[Secure-testing-commits] r3197 - data/CVE
Micah Anderson
micah at costa.debian.org
Sun Jan 1 21:28:55 UTC 2006
Author: micah
Date: 2006-01-01 21:28:50 +0000 (Sun, 01 Jan 2006)
New Revision: 3197
Modified:
data/CVE/list
Log:
Woody aide is not-affected by CVE-2005-2096
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-01 18:48:22 UTC (rev 3196)
+++ data/CVE/list 2006-01-01 21:28:50 UTC (rev 3197)
@@ -3588,6 +3588,7 @@
NOT-FOR-US: HP-UX
CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions]
- adduser 3.77 (bug #331720; low)
+ NOTE: Woody and Sarge affected
CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
- pavuk 0.9.33-1 (bug #264684; high)
NOTE: second hole mentioned in bug report
@@ -7729,9 +7730,11 @@
NOTE: to search for static zlib signatures in binaries in Debian
NOTE: Not all of the listed packages have been checked for actual
NOTE: exploitability using this hole.
+ NOTE: oldstable (woody) had zlib 1.1, which is not affected
- dpkg 1.13.11 (bug #317967; medium)
- zsync 0.4.0-2 (bug #317968; medium)
- dump 0.4b40-1 (bug #317966; medium)
+ [woody] - aide <not-affected> (Woody contains zlib 1.1, which is not affected)
- aide 0.10-6.1.1 (bug #317523; medium)
- amd64-libs 1.3 (bug #317970; medium)
- ia32-libs <unfixed> (bug #317971; medium)
More information about the Secure-testing-commits
mailing list