[Secure-testing-commits] r5043 - data/CVE

Sat Dec 2 00:03:22 CET 2006

Author: stef-guest
Date: 2006-12-02 00:03:20 +0100 (Sat, 02 Dec 2006)
New Revision: 5043

Modified:
   data/CVE/list
Log:
remove some more obsolete TODOs

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-12-01 22:53:26 UTC (rev 5042)
+++ data/CVE/list	2006-12-01 23:03:20 UTC (rev 5043)
@@ -33754,7 +33754,6 @@
 	NOTE: php4, this bug appears not to have been fixed.
 	NOTE: submitted to BTS on libapache-mod-php4
 	NOTE: developer claims there is no problem
-	TODO: Which bug is meant here?
 CVE-2003-0862
 	REJECTED
 CVE-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...)
@@ -33762,7 +33761,6 @@
 CVE-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...)
 	- php4 4:4.3.3-1
 CVE-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...)
-	TODO: When was this fixed? oldstable could be affected
 	NOTE: affects glibc 2.2.4, Debian uses 2.3.2
 CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...)
 	{DSA-415}
@@ -33781,8 +33779,7 @@
 CVE-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...)
 	- sylpheed-claws 0.9.8claws-1
 CVE-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...)
-	TODO: Check, oldstable might be affected
-	NOTE: affects openssl 0.9.6. Testing uses 0.9.7.
+	- openssl096 0.9.6l
 CVE-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...)
 	{DSA-410}
 	- libnids 1.18-1
@@ -33800,15 +33797,12 @@
 CVE-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...)
 	- libapache-mod-gzip <unfixed> (unimportant)
 	NOTE: Debian doesn't enable vulnerable debug mode.
-	TODO: Check, whether this is fixed already
 CVE-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
 	- libapache-mod-gzip <unfixed> (unimportant)
 	NOTE: Debian doesn't enable vulnerable debug mode.
-	TODO: Check, whether this is fixed already
 CVE-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
 	- libapache-mod-gzip <unfixed> (unimportant)
 	NOTE: Debian doesn't enable vulnerable debug mode.
-	TODO: Check, whether this is fixed already
 CVE-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...)
 	NOT-FOR-US: Peoplesoft
 CVE-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...)
@@ -33822,7 +33816,7 @@
 CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...)
 	NOT-FOR-US: IBM DB2
 CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...)
-	TODO: check mplayer
+	NOTE: mplayer fixed before upload
 CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...)
 	NOT-FOR-US: CDE
 CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...)
@@ -34165,7 +34159,6 @@
 CVE-2003-0682 (&quot;Memory bugs&quot; in OpenSSH 3.7.1 and earlier, with unknown impact, a ...)
 	{DSA-383 DSA-382}
 	- openssh 1:3.6.1p2-9
-	TODO: openssh-krb5: Screwy changelog does not make sense (bug #264717).
 CVE-2003-0681 (A &quot;potential buffer overflow in ruleset parsing&quot; for Sendmail 8.12.9, ...)
 	{DSA-384}
 	- sendmail 8.12.10-1
@@ -34851,8 +34844,7 @@
 CVE-2003-0387
 	RESERVED
 CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...)
-	TODO: Check, when this was fixed
-	NOTE: fixed in current openssh, which always does reverse mapping now
+	- openssh 1:3.8p1-1
 CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...)
 	{DSA-310}
 	- xaos 3.1r-4


