[Secure-testing-commits] r3093 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Mon Dec 19 00:11:37 UTC 2005
Author: jmm-guest
Date: 2005-12-19 00:11:32 +0000 (Mon, 19 Dec 2005)
New Revision: 3093
Modified:
data/CVE/list
data/embedded-code-copies
Log:
more syntax conversions
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-12-18 22:47:53 UTC (rev 3092)
+++ data/CVE/list 2005-12-19 00:11:32 UTC (rev 3093)
@@ -17583,7 +17583,7 @@
CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...)
- apache 1.3.29.0.2-5
CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...)
- NOT-FOR-US: ltrace; Debian (and no other distribution) installs this SUID root
+ - ltrace <not-affected> (Not setuid/setgid in Debian)
CVE-2004-0170
RESERVED
CVE-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...)
@@ -17686,8 +17686,8 @@
- libxml2 2.6.6-1
CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
- - kernel-source-2.4.27 2.4.27-1
- NOTE: fixed in 2.4.26-rc4
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
+ TODO: Check 2.6
CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...)
- sysstat 5.0.2-1
CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...)
@@ -17743,7 +17743,7 @@
CVE-2004-0076
REJECTED
CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...)
- NOTE: turned out not to be vulnerable. See bug #278777
+ - xsok <not-affected> (Not vulnerable. See bug #278777)
CVE-2004-0073 (PHP remote code injection vulnerability in (1) config.php and (2) ...)
NOT-FOR-US: EasyDynamicPages
CVE-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...)
@@ -17850,8 +17850,7 @@
RESERVED
CVE-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
- - kernel-source-2.4.27 2.4.27-1
- NOTE: fixed in 2.4.25-pre7
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.25-pre7)
CVE-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...)
{DSA-434}
- gaim 1:0.75-2
@@ -17866,8 +17865,7 @@
- gaim 1:0.75-2
CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
- - kernel-source-2.4.27 2.4.27-1
- NOTE: fixed in 2.4.26-rc4
+ - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
CVE-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...)
NOT-FOR-US: FreeBSD netinet
CVE-2003-1565
@@ -17948,12 +17946,10 @@
- flashplugin-nonfree 7.0.25-1
CVE-2003-1016 (Multiple content security gateway and antivirus products allow remote ...)
NOTE: Multiple vendor MIME quote bypass filtering
- TODO: unchecked
CVE-2003-1015 (Multiple content security gateway and antivirus products allow remote ...)
- mime-tools 5.411-2
CVE-2003-1014 (Multiple content security gateway and antivirus products allow remote ...)
NOTE: Multiple vendor MIME RFC822 comment bypass filtering
- TODO: unchecked
CVE-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows ...)
{DSA-407}
- ethereal 0.10.0-1
@@ -17984,7 +17980,6 @@
NOT-FOR-US: Cisco
CVE-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...)
- xchat 2.0.7
- NOTE: apparently only DOS
CVE-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...)
NOT-FOR-US: Solaris
CVE-2003-0998 (Unknown "potential system security vulnerability" in Computer ...)
@@ -18026,7 +18021,7 @@
CVE-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...)
NOT-FOR-US: netware
CVE-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...)
- NOTE: nor-for-us (MacOS)
+ NOT-FOR-US: MacOS
CVE-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...)
NOT-FOR-US: Applied Watch Command Center
CVE-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...)
@@ -18041,8 +18036,8 @@
CVE-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...)
NOT-FOR-US: Sun Fire B1600
CVE-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...)
+ - freeradius 1.0.1 (unimportant)
NOTE: freeradius module in question is not built in debian package
- NOTE: buffer overflow apparently fixed in freeradius 1.0.1
CVE-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...)
- freeradius 0.9.2-4
CVE-2003-0996 (Unknown "System Security Vulnerability" in Computer Associates (CA) ...)
@@ -18087,9 +18082,9 @@
{DSA-405}
- xsok 1.02-11
CVE-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...)
- NOTE: not vulnerable, iwconfig not setuid/setgid in Debian.
+ - wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian)
CVE-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...)
- NOTE: not vulnerable, iwconfig not setuid/setgid in Debian.
+ - wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian)
CVE-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...)
- clamav 0.65
CVE-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...)
@@ -18272,6 +18267,7 @@
NOTE: php4, this bug appears not to have been fixed.
NOTE: submitted to BTS on libapache-mod-php4
NOTE: developer claims there is no problem
+ TODO: Which bug is meant here?
CVE-2003-0862
REJECTED
CVE-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...)
@@ -18279,6 +18275,7 @@
CVE-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...)
- php4 4:4.3.3-1
CVE-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...)
+ TODO: When was this fixed? oldstable could be affected
NOTE: affects glibc 2.2.4, Debian uses 2.3.2
CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...)
{DSA-415}
@@ -18298,6 +18295,7 @@
CVE-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...)
- sylpheed-claws 0.9.8claws-1
CVE-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...)
+ TODO: Check, oldstable might be affected
NOTE: affects openssl 0.9.6. Testing uses 0.9.7.
CVE-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...)
{DSA-410}
@@ -18314,14 +18312,14 @@
CVE-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...)
NOT-FOR-US: JBoss
CVE-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...)
- NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
- NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
+ - libapache-mod-gzip <unfixed> (Debian doesn't enable vulnerable debug mode)
+ TODO: Check, whether this is fixed already
CVE-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
- NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
- NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
+ - libapache-mod-gzip <unfixed> (Debian doesn't enable vulnerable debug mode)
+ TODO: Check, whether this is fixed already
CVE-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
- NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
- NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
+ - libapache-mod-gzip <unfixed> (Debian doesn't enable vulnerable debug mode)
+ TODO: Check, whether this is fixed already
CVE-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...)
NOT-FOR-US: Peoplesoft
CVE-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...)
@@ -18335,7 +18333,7 @@
CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...)
NOT-FOR-US: IBM DB2
CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...)
- NOT-FOR-US: mplayer
+ - mplayer <itp> (bug #113238)
CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...)
NOT-FOR-US: CDE
CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2005-12-18 22:47:53 UTC (rev 3092)
+++ data/embedded-code-copies 2005-12-19 00:11:32 UTC (rev 3093)
@@ -1,3 +1,4 @@
+
This file collects cases, where a source package embeds code from
other projects, without linking dynamically:
@@ -146,3 +147,7 @@
curl:
wget (code for NTLM authentication)
+
+
+TODO evaluate:
+gimp-gap
\ No newline at end of file
More information about the Secure-testing-commits
mailing list