[Secure-testing-commits] r4258 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sat Jun 17 14:37:34 UTC 2006


Author: jmm-guest
Date: 2006-06-17 14:37:32 +0000 (Sat, 17 Jun 2006)
New Revision: 4258

Modified:
   data/CVE/list
Log:
arts not affected, it's not Debian policy to support arbitrary local
permission modifications


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-06-17 08:19:41 UTC (rev 4257)
+++ data/CVE/list	2006-06-17 14:37:32 UTC (rev 4258)
@@ -300,6 +300,7 @@
 	RESERVED
 CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...)
 	- arts 1.5.3-2 (bug #374003; low)
+	[sarge] - arts <not-affected> (Not setuid root in Debian)
 	NOTE: artswrapper is not suid root by default, but README.Debian describes it
 CVE-2006-2915
 	RESERVED
@@ -1277,7 +1278,7 @@
 	NOT-FOR-US: DeluxeBB
 CVE-2006-2502 (Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) ...)
 	NOT-FOR-US: cyrus-imapd-2.3 not in Debian
-	NOTE: cyrus-imapd-2.2 is in Debian but not vulnerable to this exploit.
+	- cyrus-imapd-2.2 <not-affected> (Vulnerable code not present)
 CVE-2006-2501 (Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 ...)
 	NOT-FOR-US: Sun
 CVE-2006-2500 (Cross-site scripting (XSS) vulnerability in add_news.asp in ...)




More information about the Secure-testing-commits mailing list