[Secure-testing-commits] r3233 - data/CVE
Micah Anderson
micah at costa.debian.org
Thu Jan 5 20:57:07 UTC 2006
Author: micah
Date: 2006-01-05 20:57:00 +0000 (Thu, 05 Jan 2006)
New Revision: 3233
Modified:
data/CVE/list
Log:
More checks for false positives finished
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-05 18:03:22 UTC (rev 3232)
+++ data/CVE/list 2006-01-05 20:57:00 UTC (rev 3233)
@@ -416,6 +416,7 @@
NOT-FOR-US: Avaya Modular Messaging Message Storage Server
CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in readfile.c in ...)
- blender 2.40-1 (bug #344398; medium)
+ NOTE: Sarge is vulnerable, Woody has it in non-free (tag no-dsa? or unaffected?)
CVE-2005-4469 (Multiple direct static code injection vulnerabilities in PHPGedView ...)
NOT-FOR-US: PHPGedView
CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in ...)
@@ -3720,6 +3721,7 @@
NOTE: Vulnerable code not activated in binary package
CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for Jan ...)
- bmv 1.2-18 (bug #335497; medium)
+ NOTE: Sarge and Woody are affected (and the patch applied to fix this in unstable works on both of them, an easy DSA)
CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote ...)
NOT-FOR-US: HP-UX
CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions]
@@ -4076,6 +4078,7 @@
CVE-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows ...)
- blender <unfixed> (bug #332413; low)
[woody] - blender <not-affected> (Woody's blender does not contain blenderplayer)
+ NOTE: Sarge affected
CVE-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...)
{DSA-855-1}
- weex 2.6.1-6sarge1 (bug #332424; medium)
More information about the Secure-testing-commits
mailing list