[Secure-testing-commits] r4831 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Mon Oct 9 16:47:50 UTC 2006 

Author: jmm-guest
Date: 2006-10-09 16:47:49 +0000 (Mon, 09 Oct 2006)
New Revision: 4831

Modified:
   data/CVE/list
Log:
several no-dsa and bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-10-07 12:04:07 UTC (rev 4830)
+++ data/CVE/list	2006-10-09 16:47:49 UTC (rev 4831)
@@ -1,7 +1,7 @@
 CVE-2006-XXXX [zabbix format string vulnerabilities]
-	- zabbix 1:1.1.2-4
+	- zabbix 1:1.1.2-4 (bug #391388)
 CVE-2006-XXXX [zabbix buffer overflows]
-	- zabbix 1:1.1.2-4
+	- zabbix 1:1.1.2-4 (bug #391388)
 CVE-2006-5167 (Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 ...)
 	NOT-FOR-US: BasiliX
 CVE-2006-5166 (PHP remote file inclusion vulnerability in functions.php in PHP Web ...)
@@ -1937,6 +1937,7 @@
 	NOT-FOR-US: cPanel
 CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows ...)
 	- honeyd <unfixed> (low; bug #384806)
+	[sarge] - honeyd <no-dsa> (Minor issue)
 CVE-2006-4291 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: PHlyMail Lite
 CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, ...)
@@ -5013,8 +5014,10 @@
 	NOT-FOR-US: CMPro
 CVE-2006-2920 (Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote ...)
 	- sylpheed 2.2.6-1 (low)
+	[sarge] - sylpheed <no-dsa> (Minor evasion of phishing protection feature)
 	- sylpheed-gtk1 1.0.6-3 (bug #373187; low)
 	- sylpheed-claws 1.0.5-3 (bug #372891; low)
+	[sarge] - sylpheed-claws <no-dsa> (Minor evasion of phishing protection feature)
 	- sylpheed-claws-gtk2 2.3.0-1 (bug #372889; low)
 CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote ...)
 	NOT-FOR-US: Microsoft
@@ -5700,10 +5703,10 @@
 	- wordpress 2.0.3-1 (high; bug #369014)
 CVE-2006-2753 (SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x ...)
 	{DSA-1092-1}
-	- mysql-dfsg <not-affected> (Vulnerable code was introduced in 4.1)
-	- mysql <not-affected> (Vulnerable code was introduced in 4.1)
+	- mysql-dfsg <not-affected> (Vulnerable code was introduced in 4.1, see #369741)
+	- mysql <not-affected> (Vulnerable code was introduced in 4.1, see #369754)
 	- mysql-dfsg-5.0 5.0.22-1 (bug #369735; medium)
-	- mysql-dfsg-4.1 <unfixed> (medium)
+	- mysql-dfsg-4.1 <unfixed> (bug #369754; medium)
 CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause ...)
 	{DSA-1101}
 	- courier 0.53.2-1 (bug #368834)
@@ -10221,6 +10224,7 @@
 	NOT-FOR-US: Kadu
 CVE-2006-0767 (CGIWrap before 3.10 allows remote attackers to obtain sensitive ...)
 	- cgiwrap 3.9-3.1
+	[sarge] - cgiwrap <no-dsa> (Only leaks information about the existance of users on a system)
 CVE-2006-0766 (ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, ...)
 	NOT-FOR-US: ICQ
 CVE-2006-0765 (GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ...)
@@ -15879,6 +15883,7 @@
 	NOTE: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
 CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern]
 	- thttpd 2.23beta1-4 (low)
+	[sarge] - thttpd <no-dsa> (Minor issue in addon package)
 CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
 	{DSA-880-1}
 	- phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium)
@@ -18564,6 +18569,7 @@
 	- sysklogd <unfixed> (bug #281448; unimportant)
 CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script]
 	- fftw3 3.0.1-12 (low; bug #321566)
+	[sarge] - fftw3 <no-dsa> (Minor issue)
 CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
 	- clamav-getfiles 0.5-1 (bug #321446; medium)
 	[sarge] - clamav-getfiles <not-affected> (Sarge version uses mktemp)
@@ -19800,8 +19806,9 @@
 	NOTE: the affected probe.cgi
 CVE-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before ...)
 	{DSA-873-1}
-	- net-snmp 5.2.1.2-1 (bug #318420; medium)
-	- ucd-snmp 4.2.5-5.1 (bug #337394; medium)
+	- net-snmp 5.2.1.2-1 (bug #318420; low)
+	- ucd-snmp 4.2.5-5.1 (bug #337394; low)
+	[sarge] - ucd-snmp <no-dsa> (Minor issue)
 CVE-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...)
 	NOT-FOR-US: Novell NetMail
 CVE-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...)

More information about the Secure-testing-commits mailing list