[Secure-testing-commits] r3199 - data/CVE
Micah Anderson
micah at costa.debian.org
Sun Jan 1 22:15:36 UTC 2006
Author: micah
Date: 2006-01-01 22:15:31 +0000 (Sun, 01 Jan 2006)
New Revision: 3199
Modified:
data/CVE/list
Log:
A few more stable issues noted as checked as affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-01 21:39:30 UTC (rev 3198)
+++ data/CVE/list 2006-01-01 22:15:31 UTC (rev 3199)
@@ -3262,6 +3262,8 @@
CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module allows ...)
- apache <unfixed> (bug #343466; low)
- apache2 <unfixed> (bug #343467; low)
+ NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected
+ NOTE: Means oldstable and stable are affected
CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...)
- spamassassin 3.1.0a-1 (bug #339526; medium)
CVE-2005-3350 (libungif library before 4.1.0 allows attackers to corrupt memory and ...)
@@ -4071,6 +4073,7 @@
- ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
CVE-2005-XXXX [apt-cache doesn't differentiate sources which share several properties]
- apt <unfixed> (bug #329814; low)
+ NOTE: Woody and Sarge are affected
CVE-2004-XXXX [asciijump: /var/games/asciijump world writable]
- asciijump 0.0.6-1.2 (bug #269186)
CVE-2004-XXXX [Barrendero spool world-readable]
@@ -4458,6 +4461,8 @@
- koffice 1:1.3.5-5 (bug #333497; medium)
CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain ...)
- apache2 <unfixed> (bug #340337; low)
+ NOTE: this occurs in the binary package apache2-mpm-worker
+ NOTE: Sarge is affected, apache2 was not in oldstable
CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...)
{DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1}
- openssl 0.9.8-3 (bug #333500; low)
More information about the Secure-testing-commits
mailing list