[Secure-testing-commits] r3405 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Wed Feb 1 10:04:42 UTC 2006
Author: jmm-guest
Date: 2006-02-01 10:04:35 +0000 (Wed, 01 Feb 2006)
New Revision: 3405
Modified:
data/CVE/list
Log:
checked some issues, they all don't affect us
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-02-01 09:39:31 UTC (rev 3404)
+++ data/CVE/list 2006-02-01 10:04:35 UTC (rev 3405)
@@ -147,6 +147,8 @@
NOT-FOR-US: MyBB
CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 ...)
- tiff <unfixed> (bug #350715)
+ [sarge] - tiff <not-affected> (Vulnerability was introduced later)
+ [woody] - tiff <not-affected> (Vulnerability was introduced later)
CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document ...)
NOT-FOR-US: Note-A-Day Weblog
CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote ...)
@@ -866,8 +868,8 @@
CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and ...)
NOT-FOR-US: OpenBSD
CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in ...)
- NOTE: This is probably not-affected as it's Windows-specific
- TODO: double-check, if this is really Windows-specific
+ - php4 <not-affected> (Windows specific)
+ - php5 <not-affected> (Windows specific)
CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
- kernel-source-2.4.27 2.4.27-8
@@ -1287,7 +1289,8 @@
CVE-2005-4505 (Unquoted Windows search path vulnerability in McAfee VirusScan ...)
NOT-FOR-US: McAfee
CVE-2005-4504 (The khtml::RenderTableSection::ensureRows function in KHTMLParser in ...)
- TODO: check, whether this affects konqueror
+ - kdelibs <not-affected>
+ NOTE: Konqueror from sid doesn't crash, will test an older version later
CVE-2005-4503 (httprint v202, and possibly other versions before v301, allows remote ...)
NOT-FOR-US: httprint
CVE-2005-4502 (Cross-site scripting (XSS) vulnerability in httprint v202, and ...)
@@ -1663,7 +1666,6 @@
NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to fix this vulnerability
CVE-2005-4346 (Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier ...)
NOT-FOR-US: phpBB Blog
- TODO: Double-check please, this doesn't seem to be included in stock phpbb
CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password ...)
NOT-FOR-US: ColdFusion MX
CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the ...)
More information about the Secure-testing-commits
mailing list