[Secure-testing-commits] r3170 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Dec 28 00:32:44 UTC 2005 

Author: jmm-guest
Date: 2005-12-28 00:32:39 +0000 (Wed, 28 Dec 2005)
New Revision: 3170

Modified:
   data/CVE/list
Log:
record the fixes of upcoming pound dsa
webmin issue is sarge-specific
ntop issue is a non-issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-27 23:17:49 UTC (rev 3169)
+++ data/CVE/list	2005-12-28 00:32:39 UTC (rev 3170)
@@ -264,7 +264,7 @@
 CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ...)
 	- phpbb2 <unfixed> (unimportant)
 CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when ...)
-	- phpbb2 <unfixed> (bug filed)
+	- phpbb2 <unfixed> (bug #344674)
 CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to ...)
 	NOT-FOR-US: UStore
 CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow ...)
@@ -1324,7 +1324,8 @@
 CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual ...)
 	NOT-FOR-US: Virtual Hosting Control System 
 CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin ...)
-	- webmin <unfixed> (bug #341394; medium)
+	[sarge] - webmin 1.180-3sarge0 (bug #341394; medium)
+	NOTE: Later versions not affected, as the use proper format string passing
 CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...)
 	NOT-FOR-US: BosDates
 CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with ...)
@@ -3051,8 +3052,8 @@
 CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...)
 	NOT-FOR-US: nylon
 CVE-2005-XXXX [ntop format string vulnerability]
-	- ntop <unfixed> (bug #335996; low)
-	NOTE: Possibly not exploitable
+	- ntop <unfixed> (bug #335996; unimportant)
+	NOTE: Not exploitable
 CVE-2005-XXXX [Firefox IFRAME DoS]
 	- mozilla-firefox <unfixed> (bug #336171; low)
 	- firefox 1.4.99+1.5rc3.dfsg-2 (bug #336171; low)
@@ -3344,6 +3345,7 @@
 	- pavuk 0.9.33-1 (bug #264684; high)
 	NOTE: second hole mentioned in bug report
 CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4 allows ...)
+	[sarge] - pound 1.8.2-1sarge1
 	- pound 1.9.4-1 (low)
 	NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
 CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...)
@@ -10760,6 +10762,7 @@
 CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...)
 	- phpmyadmin <not-affected> (Only part of examples that an admin would need to modify anyway)
 CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...)
+	[sarge] - pound 1.8.2-1sarge1
 	- pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
 CVE-2005-1390
 	REJECTED

More information about the Secure-testing-commits mailing list