[Secure-testing-commits] r3387 - data/CVE
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sun Jan 29 20:42:15 UTC 2006
Author: jmm-guest
Date: 2006-01-29 20:42:11 +0000 (Sun, 29 Jan 2006)
New Revision: 3387
Modified:
data/CVE/list
Log:
elog fixed
another no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-29 20:14:28 UTC (rev 3386)
+++ data/CVE/list 2006-01-29 20:42:11 UTC (rev 3387)
@@ -1374,7 +1374,7 @@
TODO: check, whether this has ramifications on the kernel's VLAN implementation
TODO: or whether it's a generic unfixable protocol flaw
CVE-2005-4439 (Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to ...)
- - elog <unfixed> (bug #349528; high)
+ - elog 2.6.1+r1642-1 (bug #349528; high)
CVE-2005-4438 (Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in ...)
NOT-FOR-US: Dec2Rar
CVE-2005-4437 (MD5 Neighbor Authentication in Extended Interior Gateway Routing ...)
@@ -5182,7 +5182,10 @@
- ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
CVE-2005-XXXX [apt-cache doesn't differentiate sources which share several properties]
- apt <unfixed> (bug #329814; low)
- NOTE: Woody and Sarge are affected
+ - apt <no-dsa> (Unsupported use case)
+ NOTE: I tend to remove this completely, if you're using apt sources which include vulnerable
+ NOTE: versions of Debian packages with higher version numbers you're screwed anyway, no matter
+ NOTE: what apt display in this case
CVE-2004-XXXX [asciijump: /var/games/asciijump world writable]
- asciijump 0.0.6-1.2 (bug #269186)
CVE-2004-XXXX [Barrendero spool world-readable]
More information about the Secure-testing-commits
mailing list