[Secure-testing-commits] r2642 - in data: CVE DSA

Wed Nov 2 09:26:24 UTC 2005

Author: jmm-guest
Date: 2005-11-02 09:26:18 +0000 (Wed, 02 Nov 2005)
New Revision: 2642

Modified:
   data/CVE/list
   data/DSA/list
Log:
junkbuster update (a bug has been filed against it claiming it's unfixed, sent followup)


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2005-11-02 09:20:21 UTC (rev 2641)
+++ data/CVE/list	2005-11-02 09:26:18 UTC (rev 2642)
@@ -8549,8 +8549,7 @@
 	NOT-FOR-US: Sumus web server
 CVE-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...)
 	{DSA-713-1}
-	NOTE: only part of Woody, has been removed from Sarge and sid
-	NOT-FOR-US: Junkbuster
+	- junkbuster <removed>
 	NOTE: checked privoxy, is not vulnerable
 CVE-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
 	{DSA-713-1}

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-11-02 09:20:21 UTC (rev 2641)
+++ data/DSA/list	2005-11-02 09:26:18 UTC (rev 2642)
@@ -774,8 +774,7 @@
 	NOTE: only a bug in the backported fix to stable, testing is ok
 [21 Apr 2005] DSA-713-1 junkbuster - several
 	{CVE-2005-1108 CVE-2005-1109}
-	[woody] - junkbuster 2.0.2-0.2woody1
-	NOTE: package not in testing/unstable
+	[woody] - junkbuster 2.0.2-0.2woody1 (bug #304793)
 [19 Apr 2005] DSA-712-1 geneweb - insecure file operations
 	{CVE-2005-0391}
 	[woody] - geneweb 4.06-2woody1


