[Secure-testing-commits] r5191 - data/CVE

Thu Dec 28 00:31:04 CET 2006

Author: jmm-guest
Date: 2006-12-28 00:31:02 +0100 (Thu, 28 Dec 2006)
New Revision: 5191

Modified:
   data/CVE/list
Log:
no-dsa and unimportant issues for sarge


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-12-27 23:25:37 UTC (rev 5190)
+++ data/CVE/list	2006-12-27 23:31:02 UTC (rev 5191)
@@ -95,8 +95,9 @@
 CVE-2006-6720 (PHP remote file inclusion vulnerability in admin/index_sitios.php in ...)
 	NOT-FOR-US: Azucar CMS
 CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) ...)
-	- wget <unfixed>
-	TODO: insufficient info, file bug when more info is available
+	- wget <unfixed> (unimportant)
+	NOTE: An FTP server crashing a download utility is a bug, but not a DoS security issue
+	TODO: insufficient info, check, whether code injection is possible
 CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default password ...)
 	NOT-FOR-US: Allied Telesis
 CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management ...)
@@ -139,6 +140,7 @@
 	NOT-FOR-US: Oracle Portal
 CVE-2006-6698 (The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files ...)
 	- gconf2 <unfixed> (low; bug #404743)
+	[sarge] - gconf2 <no-dsa> (Minor nuisance, not much of a security problem)
 CVE-2005-4816 (Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote ...)
 	TODO: check
 CVE-2003-1314 (PHP remote file inclusion vulnerability in admin/auth.php in ...)
@@ -945,6 +947,7 @@
 	NOT-FOR-US: Simple machines Forum
 CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...)
 	- phpmyadmin <unfixed> (low; bug filed)
+	[sarge] - phpmyadmin <no-dsa> (CRLF not backportable to Sarge)
 CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...)
 	- phpmyadmin <unfixed> (unimportant)
 	NOTE: path is known in Debian anyway


