[Secure-testing-commits] r2813 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Nov 21 16:01:42 UTC 2005 

Author: jmm-guest
Date: 2005-11-21 16:01:37 +0000 (Mon, 21 Nov 2005)
New Revision: 2813

Modified:
   data/CVE/list
Log:
new cscope issue
new unimportant xboard issue
new already fixed samba issue
lots of NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-11-21 15:42:08 UTC (rev 2812)
+++ data/CVE/list	2005-11-21 16:01:37 UTC (rev 2813)
@@ -107,44 +107,43 @@
 	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
 CVE-2005-3665
 	RESERVED
-begin claimed by jmm
 CVE-2004-2558 (Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, ...)
-	TODO: check
+	NOT-FOR-US: Tivoli
 CVE-2004-2557 (NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a ...)
-	TODO: check
+	NOT-FOR-US: Netgear hardware
 CVE-2004-2556 (NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and ...)
-	TODO: check
+	NOT-FOR-US: Netgear hardware
 CVE-2004-2555 (Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses ...)
-	TODO: check
+	NOT-FOR-US: FoolProof Security
 CVE-2004-2554 (Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost ...)
-	TODO: check
+	NOT-FOR-US: Novell Client Firewall
 CVE-2004-2553 (The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows ...)
-	TODO: check
+	NOT-FOR-US: ignitionServer
 CVE-2004-2552 (Buffer overflow in XBoard 4.2.7 and earlier might allow local users to ...)
-	TODO: check
+	- xboard <unfixed> (unimportant)
+	TODO: hardly exploitable, should be fixed anyway
 CVE-2004-2551 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow ...)
-	TODO: check
+	NOT-FOR-US: Layton HelpBox
 CVE-2004-2550 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
-	TODO: check
+	NOT-FOR-US: SandSurfer
 CVE-2004-2549 (Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 ...)
-	TODO: check
+	NOT-FOR-US: Nortel hardware
 CVE-2004-2548 (Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) ...)
-	TODO: check
+	NOT-FOR-US: SurgeMail
 CVE-2004-2547 (NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote ...)
-	TODO: check
+	NOT-FOR-US: SurgeMail
 CVE-2004-2546 (Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a ...)
-	TODO: check
+	- samba 3.0.6-1
 CVE-2004-2545 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Sidewinder G2
 CVE-2004-2544 (Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 ...)
-	TODO: check
+	NOT-FOR-US: Sidewinder G2
 CVE-2004-2543 (Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote ...)
-	TODO: check
+	NOT-FOR-US: Sidewinder G2
 CVE-2004-2542 (Multiple SQL injection vulnerabilities in Dynix (formerly known as ...)
-	TODO: check
+	NOT-FOR-US: Dynix WebPac
 CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows, ...)
-	TODO: check
-end claimed by jmm
+	- cscope <unfixed> (bug filed; medium)
 CVE-2005-XXXX [unsafe file permissions in vpnc]
 	- vpnc <unfixed> (bug #340105; medium)
 CVE-2005-XXXX [Insecure tempfiles in libjpeg]

More information about the Secure-testing-commits mailing list