[Secure-testing-commits] r4254 - data/CVE

Alec Berryman alec-guest at costa.debian.org
Sat Jun 17 06:33:29 UTC 2006 

Author: alec-guest
Date: 2006-06-17 06:33:26 +0000 (Sat, 17 Jun 2006)
New Revision: 4254

Modified:
   data/CVE/list
Log:
* CVE-2005-3896 (firefox): not a security bug, and not reproducible after 1.5.dfsg-1
* CVE-2005-3279 (bmv): fixed
* CVE-2005-1852 (kopete): fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-06-17 06:07:39 UTC (rev 4253)
+++ data/CVE/list	2006-06-17 06:33:26 UTC (rev 4254)
@@ -9020,7 +9020,9 @@
 	NOT-FOR-US: Safari
 	NOTE: Not reproducible with konqueror 4:3.4.2-4.
 CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service (CPU ...)
-	- firefox <unfixed> (bug #340283; bug #345469; low)
+	NOTE: maintainers don't believe it is a security bug and can't reproduce
+	NOTE: after 1.5.dfsg-1
+	- firefox 1.5.dfsg-1 (bug #340283; bug #345469; low)
 	NOTE: mozilla-firefox became a transitional package so not vulnerable
 	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #340283; bug #345469; low)
 	- mozilla <unfixed> (bug #340282; low)
@@ -11065,7 +11067,7 @@
 CVE-2005-3280 (Paros 3.2.5 uses a default password for the &quot;sa&quot; account in the ...)
 	NOT-FOR-US: Paros
 CVE-2005-3279 (Stack-based buffer overflow in the vgasco_printf function in Jan Kybic ...)
-	- bmv <unfixed> (bug #335497; unimportant)
+	- bmv 1.2-18 (bug #335497; unimportant)
 	NOTE: Vulnerable code not activated in binary package
 CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for Jan ...)
 	{DSA-981-1}
@@ -16591,7 +16593,7 @@
 	- gopher 3.0.8 (low)
 CVE-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 ...)
 	{DSA-767-1 DTSA-4-1}
-	- kopete <unfixed> (bug #319443; unimportant)
+	- kopete 4:3.3.2-5 (bug #319443; unimportant)
 	NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when
 	NOTE: no shared lib version is found. As the Debian package has a dependency on
 	NOTE: it the maintainer does not intent to fix it, see # 319443
@@ -19949,7 +19951,7 @@
 	- egroupware 1.0.0.009.dfsg-3-3
 	- phpgroupware 0.9.16.008-2
 CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...)
-	- phpsysinfo <unfixed> (bug #301118; unimportant)
+	- phpsysinfo 2.3-3 (bug #301118; unimportant)
 CVE-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...)
 	- tn5250 <not-affected> (cannot find STRPCO or STRPCCMD in tn5250)
 CVE-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...)

More information about the Secure-testing-commits mailing list