[Secure-testing-commits] r2593 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Oct 27 10:04:55 UTC 2005 

Author: jmm-guest
Date: 2005-10-27 10:04:50 +0000 (Thu, 27 Oct 2005)
New Revision: 2593

Modified:
   data/CVE/list
Log:
new kernel issue already addressed
new minor gnutls issue
lots of NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-10-27 09:47:42 UTC (rev 2592)
+++ data/CVE/list	2005-10-27 10:04:50 UTC (rev 2593)
@@ -76,66 +76,69 @@
 	NOT-FOR-US: PHP-Nuke
 CVE-2005-3303
 	RESERVED
-begin claimed by jmm
 CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...)
-	TODO: check
+	NOT-FOR-US: NetCache 
 CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple ...)
-	TODO: check
+	NOT-FOR-US: phpCodeGenie
 CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown ...)
-	TODO: check
+	NOT-FOR-US: SurgeMail
 CVE-2004-2536 (The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 ...)
-	TODO: check
+	- linux-2.6 <not-affected> (fixed upstream in 2.6.6)
+	[sarge] - kernel-source-2.6.8 <not-affected> (fixed upstream in 2.6.6)
+	TODO: check 2.4.27
+	NOTE: Was fixed upstream in 2.6.6
 CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before 3.1.0 ...)
-	TODO: check
+	NOT-FOR-US: Sticker
 CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle keep-alive ...)
-	TODO: check
+	NOT-FOR-US: NETFile Server
 CVE-2004-2533 (Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause ...)
-	TODO: check
+	NOT-FOR-US: Serv-U FTP Server
 CVE-2004-2532 (Serv-U FTP server before 5.1.0.0 has a default account and password ...)
-	TODO: check
+	NOT-FOR-US: Serv-U FTP Server
 CVE-2004-2531 (X.509 Certificate Signature Verification in Gnu transport layer ...)
-	TODO: check
+	- gnutls11 <unfixed> (low)
+	TODO: Check, when this was fixed in gnutls12
 CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote attackers ...)
 	TODO: check
 CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the &quot;image send&quot; option by ...)
 	TODO: check
 CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam ...)
-	TODO: check
+	NOT-FOR-US: Webcam Watchdog
 CVE-2004-2527 (The local and remote desktop login screens in Microsoft Windows XP ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2004-2526 (Directory traversal vulnerability in ldacgi.exe in IBM Tivoli ...)
-	TODO: check
+	NOT-FOR-US: Tivoli
 CVE-2004-2525 (Cross-site scripting (XSS) vulnerability in compat.php in Serendipity ...)
-	TODO: check
+	- serendipity <itp> (bug #312413)
 CVE-2004-2524 (clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier ...)
-	TODO: check
+	NOT-FOR-US: WHM AutoPilot
 CVE-2004-2523 (Format string vulnerability in the msg command (cat_message function ...)
-	TODO: check
+	NOT-FOR-US: OpenFTPD
 CVE-2004-2522 (Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server ...)
-	TODO: check
+	NOT-FOR-US: Gattaca
 CVE-2004-2521 (Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Gattaca
 CVE-2004-2520 (POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Gattaca
 CVE-2004-2519 (Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial ...)
-	TODO: check
+	NOT-FOR-US: Gattaca
 CVE-2004-2518 (Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain ...)
-	TODO: check
+	NOT-FOR-US: Gattaca
 CVE-2004-2517 (myServer 0.7.1 allows remote attackers to cause a denial of service ...)
-	TODO: check
+	NOT-FOR-US: myServer
 CVE-2004-2516 (Directory traversal vulnerability in myServer 0.7 allows remote ...)
-	TODO: check
+	NOT-FOR-US: myServer
 CVE-2004-2515 (Format string vulnerability in VMware Workstation 4.5.2 build-8848, if ...)
-	TODO: check
+	NOT-FOR-US: VMWare Workstation
 CVE-2004-2514 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: PowerPortal
 CVE-2004-2513 (Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 ...)
-	TODO: check
+	NOT-FOR-US: Mercury Mail
 CVE-2004-2512 (CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and ...)
-	TODO: check
+	NOT-FOR-US: DCP-Portal
 CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...)
-	TODO: check
-end claimed by jmm
+	NOT-FOR-US: DCP-Portal
+begin claimed by jmm
 CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop ...)
 	TODO: check
 CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) ...)
@@ -190,6 +193,7 @@
 	TODO: check
 CVE-2004-2484 (Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 ...)
 	TODO: check
+end claimed by jmm
 CVE-2005-XXXX [kernel: Signedness problems in net/core/filter]
 	- linux-2.6 2.6.12-2
 	[sarge] - kernel-source-2.4.27 <not-affected>

More information about the Secure-testing-commits mailing list