[Secure-testing-commits] r3350 - data/CVE
Florian Weimer
fw at costa.debian.org
Mon Jan 23 16:03:27 UTC 2006
Author: fw
Date: 2006-01-23 16:03:22 +0000 (Mon, 23 Jan 2006)
New Revision: 3350
Modified:
data/CVE/list
Log:
CVE-2004-0175, CVE-2002-0992: adjust urgency
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-23 15:55:27 UTC (rev 3349)
+++ data/CVE/list 2006-01-23 16:03:22 UTC (rev 3350)
@@ -19268,10 +19268,11 @@
{DSA-511}
- ethereal 0.10.3-1 (bug #239576)
CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...)
- - openssh <unfixed> (bug #270770)
- NOTE: this bug is old and known; see the bug discussion for further information.
- NOTE: apparently the security team thinks this is a minor issue; nevertheless,
- NOTE: the bug is still open, so they should close it if it really is neglectible.
+ {CVE-2000-0992}
+ - openssh <unfixed> (low; bug #270770)
+ NOTE: The directory traversal part has been fixed in OpenSSH 3.9p1.
+ NOTE: The "SUID/SGID across trust boundaries" issue remains, but is
+ NOTE: largely theoretic. This is a rediscovery of CVE-2000-0992.
CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...)
- apache 1.3.29.0.2-5
CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...)
@@ -26264,7 +26265,9 @@
CVE-2000-0993 (Format string vulnerability in pw_error function in BSD libutil ...)
TODO: check
CVE-2000-0992 (Directory traversal vulnerability in scp in sshd 1.2.xx allows a ...)
- TODO: check
+ {CVE-2004-0175}
+ - openssh <unfixed> (low; bug #270770)
+ NOTE: Rediscoved as CVE-2004-0175, see there.
CVE-2000-0991 (Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ...)
TODO: check
CVE-2000-0990 (cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial ...)
More information about the Secure-testing-commits
mailing list