[Secure-testing-commits] r3208 - data/CVE

Mon Jan 2 14:48:59 UTC 2006

Author: jmm-guest
Date: 2006-01-02 14:48:53 +0000 (Mon, 02 Jan 2006)
New Revision: 3208

Modified:
   data/CVE/list
Log:
I've checked all outstanding Ethereal bugs for their applicability to stable
  and oldstable.


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-01-02 10:25:41 UTC (rev 3207)
+++ data/CVE/list	2006-01-02 14:48:53 UTC (rev 3208)
@@ -55,7 +55,7 @@
 CVE-2005-4586 (Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 ...)
 	NOT-FOR-US: PHPSurveyor
 CVE-2005-XXXX [phpbb2 bbcode xss ie-only fixed in 2.0.19]
-	- phpbb2 <not-affected> (Fixed through a more complete fix of a previous security issue)
+	- phpbb2 <not-affected> (Fixed through a more complete fix in previous 2.0.13+1-6sarge1 update)
 CVE-2005-XXXX [snort: DoS in verbose mode]
 	- snort 2.3.3-2 (bug #328134; low)
 CVE-2005-XXXX [potential NAT problem in fiaif]
@@ -85,6 +85,7 @@
 	RESERVED
 CVE-2005-4585 (Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to ...)
 	- ethereal <unfixed> (bug #345243; low)
+	NOTE: This affects Woody and Sarge
 CVE-2005-4584 (BZFlag server 2.0.4 and earlier allows remote attackers to cause a ...)
 	- bzflag <unfixed> (bug #345245; low)
 CVE-2005-4583 (Unspecified vulnerability in the Management Interface in VMware ESX ...)
@@ -3442,6 +3443,8 @@
 CVE-2005-3314 (Stack-based buffer overflow in the IMAP deamon in Novell Netmail 3.5.2 ...)
 	NOT-FOR-US: Novell Netmail
 CVE-2005-3313 (The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers ...)
+	[woody] - ethereal <not-affected> (Only affects version 0.10.13)
+	[sarge] - ethereal <not-affected> (Only affects version 0.10.13)
 	- ethereal <unfixed> (medium)
 CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0 allows ...)
 	NOT-FOR-US: Microsoft
@@ -3722,23 +3725,39 @@
 CVE-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a ...)
 	NOT-FOR-US: Solaris
 CVE-2005-3249 (Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to ...)
+	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12)
 	- ethereal 0.10.13-1 (bug #334880; medium)
+	NOTE: Sarge is vulnerable
 CVE-2005-3248 (Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and ...)
+	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12)
 	- ethereal 0.10.13-1 (bug #334880; medium)
+	NOTE: Sarge is vulnerable
 CVE-2005-3247 (The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause ...)
+	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
+	[sarge] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
 	- ethereal 0.10.13-1 (bug #334880; medium)
 CVE-2005-3246 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...)
+	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.14 to 0.10.12)
 	- ethereal 0.10.13-1 (bug #334880; medium)
+	NOTE: Sarge is vulnerable
 CVE-2005-3245 (Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 ...)
 	- ethereal 0.10.13-1 (bug #334880; medium)
+	NOTE: This affects Woody and Sarge
+	TODO: This is disabled by default, if this is a compile-time option change to "unimportant"
 CVE-2005-3244 (The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote ...)
+	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.3 to 0.10.12)
 	- ethereal 0.10.13-1 (bug #334880; medium)
+	NOTE: Sarge is vulnerable
 CVE-2005-3243 (Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow ...)
 	- ethereal 0.10.13-1 (bug #334880; medium)
+	NOTE: The SLIMP3 issue affects Woody/Sarge, the AgentX issue only Sarge
 CVE-2005-3242 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...)
+	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.7 to 0.10.12)
 	- ethereal 0.10.13-1 (bug #334880; medium)
+	NOTE: Sarge is vulnerable
 CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote ...)
 	- ethereal 0.10.13-1 (bug #334880; medium)
+	NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge
 CVE-2005-3240
 	RESERVED
 CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...)
@@ -3881,7 +3900,9 @@
 	- gtk+2.0 2.6.10-2 (bug #339431; medium)
 	- gdk-pixbuf 0.22.0-11 (bug #339431; bug #339458; medium)
 CVE-2005-3184 (Buffer overflow vulnerability in the unicode_to_bytes in the Service ...)
+	[woody] - ethereal <not-affected> (Affects only Ethereal 0.10.10 to 0.10.12)
 	- ethereal 0.10.13-1 (bug #334880; medium)
+	NOTE: Sarge is vulnerable
 CVE-2005-3183 (The HTBoundary_put_block function in HTBound.c for W3C libwww ...)
 	- w3c-libwww 5.4.0-11 (bug #334443; low)
 CVE-2005-3182 (Buffer overflow in the HTTP management interface for GFI MailSecurity ...)
@@ -6539,6 +6560,7 @@
 	- ethereal 0.10.12-1 (bug #320183; low)
 CVE-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0 through ...)
 	- ethereal 0.10.12-1 (bug #320183; low)
+	NOTE: This affects partially Woody and Sarge
 CVE-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, ...)
 	{DSA-853-1}
 	- ethereal 0.10.12-1 (bug #320183; low)


