[Secure-testing-commits] r5165 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Dec 24 14:10:22 CET 2006


Author: jmm-guest
Date: 2006-12-24 14:10:20 +0100 (Sun, 24 Dec 2006)
New Revision: 5165

Modified:
   data/CVE/list
Log:
libflash not in sarge
chetcpasswd CVEfied
libarchive hardly a security issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-12-23 13:21:35 UTC (rev 5164)
+++ data/CVE/list	2006-12-24 13:10:20 UTC (rev 5165)
@@ -1,6 +1,5 @@
 CVE-2006-XXXX [insecure rpath in libflash-mozplugin]
 	- libflash 0.4.13-9 (low; bug #399508)
-	[sarge] - libflash <no-dsa> (minor issue)
 CVE-2006-6697 (CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2006-6696 (Double-free vulnerability in Microsoft Windows 2000, XP, 2003, and ...)
@@ -1830,10 +1829,6 @@
 	NOT-FOR-US: NuStore
 CVE-2003-1308 (CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x ...)
 	- fvwm 2.5.10-1
-CVE-2006-XXXX [chetcpasswd multiple vulnerabilities]
-	- chetcpasswd <unfixed> (bug #394454)
-	NOTE: I've filed a removal bug, this doesn't have a security perspective
-	NOTE: It's too buggy even for sid and was never part of stable or testing
 CVE-2006-5884 (Multiple unspecified vulnerabilities in DirectAnimation ActiveX ...)
 	NOT-FOR-US: DirectAnimation ActiveX controls for Microsoft Internet Explorer
 CVE-2006-5883 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
@@ -2281,7 +2276,7 @@
 CVE-2006-5681 (QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with ...)
 	TODO: check
 CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before ...)
-	- libarchive 1.3.1-1
+	- libarchive 1.3.1-1 (unimportant)
 CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows ...)
 	- kfreebsd-5 <unfixed>
 	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)




More information about the Secure-testing-commits mailing list