[Secure-testing-commits] r3894 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Sat Apr 29 16:25:29 UTC 2006


Author: stef-guest
Date: 2006-04-29 16:25:08 +0000 (Sat, 29 Apr 2006)
New Revision: 3894

Modified:
   data/CVE/list
Log:
bugnums
sysvconfig unaffected due to recent sudo change
exiv2 issue already fixed
some NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-04-29 15:47:53 UTC (rev 3893)
+++ data/CVE/list	2006-04-29 16:25:08 UTC (rev 3894)
@@ -331,7 +331,7 @@
 CVE-2006-1866 (Multiple unspecified vulnerabilities in Oracle Database Server ...)
 	NOT-FOR-US: Oracle
 CVE-2006-1865 (Beagle before 0.2.5 can produce certain insecure command lines to ...)
-	- beagle <unfixed> (bug filed; medium)
+	- beagle <unfixed> (bug #365371; medium)
 CVE-2006-1864
 	RESERVED
 CVE-2006-1863 [Don't allow a backslash in a path component]
@@ -3445,7 +3445,7 @@
 CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee WebShield ...)
 	NOT-FOR-US: McAfee WebShield
 CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local ...)
-	- linux-2.6 <unfixed> (bug filed; low)
+	- linux-2.6 <unfixed> (bug #365375; low)
 CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not ...)
 	- linux-2.6 <unfixed>
 CVE-2006-0556
@@ -3711,15 +3711,15 @@
 CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 ...)
 	TODO: check
 CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, ...)
-	TODO: check
+	NOT-FOR-US: Sophos Anti-Virus
 CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Internet Explorer 6 
 CVE-2005-4678 (Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the ...)
 	TODO: check
 CVE-2005-4677 (SQL injection vulnerability in additional_images.php (aka the ...)
-	TODO: check
+	NOT-FOR-US: osCommerce
 CVE-2005-4676 (Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null ...)
-	TODO: check
+	- exiv2 0.9
 CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to execute ...)
 	NOT-FOR-US: VMware
 CVE-2006-0467 (Unspecified vulnerability in Pioneers (formerly gnocatan) before ...)
@@ -7150,14 +7150,13 @@
 CVE-2006-0016
 	RESERVED
 CVE-2006-0015 (Cross-site scripting (XSS) vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-0014 (Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft ...)
 	NOT-FOR-US: Microsoft
-	TODO: check
 CVE-2006-0012 (Unspecified vulnerability in Windows Explorer in Microsoft Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2006-0011
 	RESERVED
 CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 ...)
@@ -7175,7 +7174,7 @@
 CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-0003 (Unspecified vulnerability in the RDS.Dataspace ActiveX control, which ...)
-	TODO: check
+	NOT-FOR-US: RDS.Dataspace
 CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through 2003, ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-0001
@@ -7289,7 +7288,8 @@
 CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to obtain ...)
 	NOT-FOR-US: Fedora Directory Server
 CVE-2005-3629 (initscripts in Red Hat Enterprise Linux 4 does not properly handle ...)
-	TODO: check
+	NOTE: current sudo cleans the environment, so we are not affected
+	- sysvconfig <not-affected> (sudo cleans env anyway)
 CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
 	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
 	- kdegraphics 3.5.0-3




More information about the Secure-testing-commits mailing list