[Secure-testing-commits] r2722 - data/CVE
Neil McGovern
neilm at costa.debian.org
Sun Nov 13 17:09:26 UTC 2005
Author: neilm
Date: 2005-11-13 17:09:22 +0000 (Sun, 13 Nov 2005)
New Revision: 2722
Modified:
data/CVE/list
Log:
Did (all but one) 2002 TODO:s
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-11-13 16:00:41 UTC (rev 2721)
+++ data/CVE/list 2005-11-13 17:09:22 UTC (rev 2722)
@@ -19119,9 +19119,7 @@
NOTE: according to http://www.securityfocus.com/archive/1/297419
NOTE: phpBB versions above 2.0.0 are not vulnerable.
CVE-2002-1534 (Macromedia Flash Player allows remote attackers to read arbitrary ...)
- NOTE: Don't know if macromedia flash player is still vulnerable
- NOTE: see: http://www.securityfocus.com/archive/1/294206
- TODO: check
+ NOTE: only affects flash 6.0 - 6.0.47.0, which is not in Debian
CVE-2002-1532 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
NOT-FOR-US: surfcontrol
CVE-2002-1531 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
@@ -19632,10 +19630,12 @@
{DSA-254}
CVE-2002-1050 (Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote ...)
{DSA-148}
- TODO: check
+ - hylafax 4.1.2-2.1
+ [woody] - hylafax 4.1.1-1.1
CVE-2002-1049 (Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows ...)
{DSA-148}
- TODO: check
+ - hylafax 4.1.2-2.1
+ [woody] - hylafax 4.1.1-1.1
CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard ...)
NOT-FOR-US: Watchguard Firebox firmware
CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL) before ...)
@@ -19772,7 +19772,8 @@
NOT-FOR-US: Cisco
CVE-2002-0847 (tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers ...)
{DSA-145}
- TODO: check
+ - tinyproxy 1.4.3-3
+ [woody] - tinyproxy 1.4.3-2woody2
CVE-2002-0846 (The decoder for Macromedia Shockwave Flash allows remote attackers to ...)
- flashplugin-nonfree 6.0.47
CVE-2002-0845 (Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows ...)
@@ -19805,10 +19806,12 @@
NOT-FOR-US: Windows
CVE-2002-0818 (wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote ...)
{DSA-144}
- TODO: check
+ - wwwoffle 2.7d-1
+ [woody] - wwwoffle 2.7a-1.2
CVE-2002-0817 (Format string vulnerability in super for Linux allows local users to ...)
{DSA-139}
- TODO: check
+ - super 3.18.0-3
+ [woody] - super 3.16.1-1.2
CVE-2002-0816 (Buffer overflow in su in Tru64 Unix 5.x allows local users to gain ...)
NOT-FOR-US: HP Tru64
CVE-2002-0814 (Buffer overflow in VMware Authorization Service for VMware GSX Server ...)
@@ -19961,9 +19964,11 @@
{DSA-160}
CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache user to ...)
{DSA-137}
- TODO: check
+ - libmm11 1.1.3-6.1
+ - libmm13 1.3.1-1
CVE-2002-0653 (Off-by-one buffer overflow in rewrite_command hook for mod_ssl Apache ...)
- TODO: check
+ {DSA-135}
+ - libapache-mod-ssl 2.8.9-2
STOP: this is approximatly the release of woody, so we can stop here
CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc, and ...)
CVE-2002-0650 (The keep-alive mechanism for Microsoft SQL Server 2000 allows remote ...)
More information about the Secure-testing-commits
mailing list