[Secure-testing-commits] r2525 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Fri Oct 21 10:05:43 UTC 2005
Author: jmm-guest
Date: 2005-10-21 10:05:38 +0000 (Fri, 21 Oct 2005)
New Revision: 2525
Modified:
data/CVE/list
Log:
processed latest block, yiff "issue" CANified, this includes
the CVE references Micah requested for the kernel. Now that
we have distribution tags we should use them for the kernel
as well. Once they've been incorporated into a DSA we can
move them to DSA/list later on, but as a kernel DSA still does
not seem to be coming soon, we should use it like this.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-10-21 09:18:28 UTC (rev 2524)
+++ data/CVE/list 2005-10-21 10:05:38 UTC (rev 2525)
@@ -1,22 +1,21 @@
-begin claimed by jmm
CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...)
- TODO: check
+ - linux-2.6 2.6.12-2
CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in ...)
- TODO: check
+ - linux-2.6 2.6.13-1
CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 ...)
- TODO: check
+ - linux-2.6 2.6.13-1
CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6 ...)
- TODO: check
+ - linux-2.6 2.6.12-1
CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the ...)
- TODO: check
+ - linux-2.6 2.6.12-1
CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in ...)
- TODO: check
+ - linux-2.6 <not-affected> (Fixed before linux-2.6 was introduced)
CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for Symantec ...)
- TODO: check
+ NOT-FOR-US: Symantec Antivirus
CVE-2005-3269 (Unspecified "security exposure" in the HTTP Admin interface for Sun ...)
- TODO: check
+ NOT-FOR-US: Sun Java System Directory Server
CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and ...)
- TODO: check
+ - yiff-server <unfixed> (bug #334616; low)
CVE-2005-3267
RESERVED
CVE-2005-3266
@@ -24,18 +23,17 @@
CVE-2005-3265
RESERVED
CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog ...)
- TODO: check
+ NOT-FOR-US: Zeroblog
CVE-2005-3263 (Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 ...)
- TODO: check
+ NOT-FOR-US: WinRAR
CVE-2005-3262 (Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows ...)
- TODO: check
+ NOT-FOR-US: WinRAR
CVE-2005-3261 (getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the ...)
- TODO: check
+ NOT-FOR-US: versatileBulletinBoard
CVE-2005-3260 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: versatileBulletinBoard
CVE-2005-3259 (Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) ...)
- TODO: check
-end claimed by jmm
+ NOT-FOR-US: versatileBulletinBoard
CVE-2005-XXXX [Insecure caching of user id in mantis]
- mantis <unfixed> (bug #330682; unknown)
CVE-2005-XXXX [Filter information disclosure in mantis]
@@ -47,8 +45,6 @@
CVE-2005-XXXX [libmad: Assertion failed; buffer overflow]
- libmad <unfixed> (bug #287519; low)
- mad <removed>
-CVE-2005-XXXX [yiff-server: runs as root and opens any file a client asks for]
- - yiff-server <unfixed> (bug #334616; high)
CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...)
- enigmail 2:0.93-1 (unknown)
CVE-2005-3253
More information about the Secure-testing-commits
mailing list