[Secure-testing-commits] r2935 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sun Dec 4 15:15:31 UTC 2005
Author: jmm-guest
Date: 2005-12-04 15:15:27 +0000 (Sun, 04 Dec 2005)
New Revision: 2935
Modified:
data/CVE/list
Log:
more cleanups
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-04 14:55:52 UTC (rev 2934)
+++ data/CVE/list 2005-12-04 15:15:27 UTC (rev 2935)
@@ -10011,9 +10011,9 @@
CVE-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through ...)
NOT-FOR-US: Lotus Domino
CVE-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and ...)
- NOTE: Generic protocol flaw
+ NOT-FOR-US: Generic protocol flaw
CVE-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not ...)
- NOTE: Generic protocol flaw
+ NOT-FOR-US: Generic protocol flaw
CVE-2001-1442 (Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 ...)
- inn2 2.3.3+20020922-1
- innfeed 0.10.1.7-7
@@ -10058,7 +10058,7 @@
CVE-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent ...)
NOT-FOR-US: Windows
CVE-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ...)
- NOT-FOR-US: Sun's sendmail
+ - sendmail <not-affected> (Sun-specific)
CVE-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions ...)
NOT-FOR-US: Windows
CVE-1999-1578 (Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, ...)
@@ -10102,8 +10102,7 @@
CVE-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote ...)
NOT-FOR-US: Oracle
CVE-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 ...)
- NOTE: According to maintainer posting in debian-release this does only affect 1.190
- NOTE: and not the version in Sarge
+ - webmin 1.200-1
CVE-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...)
NOT-FOR-US: AIX
CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...)
@@ -10226,7 +10225,6 @@
CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...)
NOT-FOR-US: Free BSD
CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...)
- NOTE: Has been removed from Sarge
- libsafe <unfixed> (bug #305070; medium)
CVE-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...)
NOT-FOR-US: Solaris
@@ -10236,7 +10234,6 @@
NOT-FOR-US: monkeyd
CVE-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...)
{DSA-726-1}
- NOTE: Not part of Sarge due to FTBFS on ia64 and alpha
- oops <unfixed> (bug #307360; high)
CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...)
- ilohamail <unfixed> (bug #304525; medium)
@@ -10264,12 +10261,11 @@
CVE-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...)
{DSA-713-1}
- junkbuster <removed> (bug #304793)
- NOTE: checked privoxy, is not vulnerable
+ - privoxy <not-affected>
CVE-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
{DSA-713-1}
- NOTE: only part of Woody, has been removed from Sarge and sid
- NOT-FOR-US: Junkbuster
- NOTE: checked privoxy, is not vulnerable
+ - junkbuster <removed>
+ - privoxy <not-affected>
CVE-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ...)
NOT-FOR-US: McAfee
CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey]
@@ -10357,12 +10353,10 @@
CVE-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to ...)
NOT-FOR-US: Access_user class
CVE-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users ...)
- NOTE: the affected binary is not included in pine binary packages
- NOTE: and the maintainer refuses to maintain code that is not
- NOTE: see bug #304547
+ - pine 4.63-1 (unimportant)
+ NOTE: Not shipped in the binary package
CVE-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ...)
- NOTE: we do not seem to be vulnerable; /var/cache/fonts is not
- NOTE: writiable by normal users in Debian, only by root.
+ - tetex-base <not-affected> (/var/cache/fonts is not writable by normal users in Debian)
CVE-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...)
- rsnapshot 1.2.1-1
CVE-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
@@ -10411,11 +10405,12 @@
CVE-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...)
- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local ...)
- - kernel-source-2.6.11 2.6.11-1
- - kernel-source-2.6.8 2.6.8-16
- NOTE: does not affect 2.4.27 per horms
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ [sarge] - kernel-source-2.6.8 2.6.8-16
+ - kernel-source-2.4.27 <not-affected>
+ TODO: Check, when this was fixed
CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...)
- NOTE: Debian is not affected; see bug # 310833
+ - netapplet <not-affected> (Not vulerable, see bug #310833)
CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...)
- coreutils <unfixed> (bug #304556; low)
CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...)
@@ -10468,10 +10463,6 @@
CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping]
NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix
- imms 2.0.3-1
-CVE-2005-XXXX [Multiple non-descript problems in PHP4]
- NOTE: Reported by NGSS and fixed in 4.3.11, but they decided not to reveal the
- NOTE: details before July 12th. The security fixes are accompanied by dozens of
- NOTE: non-security bugfixes, so it's not obvious from the diff either.
CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
- smarty 2.6.9-1
CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]
@@ -10540,7 +10531,6 @@
CVE-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...)
{DSA-752-1}
- gzip 1.3.5-10
- NOTE: Essentially the same as CVE-2005-0953
CVE-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...)
NOT-FOR-US: IRC Services NickServ
CVE-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, ...)
@@ -10562,7 +10552,9 @@
CVE-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT ...)
NOT-FOR-US: IVT BlueSoleil
CVE-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ...)
- - kernel-source-2.6.8 2.6.8-16 (bug #303177)
+ TODO: Check 2.4 and when this was fixed upstream
+ [sarge] - kernel-source-2.6.8 2.6.8-16 (bug #303177)
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...)
NOT-FOR-US: Apple
CVE-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...)
@@ -10584,7 +10576,7 @@
CVE-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...)
- gaim 1:1.2.1-1
CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
- NOTE: Was once part of Debian, but has been removed
+ - openwebmail <removed>
CVE-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, ...)
- gaim 1:1.2.1-1 (bug #303581)
CVE-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly ...)
@@ -10699,7 +10691,9 @@
NOT-FOR-US: EncapsBB
CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...)
- kernel-source-2.6.8 2.6.8-16
- NOTE: 2.4 doesn't seem to be vulnerable
+ - kernel-source-2.4.27 <not-affected>
+ TODO: Check, when this was fixed
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to ...)
NOT-FOR-US: Webmasters-Debutants WD Guestbook
CVE-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly ...)
More information about the Secure-testing-commits
mailing list