[Secure-testing-commits] r3405 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Feb 1 10:04:42 UTC 2006


Author: jmm-guest
Date: 2006-02-01 10:04:35 +0000 (Wed, 01 Feb 2006)
New Revision: 3405

Modified:
   data/CVE/list
Log:
checked some issues, they all don't affect us


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-02-01 09:39:31 UTC (rev 3404)
+++ data/CVE/list	2006-02-01 10:04:35 UTC (rev 3405)
@@ -147,6 +147,8 @@
 	NOT-FOR-US: MyBB
 CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 ...)
 	- tiff <unfixed> (bug #350715)
+	[sarge] - tiff <not-affected> (Vulnerability was introduced later)
+	[woody] - tiff <not-affected> (Vulnerability was introduced later)
 CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document ...)
 	NOT-FOR-US: Note-A-Day Weblog
 CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote ...)
@@ -866,8 +868,8 @@
 CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and ...)
 	NOT-FOR-US: OpenBSD
 CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in ...)
-	NOTE: This is probably not-affected as it's Windows-specific
-	TODO: double-check, if this is really Windows-specific
+	- php4 <not-affected> (Windows specific)
+	- php5 <not-affected> (Windows specific)
 CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 	- kernel-source-2.4.27 2.4.27-8
@@ -1287,7 +1289,8 @@
 CVE-2005-4505 (Unquoted Windows search path vulnerability in McAfee VirusScan ...)
 	NOT-FOR-US: McAfee
 CVE-2005-4504 (The khtml::RenderTableSection::ensureRows function in KHTMLParser in ...)
-	TODO: check, whether this affects konqueror
+	- kdelibs <not-affected>
+	NOTE: Konqueror from sid doesn't crash, will test an older version later
 CVE-2005-4503 (httprint v202, and possibly other versions before v301, allows remote ...)
 	NOT-FOR-US: httprint
 CVE-2005-4502 (Cross-site scripting (XSS) vulnerability in httprint v202, and ...)
@@ -1663,7 +1666,6 @@
 	NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to fix this vulnerability
 CVE-2005-4346 (Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier ...)
 	NOT-FOR-US: phpBB Blog
-	TODO: Double-check please, this doesn't seem to be included in stock phpbb
 CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password ...)
 	NOT-FOR-US: ColdFusion MX
 CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the ...)




More information about the Secure-testing-commits mailing list