[Secure-testing-commits] r3716 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Mar 30 13:31:34 UTC 2006 

Author: jmm-guest
Date: 2006-03-30 13:31:25 +0000 (Thu, 30 Mar 2006)
New Revision: 3716

Modified:
   data/CVE/list
Log:
more checks of Sarge versions


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-03-30 09:28:36 UTC (rev 3715)
+++ data/CVE/list	2006-03-30 13:31:25 UTC (rev 3716)
@@ -3463,6 +3463,7 @@
 	[sarge] - bogofilter <not-affected> (Only some 0.96 CVS versions were affected)
 CVE-2005-4591 (Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, ...)
 	- bogofilter 0.96.3
+	[sarge] - bogofilter <not-affected> (Sarge version doesn't include Unicode)
 CVE-2005-4590 (Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on ...)
 	NOT-FOR-US: Spb Kiosk Engine
 CVE-2005-4589 (Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the ...)
@@ -7706,6 +7707,8 @@
 	NOTE: kmail was once part of kdenetwork.
 CVE-2002-XXXX [sanitizer bypassal through quoted file names]
 	- sanitizer 1.76-1 (bug #149799; medium)
+	[sarge] - sanitizer <not-affected> (Sarge version already fixed)
+	NOTE: This was fixed earlier in fact, but it's unknown when
 CVE-2005-XXXX [Heap overflow in libosip URI parsing]
 	- libosip2 2.0.9-1 (bug #308737)
 CVE-2005-XXXX [rkhunter: Insecure temporary file]
@@ -11369,7 +11372,8 @@
 	- libphysfs 1.0.0-5 (bug #318091; medium)
 	- oops <unfixed> (bug #318097; medium)
 	[woody] - rpm <not-affected> (Woody contains zlib 1.1, which is not affected)
-	- rpm 4.0.4-31.1 (bug #318099; medium)
+	- rpm 4.0.4-31.1 (bug #318099; unimportant)
+	NOTE: You need to trust rpms anyway, when installing them
 	- rageircd 2.0.0-3sid1 (bug #309196; medium)
 	- systemimager-ssh <unfixed> (bug #318101; unimportant)
 	[woody] - texmacs <not-affected> (Woody contains zlib 1.1, which is not affected)
@@ -14455,6 +14459,7 @@
 	- syslog-ng 1.6.5-2.1
 CVE-2005-XXXX [trackballs: Follows symlinks as gid games]
 	- trackballs 1.1.1-1 (bug #302454; medium)
+	[sarge] - trackballs <no-dsa> (Hardly exploitable)
 	NOTE: CVE request sent to mitre (who sent this? any response?)
 	NOTE: Trackballs doesn't run as gid games anymore, high-score files are
 	NOTE: stored in user's home directories instead.

More information about the Secure-testing-commits mailing list