[Secure-testing-commits] r3109 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Tue Dec 20 15:51:00 UTC 2005 

Author: jmm-guest
Date: 2005-12-20 15:50:55 +0000 (Tue, 20 Dec 2005)
New Revision: 3109

Modified:
   data/CVE/list
Log:
more syntax conversions


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-20 13:52:07 UTC (rev 3108)
+++ data/CVE/list	2005-12-20 15:50:55 UTC (rev 3109)
@@ -18813,7 +18813,6 @@
 	NOTE: fixed in 2.4.21-rc2
 CVE-2003-0698
 	REJECTED
-	NOTE: see CVE-2003-0743
 CVE-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...)
 	NOT-FOR-US: AIX
 CVE-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...)
@@ -19032,10 +19031,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...)
 	- bugzilla 2.16.3
-	NOTE: in 2.17.x : we need at least 2.17.4
 CVE-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...)
 	- bugzilla 2.16.3
-	NOTE: in 2.17.x : we need at least 2.17.4
 CVE-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...)
 	NOT-FOR-US: Apple
 CVE-2003-0600
@@ -19177,7 +19174,7 @@
 	- apache 1.3.29
 CVE-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...)
 	{DSA-710-1}
-	NOTE: does not affect evolution on debian
+	- evolution <not-affected> (Does not affect evolution on debian)
 	- gtkhtml 1.0.4-6.2
 CVE-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...)
 	{DSA-363}
@@ -19219,7 +19216,7 @@
 CVE-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...)
 	NOT-FOR-US: Microsoft
 CVE-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...)
-	NOTE: appears specific to the knoppix CD
+	- qt-x11-free <not-affected> (appears specific to the knoppix CD)
 CVE-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...)
 	NOT-FOR-US: ProductCart
 CVE-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...)
@@ -19290,7 +19287,7 @@
 CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...)
 	NOT-FOR-US: snitz forums; not in debian
 CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...)
-	NOT-FOR-US: xoop; not in debian
+        - xoops <itp> (bug #207640)
 CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...)
 	NOT-FOR-US: Dantz Retrospect
 CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...)
@@ -19346,6 +19343,7 @@
 	{DSA-357}
 	- wu-ftpd 2.6.2-12
 CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...)
+	- linux-2.6 <not-affected> (Generic C version fixed in 2.6.x)
 	NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
 	NOTE: arch specific asm versions: 
 	NOTE: x86 is not affected
@@ -19359,6 +19357,7 @@
 	RESERVED
 CVE-2003-0462 (A race condition in the way env_start and env_end pointers are ...)
 	{DSA-423 DSA-358}
+	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
 	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
 CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...)
 	{DSA-423 DSA-358}
@@ -19366,7 +19365,7 @@
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
 	- kernel-source-2.4.27 2.4.27-1
 CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...)
-	NOT-FOR-US: apache for win and os/2
+	- apache <not-affected> (Affects only Apache for Windows and OS/2)
 CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...)
 	{DSA-361}
 	- kdelibs 4:3.1.3-1
@@ -19434,9 +19433,8 @@
 	{DSA-322}
 	- typespeed 0.4.4
 CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...)
-	NOTE: various pdf viewers
-	NOTE: kpdf does not seem to support hyperlinks; so not vulnerable
-	NOTE: gpdf 2.8.0 does not seem to be vulnerable
+	- kdegraphics <not-affected> (kdf does not seem to support hyperlinks; so not vulnerable)
+	- gpdf <not-affected> (gpdf 2.8.0 does not seem to be vulnerable)
 	- xpdf 2.02pl1-1
 CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...)
 	{DSA-315}
@@ -19475,7 +19473,8 @@
 CVE-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...)
 	NOT-FOR-US: SMC
 CVE-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...)
-	NOTE: only linux 2.0.x 
+	- kernel-source-2.4.27 <not-affected> (Affects only Linux 2.0.x)
+	- linux-2.6 <not-affected> (Affects only Linux 2.0.x)
 CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...)
 	NOT-FOR-US: Son hServer
 CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...)
@@ -19535,11 +19534,12 @@
 CVE-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...)
 	NOT-FOR-US: RSA ACE/Agent
 CVE-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...)
-	NOTE: pam is not vulnerable in default confuguration
-	NOTE: pam is not vulnerable at all in sarge, according to maintainer
+	[sarge] - pam <not-affected> (pam is not vulnerable at all in sarge, according to maintainer)
+	TODO: Check Woody and sid
 CVE-2003-0387
 	RESERVED
 CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...)
+	TODO: Check, when this was fixed
 	NOTE: fixed in current openssh, which always does reverse mapping now
 CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...)
 	{DSA-310}

More information about the Secure-testing-commits mailing list