[Secure-testing-commits] r1275 - data/CAN

Moritz Muehlenhoff jmm-guest@costa.debian.org
Fri, 24 Jun 2005 12:16:03 +0000 

Author: jmm-guest
Date: 2005-06-24 12:16:00 +0000 (Fri, 24 Jun 2005)
New Revision: 1275

Modified:
   data/CAN/list
Log:
some severity adjustments as proposed in t-s-t


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-06-24 08:22:44 UTC (rev 1274)
+++ data/CAN/list	2005-06-24 12:16:00 UTC (rev 1275)
@@ -867,7 +867,7 @@
 CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...)
 	NOTE: not-for-us (Avast)
 CAN-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
-	- squirrelmail (unfixed; bug #314374; low)
+	- squirrelmail (unfixed; bug #314374; medium)
 CAN-2005-1768
 	NOTE: reserved
 CAN-2005-1767
@@ -1001,7 +1001,7 @@
 CAN-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
 	- moodle 1.4.4.dfsg.1-3
 CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles]
-	- mutt (unfixed; bug #311296; medium)
+	- mutt (unfixed; bug #311296; low)
 CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php]
 	NOTE: viewFile.php has been removed along with other files in -26, so Debian is
 	NOTE: no longer affected.
@@ -2900,10 +2900,10 @@
 CAN-2005-1268
 	NOTE: reserved
 CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...)
-	- tcpdump 3.9.0.cvs.20050614-1 (low)
+	- tcpdump 3.9.0.cvs.20050614-1 (medium)
 CAN-2005-1266
 	NOTE: reserved
-	- spamassassin (unfixed; bug #314447; low)
+	- spamassassin (unfixed; bug #314447; medium)
 CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...)
 	- kernel-source-2.6.8 (unfixed; medium)
 CAN-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...)
@@ -3364,7 +3364,7 @@
 	NOTE: Not part of Sarge due to FTBFS on ia64 and alpha
 	- oops (unfixed; bug #307360)
 CAN-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...)
-	- ilohamail (unfixed; bug #304525; low)
+	- ilohamail (unfixed; bug #304525; medium)
 CAN-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...)
 	- sudo (unfixed; bug #283161; low)
 CAN-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...)
@@ -4806,7 +4806,7 @@
 	- lesstif1-1 1:0.93.94-11.3
 	- libxpm4 4.3.0.dfsg.1-13
 	NOTE: openmotif is non-free
-	- openmotif 2.2.3-1.1 (low)
+	- openmotif 2.2.3-1.1 (medium)
 CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...)
 	NOTE: not-for-us (GFI Languard Network Security Scanner)
 CAN-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
@@ -5359,7 +5359,7 @@
 	NOTE: not-for-us (Tonecast)
 CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service (infinite ...)
 	NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there
-	- lynx (unfixed; bug #296340; medium)
+	- lynx (unfixed; bug #296340; low)
 CAN-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...)
 	- links 0.99+1.00pre12-1
 CAN-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...)
@@ -8140,7 +8140,7 @@
 	NOTE: but lesstif2 did get fixed for this hole..
 	- lesstif2 1_0.93.94-11.2
 	NOTE: openmotif is non-free
-	- openmotif 2.2.3-1.1 (low)
+	- openmotif 2.2.3-1.1 (medium)
 CAN-2004-0913 (Unknown vulnerability in ecartis 0.x before ...)
 	{DSA-572-1}
 	- squid 2.5.6-9