[Secure-testing-commits] r3298 - data/CVE
Micah Anderson
micah at costa.debian.org
Sun Jan 15 15:16:12 UTC 2006
Author: micah
Date: 2006-01-15 15:16:06 +0000 (Sun, 15 Jan 2006)
New Revision: 3298
Modified:
data/CVE/list
Log:
Some more sarge tracker confirmations
Removed duplicate courier entry
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-15 12:03:20 UTC (rev 3297)
+++ data/CVE/list 2006-01-15 15:16:06 UTC (rev 3298)
@@ -3440,8 +3440,6 @@
CVE-2005-XXXX [user logout in drupal has no effect]
[sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
- drupal 4.5.5-3 (bug #336719; medium)
-CVE-2005-XXXX [incorrect use of the PAM framework by courier]
- - courier 0.47-12 (bug #211920; medium)
CVE-2005-XXXX [double free() in libungif]
- libungif4 4.1.4-1 (bug #338542; medium)
CVE-2005-XXXX [webcalendar's password visible to local users through debconf]
@@ -4562,8 +4560,10 @@
TODO: Check, whether openldap2.2 is affected as well
CVE-2005-XXXX [Insecure bounds checking in mpack's content parser]
- mpack 1.6-1 (bug #216566)
-CVE-2005-XXXX [coreutils ignore umask when using -m in mkdir, mkfifo and mknod]
+CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod]
- coreutils 5.93-1 (bug #306076; low)
+ [woody] - fileutils <unfixed> (low)
+ NOTE: Sarge is affected
CVE-2005-XXXX [gossip names windows potentially confusing, which might lead to inform. disclosure]
- gossip <unfixed> (bug #305419; low)
NOTE: This looks quite strange, should be followed up, whether it's really reproducible
@@ -11748,6 +11748,7 @@
CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...)
- courier <unfixed> (bug #307575; medium)
NOTE: Upstream explanation looks wrong, not all code paths perform escaping.
+ NOTE: Sarge and Woody are affected
CVE-2005-1307 (The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version ...)
NOT-FOR-US: Adobe Version Cue
CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...)
@@ -12488,6 +12489,7 @@
- netapplet <not-affected> (Not vulerable, see bug #310833)
CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...)
- coreutils <unfixed> (bug #304556; low)
+ NOTE: Setting up a sarge/oldstable chroot to see if this affects -- micah
CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...)
NOTE: long fixed in Debian's cron
CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...)
More information about the Secure-testing-commits
mailing list