[Secure-testing-commits] r3213 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Tue Jan 3 12:07:26 UTC 2006
Author: jmm-guest
Date: 2006-01-03 12:07:21 +0000 (Tue, 03 Jan 2006)
New Revision: 3213
Modified:
data/CVE/list
Log:
more updates
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-03 00:20:49 UTC (rev 3212)
+++ data/CVE/list 2006-01-03 12:07:21 UTC (rev 3213)
@@ -8696,7 +8696,7 @@
CVE-2002-1716 (The Host() function in the Microsoft spreadsheet component on ...)
NOT-FOR-US: microsoft
CVE-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to ...)
- NOTE: "SecurityFocus staff have been unable to reproduce this vulnerability with OpenSSH version 3.1p1."
+ - openssh <not-affected> ("SecurityFocus staff have been unable to reproduce this vulnerability with OpenSSH version 3.1p1.")
CVE-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
NOT-FOR-US: microsoft
CVE-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...)
@@ -14403,7 +14403,8 @@
NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
NOTE: cyrus-sasl2 already has patch applied
- NOTE: cyrus-sasl code seems too old for any of the problems to apply
+ TODO: At which version was this patch introduced?
+ - cyrus-sasl <not-affected> (cyrus-sasl code seems too old for any of the problems to apply)
CVE-2005-0372 (Directory traversal vulnerability in gftp before 2.0.18 for GTK+ ...)
{DSA-686-1}
- gftp 2.0.18-1
@@ -14538,7 +14539,7 @@
CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...)
NOT-FOR-US: Gentoo specific
CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...)
- NOTE: mozilla 2:1.6-1
+ - mozilla 2:1.6-1
CVE-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...)
- mozilla 2:1.7.1-1
CVE-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 ...)
@@ -16915,8 +16916,7 @@
CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...)
- star 1.5a46
CVE-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...)
- NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
- TODO: which radius daemon in debian is "GNU Radius" (if any)?
+ NOT-FOR-US: GNU Radius
CVE-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to ...)
NOT-FOR-US: microsoft
CVE-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...)
@@ -18865,9 +18865,10 @@
CVE-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...)
- mailman 2.1.3
CVE-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...)
- NOTE: apparenlty false/bad advisory
+ - squirrelmail 1.4.2 (low)
+ NOTE: Only potentially exploitable withexternel GPG Plugin, see
NOTE: http://www.securityfocus.com/archive/1/348366
- NOTE: possible problemsm before 1.4.2, 1.4.2 ok
+ NOTE: The potential problems have been fixed as of 1.4.2
CVE-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of ...)
{DSA-425}
- tcpdump 3.8.1
@@ -19108,11 +19109,8 @@
CVE-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...)
NOT-FOR-US: Apple
CVE-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...)
- NOTE: source package only
- NOTE: openslp: slpd.all_init symlink vuln
- NOTE: this file is not used in Debian, so it's not a problem for us.
- NOTE: source package still distributes the file, however.
- - openslp 1.0.11a-1
+ NOTE: Vulnerable code not shipped in the binary package
+ - openslp 1.0.11a-1 (unimportant)
CVE-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...)
NOT-FOR-US: Deskpro
CVE-2003-0873
More information about the Secure-testing-commits
mailing list