[Secure-testing-commits] r2552 - data/CVE
Florian Weimer
fw at costa.debian.org
Mon Oct 24 14:18:18 UTC 2005
Author: fw
Date: 2005-10-24 14:18:13 +0000 (Mon, 24 Oct 2005)
New Revision: 2552
Modified:
data/CVE/list
Log:
Some work on CVE-2005-XXXX issues (a few CVE assignments will
hopefully follow)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-10-24 12:35:07 UTC (rev 2551)
+++ data/CVE/list 2005-10-24 14:18:13 UTC (rev 2552)
@@ -56,6 +56,7 @@
NOTE: second hole mentioned in bug report
CVE-2005-XXXX [HTTP Request smuggling in pound]
- pound 1.9.4-1
+ NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...)
- linux-2.6 2.6.12-2
CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in ...)
@@ -478,8 +479,6 @@
CVE-2004-XXXX [Minor dialog box origin spoofing vulnerability in Konqueror]
- kdebase 4:3.3.1-1 (bug #278002; low)
TODO: According to http://secunia.com/secunia_research/2004-10/advisory/ Firefox and Mozilla aff. as well
-CVE-2005-XXXX [apt-listchanges does not drop privs, spawned pagers may permit execution of further commands]
- NOTE: #318736 is not a valid bug, closed
CVE-2003-XXXX [Incomplete reporting of failed logins in login]
- login 1:4.0.3-36 (bug #192849)
CVE-2004-XXXX [slapd debconfage writes password to world readable file under certain circumstances]
More information about the Secure-testing-commits
mailing list