[Secure-testing-commits] r3982 - data/CVE

Alec Berryman alec-guest at costa.debian.org
Fri May 19 15:59:46 UTC 2006 

Author: alec-guest
Date: 2006-05-19 15:59:43 +0000 (Fri, 19 May 2006)
New Revision: 3982

Modified:
   data/CVE/list
Log:
* fix libextractor typo
* put kphone back in under the new CVE (taken out in r3972)
* clamav isn't affected by CVE-2006-2427
* bugzilla is unfixed for CVE-2006-2420 but the issue is minor


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-05-19 15:30:21 UTC (rev 3981)
+++ data/CVE/list	2006-05-19 15:59:43 UTC (rev 3982)
@@ -1,5 +1,5 @@
 CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and ...)
-	libextractor 0.5.14-1
+	- libextractor 0.5.14-1
 CVE-2006-2457
 	RESERVED
 CVE-2006-2456
@@ -29,7 +29,7 @@
 CVE-2006-2444
 	RESERVED
 CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions, which ...)
-	TODO: check
+	- kphone 1:4.2-3 (bug #337830; medium)
 CVE-2006-2439
 	RESERVED
 CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the ...)
@@ -55,7 +55,7 @@
 CVE-2006-2428 (add.asp in DUware DUbanner 3.1 allows remote attackers to execute ...)
 	NOT-FOR-US: Duware
 CVE-2006-2427 (freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h ...)
-	TODO: check
+	clamav <not-affected> (clamav-freshclam doesn't ship freshclam setuid or setgid)
 CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 ...)
 	TODO: check
 CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in ...)
@@ -69,7 +69,8 @@
 CVE-2006-2421 (Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows ...)
 	TODO: check
 CVE-2006-2420 (Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows ...)
-	TODO: check
+	NOTE: "this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it."
+	bugzilla <unfixed> (low)
 CVE-2006-2419 (Cross-site scripting (XSS) vulnerability in index.php in Directory ...)
 	TODO: check
 CVE-2006-2418 (Cross-site scripting (XSS) vulnerabilities in certain versions of ...)

More information about the Secure-testing-commits mailing list