[Secure-testing-commits] r4130 - data/CVE

[Joey Hess]

Author: joeyh
Date: 2006-06-03 20:40:54 +0000 (Sat, 03 Jun 2006)
New Revision: 4130

Modified:
   data/CVE/list
Log:
a couple of already fixed bugs noticed by Francesco Poli


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-06-03 19:30:11 UTC (rev 4129)
+++ data/CVE/list	2006-06-03 20:40:54 UTC (rev 4130)
@@ -2822,7 +2822,7 @@
 	- fftw <unfixed> (bug #358157; low)
 	[sarge] - fftw <not-affected> (No rpath set in Sarge)
 CVE-2006-XXXX [gauche-config rpath set to user home]
-	- gauche <unfixed> (bug #358139; low)
+	- gauche 0.8.7-1 (bug #358139; low)
 	[sarge] - gauche <not-affected> (gauche-config is a shell script in Sarge)
 CVE-2006-XXXX [tcpquota rpath set to user home]
 	- tcpquota <unfixed> (bug #358369; low)
@@ -8767,7 +8767,9 @@
 CVE-2005-3650 (The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the ...)
 	NOT-FOR-US: Sony Root Kit Uninstaller
 CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users ...)
-	- moodle <unfixed> (bug #338592; low)
+	NOTE: only exploitable in certian configurations (non-default)
+	NOTE: warning added..
+	- moodle 1.5.3+20060108-1 (bug #338592; low)
 	[sarge] - moodle <no-dsa> (Only exploitable in strange PHP setups)
 CVE-2005-3648 (Multiple SQL injection vulnerabilities in the get_record function in ...)
 	- moodle <unfixed> (bug #338592; low)
@@ -14299,7 +14301,7 @@
 	[woody] - amd64-libs <not-affected> (Woody contains zlib 1.1, which is not affected)
 	- amd64-libs 1.3 (bug #317970; medium)
 	[woody] - ia32-libs <not-affected> (Woody contains zlib 1.1, which is not affected)
-	- ia32-libs <unfixed> (bug #317971; medium)
+	- ia32-libs 1.6 (bug #317971; medium)
 	- dar <not-affected> (zlib not used on unstrusted input, see #317989)
 	[woody] - bacula <not-affected> (Woody contains zlib 1.1, which is not affected)
 	- bacula 1.36.3-2 (bug #318014; medium)