[Secure-testing-commits] r4545 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Aug 9 20:30:01 UTC 2006 

Author: jmm-guest
Date: 2006-08-09 20:29:58 +0000 (Wed, 09 Aug 2006)
New Revision: 4545

Modified:
   data/CVE/list
Log:
dnsmasq issue not in sarge
fix libimager-perl version
old ssh issues don't affect sarge


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-08-09 20:20:42 UTC (rev 4544)
+++ data/CVE/list	2006-08-09 20:29:58 UTC (rev 4545)
@@ -4557,6 +4557,7 @@
 	NOT-FOR-US: vBulletin
 CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of service ...)
 	- dnsmasq 2.30-1 (medium)
+	[sarge] - dnsmasq <not-affected> (Vulnerability was introduced in 2.28)
 CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin ...)
 	{DSA-1057-1}
 	- phpldapadmin 0.9.8.3-1 (bug #365313; low)
@@ -9587,7 +9588,7 @@
 	- graphicsmagick 1.1.7-1
 CVE-2006-0053 (Unspecified vulnerability in Imager (libimager-perl) before 5.0-1 ...)
 	{DSA-1028-1}
-	- libimager-perl 5.0-1 (bug #359661)
+	- libimager-perl 0.50-1 (bug #359661)
 CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, ...)
 	{DSA-1027-1}
 	- mailman 2.1.6-1 (bug #358892)
@@ -14594,7 +14595,8 @@
 	- openssh-krb5 <unfixed> (bug #327233; medium)
 	[sarge] - openssh-krb5 <no-dsa> (Intended bahaviour, see #327233)
 CVE-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...)
-	- openssh 1:4.2p1-1 (bug #326065; medium)
+	- openssh 1:4.2p1-1 (bug #326065; unimportant)
+	NOTE: GSSAPI features not activated in binary builds
 CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...)
 	{DSA-809-1}
 	- squid 2.5.10-5 (medium)
@@ -15765,9 +15767,6 @@
 	NOTE: package (currently in experimental)
 CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
 	- dbmail-pgsql <unfixed> (bug #290833; medium)
-CVE-2005-XXXX [time delay of password check proves account existence to attackers]
-	NOTE: unknown if really a bug; if it is it's different than the previous ssh delay bugs
-	- ssh <unfixed> (bug #314645; low)
 CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote ...)
 	{DSA-922-1 DTSA-16-1}
 	NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
@@ -28199,10 +28198,11 @@
 	- ethereal 0.10.3-1 (bug #239576)
 CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...)
 	{CVE-2000-0992}
-	- openssh <unfixed> (low; bug #270770)
+	- openssh 1:3.9p1-1 (low; bug #270770)
 	NOTE: The directory traversal part has been fixed in OpenSSH 3.9p1.
 	NOTE: The "SUID/SGID across trust boundaries" issue remains, but is
 	NOTE: largely theoretic.  This is a rediscovery of CVE-2000-0992.
+	NOTE: jmm: 3.9p1 thus marked as fixed version
 CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...)
 	- apache 1.3.29.0.2-5
 CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...)
@@ -35197,7 +35197,7 @@
 	TODO: check
 CVE-2000-0992 (Directory traversal vulnerability in scp in sshd 1.2.xx allows a ...)
 	{CVE-2004-0175}
-	- openssh <unfixed> (low; bug #270770)
+	- openssh 1:3.9p1-1 (low; bug #270770)
 	NOTE: Rediscoved as CVE-2004-0175, see there.
 CVE-2000-0991 (Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ...)
 	NOT-FOR-US: Microsoft

More information about the Secure-testing-commits mailing list