[Secure-testing-commits] r3298 - data/CVE

Micah Anderson micah at costa.debian.org
Sun Jan 15 15:16:12 UTC 2006


Author: micah
Date: 2006-01-15 15:16:06 +0000 (Sun, 15 Jan 2006)
New Revision: 3298

Modified:
   data/CVE/list
Log:
Some more sarge tracker confirmations
Removed duplicate courier entry


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-15 12:03:20 UTC (rev 3297)
+++ data/CVE/list	2006-01-15 15:16:06 UTC (rev 3298)
@@ -3440,8 +3440,6 @@
 CVE-2005-XXXX [user logout in drupal has no effect]
 	[sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
 	- drupal 4.5.5-3 (bug #336719; medium)
-CVE-2005-XXXX [incorrect use of the PAM framework by courier]
-	- courier 0.47-12 (bug #211920; medium)
 CVE-2005-XXXX [double free() in libungif]
 	- libungif4 4.1.4-1 (bug #338542; medium)
 CVE-2005-XXXX [webcalendar's password visible to local users through debconf]
@@ -4562,8 +4560,10 @@
 	TODO: Check, whether openldap2.2 is affected as well
 CVE-2005-XXXX [Insecure bounds checking in mpack's content parser]
 	- mpack 1.6-1 (bug #216566)
-CVE-2005-XXXX [coreutils ignore umask when using -m in mkdir, mkfifo and mknod]
+CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod]
 	- coreutils 5.93-1 (bug #306076; low)
+	[woody] - fileutils <unfixed> (low)
+	NOTE: Sarge is affected
 CVE-2005-XXXX [gossip names windows potentially confusing, which might lead to inform. disclosure]
 	- gossip <unfixed> (bug #305419; low)
 	NOTE: This looks quite strange, should be followed up, whether it's really reproducible
@@ -11748,6 +11748,7 @@
 CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...)
 	- courier <unfixed> (bug #307575; medium)
 	NOTE: Upstream explanation looks wrong, not all code paths perform escaping.
+	NOTE: Sarge and Woody are affected
 CVE-2005-1307 (The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version ...)
 	NOT-FOR-US: Adobe Version Cue
 CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...)
@@ -12488,6 +12489,7 @@
 	- netapplet <not-affected> (Not vulerable, see bug #310833)
 CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...)
 	- coreutils <unfixed> (bug #304556; low)
+	NOTE: Setting up a sarge/oldstable chroot to see if this affects -- micah
 CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...)
 	NOTE: long fixed in Debian's cron
 CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...)




More information about the Secure-testing-commits mailing list