[Secure-testing-commits] r15824 - data
Moritz Muehlenhoff
jmm at alioth.debian.org
Sun Jan 9 22:11:59 UTC 2011
Author: jmm
Date: 2011-01-09 22:11:59 +0000 (Sun, 09 Jan 2011)
New Revision: 15824
Removed:
data/ID_pending
data/flex-affected-sarge.txt
Log:
remove historic files
Deleted: data/ID_pending
===================================================================
--- data/ID_pending 2011-01-09 18:40:51 UTC (rev 15823)
+++ data/ID_pending 2011-01-09 22:11:59 UTC (rev 15824)
@@ -1,369 +0,0 @@
-CVE-2006-XXXX [kphone creates world-readable config file with passwords]
- - kphone <unfixed> (bug #337830; low)
- NOTE: Requested by Micah March 26, 2006
- NOTE: CVE-2006-2442 obtained, but might be a duplicate of CVE-2006-2192
-CVE-2006-XXXX [php5 response splitting]
- - php5 5.1.2-1 (bug #347894)
- - php4 <not-affected> (vulnerable code was introduced in PHP5)
-CVE-2006-XXXX [php5 mysqli format string issue]
- - php5 5.1.2-1 (bug #347894)
- - php4 <not-affected> (vulnerable code was introduced in PHP5)
-CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution]
- - b2evolution 0.9.1b-4 (bug #344000)
-CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
- - xshisen 1.51-1-1.2 (bug #291613)
-CVE-2005-XXXX [snort: DoS in verbose mode]
- - snort 2.3.3-2 (bug #328134; low)
- [woody] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
- [sarge] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
-CVE-2005-XXXX [Insecure tempfile in libjpeg6b's exifautotran]
- - libjpeg6b 6b-11 (bug #340079; low)
- [woody] - libjpeg6b <not-affected> (Does not include exifautotran)
-CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password]
- - rageircd <unfixed> (bug #343543; medium)
-CVE-2003-XXXX [Insecure tempfile in x-face-el]
- - x-face-el 1.3.6.23-1
- NOTE: DSA-340
-CVE-2005-XXXX [Unspecified new Real/Helix createProcess() issue, no details yet]
- - helix-player <unfixed> (unknown)
- NOTE: http://service.real.com/help/faq/security/security111605.html
-CVE-2005-XXXX [unsafe file permissions in vpnc]
- - vpnc <unfixed> (bug #340105; medium)
-CVE-2005-XXXX [user logout in drupal has no effect]
- [sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
- - drupal 4.5.5-3 (bug #336719; medium)
-CVE-2005-XXXX [double free() in libungif]
- - libungif4 4.1.4-1 (bug #338542; medium)
-CVE-2005-XXXX [Insecure temp files in note]
- - note 1.3.1-3 (bug #337492; low)
-CVE-2005-XXXX [ntop format string vulnerability]
- - ntop <unfixed> (bug #335996; unimportant)
- NOTE: Not exploitable
-CVE-2005-XXXX [kernel: Signedness problems in net/core/filter]
- - linux-2.6 2.6.12-2
- [sarge] - kernel-source-2.4.27 <not-affected>
- [sarge] - kernel-source-2.6.8 <not-affected>
- NOTE: http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
-CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern]
- - thttpd 2.23beta1-4 (low)
-CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions]
- - adduser 3.77 (bug #331720; low)
- NOTE: Woody and Sarge affected
-CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
- - pavuk 0.9.33-1 (bug #264684; high)
- NOTE: second hole mentioned in bug report
-CVE-2005-XXXX [libmad: Assertion failed; buffer overflow]
- - libmad <unfixed> (bug #287519; low)
- - mad <removed>
-CVE-2005-XXXX [unsafe temporary file creation in flexbackup default config]
- - flexbackup <unfixed> (bug #334350; low)
-CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
- - xscreensaver 4.23-2 (bug #334193; low)
-CVE-2005-XXXX [Minor local DoS as libldap]
- - openldap <unfixed> (bug #253838; low)
- TODO: Check, whether openldap2.2 is affected as well
-CVE-2005-XXXX [Insecure bounds checking in mpack's content parser]
- - mpack 1.6-1 (bug #216566)
-CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod]
- - coreutils 5.93-1 (bug #306076; low)
- [sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable)
- [woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
-CVE-2005-XXXX [tar's rmt command may have undesired side effects]
- - tar <unfixed> (bug #290435; low)
-CVE-2005-XXXX [smbmount doesn't honor gid/uid with kernel 2.4]
- - kernel-source-2.4.27 <unfixed> (bug #310982; low)
- NOTE: probably already fixed in testing, wrote for confirmation
-CVE-2003-XXXX [Incomplete reporting of failed logins in login]
- - login 1:4.0.3-36 (bug #192849)
-CVE-2004-XXXX [slapd debconfage writes password to world readable file under certain circumstances]
- - openldap2.2 2.2.26-5 (bug #260204; low)
-CVE-2004-XXXX [Unspecified buffer overflow in libmng]
- - libmng 1.0.8-1 (bug #250106)
-CVE-2004-XXXX [Multiple buffer overflows in isoqlog]
- - isoqlog 2.2-0.1 (bug #254101; bug #202634)
-CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries]
- - libnss-ldap 199-1 (bug #169793)
-CVE-2004-XXXX [Firefox doesn't clear all cookies]
- - mozilla-firefox <unfixed> (bug #203034; bug #235932; low)
-CVE-2004-XXXX [Insecure temp files in amanda's chg-manual]
- - amanda 1:2.4.5p1-1 (bug #226139; low)
- NOTE: Woody and Sarge affected
-CVE-2004-XXXX [Buffer overflow in wdm's login]
- - wdm <unfixed> (bug #276218; low)
-CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact ...)
- - ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
-CVE-2005-XXXX [apt-cache doesn't differentiate sources which share several properties]
- - apt <unfixed> (bug #329814; low)
- - apt <no-dsa> (Unsupported use case)
- NOTE: I tend to remove this completely, if you're using apt sources which include vulnerable
- NOTE: versions of Debian packages with higher version numbers you're screwed anyway, no matter
- NOTE: what apt display in this case
-CVE-2004-XXXX [asciijump: /var/games/asciijump world writable]
- - asciijump 0.0.6-1.2 (bug #269186)
-CVE-2004-XXXX [Barrendero spool world-readable]
- - barrendero 1.1-1 (bug #279163)
-CVE-2005-XXXX [hdup inproperly preserves permissions on directories]
- - hdup <unfixed> (bug #302790; low)
-CVE-2001-XXXX [crypt++ passes passwords through the command line]
- - crypt++el <unfixed> (bug #105562; low)
- NOTE: Sarge and Woody are affected
-CVE-2004-XXXX [Two vulnerabilities in sredird]
- - sredird 2.2.1-1.1 (bug #267098)
-CVE-2003-XXXX [fuzz: Insecure temp file usage]
- - fuzz 0.6-7.1 (bug #183047)
-CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option]
- - findutils 4.2.22-1 (bug #313081)
-CVE-2005-XXXX [Serendipity account hijacking through CSRF]
- - serendipity <itp> (bug #312413)
- NOTE: Fixed in 0.8.5
-CVE-2005-XXXX [Insecure temp files in linux-wlan-ng]
- - linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low)
-CVE-2004-XXXX [kmail may send out sensitive information when used on NFS homes]
- - kdepim <unfixed> (bug #280287; low)
- NOTE: kmail was once part of kdenetwork.
-CVE-2002-XXXX [sanitizer bypassal through quoted file names]
- - sanitizer 1.76-1 (bug #149799; medium)
-CVE-2005-XXXX [Heap overflow in libosip URI parsing]
- - libosip2 2.0.9-1 (bug #308737)
-CVE-2005-XXXX [rkhunter: Insecure temporary file]
- - rkhunter 1.2.7-14 (bug #330627; medium)
-CVE-2005-XXXX [fprobe-ng: Insecure default hash]
- - fprobe-ng <unfixed> (bug #322699; low)
-CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
- - microcode.ctl <unfixed> (bug #282583; unimportant)
- NOTE: The validity of the microcode is ensure inside the CPU
-CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local]
- - gnupg 1.0.7-1 (bug #107374)
-CVE-2003-XXXX [Insecure temp files in lilo]
- - lilo 1:22.4-1 (bug #173238; bug #292073; low)
-CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]
- - distcc 2.18.3-3 (bug #298929; low)
- [sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard way not recommended for unstrusted environments)
-CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
- - phpwiki <unfixed> (bug #282565; medium)
-CVE-2005-XXXX [Possibly incorrect virtualisation in php4]
- - php4 <unfixed> (bug #317577; bug #330419; low)
- NOTE: Maintainer can't reproduce
-CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports]
- - gnumach <unfixed> (bug #46709)
- NOTE: Nearly six years old :-)
-CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
- - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
- NOTE: Sarge is affected (package doesn't exist in Woody)
-CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
- - egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
- NOTE: Sarge is affected (package doesn't exist in Woody)
-CVE-2005-XXXX [Insecure pidfile handling in mailleds]
- - mailleds 0.93-11.1 (bug #329365; low)
-CVE-2005-XXXX [kdebase uses urandom as an entropy source]
- - kdebase <unfixed> (bug #325369; unimportant)
- NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
- NOTE: on Linux urandom should provide sufficient entropy
-CVE-2005-XXXX [imview: Possible buffer overflow with FITS images]
- - imview <unfixed> (bug #326971; unknown)
- TODO: Needs further evaluation
-CVE-2005-XXXX [freeradius buffer overflows and SQL injection]
- - freeradius 1.0.5-1 (medium)
-CVE-2005-XXXX [user password file created by gajim is world-redable]
- - gajim 0.8.2-1 (bug #325080; low)
-CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file]
- - zope2.7 2.7.8-1 (bug #313644; bug #313621; low)
- NOTE: first patch was incorrect
-CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
- - wine 0.0.20050830-1 (bug #327261; bug #327262; high)
-CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6]
- - linux-2.6 2.6.12-6 (low)
-CVE-2005-XXXX [osh buffer overflow in handlers.c]
- NOTE: This is not the same as -13
- - osh 1.7-14 (bug #323424; bug #323482; bug #311369; medium)
-CVE-2005-XXXX [Insecure tempfile usage in tleds]
- - tleds 1.05beta10-9 (bug #276789; low)
-CVE-2005-XXXX [Insecure temp files in firehol]
- - firehol 1.231-4 (low)
-CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
- - cplay 1.49-8 (bug #324913; low)
- [woody] - cplay <not-affected> (CPLAY_TMP doesn't exist in this version)
- NOTE: Sarge is affected
-CVE-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent anonymous to access ldap directory]
- - phpldapadmin 0.9.6c-5 (bug #322423; low)
-CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
- - clamav 0.86.2-1 (low)
- NOTE: suspect this also affects Sarge, not enough info to know what this is
-CVE-2005-XXXX [Buffer overflow in Description parsing]
- - bidwatcher <removed> (bug #319489; low)
- NOTE: Sarge and Woody affected
- NOTE: Package is totally broken due to Ebay changes, so risk is low
-CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
- - dbmail <unfixed> (bug #303991; medium)
-CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
- - mldonkey 2.5.28.1-1 (bug #300560; low)
-CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
- - gcjwebplugin <unfixed> (bug #267040; bug #301134; high)
-CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
- - dbmail-pgsql <unfixed> (bug #290833; medium)
-CVE-2005-XXXX [time delay of password check proves account existence to attackers]
- NOTE: unknown if really a bug; if it is it's different than the previous ssh delay bugs
- - ssh <unfixed> (bug #314645; low)
-CVE-2005-XXXX [Unspecified buffer overflow in metar]
- - metar 20050807.1-1 (unknown)
-CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
- - wine 0.0.20050830-1 (bug #321470; low)
-CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links]
- - metamail 2.7-48 (bug #321473; low)
-CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues]
- - xfree86 <unfixed> (bug #321447; low)
- [woody] - xfree86 <no-dsa> (Hardly exploitable)
- [sarge] - xfree86 <no-dsa> (Hardly exploitable)
- - xorg-x11 <unfixed> (bug #321447; low)
-CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
- - gs-esp <unfixed> (bug #291452; unimportant)
- NOTE: Not included in the binary package
-CVE-2005-XXXX [Format string bug in sysklogd's syslog_tst sources]
- NOTE: binary not shipped
- - sysklogd <unfixed> (bug #281448; unimportant)
-CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script]
- - fftw3 3.0.1-12 (low; bug #321566)
-CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
- - clamav-getfiles 0.5-1 (bug #321446; medium)
- NOTE: Sarge is affected
-CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
- - libnet-ssleay-perl 1.25-1.1 (bug #296112; low)
-CVE-2005-XXXX [nvi: init.d recover file security bugs]
- - nvi 1.79-22 (bug #298114; medium)
-CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
- [woody] - bugzilla <not-affected> (Vulnerable script is not present)
- [sarge] - bugzilla <not-affected> (Vulnerable script is not present)
- - bugzilla 2.18.3-2 (bug #321567; low)
-CVE-2005-XXXX [Crypto weakness in Tor's handshaking process]
- - tor 0.1.0.14-1 (medium)
-CVE-2005-XXXX [DoS against rsync in embedded zlib copy]
- NOTE: This is distinct from CVE-2005-2096, please see rsync's 2.6.6 announcement
- NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3
- NOTE: I haven't verified this with source so far, but it looks like a DoS
- NOTE: This is fixed in zlib 1.2.3, we could check if other apps embedding
- NOTE: zlib 1.2 are affected as well
- - rsync 2.6.6-1 (low)
-CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
- NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html
- NOTE: maintainer says does not apply to debian, see #320608
-CVE-2005-XXXX [strobe reads file from unsafe directory]
- - netdiag 0.7-7.1 (bug #206905; low)
-CVE-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
- - ffmpeg 0.cvs20050811-1 (bug #320150; medium)
-CVE-2005-XXXX [xgalaga score file segfault]
- - xgalaga 2.0.34-31 (bug #319686; low)
-CVE-2005-XXXX [xemeraldia games file overwrite]
- - xemeraldia 0.4-1 (bug #319661; low)
-CVE-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions]
- NOTE: This doesn't look like a real security issue as cron.daily should only be
- NOTE: writable by root, but lets include it as the maintainer considers it an issue
- - fiaif 1.19.2-14 (low)
-CVE-2005-XXXX [oftpd port DOS]
- - oftpd <removed> (bug #307957; low)
- NOTE: CVE id requested from mitre
-CVE-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
- - moodle 1.4.4.dfsg.1-3
-CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]
- NOTE: viewFile.php has been removed along with other files in -26, so Debian is
- NOTE: no longer affected.
- - gforge 3.1-26
-CVE-2005-XXXX [osh buffer overflow]
- - osh 1.7-13 (bug #311369)
-CVE-2005-XXXX [xile buffer overrun in terminal code]
- - zile 2.0.4-2
-CVE-2005-XXXX [Two DoS condition in ekg]
- - ekg 1:1.5+20050411-3
-CVE-2005-XXXX [lcrash affected by libbfd integer overflows]
- - lcrash 7.0.0.pre.cvs.20050322-3
-CVE-2005-XXXX [Multiple security problems in lbreakout2]
- - lbreakout2 2.5.2-2
-CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines]
- - clamav 0.85.1-1 (low)
- NOTE: Suspect Sarge is affected, not enough information to certify
-CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
- - xfree86 4.3.0.dfsg.1-14 (bug #308783)
- - xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree)
-CVE-2005-XXXX [Buffer overflow in libotr]
- - libotr 2.0.2-1
-CVE-2005-XXXX [vpnc: config file path security hole]
- - vpnc 0.3.2+SVN20050326-2
-CVE-2005-XXXX [Several buffer overflows in termpkg]
- - termpkg 3.3-2
-CVE-2005-XXXX [Integer overflow in binutils' ELF parsing]
- NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's
- NOTE: already fixed since 2.15-6
- - binutils 2.15-6
-CVE-2005-XXXX [kmd affected by binutils's ELF parser vulnerability]
- - kmd 0.9.19-1.1
-CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt]
- NOTE: Source package has been renamed from unrar to unrar-free
- - unrar-free 1:0.0.1-2
-CVE-2005-XXXX [race condition with a buffered temp file]
- - pysvn 1.1.2-3
-CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module]
- - mailutils 1:0.6.1-2
-CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks]
- - maradns 1.0.27-1
-CVE-2005-XXXX [Possible SQL injection in freeradius]
- - freeradius 1.0.2-4
-CVE-2005-XXXX [Directory traversal in unzoo]
- - unzoo 4.4-4
-CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
- - syslog-ng 1.6.5-2.1
-CVE-2005-XXXX [trackballs: Follows symlinks as gid games]
- - trackballs 1.1.1-1 (bug #302454; medium)
- NOTE: CVE request sent to mitre (who sent this? any response?)
- NOTE: Trackballs doesn't run as gid games anymore, high-score files are
- NOTE: stored in user's home directories instead.
- TODO: check possibility of exploitation via scripting language,
- TODO: as mentioned in the bug report as a separate issue
-CVE-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it]
- - pwgen 2.04-1
-CVE-2005-XXXX [Missing input validation in xtradius]
- - xtradius 1.2.1-beta2-2 (bug #307796; unimportant)
-CVE-2005-XXXX [fai tempfile vulnerability]
- - fai 2.8.2
-CVE-2005-XXXX [Buffer overflow in elog's header buffer]
- - elog 2.5.7+r1558-3 (bug #349528; high)
-CVE-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
- - ipsec-tools 1:0.5.2-1
-CVE-2005-XXXX [Insecure mailbox generation in passwd's useradd]
- - shadow 4.0.8
- [sarge] - shadow <not-affected> (was introduced after version 4.0.3)
- [woody] - shadow <not-affected> (was introduced after version 4.0.3)
-CVE-2005-XXXX [Insecure tempfile generation in shadow's vipw]
- - shadow 1:4.0.3-33
-CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
- - libconvert-uulib-perl 1.0.5.1-1
-CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications]
- - libpam-ssh 1.91.0-9
-CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey]
- - postgrey 1.21-1
-CVE-2005-XXXX [Some security issues in mod_security]
- NOTE: I don't understand mod_security fully, so I'm not entirely sure which of
- NOTE: the changelog entries matches the security criteria, but the changelog
- NOTE: claims so.
- - libapache-mod-security 1.8.7-1
-CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping]
- NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix
- - imms 2.0.3-1
-CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
- - smarty 2.6.9-1
-CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]
- - obexftp 0.10.7-3
-CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
- - openwebmail <removed>
-CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv]
- - freeciv 2.0.1-1
-CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack]
- - mailscanner 4.40.11-1
-CVE-2005-XXXX [KDE Kopete ICQ remote DoS]
- - kdenetwork 4:3.3.2-2
-CVE-2005-XXXX [Various /tmp related security issues in cernlib]
- - cernlib 2004.11.04-3
-CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4]
- - omniorb4 4.0.5-2
-CVE-2002-XXXX [Cross-Site-Scripting in Bugzilla]
- - bugzilla 2.16.2-1
-CVE-2002-XXXX [Multiple buffer overflows in gtetrinet]
- - gtetrinet 0.4.4-1
Deleted: data/flex-affected-sarge.txt
===================================================================
--- data/flex-affected-sarge.txt 2011-01-09 18:40:51 UTC (rev 15823)
+++ data/flex-affected-sarge.txt 2011-01-09 22:11:59 UTC (rev 15824)
@@ -1,46 +0,0 @@
-boxes:
-corewars
-crash
-cscope
-cyrus21-imapd
-doxygen
-filters
-flex-old
-flexloader
-freebsd5-buildutils
-gcc-3.3 WONTFIX
- Only used in the lexers of gpc, not built into the binary package.
-gcc-3.4 WONTFIX
- Only used in the lexers of gpc, not built into the binary package.
-gdb-m68hc1x
-gnat-gdb
-gnat-gps
-gob
-gob2
-grap
-heartbeat
-insight
-kdeadmin
-keynote
-loki
-mdk AFFECTED
- Could potentially be exploited by sending manipulated mix assembly to
- someone
-mmorph
-monit
-nco
-noteedit
-openoffice.org
-plotutils
-python-bibtex
-regina AFFECTED
- Could potentially be exploited through crafted REXX files
-rtai
-saods9
-source-highlight
-sourcenav
-spacechart
-sylpheed-claws
-tcpdump
-toolchain-source
-xboard
More information about the Secure-testing-commits
mailing list