[Secure-testing-commits] r5203 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Sat Dec 30 23:24:09 CET 2006
Author: stef-guest
Date: 2006-12-30 23:24:06 +0100 (Sat, 30 Dec 2006)
New Revision: 5203
Modified:
data/CVE/list
Log:
checked/removed a few old TODOs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-30 21:00:32 UTC (rev 5202)
+++ data/CVE/list 2006-12-30 22:24:06 UTC (rev 5203)
@@ -4274,7 +4274,7 @@
CVE-2006-4843
RESERVED
CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in ...)
- - xulrunner <unfixed> (low; bug filed)
+ - xulrunner <unfixed> (low; bug #405062)
[sarge] - mozilla <unfixed> (low)
NOTE: could not find setuid binary in sid, but evolution-data-server has a setgid mail binary
NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=351470
@@ -27267,7 +27267,7 @@
- sork-vacation 2.2.2-1
CVE-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...)
- mnemo 1.1-2.1 (bug #307180)
- TODO: check whether nmeno2 is affected as well
+ - nmeno2 <not-affected> (fixed before 2.1.1)
CVE-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...)
- imp4 <not-affected>
- imp3 3.2.8-1 (bug #328218; low)
@@ -31261,13 +31261,11 @@
- linux-2.6 <not-affected>
- kernel-source-2.4.27 2.4.27-10 (bug #308584)
CVE-2005-0136 (The Linux kernel before 2.6.11 on the Itanium IA64 platform has ...)
- TODO: Check, when this was fixed upstream
- TODO: Check, whether 2.4 is affected
[sarge] - kernel-source-2.6.8 2.6.8-14
+ - linux-2.6 2.6.11
CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...)
{DSA-1082-1 DSA-1070-1 DSA-1067-1}
- TODO: Check, when this was fixed upstream
- TODO: Check, whether 2.4 is affected
+ - linux-2.6 <not-affected>
[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...)
NOT-FOR-US: SCO UnixWare
@@ -31297,7 +31295,7 @@
NOT-FOR-US: MacOS
CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
- TODO: Check, when this was fixed upstream
+ - linux-2.6 2.6.12-1
CVE-2005-0123
RESERVED
CVE-2005-0122
@@ -31361,9 +31359,7 @@
- abuse <removed>
CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...)
{DSA-691-1}
- TODO: Check, when this was fixed upstream
- TODO: Check, whether 2.4 is affected
- [sarge] - kernel-source-2.6.8 2.6.8-14
+ - abuse <removed>
CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...)
- squid 2.5.7-4
CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...)
@@ -31403,8 +31399,7 @@
{DSA-653-1}
- ethereal 0.10.9-1
CVE-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and ...)
- NOTE: advisory is vague but implies non-Windows platforms may be vulnerable.
- TODO: Check this
+ - maxdb-7.5.00 7.5.00.24-1
CVE-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...)
- maxdb-7.5.00 7.5.00.21-1
CVE-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)
@@ -32146,7 +32141,6 @@
CVE-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
[sarge] - kernel-source-2.6.8 2.6.8-11
- TODO: Check 2.4
CVE-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 ...)
NOT-FOR-US: Winamp
CVE-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...)
@@ -32380,7 +32374,7 @@
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...)
- TODO: check back with dilinger about 2.6
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: previous fix in -9 has regressions
- kernel-source-2.4.27 2.4.27-10
CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...)
@@ -32545,7 +32539,7 @@
- netkit-telnet-ssl 0.17.24+0.1-6
CVE-2004-0997 (Unspecified vulnerability in the ptrace MIPS assembly code in Linux ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- TODO: check
+ - linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
{DSA-610-1}
- cscope 15.5-1.1 (bug #282815)
@@ -33418,7 +33412,7 @@
CVE-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...)
NOT-FOR-US: CuteNews
CVE-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...)
- TODO: check mplayer
+ - mplayer <not-affected> (fixed before upload in archive; 1.0pre5)
CVE-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...)
- linux-2.6 <not-affected> (Invalid, according to Ben Collins)
- kernel-source-2.4.27 <not-affected> (Invalid, according to Ben Collins)
@@ -33495,9 +33489,10 @@
CVE-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...)
NOT-FOR-US: adobe acrobat
CVE-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...)
- TODO: Check, which 4.1 and 5.0 versions fixed this
- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
+ - mysql-dfsg-4.1 <not-affected> (fixed before first upload; in 4.1.3)
+ - mysql-dfsg-5.0 <not-affected> (fixed before first upload; in 5.0.0)
CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...)
- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
@@ -33577,7 +33572,6 @@
CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...)
- linux-2.6 <not-affected> (Fixed before upload into archive)
TODO: Check, which version fixed this
- TODO: Check 2.4
CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...)
{DSA-669-1 DSA-531}
- php3 3:3.0.18-27
@@ -33585,7 +33579,6 @@
CVE-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...)
{DSA-669-1 DSA-531}
- php4 4:4.3.8-1
- TODO: DSA claims PHP3 is vulnerable, but this is not mentioned in the changelog.
CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
NOT-FOR-US: Sygate Enforcer
CVE-2004-0592 (The tcp_find_option function of the netfilter subsystem for IPv6 in ...)
@@ -33652,7 +33645,7 @@
CVE-2004-0565 (Floating point information leak in the context switch code for Linux ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- kernel-source-2.4.27 2.4.27-1
- TODO: Check 2.6
+ - linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...)
{DSA-557-1}
- rp-pppoe 3.5-4 (bug #343264)
@@ -33688,8 +33681,6 @@
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- kernel-source-2.4.27 2.4.27-1
- linux-2.6 2.6.12-1 (bug #261521)
- TODO: Check 2.6, entries look flaky
- TODO: Check 2.4, entries look flaky
CVE-2004-0553
RESERVED
CVE-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...)
@@ -33729,7 +33720,7 @@
- tripwire 2.3.1.2.0-2.1
CVE-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...)
- kernel-source-2.4.27 2.4.27-1
- TODO: Check 2.6
+ - linux-2.6 <not-affected> (fixed before first upload; 2.6.6)
CVE-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...)
NOT-FOR-US: Business Objects WebIntelligence
CVE-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...)
@@ -33811,7 +33802,7 @@
NOT-FOR-US: StoneSoft firewall engine
CVE-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...)
- kernel-source-2.4.27 2.4.27-1
- TODO: Check 2.6
+ - linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
CVE-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...)
NOTE: fixed in 2.6.7
CVE-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow ...)
@@ -33985,7 +33976,6 @@
NOTE: bug still exists in the ssmtp source, but is only activated if
NOTE: --enable-logfile is used in ./configure
NOTE: The package doesn't enable that flag so it is safe.
- TODO: Check, whether this is fixed by now
CVE-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...)
{DSA-500}
- flim 1:1.14.6+0.20040415-1
@@ -33996,7 +33986,8 @@
CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...)
NOT-FOR-US: windows
CVE-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...)
- TODO: Check
+ [sarge] - xfree86 <not-affected> (vulnerable code not present)
+ - xdm <not-affected> (vulnerable code not present)
CVE-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...)
{DSA-519}
- cvs 1:1.12.9-1
@@ -34069,7 +34060,6 @@
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected>
NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CVE-2004-0394.patch
- TODO: not fixed in 2.4.27 by inspection, didn't bother with a bug
CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...)
{DSA-524}
- rlpr 2.02-7.1 (bug #255402)
@@ -34390,7 +34380,7 @@
NOT-FOR-US: Kernel 2.6 framebuffer bug
CVE-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...)
- kernel-source-2.4.27 <not-affected> (2.4 does not have cpufreq)
- TODO: Check 2.6
+ - linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
CVE-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...)
NOT-FOR-US: ZoneMinder
CVE-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...)
@@ -34480,11 +34470,11 @@
- neon 0.24.5-1
CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
- TODO: Check 2.6
+ - linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre3)
CVE-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
- TODO: Check 2.6
+ - linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre4)
CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...)
{DSA-511}
@@ -34563,7 +34553,7 @@
NOT-FOR-US: SGI IRIX
CVE-2004-0138 (The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- TODO: check
+ - linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...)
NOT-FOR-US: IRIX init
CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...)
@@ -34574,7 +34564,7 @@
NOT-FOR-US: IRIX
CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc2)
- TODO: Check 2.6
+ - linux-2.6 <not-affected> (fixed before first upload; 2.6.5)
CVE-2004-0132 (Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 ...)
NOT-FOR-US: ezContents
CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...)
@@ -34606,7 +34596,7 @@
CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
- TODO: Check 2.6
+ - linux-2.6 <not-affected> (fixed before first upload; 2.6.6)
CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...)
- sysstat 5.0.2-1
CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...)
@@ -36779,7 +36769,7 @@
CVE-2003-0164
RESERVED
CVE-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...)
- TODO: Check, gaim-encryption is now in Debian
+ - gaim-encryption <not-affected> (fixed before first upload; 1.16)
CVE-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...)
{DSA-271}
- ecartis 1.0.0+cvs.20030321-1
More information about the Secure-testing-commits
mailing list