[Secure-testing-commits] r3872 - data/CVE

Tue Apr 25 10:54:24 UTC 2006

Author: jmm-guest
Date: 2006-04-25 10:54:16 +0000 (Tue, 25 Apr 2006)
New Revision: 3872

Modified:
   data/CVE/list
Log:
updates on already fixed clamav bugs
no-dsa for older imp4 issue


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-04-25 09:14:24 UTC (rev 3871)
+++ data/CVE/list	2006-04-25 10:54:16 UTC (rev 3872)
@@ -5899,7 +5899,8 @@
 CVE-2005-4081 (Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow ...)
 	NOT-FOR-US: Alisveristr E-commerce
 CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 ...)
-	- imp4 <unfixed> (bug #342654; medium)
+	- imp4 <unfixed> (bug #342654; low)
+	[sarge] - imp4 <no-dsa> (Internet Explorer bug, needs to be fixed there)
 CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote ...)
 	- phpmyadmin <not-affected> (Affects only 2.7.0)
 CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET ...)
@@ -10743,7 +10744,6 @@
 CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
 	- clamav 0.86.2-1 (low)
 	[sarge] - clamav 0.84-2.sarge.2
-	NOTE: suspect this also affects Sarge, not enough info to know what this is
 CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...)
 	NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
 CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...)
@@ -14735,7 +14735,7 @@
 	NOT-FOR-US: HTTP Commander
 CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines]
 	- clamav 0.85.1-1 (low)
-	NOTE: Suspect Sarge is affected, not enough information to certify
+	[sarge] - clamav 0.84-2.sarge.1
 CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
 	- xfree86 4.3.0.dfsg.1-14 (bug #308783)
 	- xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree)


