[Secure-testing-commits] r3159 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Dec 25 11:17:31 UTC 2005 

Author: jmm-guest
Date: 2005-12-25 11:17:23 +0000 (Sun, 25 Dec 2005)
New Revision: 3159

Modified:
   data/CVE/list
Log:
let's eliminate false positives and bring the tracker in shape for
woody and sarge; I've browsed through all Bugzilla issues and
most do not affect stable and oldstable


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-25 11:03:06 UTC (rev 3158)
+++ data/CVE/list	2005-12-25 11:17:23 UTC (rev 3159)
@@ -3834,8 +3834,12 @@
 CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option]
 	- findutils 4.2.22-1 (bug #313081)
 CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...)
+	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
+	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
 	- bugzilla 2.18.4-1 (bug #331206; medium)
 CVE-2005-3139 (Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...)
+	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected)
+	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected)
 	- bugzilla 2.18.4-1 (bug #331206; medium)
 CVE-2005-2966 (The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and ...)
 	{DSA-847-1}
@@ -5961,6 +5965,8 @@
 CVE-2005-XXXX [nvi: init.d recover file security bugs]
 	- nvi 1.79-22 (bug #298114; medium)
 CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
+	[woody] - bugzilla <not-affected> (Vulnerable script is not present)
+	[sarge] - bugzilla <not-affected> (Vulnerable script is not present)
 	- bugzilla 2.18.3-2 (bug #321567; low)
 CVE-2005-XXXX [Crypto weakness in Tor's handshaking process]
 	- tor 0.1.0.14-1 (medium)
@@ -7165,8 +7171,12 @@
 CVE-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...)
 	NOT-FOR-US: Notes
 CVE-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...)
+	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
+	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
 	- bugzilla 2.18.3-1 (low)
 CVE-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...)
+	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
+	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
 	- bugzilla 2.18.3-1 (low)
 CVE-2005-2172
 	RESERVED
@@ -9590,6 +9600,8 @@
 CVE-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...)
 	NOT-FOR-US: Acrowave AAP-3100AR wireless router
 CVE-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...)
+	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
+	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
 	- bugzilla 2.18-7 (bug #308789; medium)
 CVE-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...)
 	- bugzilla 2.16.7-7sarge1

More information about the Secure-testing-commits mailing list