[Secure-testing-commits] r4262 - data/CVE

Alec Berryman alec-guest at costa.debian.org
Sat Jun 17 15:51:57 UTC 2006 

Author: alec-guest
Date: 2006-06-17 15:51:54 +0000 (Sat, 17 Jun 2006)
New Revision: 4262

Modified:
   data/CVE/list
Log:
* CVE-2005-2991 (ncompress): not-affected
* CVE-2005-2491 (gnumeric): fixed
* CVE-2005-2096 (systemimager-ssh): not-affected


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-06-17 15:24:44 UTC (rev 4261)
+++ data/CVE/list	2006-06-17 15:51:54 UTC (rev 4262)
@@ -11915,7 +11915,8 @@
 CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...)
 	NOT-FOR-US: HP Tru64
 CVE-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...)
-	- ncompress <unfixed> (bug #329052; unimportant)
+	- ncompress <not-affected> (bug #329052; unimportant)
+	NOTE: see bug close message,  Debian's ncompress doesn't expose affected scripts
 CVE-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files ...)
 	{DSA-843-1}
 	- arc 5.21m-1 (low)
@@ -13515,7 +13516,7 @@
 CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...)
 	{DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1}
 	- pcre3 6.3-1 (bug #324531; medium)
-	- gnumeric <unfixed> (bug #326628; bug #326898; unimportant)
+	- gnumeric 1.5.1-1 (bug #326628; bug #326898; unimportant)
 	- goffice 0.1.0-3 (bug #326898; unimportant)
 	NOTE: gnumeric/goffice includes one as well; not exploitable as affected code not used
 	- python2.1 2.1.3dfsg-3 (medium)
@@ -15296,7 +15297,8 @@
 	- rpm 4.0.4-31.1 (bug #318099; unimportant)
 	NOTE: You need to trust rpms anyway, when installing them
 	- rageircd 2.0.0-3sid1 (bug #309196; medium)
-	- systemimager-ssh <unfixed> (bug #318101; unimportant)
+	- systemimager-ssh <not-affected> (bug #318101; unimportant)
+	NOTE: see dannf's first bug comment; systemimager-ssh doesn't use compression
 	[woody] - texmacs <not-affected> (Woody contains zlib 1.1, which is not affected)
 	- texmacs 1:1.0.5-3 (bug #318100; medium)
 	- zlib 1:1.2.2-7 (bug #317133; medium)

More information about the Secure-testing-commits mailing list