[Secure-testing-commits] r3566 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Wed Mar 8 09:46:55 UTC 2006 

Author: jmm-guest
Date: 2006-03-08 09:46:42 +0000 (Wed, 08 Mar 2006)
New Revision: 3566

Modified:
   data/CVE/list
Log:
openssh issue fixed long ago
cleaned up list for 2.6.8 DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-03-07 21:14:24 UTC (rev 3565)
+++ data/CVE/list	2006-03-08 09:46:42 UTC (rev 3566)
@@ -357,7 +357,8 @@
 CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) ...)
 	TODO: check
 CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not ...)
-	TODO: check
+	- openssh 3.8.1p1-4
+	[woody] - openssh <not-affected>
 CVE-2006-0882 (Directory traversal vulnerability in include.php in Noah's Classifieds ...)
 	NOT-FOR-US: Noah's Classifieds
 CVE-2006-0881 (Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php ...)
@@ -2290,11 +2291,9 @@
 CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
 	- kernel-source-2.4.27 2.4.27-8
-	NOTE: sarge 2.6.8 and 2.4.27 are affected, woody is unclear
 CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure ...)
 	- linux-2.6 <unfixed>
 	- kernel-source-2.4.27 <not-affected> (2.4 doesn't have dm-crypt)
-	NOTE: 2.6.8 sarge affected, 2.4 kernels not affected
 CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
 	NOT-FOR-US: oaBoard
 CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP ...)
@@ -2352,8 +2351,7 @@
 CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
 	NOT-FOR-US: phpoutsourcing Zorum Forum 
 CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...)
-	- linux-2.6 <unfixed>
-	NOTE: Added patch tracker template
+	- linux-2.6 2.6.15-1
 CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Tools ...)
 	{DSA-930-2 DSA-930-1}
 	[woody] - smstools 1.5.0-2woody0
@@ -2437,7 +2435,6 @@
 CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions ...)
 	- linux-2.6 2.6.15-1
 	- kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a sanity check)
-	NOTE: Sarge 2.6.8 status yet unclear
 CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
 	- xshisen 1.51-1-1.2 (bug #291613)
 CVE-2006-0062 [Potential xlockmore bypass]
@@ -4460,10 +4457,10 @@
 CVE-2004-2573 (PHP remote file inclusion vulnerability in tables_update.inc.php in ...)
 	- phpgroupware 0.9.14.007
 CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...)
+	- linux-2.6 2.6.13-1
 	- kernel-source-2.4.27 2.4.27-12 (bug #351645)
-	[sarge] - kernel-source-2.6.8 2.6.8-16sarge2
 CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up ...)
-	[sarge] - kernel-source-2.6.8 2.6.8-16sarge2 
+	- linux-2.6 2.6.13-1
 CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module in ...)
 	- pmwiki <itp> (bug #330117)
 CVE-2003-XXXX [Insecure tempfile in x-face-el]
@@ -6887,13 +6884,11 @@
 CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial ...)
 	- linux-2.6 <unfixed> (bug #330287; bug #332587; medium)
 	- kernel-source-2.4.27 <not-affected>
-	[sarge] - kernel-source-2.6.8 <unfixed> (bug #332596)
 CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...)
 	- php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
 	- php5 5.0.5-2 (bug #353585; medium)
 CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...)
 	- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
-	- kernel-source-2.6.8 2.6.8-16sarge2 (medium)
 CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...)
 	NOT-FOR-US: jportal
 CVE-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA allows ...)
@@ -7087,7 +7082,6 @@
 CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, ...)
 	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
 	- kernel-source-2.4.27 2.4.27-12
-	[sarge] - kernel-source-2.6.8 2.6.8-16sarge2
 	[sarge] - kernel-source-2.4.27 2.4.27-10sarge2
 CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature in ...)
 	{DSA-894-1}
@@ -7319,7 +7313,6 @@
 CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local ...)
 	- linux-2.6 2.6.12-7 (medium)
 	- kernel-source-2.4.27 <not-affected> (code is vulnerable but there is no amd64 for 2.4 in Sarge)
-	[sarge] - kernel-source-2.6.8 2.6.8-16sarge2 (medium)
 CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and ...)
 	NOTE: proactively fixed by the robustness patch
 	- twiki 20040902-2
@@ -7687,7 +7680,6 @@
 	- helix-player 1.0.6-1 (bug #330364; high)
 CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 ...)
 	- linux-2.6 2.6.14-3
-	NOTE: Send to Horms as usual
 CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4 kernel on ...)
 	- kernel-source-2.4.27 <not-affected> (amd64/2.4 not supported)
 CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
@@ -8650,7 +8642,6 @@
 	- python2.3 2.3.5-8 (medium)
 CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux ...)
 	- linux-2.6 2.6.12-7 (bug #327416; medium)
-	- kernel-source-2.6.8 2.6.8-16sarge2
 CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...)
 	{DSA-922-1 DTSA-16-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
@@ -8879,7 +8870,6 @@
 	{DTSA-16-1}
 	- linux-2.6 2.6.12-3 (medium)
 	- kernel-source-2.4.27 2.4.27-12 (medium)
-	[sarge] - kernel-source-2.6.8 2.6.8-16sarge2 (medium)
 	[sarge] - kernel-source-2.4.27 2.4.27-10sarge2 (medium)
 CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
 	{DSA-922-1 DSA-921-1 DTSA-16-1}
@@ -16830,7 +16820,6 @@
 CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...)
 	NOT-FOR-US: Sami HTTP Server
 CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...)
-	- kernel-source-2.6.8 2.6.8-14 (bug #295949; high)
 	- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12)
 	- kernel-source-2.4.27 <not-affected> (Per Herbet Xu: http://oss.sgi.com/archives/netdev/2005-01/msg01107.html)
 CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...)
@@ -17900,7 +17889,6 @@
 	NOT-FOR-US: MacOS
 CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
 	TODO: Check, when this was fixed upstream
-	- kernel-source-2.4.27 2.4.27-8
 CVE-2005-0123
 	RESERVED
 CVE-2005-0122
@@ -19067,7 +19055,6 @@
 	- php3 3:3.0.18-29
 CVE-2004-1017 (Multiple &quot;overflows&quot; in the io_edgeport driver for Linux kernel 2.4.x ...)
 	- linux-2.6 <not-affected> (2.4 specific vulnerability)
-	- kernel-source-2.4.27 2.4.27-9
 CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...)
 	- linux-2.6 <not-affected> (Fixed before upload into archive)
 	TODO: Check which version fixed this

More information about the Secure-testing-commits mailing list