[Secure-testing-commits] r2930 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Fri Dec 2 23:04:02 UTC 2005 

Author: jmm-guest
Date: 2005-12-02 23:03:57 +0000 (Fri, 02 Dec 2005)
New Revision: 2930

Modified:
   data/CVE/list
Log:
update more entries to our fancy new syntax
remove some cruft


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-02 22:49:44 UTC (rev 2929)
+++ data/CVE/list	2005-12-02 23:03:57 UTC (rev 2930)
@@ -7831,10 +7831,10 @@
 CVE-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...)
 	NOT-FOR-US: Banner engine
 CVE-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...)
-	NOTE: fvwm: uses mktemp
-	NOTE: fvwm-gnome: same as fvwm
-	NOTE: x-base-clients: x11perfcomp uses mkdir atomically
-	NOTE: lvm10: does not contain lvmcreate_initrd
+	- fvwm <not-affected> (Used mktemp)
+	- fvwm-gnome <not-affected> (Used mktemp)
+	- x-base-clients <not-affected> (x11perfcomp uses mkdir atomically)
+	- lvm10 <not-affected> (does not contain lvmcreate_initrd)
 CVE-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...)
 	NOT-FOR-US: Mephistoles
 CVE-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...)
@@ -7989,10 +7989,8 @@
 	{DSA-757-1}
 	- krb5 1.3.6-4 (medium)
 CVE-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...)
-	NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
 	- wordpress 1.5.1-1
 CVE-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...)
-	NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
 	- wordpress 1.5.1-1
 CVE-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...)
 	{DSA-753-1}
@@ -8191,8 +8189,6 @@
 	NOT-FOR-US: JGS-Portal
 CVE-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...)
 	- cheetah 0.9.16-1
-	NOTE: testing approval is waiting on verification that the fix works.
-	NOTE: see http://lists.debian.org/debian-release/2005/05/msg01428.html
 CVE-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...)
 	NOT-FOR-US: Booby
 CVE-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...)
@@ -8202,7 +8198,8 @@
 CVE-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...)
 	NOT-FOR-US: WebAPP
 CVE-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to &quot;a ...)
-	NOTE: The 1.x version in Sarge and sid is not vulnerable
+	- viewglob 2.0.1-1
+	[sarge] - viewglob <not-affected> (1.x version in Sarge is not vulnerable)
 CVE-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...)
 	NOT-FOR-US: Pico Server
 CVE-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...)
@@ -8287,11 +8284,11 @@
 	- clamav 0.85.1-1
 CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
 	- xfree86 4.3.0.dfsg.1-14 (bug #308783)
-	NOTE: Actually affected package is libxpm4.
-	NOTE: x11-xorg is not affected (inspected the Subversion tree).
+	- xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree)
 CVE-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...)
-	NOTE: According to Horms from kernel team 2.6.8 not affected
-	- kernel-source-2.6.11 2.6.11-5
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
+	[sarge] - kernel-source-2.6.8 <not-affected>
+	TODO: Check 2.4 
 CVE-2005-1588 (** DISPUTED ** ...)
 	NOT-FOR-US: Quick.cart
 CVE-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...)
@@ -8340,7 +8337,6 @@
 	NOT-FOR-US: Acrowave AAP-3100AR wireless router
 CVE-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...)
 	- bugzilla 2.18-7 (bug #308789; medium)
-	NOTE: only affects sid
 CVE-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...)
 	- bugzilla 2.16.7-7sarge1
 CVE-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...)
@@ -8387,7 +8383,6 @@
 	{DSA-755-1}
 	NOTE: CVE info about vulnerable version number is bogus
 	- tiff 3.7.2-3 (bug #309739)
-	NOTE: tiff3g not in testing
 CVE-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...)
 	NOT-FOR-US: Novell Zenworks
 CVE-2005-1542
@@ -8458,10 +8453,8 @@
 CVE-2005-XXXX [Buffer overflow in libotr]
 	- libotr 2.0.2-1
 CVE-2005-XXXX [vpnc: config file path security hole]
-	NOTE: no bug ever filed for this
 	- vpnc 0.3.2+SVN20050326-2
 CVE-2005-XXXX [Several buffer overflows in termpkg]
-	NOTE: Not in Sarge
 	- termpkg 3.3-2 
 CVE-2005-XXXX [Integer overflow in binutils' ELF parsing]
 	NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's
@@ -8545,9 +8538,6 @@
 CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...)
 	NOT-FOR-US: DMail
 CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...)
-	NOTE: not in testing
-	NOTE: non-free
-	NOTE: minor issues
 	- qmail-src 1.03-38
 CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...)
 	- qmail-src 1.03-38
@@ -8570,27 +8560,27 @@
 CVE-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...)
 	NOT-FOR-US: ASPRunner
 CVE-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...)
-	NOTE: not-for-us
+	NOT-FOR-US: ASPRunner
 CVE-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...)
-	NOTE: not-for-us
+	NOT-FOR-US: ASPRunner
 CVE-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers ...)
-	NOTE: not-for-us
+	NOT-FOR-US: ASPRunner
 CVE-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows ...)
-	NOTE: not-for-us
+	NOT-FOR-US: ASPRunner
 CVE-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...)
 	- phpbb2 2.0.10-1
 CVE-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote ...)
 	- phpbb2 2.0.10-1
 CVE-2004-2053 (PHP remote file inclusion vulnerability in index.php in EasyIns ...)
-	NOTE: not-for-us
+	NOT-FOR-US: Easyins Stadtportal
 CVE-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...)
-	NOTE: not-for-us
+	NOT-FOR-US: eSeSIX Thintune
 CVE-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...)
-	NOT-FOR-US: no_package
+	NOT-FOR-US: eSeSIX Thintune
 CVE-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...)
-	NOT-FOR-US: no_package
+	NOT-FOR-US: eSeSIX Thintune
 CVE-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...)
-	NOT-FOR-US: no_package
+	NOT-FOR-US: eSeSIX Thintune
 CVE-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...)
 	NOT-FOR-US: no_package
 CVE-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...)

More information about the Secure-testing-commits mailing list