[Secure-testing-commits] r3388 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Jan 29 20:55:56 UTC 2006 

Author: jmm-guest
Date: 2006-01-29 20:55:51 +0000 (Sun, 29 Jan 2006)
New Revision: 3388

Modified:
   data/CVE/list
Log:
another no-dsa
two suspected helix issues were only present in real player
  (at the time of research the vendor information wasn't
   complete)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-01-29 20:42:11 UTC (rev 3387)
+++ data/CVE/list	2006-01-29 20:55:51 UTC (rev 3388)
@@ -9028,9 +9028,11 @@
 	{DSA-737-1 DTSA-3-1}
 	- clamav 0.86.1-1 (bug #318756; medium)
 CVE-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...)
-	- helix-player 1.0.5-1 (bug #316276; high)
+	- helix-player 1.0.5-1 (bug #316276; unknown)
 CVE-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...)
-	- helix-player 1.0.5-1 (bug #316276; unknown)
+	NOT-FOR-US: Real Player
+	NOTE: This didn't affected Helix, although the changelog claimed so, see
+	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
 CVE-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...)
 	NOT-FOR-US: Perception LiteServe
 CVE-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...)
@@ -9456,7 +9458,9 @@
 CVE-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...)
 	NOT-FOR-US: JAF CMS
 CVE-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...)
-	- helix-player 1.0.5-1 (bug #316276; high)
+	NOT-FOR-US: Real Player
+	NOTE: This didn't affected Helix, although the changelog claimed so, see
+	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
 CVE-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console ...)
 	NOT-FOR-US: BEWAC
 CVE-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...)
@@ -13547,7 +13551,7 @@
 	[sarge] - kernel-source-2.6.8 <not-affected> (Not vulnerable, see #306137)
 CVE-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...)
 	- cdrtools 4:2.01+01a01-4 (bug #291376; low)
-	NOTE: Sarge and Woody affected
+	- cdrtools <no-dsa> (Only exploitable in rare debugging mode)
 CVE-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...)
 	NOT-FOR-US: Scalable OGo (SOGo)
 CVE-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's ...)

More information about the Secure-testing-commits mailing list