[Secure-testing-commits] r3160 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Dec 25 18:43:10 UTC 2005 

Author: jmm-guest
Date: 2005-12-25 18:43:04 +0000 (Sun, 25 Dec 2005)
New Revision: 3160

Modified:
   data/CVE/list
   data/DSA/list
Log:
Bringing the stable information in shape:
- gopher DSA fix was somehow missing
- one phpmyadmin issue was not-affected
- glibc LD_DEBUG issue is a general non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-25 11:17:23 UTC (rev 3159)
+++ data/CVE/list	2005-12-25 18:43:04 UTC (rev 3160)
@@ -3288,6 +3288,7 @@
 	{DSA-880-1}
 	- phpmyadmin 4:2.6.4-pl3-1 (bug #335306; high)
 CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin ...)
+	[sarge] - phpmyadmin <not-affected> (Not affected according to maintainer; #333433)
 	- phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high)
 CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote ...)
 	NOT-FOR-US: OpenWBEM
@@ -14177,9 +14178,11 @@
 CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...)
 	NOT-FOR-US: Cisco
 CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...)
-	- glibc 2.3.5 (bug #272210; low)
+	- glibc 2.3.5 (bug #272210; unimportant)
 	NOTE: according to GOTO Masanori this is not a security problem
-	NOTE: Not exactly sure, which version fixed it, but we play safe with the current
+	NOTE: Jakub Jelinek confirms http://sources.redhat.com/ml/libc-hacker/2004-08/msg00059.html
+	NOTE: Although not a real issue we should play safe with 2.3.5, where the code
+	NOTE: was reorganized
 CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...)
 	NOT-FOR-US: Gentoo specific
 CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-12-25 11:17:23 UTC (rev 3159)
+++ data/DSA/list	2005-12-25 18:43:04 UTC (rev 3160)
@@ -446,6 +446,7 @@
 [30 Sep 2005] DSA-832-1 gopher - buffer overflows
 	{CVE-2005-2772}
 	[woody] - gopher 3.0.3woody4
+	[sarge] - gopher 3.0.7sarge2
 	NOTE: fixed in testing at time of DSA
 [30 Sep 2005] DSA-831-1 mysql-dfsg-4.1 - several
 	{CVE-2005-2558}

More information about the Secure-testing-commits mailing list