[Secure-testing-commits] r4710 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Sun Sep 10 12:37:30 UTC 2006 

Author: jmm-guest
Date: 2006-09-10 12:37:29 +0000 (Sun, 10 Sep 2006)
New Revision: 4710

Modified:
   data/CVE/list
Log:
reviewed ekg/centericq code inclusion
mailleds issue too far fetched to warrant a DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-09-10 07:16:24 UTC (rev 4709)
+++ data/CVE/list	2006-09-10 12:37:29 UTC (rev 4710)
@@ -15403,6 +15403,7 @@
 	NOTE: Sarge is affected (package doesn't exist in Woody)
 CVE-2005-XXXX [Insecure pidfile handling in mailleds]
 	- mailleds 0.93-11.1 (bug #329365; low)
+	[sarge] - mailleds <no-dsa> (Hardly exploitable)
 CVE-2005-XXXX [kdebase uses urandom as an entropy source]
 	- kdebase <unfixed> (bug #325369; unimportant)
 	NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
@@ -17386,7 +17387,9 @@
 	{DSA-813-1 DTSA-2-1 DTSA-4-1}
 	- ekg 1:1.5+20050718+1.6rc3-1 (low)
 	- centericq 4.20.0-9 (bug #323185; medium)
-	NOTE: Sarge ekg is affected (doesn't exist in Woody, and DSA-813-1 takes care of centericq)
+	[sarge] - ekg <not-affected> 
+	NOTE: I checked the ekg source from Sarge and all fixes from the centericq DSA 813
+	NOTE: are already included.
 CVE-2005-2447
 	REJECTED
 CVE-2005-2446
@@ -17592,10 +17595,8 @@
 	[woody] - gaim <not-affected> (affected code libgadu not present in woody)
 	[sarge] - gaim <not-affected> (old version of libgadu in gaim is not affected)
 	- ekg 1:1.5+20050712+1.6rc2-1 (medium)
-	NOTE: Sarge ekg affected (ekg not in Woody, centericq had a DSA)
-	NOTE: see Revision 1.21.2.2 at
-	NOTE: http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/protocols/gg/Attic/libgg.c?rev=1.29&view=log
-	NOTE: and referenced message: http://sourceforge.net/mailarchive/message.php?msg_id=12399770
+	[sarge] - ekg <not-affected>
+	NOTE: The fixes from centericq for integer overflows are all present in ekg from stable
 CVE-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...)
 	{DTSA-12-1}
 	- vim 1:6.3-085+1 (bug #320017; medium)

More information about the Secure-testing-commits mailing list