[Secure-testing-commits] r2956 - data/CVE

Tue Dec 6 21:52:48 UTC 2005

Author: fw
Date: 2005-12-06 21:52:44 +0000 (Tue, 06 Dec 2005)
New Revision: 2956

Modified:
   data/CVE/list
Log:
CVE-2005-3897: NOT-FOR-US does not allow package annotations.
CVE-2004-2097: fvwm-gnome is a binary package built by fvwm
CVE-2001-1473: Not really NOT-FOR-US:, unfixable protocol issue
CVE-2005-0763: Cannot use <not-affected> due to ordering check
CVE-2003-0039: Record the version Flo's patch was applied.


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2005-12-06 21:40:29 UTC (rev 2955)
+++ data/CVE/list	2005-12-06 21:52:44 UTC (rev 2956)
@@ -354,7 +354,7 @@
 	REJECTED
 CVE-2005-3897 (Apple Safari 2.0.2 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Safari
-	- konqueror <not-affected> (doesn't affect 4:3.4.2-4)
+	NOTE: Not reproducible with konqueror 4:3.4.2-4.
 CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service (CPU ...)
 	TODO: File a bug against mozilla
 CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 ...)
@@ -8019,7 +8019,6 @@
 	NOT-FOR-US: Banner engine
 CVE-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...)
 	- fvwm <not-affected> (Used mktemp)
-	- fvwm-gnome <not-affected> (Used mktemp)
 	- x-base-clients <not-affected> (x11perfcomp uses mkdir atomically)
 	- lvm10 <not-affected> (does not contain lvmcreate_initrd)
 CVE-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...)
@@ -10135,7 +10134,7 @@
 CVE-2001-1474 (SSH before 2.0 disables host key checking when connecting to the ...)
 	NOT-FOR-US: Commercial SSH
 CVE-2001-1473 (The SSH-1 protocol allows remote servers conduct man-in-the-middle ...)
-	NOR-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
+	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol.
 CVE-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 ...)
 	- phpbb2 2.0.6c-1
 CVE-2001-1471 (prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users ...)
@@ -11335,7 +11334,7 @@
 	- rxvt-unicode 5.3-1
 CVE-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...)
 	{DSA-698-1}
-	- mc <not-affected> (Sarge-specific regression correcting a previous DSA)
+	NOTE: Sarge-specific regression correcting a previous DSA.
 CVE-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...)
 	{DSA-702-1}
 	- imagemagick 5:6.0.0-1
@@ -20997,7 +20996,8 @@
 	- courier-ssl 0.40.2-3
 CVE-2003-0039 (ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other ...)
 	{DSA-245}
-	- dhcp3 1.1.2-1
+	- dhcp3 3.0+3.0.1rc11-3
+	NOTE: Version information in DSA is wrong.
 CVE-2003-0033 (Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before ...)
 	{DSA-297}
 	- snort 2.0.0-1


