 @@
CVE-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...)
NOT-FOR-US: Banner engine
CVE-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...)
- NOTE: fvwm: uses mktemp
- NOTE: fvwm-gnome: same as fvwm
- NOTE: x-base-clients: x11perfcomp uses mkdir atomically
- NOTE: lvm10: does not contain lvmcreate_initrd
+ - fvwm <not-affected> (Used mktemp)
+ - fvwm-gnome <not-affected> (Used mktemp)
+ - x-base-clients <not-affected> (x11perfcomp uses mkdir atomically)
+ - lvm10 <not-affected> (does not contain lvmcreate_initrd)
CVE-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...)
NOT-FOR-US: Mephistoles
CVE-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...)
@@ -7989,10 +7989,8 @@
{DSA-757-1}
- krb5 1.3.6-4 (medium)
CVE-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...)
- NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
- wordpress 1.5.1-1
CVE-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...)
- NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
- wordpress 1.5.1-1
CVE-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...)
{DSA-753-1}
@@ -8191,8 +8189,6 @@
NOT-FOR-US: JGS-Portal
CVE-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...)
- cheetah 0.9.16-1
- NOTE: testing approval is waiting on verification that the fix works.
- NOTE: see http://lists.debian.org/debian-release/2005/05/msg01428.html
CVE-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...)
NOT-FOR-US: Booby
CVE-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...)
@@ -8202,7 +8198,8 @@
CVE-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...)
NOT-FOR-US: WebAPP
CVE-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to "a ...)
- NOTE: The 1.x version in Sarge and sid is not vulnerable
+ - viewglob 2.0.1-1
+ [sarge] - viewglob <not-affected> (1.x version in Sarge is not vulnerable)
CVE-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...)
NOT-FOR-US: Pico Server
CVE-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...)
@@ -8287,11 +8284,11 @@
- clamav 0.85.1-1
CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
- xfree86 4.3.0.dfsg.1-14 (bug #308783)
- NOTE: Actually affected package is libxpm4.
- NOTE: x11-xorg is not affected (inspected the Subversion tree).
+ - xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree)
CVE-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...)
- NOTE: According to Horms from kernel team 2.6.8 not affected
- - kernel-source-2.6.11 2.6.11-5
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
+ [sarge] - kernel-source-2.6.8 <not-affected>
+ TODO: Check 2.4
CVE-2005-1588 (** DISPUTED ** ...)
NOT-FOR-US: Quick.cart
CVE-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...)
@@ -8340,7 +8337,6 @@
NOT-FOR-US: Acrowave AAP-3100AR wireless router
CVE-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...)
- bugzilla 2.18-7 (bug #308789; medium)
- NOTE: only affects sid
CVE-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...)
- bugzilla 2.16.7-7sarge1
CVE-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...)
@@ -8387,7 +8383,6 @@
{DSA-755-1}
NOTE: CVE info about vulnerable version number is bogus
- tiff 3.7.2-3 (bug #309739)
- NOTE: tiff3g not in testing
CVE-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...)
NOT-FOR-US: Novell Zenworks
CVE-2005-1542
@@ -8458,10 +8453,8 @@
CVE-2005-XXXX [Buffer overflow in libotr]
- libotr 2.0.2-1
CVE-2005-XXXX [vpnc: config file path security hole]
- NOTE: no bug ever filed for this
- vpnc 0.3.2+SVN20050326-2
CVE-2005-XXXX [Several buffer overflows in termpkg]
- NOTE: Not in Sarge
- termpkg 3.3-2
CVE-2005-XXXX [Integer overflow in binutils' ELF parsing]
NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's
@@ -8545,9 +8538,6 @@
CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...)
NOT-FOR-US: DMail
CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...)
- NOTE: not in testing
- NOTE: non-free
- NOTE: minor issues
- qmail-src 1.03-38
CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...)
- qmail-src 1.03-38
@@ -8570,27 +8560,27 @@
CVE-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...)
NOT-FOR-US: ASPRunner
CVE-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...)
- NOTE: not-for-us
+ NOT-FOR-US: ASPRunner
CVE-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...)
- NOTE: not-for-us
+ NOT-FOR-US: ASPRunner
CVE-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers ...)
- NOTE: not-for-us
+ NOT-FOR-US: ASPRunner
CVE-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows ...)
- NOTE: not-for-us
+ NOT-FOR-US: ASPRunner
CVE-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...)
- phpbb2 2.0.10-1
CVE-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote ...)
- phpbb2 2.0.10-1
CVE-2004-2053 (PHP remote file inclusion vulnerability in index.php in EasyIns ...)
- NOTE: not-for-us
+ NOT-FOR-US: Easyins Stadtportal
CVE-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...)
- NOTE: not-for-us
+ NOT-FOR-US: eSeSIX Thintune
CVE-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...)
- NOT-FOR-US: no_package
+ NOT-FOR-US: eSeSIX Thintune
CVE-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...)
- NOT-FOR-US: no_package
+ NOT-FOR-US: eSeSIX Thintune
CVE-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...)
- NOT-FOR-US: no_package
+ NOT-FOR-US: eSeSIX Thintune
CVE-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...)
NOT-FOR-US: no_package
CVE-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...)
More information about the Secure-testing-commits
mailing list