[Secure-testing-commits] r2285 - in data: CAN CVE

Florian Weimer fw at costa.debian.org
Mon Oct 3 11:00:36 UTC 2005 

Author: fw
Date: 2005-10-03 11:00:32 +0000 (Mon, 03 Oct 2005)
New Revision: 2285

Modified:
   data/CAN/list
   data/CVE/list
Log:
Assign bug number to the bugzilla issue.
rxvt issue is already a CVE entry, not nust a CAN.


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-10-03 10:09:44 UTC (rev 2284)
+++ data/CAN/list	2005-10-03 11:00:32 UTC (rev 2285)
@@ -2,8 +2,6 @@
 	- htdig <unfixed> (bug #305996; unknown)
 CAN-2005-XXXX [clamav's VERSION command does not return the currently loaded version]
 	- clamav <unfixed> (bug #323803; low)
-CAN-2003-0066 [rxvt: Arbitatrary command execution through escape sequences]
-	- rxvt 1:2.6.4-6.1 (bug #244810)
 CAN-2005-XXXX [smbmount doesn't honor gid/uid with kernel 2.4]
 	- kernel-source-2.4.27 <unfixed> (bug #310982)
 CAN-2004-XXXX [Minor dialog box origin spoofing vulnerability in Konqueror]
@@ -56,7 +54,7 @@
 CAN-2005-XXXX [DoS triggering endless loops in findutils -follow option]
 	- findutils 4.2.22-1 (bug #313081)
 CAN-2005-XXXX [Two information disclosure vulnerabilities in Bugzilla]
-	- bugzilla <unfixed> (bug filed; medium)
+	- bugzilla <unfixed> (bug #331206; medium)
 CAN-2005-2966 [Arbitrary code execution in import of SVG files in dia]
 	RESERVED
 	- dia 0.94.0-15 (bug #330890; medium)

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-10-03 10:09:44 UTC (rev 2284)
+++ data/CVE/list	2005-10-03 11:00:32 UTC (rev 2285)
@@ -272,9 +272,9 @@
 	NOTE: Goran Weinholt <weinholt at debian.org> tell me that aterm 0.4.2 was 
 	NOTE: never vulnerable to the problem described. 
 	NOTE: this CVE is bogus.
-CVE-2003-0066
-	- RXVT 1:2.6.4-6.1
-	NOTE: woody version are still vulnerable (bug #244810).
+CVE-2003-0066 (rxvt: Arbitatrary command execution through escape sequences)
+	- rxvt 1:2.6.4-6.1 (bug #244810)
+	NOTE: woody version is still vulnerable
 CVE-2003-0065
 	NOTE: not-for-us (uxterm not in Debian)
 CVE-2003-0064

More information about the Secure-testing-commits mailing list