[Secure-testing-commits] r5209 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Fri Jan 5 21:03:12 CET 2007 

Author: jmm-guest
Date: 2007-01-05 21:03:10 +0100 (Fri, 05 Jan 2007)
New Revision: 5209

Modified:
   data/CVE/list
Log:
correct linux-2.6 fixed version
couple of no-dsas and not-affected entries for sarge


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-01-04 20:14:20 UTC (rev 5208)
+++ data/CVE/list	2007-01-05 20:03:10 UTC (rev 5209)
@@ -3889,7 +3889,7 @@
 CVE-2006-5159 (** DISPUTED ** ...)
 	NOT-FOR-US: Bogus Firefox issue
 CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel ...)
-	- linux-2.6 2.6.16
+	- linux-2.6 2.6.15
 CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...)
 	NOT-FOR-US: TrendMicro OfficeScan
 CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ...)
@@ -6858,7 +6858,8 @@
 CVE-2006-4046 (Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 ...)
 	- ocp 0.1.10rc6-1 (medium; bug #381098)
 CVE-2006-XXXX [uqwk buffer overflow]
-	- uqwk 2.21-13 (bug #376577; medium)
+	- uqwk 2.21-13 (bug #376577; low)
+	[sarge] - uqwk <no-dsa> (Minor issue)
 CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ...)
 	NOT-FOR-US: Professional Home Page Tools Guestbook
 CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...)
@@ -11653,6 +11654,7 @@
 	NOT-FOR-US: PHPKIT
 CVE-2006-1772 (debconf in Debian GNU/Linux, when configuring mnogosearch in the ...)
 	- mnogosearch 3.2.37-3.1 (bug #361775)
+	[sarge] - mnogosearch <no-dsa> (Minor issue)
 CVE-2006-1771 (Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH ...)
 	NOT-FOR-US: SAXoPRESS
 CVE-2006-1770 (Multiple PHP remote file inclusion vulnerabilities in Azerbaijan ...)
@@ -20593,10 +20595,10 @@
 	TODO: check xemacs21
 CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
 	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
-	NOTE: Sarge is affected (package doesn't exist in Woody)
+	[sarge] - egroupware <no-dsa> (Minor issue)
 CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
 	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
-	NOTE: Sarge is affected (package doesn't exist in Woody)
+	[sarge] - egroupware <no-dsa> (Minor issue)
 CVE-2005-XXXX [Insecure pidfile handling in mailleds]
 	- mailleds 0.93-11.1 (bug #329365; low)
 	[sarge] - mailleds <no-dsa> (Hardly exploitable)
@@ -25456,9 +25458,6 @@
 CVE-2005-2350 [Cross Site Scripting in websieve]
 	RESERVED
 	- websieve <removed> (bug #311838; low)
-	NOTE: second half of bug suggets lack of escaping of user data
-	NOTE: could be used to compromise program somehow
-	NOTE: that is not covered by the CVE though due to vagueness
 CVE-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...)
 	NOT-FOR-US: phpCMS
 CVE-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
@@ -28001,7 +28000,9 @@
 CVE-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote ...)
 	NOT-FOR-US: Oracle
 CVE-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 ...)
-	- webmin 1.200-1
+	- webmin <not-affected>
+	NOTE: I haven't found further information on this, but this appears to only
+	NOTE: affect non-Debian setups
 CVE-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...)
 	NOT-FOR-US: AIX
 CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...)

More information about the Secure-testing-commits mailing list