[Secure-testing-commits] r3339 - data/CVE

Joey Hess joeyh at costa.debian.org
Sat Jan 21 23:10:30 UTC 2006


Author: joeyh
Date: 2006-01-21 23:10:25 +0000 (Sat, 21 Jan 2006)
New Revision: 3339

Modified:
   data/CVE/list
Log:
checked some old items


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-21 22:25:50 UTC (rev 3338)
+++ data/CVE/list	2006-01-21 23:10:25 UTC (rev 3339)
@@ -3086,9 +3086,9 @@
 	- kernel-source-2.4.27 <unfixed> (low)
 	NOTE: Really hard to fix design limitation, no fix to be expected soon
 CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before ...)
-	TODO: check
+	NOT-FOR-US: EMC Legato NetWorker
 CVE-2005-3658 (Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x ...)
-	TODO: check
+	NOT-FOR-US: EMC Legato NetWorker
 CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security ...)
 	NOT-FOR-US: McAfee
 CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in ...)
@@ -3097,7 +3097,7 @@
 	- libapache2-mod-auth-pgsql 2.0.2b1-7
 	- libapache-mod-auth-pgsql <not-affected> (Does not contain the vulnerable ap_log_rerror() function)
 CVE-2005-3655 (Heap-based buffer overflow in Novell Open Enterprise Server Remote ...)
-	TODO: check
+	NOT-FOR-US: Novell Open Enterprise Server
 CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to ...)
 	NOT-FOR-US: Blue Coat WinProxy
 CVE-2005-3653
@@ -4675,7 +4675,7 @@
 CVE-2005-3188
 	RESERVED
 CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a ...)
-	TODO: check
+	NOT-FOR-US: WinProxy
 CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in ...)
 	{DSA-913-1 DSA-911-1}
 	- gtk+2.0 2.6.10-2 (bug #339431; medium)
@@ -5803,7 +5803,7 @@
 CVE-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...)
 	NOT-FOR-US: OpenTTD
 CVE-2005-2762 (Avaya VPNRemote before 4.2.33 stores credentials in cleartext in ...)
-	TODO: check
+	NOT-FOR-US: VPNRemote
 CVE-2005-2760
 	RESERVED
 CVE-2005-2759 (** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton ...)
@@ -7379,15 +7379,15 @@
 CVE-2005-2345
 	RESERVED
 CVE-2005-2344 (The BlackBerry Attachment Service in Research in Motion (RIM) ...)
-	TODO: check
+	NOT-FOR-US: Research in Motion
 CVE-2005-2343 (Research in Motion (RIM) BlackBerry Handheld web browser for ...)
-	TODO: check
+	NOT-FOR-US: Research in Motion
 CVE-2005-2342 (Research in Motion (RIM) BlackBerry Router allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Research in Motion
 CVE-2005-2341 (Heap-based buffer overflow in Research in Motion (RIM) BlackBerry ...)
-	TODO: check
+	NOT-FOR-US: Research in Motion
 CVE-2005-2340 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...)
-	TODO: check
+	NOT-FOR-US: Apple Quicktime
 CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version of ...)
 	NOT-FOR-US: unicode msearch
 CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP ...)
@@ -7827,7 +7827,7 @@
 CVE-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...)
 	- modlogan 0.7.12-1 (low)
 CVE-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when ...)
-	TODO: check
+	NOTE: one day upstream webserver compromise
 CVE-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to ...)
 	NOT-FOR-US: PFinger
 CVE-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows ...)
@@ -7839,7 +7839,7 @@
 CVE-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat ...)
 	NOT-FOR-US: x-stat
 CVE-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication patch ...)
-	TODO: check
+	NOTE: old patch
 CVE-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 ...)
 	NOT-FOR-US: QNX
 CVE-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 ...)
@@ -7895,7 +7895,7 @@
 CVE-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code ...)
 	NOT-FOR-US: SAS/Base
 CVE-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel ...)
-	TODO: check
+	- user-mode-linux 2.4.17-9 (high)
 CVE-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows ...)
 	NOT-FOR-US: PostNuke
 CVE-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...)
@@ -9723,7 +9723,7 @@
 CVE-2005-1940
 	RESERVED
 CVE-2005-1939 (Directory traversal vulnerability in Ipswitch WhatsUp Small Business ...)
-	TODO: check
+	NOT-FOR-US: Ipswitch WhatsUp
 CVE-2005-1938
 	REJECTED
 CVE-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...)
@@ -17613,7 +17613,8 @@
 CVE-2004-0890
 	REJECTED
 CVE-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...)
-	TODO: check
+	- xpdf 3.00-10 (medium)
+	TODO: check xpdf embedders
 CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...)
 	{DSA-599-1 DSA-581-1 DSA-573-1}
 	- koffice 1:1.3.4-1
@@ -17873,7 +17874,7 @@
 	- kernel-source-2.6.8 2.6.8-16 (bug #305664)
 	- kernel-source-2.4.27 2.4.27-10 (bug #305664)
 CVE-2004-0789 (Multiple implementations of the DNS protocol, including (1) Poslib ...)
-	TODO: check
+	NOT-FOR-US: DNS impleementations not in Debian
 CVE-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...)
 	{DSA-549-1 DSA-546-1}
 	- gtk+2.0 2.4.9-2
@@ -19894,7 +19895,7 @@
 CVE-2003-0888
 	RESERVED
 CVE-2003-0887 (ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache ...)
-	TODO: check
+	NOTE: verified Debian is not explitable; we don't put the cache in /tmp
 CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...)
 	{DSA-401}
 	- hylafax 1:4.1.8-1
@@ -24249,19 +24250,19 @@
 	{DSA-135}
 	- libapache-mod-ssl 2.8.9-2
 CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc, and ...)
-	TODO: check
+	- glibc 2.2.5-8
 CVE-2002-0650 (The keep-alive mechanism for Microsoft SQL Server 2000 allows remote ...)
-	TODO: check
+	NOT-FOR-US: microsoft
 CVE-2002-0648 (The legacy &lt;script&gt; data-island capability for XML in Microsoft ...)
-	TODO: check
+	NOT-FOR-US: microsoft
 CVE-2002-0647 (Buffer overflow in a legacy ActiveX control used to display specially ...)
-	TODO: check
+	NOT-FOR-US: microsoft
 CVE-2002-0642 (The registry key containing the SQL Server service account information ...)
-	TODO: check
+	NOT-FOR-US: microsoft
 CVE-2002-0640 (Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote ...)
-	TODO: check
+	- openssh 1:3.4 (high)
 CVE-2002-0639 (Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote ...)
-	TODO: check
+	- openssh 1:3.4 (high)
 CVE-2002-0638 (setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 ...)
 	TODO: check
 CVE-2002-0631 (Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 ...)




More information about the Secure-testing-commits mailing list