[Secure-testing-commits] r3319 - data/CVE

Thu Jan 19 02:53:55 UTC 2006

Author: micah
Date: 2006-01-19 02:53:50 +0000 (Thu, 19 Jan 2006)
New Revision: 3319

Modified:
   data/CVE/list
Log:
Bug num for drupal vulns in sarge
Sarge false positive checks up through 'd'
One false positive found


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-01-18 17:25:08 UTC (rev 3318)
+++ data/CVE/list	2006-01-19 02:53:50 UTC (rev 3319)
@@ -1901,12 +1901,13 @@
 CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple DUware ...)
 	NOT-FOR-US: Multipke DuWare products
 CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and ...)
-	- drupal 4.5.6-1 (medium)
+	- drupal 4.5.6-1 (bug #348811; medium)
 CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on ...)
 	- drupal 4.5.6-1 (low)
 	[sarge] - drupal <not-affected> (Only vulnerable if running PHP 5)
 CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 ...)
-	- drupal 4.5.6-1 (medium)
+	- drupal 4.5.6-1 (bug #348811; medium)
+	NOTE: Sarge is affected
 CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in ...)
 	NOT-FOR-US: Extreme Search Corporate Edition 
 CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in Citrix ...)
@@ -2792,6 +2793,7 @@
 	NOT-FOR-US: Dynix WebPac
 CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows, ...)
 	- cscope <unfixed> (bug #340177; medium)
+	NOTE: Sarge and Woody are affected
 CVE-2005-XXXX [unsafe file permissions in vpnc]
 	- vpnc <unfixed> (bug #340105; medium)
 CVE-2005-XXXX [Insecure tempfiles in libjpeg]
@@ -4735,6 +4737,7 @@
 	- hdup <unfixed> (bug #302790; low)
 CVE-2001-XXXX [crypt++ passes passwords through the command line]
 	- crypt++el <unfixed> (bug #105562; low)
+	NOTE: Sarge and Woody are affected
 CVE-2004-XXXX [Two vulnerabilities in sredird]
 	- sredird 2.2.1-1.1 (bug #267098)
 CVE-2003-XXXX [fuzz: Insecure temp file usage]
@@ -4880,6 +4883,7 @@
 CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]
 	- distcc 2.18.3-3 (bug #298929; low)
 	NOTE: Only affects distcc in a very non-standard setup
+	NOTE: Sarge affected
 CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
 	- phpwiki <unfixed> (bug #282565; medium)
 CVE-2005-XXXX [Possibly incorrect virtualisation in php4]
@@ -5884,6 +5888,8 @@
 	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
 CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
 	- cplay 1.49-8 (bug #324913; low)
+	[woody] - cplay <not-affected> (CPLAY_TMP doesn't exist in this version)
+	NOTE: Sarge is affected
 CVE-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent anonymous to access ldap directory]
 	- phpldapadmin 0.9.6c-5 (bug #322423; low)
 CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...)
@@ -8398,6 +8404,7 @@
 	NOTE: oldstable (woody) had zlib 1.1, which is not affected
 	[woody] - dpkg <not-affected> (Woody contains zlib 1.1, which is not affected)
 	- dpkg 1.13.11 (bug #317967; medium)
+	NOTE: Sarge is affected
 	- zsync 0.4.0-2 (bug #317968; medium)
 	[woody] - dump <not-affected> (Woody contains zlib 1.1, which is not affected)
 	- dump 0.4b40-1 (bug #317966; medium)
@@ -8932,6 +8939,7 @@
 	NOT-FOR-US: Drupal
 CVE-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...)
 	- dacode <unfixed> (bug #322605; low)
+	NOTE: Sarge is affected (has same version as testing/unstable)
 CVE-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote ...)
 	NOT-FOR-US: NPDS
 CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...)


