[Secure-testing-commits] r4484 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Tue Aug 1 20:34:38 UTC 2006 

Author: jmm-guest
Date: 2006-08-01 20:34:36 +0000 (Tue, 01 Aug 2006)
New Revision: 4484

Modified:
   data/CVE/list
Log:
potential webalizer issues
track livehttpheaders by source package name
no-dsa for spread
racoon duplicate


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-08-01 20:32:16 UTC (rev 4483)
+++ data/CVE/list	2006-08-01 20:34:36 UTC (rev 4484)
@@ -1,3 +1,6 @@
+CVE-2006-XXXX [Webalizer buffer overflows]
+       - webalizer <unfixed> (unknown)
+       NOTE: 11_various_buffer_overflows should be reviewed for exploitability
 CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ...)
 	NOT-FOR-US: Professional Home Page Tools Guestbook
 CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...)
@@ -304,7 +307,8 @@
 	NOTE: couldn't reproduce without livehttpheaders
 	NOTE: PoC: http://www.sfritsch.de/~stf/CVE-2006-3731.html
 	NOTE: might still be a firefox issue
-	- mozilla-livehttpheaders <unfixed> (bug #379050; low)
+	- livehttpheaders <unfixed> (bug #379050; low)
+	[sarge] - livehttpheaders <not-affected> (Unreproducible on Sarge)
 	[sarge] - mozilla-livehttpheaders <not-affected>
 CVE-2006-3730 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
 	NOT-FOR-US: MSIE
@@ -1590,6 +1594,7 @@
 	RESERVED
 CVE-2006-3118 (spread uses a temporary file with a static filename based on the port ...)
 	- spread <unfixed> (bug #375617; low)
+	[sarge] - spread <no-dsa> (Minimal security implications)
 CVE-2006-3117 (Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up ...)
 	{DSA-1104}
 	- openoffice.org 2.0.3-1
@@ -5110,8 +5115,7 @@
 CVE-2006-1647 (An unspecified &quot;logical programming mistake&quot; in SMART SynchronEyes ...)
 	NOT-FOR-US: SMART SynchronEyes
 CVE-2006-1646 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
-	NOTE: duplicate of CVE-2005-3732
-	- ipsec-tools 1:0.6.3-1 (bug #340584; low)
+	NOT-FOR-US: This is a slightly different racoon version, the Linux fork in Debian was already addressed in CVE-2005-3732
 CVE-2006-1645 (Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav ...)
 	NOT-FOR-US: ReloadCMS
 CVE-2006-1644 (login.php in Interact 2.1.1 generates different responses depending on ...)

More information about the Secure-testing-commits mailing list