[Secure-testing-commits] r3341 - data/CVE

Sun Jan 22 14:10:06 UTC 2006

Author: jmm-guest
Date: 2006-01-22 14:09:57 +0000 (Sun, 22 Jan 2006)
New Revision: 3341

Modified:
   data/CVE/list
Log:
rar issue only affected Windows version
some no-dsa entries
libsafe has been removed


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-01-21 23:48:16 UTC (rev 3340)
+++ data/CVE/list	2006-01-22 14:09:57 UTC (rev 3341)
@@ -3763,8 +3763,6 @@
 	NOT-FOR-US: BEA Weblogic
 CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows ...)
 	- phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium)
-CVE-2005-XXXX [Two unspecified issues in non-free rar]
-	- rar <unfixed> (bug #339077; unknown)
 CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd ...)
 	{DSA-896-1}
 	- linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high)
@@ -5022,7 +5020,7 @@
 	{DSA-827-1}
 	- backupninja 0.8-2 (medium)
 CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
-	- microcode.ctl <unfixed> (bug #282583; low)
+	- microcode.ctl <unfixed> (bug #282583; unimportant)
 	NOTE: The validity of the microcode is ensure inside the CPU
 CVE-2005-XXXX [Unsafe user of snprintf() in icebreaker's highscore list]
 	- icebreaker 1.21-9.1 (bug #297644; low)
@@ -5085,14 +5083,12 @@
 CVE-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through ...)
 	NOT-FOR-US: PowerArchiver
 CVE-2003-XXXX [libsafe: does not prevent some exploit types]
-	TODO: We should push for removal, maintainer already voiced consent during Sarge prep phase
-	- libsafe <unfixed> (bug #173227; medium)
+	- libsafe <removed>
 CVE-2003-XXXX [Insecure temp files in lilo]
 	- lilo 1:22.4-1 (bug #173238; bug #292073; low)
 CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]
 	- distcc 2.18.3-3 (bug #298929; low)
-	NOTE: Only affects distcc in a very non-standard setup
-	NOTE: Sarge affected
+	[sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard way not recommended for unstrusted environments)
 CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
 	- phpwiki <unfixed> (bug #282565; medium)
 CVE-2005-XXXX [Possibly incorrect virtualisation in php4]
@@ -5419,6 +5415,7 @@
 	{DSA-861-1}
 	- uw-imap 7:2002edebian1-12 (medium; bug #332215)
 	- pine 4.64-1 (medium; bug #348407)
+	[sarge] - pine <no-dsa> (pine is non-free; doesn't permit distribution of modified binaries)
 CVE-2005-2932
 	RESERVED
 CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server 8.20 ...)
@@ -12647,7 +12644,7 @@
 CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...)
 	NOT-FOR-US: Free BSD
 CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...)
-	- libsafe <unfixed> (bug #305070; medium)
+	- libsafe <removed>
 CVE-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...)
 	NOT-FOR-US: Solaris
 CVE-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...)


