[Secure-testing-commits] r4605 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Aug 20 11:24:16 UTC 2006 

Author: jmm-guest
Date: 2006-08-20 11:24:14 +0000 (Sun, 20 Aug 2006)
New Revision: 4605

Modified:
   data/CVE/list
Log:
bugnums, not-affected


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-08-20 09:35:24 UTC (rev 4604)
+++ data/CVE/list	2006-08-20 11:24:14 UTC (rev 4605)
@@ -345,7 +345,7 @@
 	NOT-FOR-US: Cisco
 CVE-2006-4031 (MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to ...)
 	- mysql-dfsg-5.0 5.0.24-1 (bug #382415; low)
-	- mysql-dfsg <unfixed> (low)
+	- mysql-dfsg <unfixed> (low) (bug #380271; low)
 CVE-2006-4030 (Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and ...)
 	{DSA-1148-1}
 	- gallery 1.5.3-1
@@ -358,6 +358,7 @@
 	RESERVED
 CVE-2006-XXXX [realtime-lsm-source: wrong permissions might lead to local root]
 	- realtime-lsm 0.8.7-2 (bug #382161; low)
+	[sarge] - realtime-lsm <not-affected>
 	NOTE: only to user 1017 or group 1001 and only while root is building the module
 CVE-2006-4026 (PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows ...)
 	NOT-FOR-US: SAPID CMS
@@ -3259,7 +3260,7 @@
 CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in UBBThreads ...)
 	NOT-FOR-US: UBBThreads
 CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP before ...)
-	- openldap2.3 <unfixed> (unimportant)
+	- openldap2.3 <unfixed> (bug #375494; bug #377047; unimportant)
 	NOTE: File is only written and read by slurpd, only editable by root
 CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux ...)
 	NOT-FOR-US: RedCarpet
@@ -6136,8 +6137,8 @@
 CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX ...)
 	NOT-FOR-US: PAJAX
 CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...)
-	- php4 <unfixed> (bug #361854)
-	- php5 5.1.4-0.1 (bug #361917)
+	- php4 <unfixed> (bug #361854, unimportant)
+	- php5 5.1.4-0.1 (bug #361917, unimportant)
 	NOTE: this is arguably not a security vulnerability.
 CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...)
 	NOT-FOR-US: BEA WebLogic
@@ -6250,7 +6251,7 @@
 CVE-2006-1527 (The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote ...)
 	- linux-2.6 2.6.16-12 (low)
 CVE-2006-1526 (Buffer overflow in the X render (Xrender) extension in X.org X server ...)
-	- xorg-server 1:1.0.2-8
+	- xorg-server 1:1.0.2-8 (bug #378464)
 CVE-2006-1525 (ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users ...)
 	{DSA-1103 DSA-1097-1}
 	- linux-2.6 2.6.16-9
@@ -7174,7 +7175,7 @@
 CVE-2005-4729 (SQL injection vulnerabilitiy in show.php in VBZooM Forum allows remote ...)
 	NOT-FOR-US: VBZooM
 CVE-2006-XXXX [Directory traversal issue in Namazu2]
-	- namazu2 2.0.16-1
+	- namazu2 <not-affected> (Windows-specific issue)
 CVE-2006-1166 (Monotone 0.25 and earlier, when a user creates a file in a directory ...)
 	- monotone 0.26pre1-0.1 (low)
 	NOTE: Needs a case-insensitive file system (e.g. VFAT or Samba) on
@@ -28189,7 +28190,7 @@
 	- perl <not-affected> (Win32 specific)
 CVE-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...)
 	{DSA-473}
-	- oftpd 20040304-1
+	- oftpd 20040304-1 (bug #353882)
 CVE-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...)
 	NOT-FOR-US: Symantec Norton Internet Security
 CVE-2004-0374 (Interchange before 5.0.1 allows remote attackers to &quot;expose the ...)

More information about the Secure-testing-commits mailing list