[Secure-testing-commits] r2775 - data/CVE

Florian Weimer fw at costa.debian.org
Thu Nov 17 14:58:10 UTC 2005 

Author: fw
Date: 2005-11-17 14:58:04 +0000 (Thu, 17 Nov 2005)
New Revision: 2775

Modified:
   data/CVE/list
Log:
Sort out conflicting version annotations.  CVE-2005-0870 was not
completely fixed by phpsysinfo 2.3-3.  The OpenSSL versions for
CVE-2004-0079 and CVE-2004-0081 have been corrected based on the
official advisories (note that 0.9.6d-1 is not a typo).


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-17 14:54:01 UTC (rev 2774)
+++ data/CVE/list	2005-11-17 14:58:04 UTC (rev 2775)
@@ -9419,8 +9419,8 @@
 	NOT-FOR-US: Topic Calendar phpbb2 plugin
 CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...)
 	{DSA-897-1 DSA-724-1}
-	TODO: Double-check, according to 2.3-7 changelog only fixed in -7?
-	- phpsysinfo 2.3-3
+	NOTE: Fix in phpsysinfo 2.3-3 was apparently incomplete.
+	- phpsysinfo 2.3-7
 	- egroupware 1.0.0.009.dfsg-3-3
 	- phpgroupware 0.9.16.008-2
 CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...)
@@ -15541,11 +15541,11 @@
 	- xfree86 4.3.0-2
 CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...)
 	{DSA-465}
-	- openssl <not-affected> (Not affected per DSA-465)
-	- openssl096 0.9.6m-1
+	- openssl 0.9.6d-1
 CVE-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...)
 	{DSA-465}
 	- openssl 0.9.7d-1
+	- openssl096 0.9.6m-1
 CVE-2004-0076
 	REJECTED
 CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...)
@@ -18906,7 +18906,8 @@
 	NOT-FOR-US: os x
 CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute arbitrary ...)
 	{DSA-446}
-	- synaesthesia <not-affected> (synaesthesia no longer setuid)
+	TODO: synaesthesia is no longer setuid.
+	TODO: Maintainer has been contacted to get the exact version.
 CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote authenticated ...)
 	{DSA-447}
 	- hsftp 1.15-1

More information about the Secure-testing-commits mailing list