[Secure-testing-commits] r2530 - data/CVE
Florian Weimer
fw at costa.debian.org
Fri Oct 21 11:56:49 UTC 2005
Author: fw
Date: 2005-10-21 11:56:43 +0000 (Fri, 21 Oct 2005)
New Revision: 2530
Modified:
data/CVE/list
Log:
Some bits from bugs-dist.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-10-21 11:54:16 UTC (rev 2529)
+++ data/CVE/list 2005-10-21 11:56:43 UTC (rev 2530)
@@ -41,7 +41,9 @@
CVE-2005-XXXX [Filter information disclosure in mantis]
- mantis <unfixed> (bug #330682; low)
CVE-2005-3258 (The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and ...)
- - squid <unfixed> (bug #334882; medium)
+ - squid <not-affected> (bug #334882; medium)
+ NOTE: Bug was introduced in a patch to squid-2.5.STABLE10,
+ NOTE: this patch was never applied to the Debian package.
CVE-2005-XXXX [Lots of vulnerabilities in ethereal]
- ethereal <unfixed> (bug #334880; medium)
CVE-2005-XXXX [libmad: Assertion failed; buffer overflow]
@@ -7536,7 +7538,9 @@
CVE-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...)
NOT-FOR-US: bBlog
CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...)
- NOTE: upstream says attack won't work, see bug 307575
+ - courier <unfixed> (bug #307575; medium)
+ NOTE: Upstream explanation looks wrong, not all code paths perform
+ NOTE: escaping.
CVE-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local users to ...)
NOT-FOR-US: Adobe Version Cue
CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...)
More information about the Secure-testing-commits
mailing list