[Secure-testing-commits] r2566 - data/CVE

Florian Weimer fw at costa.debian.org
Tue Oct 25 13:39:16 UTC 2005 

Author: fw
Date: 2005-10-25 13:39:11 +0000 (Tue, 25 Oct 2005)
New Revision: 2566

Modified:
   data/CVE/list
Log:
Data from nonvulns-sarge.src, revision 1.26


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-10-25 12:50:21 UTC (rev 2565)
+++ data/CVE/list	2005-10-25 13:39:11 UTC (rev 2566)
@@ -10595,7 +10595,7 @@
 CVE-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...)
 	- pdns 2.9.16-6
 CVE-2005-0427 (Webmin before 1.170-r3 includes the encrypted root password in the ...)
-	- webmin 1.180-1
+	NOT-FOR-US: Gentoo specific
 CVE-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ...)
 	NOT-FOR-US: Solaris
 CVE-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, ...)
@@ -11469,7 +11469,8 @@
 CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, ...)
 	NOT-FOR-US: TikiWiki
 CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain ...)
-	- phpgroupware 0.9.16.005-1
+	- phpgroupware 0.9.16.005-1 (unimportant)
+	NOTE: path disclosure only, path is known on Debian anyway
 CVE-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare ...)
 	- phpgroupware 0.9.16.005-1
 CVE-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and ...)
@@ -11703,7 +11704,7 @@
 	- libapache-mod-python 2:2.7.10-4
 CVE-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...)
 	NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9
-	- alsa-lib 1.0.9-1
+	- alsa-lib 1.0.9-1 (unimportant)
 CVE-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...)
 	NOT-FOR-US: redhat specific less bug
 CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...)
@@ -11841,8 +11842,10 @@
 CVE-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...)
 	NOT-FOR-US: Adobe
 CVE-2005-0034 (An "incorrect assumption" in the authvalidated validator function in ...)
-	NOTE: only affects bind9 9.3.0, we have an earlier version
-	NOTE: fixed in 9.3.1
+	- bind9 1:9.3.1
+	[woody] - bind9 <not-affected>
+	[sarge] - bind9 <not-affected>
+	NOTE: only affects bind9 9.3.0, sarge and woody have an earlier versions
 CVE-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...)
 	- bind 1:8.4.6-1
 CVE-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...)

More information about the Secure-testing-commits mailing list