[Secure-testing-commits] r3319 - data/CVE
Micah Anderson
micah at costa.debian.org
Thu Jan 19 02:53:55 UTC 2006
Author: micah
Date: 2006-01-19 02:53:50 +0000 (Thu, 19 Jan 2006)
New Revision: 3319
Modified:
data/CVE/list
Log:
Bug num for drupal vulns in sarge
Sarge false positive checks up through 'd'
One false positive found
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-18 17:25:08 UTC (rev 3318)
+++ data/CVE/list 2006-01-19 02:53:50 UTC (rev 3319)
@@ -1901,12 +1901,13 @@
CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple DUware ...)
NOT-FOR-US: Multipke DuWare products
CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and ...)
- - drupal 4.5.6-1 (medium)
+ - drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on ...)
- drupal 4.5.6-1 (low)
[sarge] - drupal <not-affected> (Only vulnerable if running PHP 5)
CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 ...)
- - drupal 4.5.6-1 (medium)
+ - drupal 4.5.6-1 (bug #348811; medium)
+ NOTE: Sarge is affected
CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in ...)
NOT-FOR-US: Extreme Search Corporate Edition
CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in Citrix ...)
@@ -2792,6 +2793,7 @@
NOT-FOR-US: Dynix WebPac
CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows, ...)
- cscope <unfixed> (bug #340177; medium)
+ NOTE: Sarge and Woody are affected
CVE-2005-XXXX [unsafe file permissions in vpnc]
- vpnc <unfixed> (bug #340105; medium)
CVE-2005-XXXX [Insecure tempfiles in libjpeg]
@@ -4735,6 +4737,7 @@
- hdup <unfixed> (bug #302790; low)
CVE-2001-XXXX [crypt++ passes passwords through the command line]
- crypt++el <unfixed> (bug #105562; low)
+ NOTE: Sarge and Woody are affected
CVE-2004-XXXX [Two vulnerabilities in sredird]
- sredird 2.2.1-1.1 (bug #267098)
CVE-2003-XXXX [fuzz: Insecure temp file usage]
@@ -4880,6 +4883,7 @@
CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]
- distcc 2.18.3-3 (bug #298929; low)
NOTE: Only affects distcc in a very non-standard setup
+ NOTE: Sarge affected
CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
- phpwiki <unfixed> (bug #282565; medium)
CVE-2005-XXXX [Possibly incorrect virtualisation in php4]
@@ -5884,6 +5888,8 @@
- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
- cplay 1.49-8 (bug #324913; low)
+ [woody] - cplay <not-affected> (CPLAY_TMP doesn't exist in this version)
+ NOTE: Sarge is affected
CVE-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent anonymous to access ldap directory]
- phpldapadmin 0.9.6c-5 (bug #322423; low)
CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...)
@@ -8398,6 +8404,7 @@
NOTE: oldstable (woody) had zlib 1.1, which is not affected
[woody] - dpkg <not-affected> (Woody contains zlib 1.1, which is not affected)
- dpkg 1.13.11 (bug #317967; medium)
+ NOTE: Sarge is affected
- zsync 0.4.0-2 (bug #317968; medium)
[woody] - dump <not-affected> (Woody contains zlib 1.1, which is not affected)
- dump 0.4b40-1 (bug #317966; medium)
@@ -8932,6 +8939,7 @@
NOT-FOR-US: Drupal
CVE-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...)
- dacode <unfixed> (bug #322605; low)
+ NOTE: Sarge is affected (has same version as testing/unstable)
CVE-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote ...)
NOT-FOR-US: NPDS
CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...)
More information about the Secure-testing-commits
mailing list