Author: micah
Date: 2006-01-27 01:16:59 +0000 (Fri, 27 Jan 2006)
New Revision: 3378
Modified:
data/CVE/list
Log:
More sarge false positive checks, ekg affects gaim also
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-01-26 21:14:23 UTC (rev 3377)
+++ data/CVE/list 2006-01-27 01:16:59 UTC (rev 3378)
@@ -202,6 +202,7 @@
TODO: check
CVE-2006-0332 (Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail
attachments ...)
- ecartis <unfixed> (medium; bug #348824)
+ NOTE: Sarge and Woody are affected
CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail
plugin ...)
TODO: check
CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before
1.5.2 ...)
@@ -949,6 +950,7 @@
RESERVED
CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses
predictable ...)
- ee <unfixed> (bug #348322)
+ NOTE: Sarge and Woody are affected
CVE-2006-0054 (The ipfw firewall in FreeBSD 6.0-RELEASE allows remote
attackers to ...)
NOT-FOR-US: FreeBSD
CVE-2005-4604 (Buffer overflow in MTink in the printer-filters-utils package
allows ...)
@@ -2352,6 +2354,7 @@
NOT-FOR-US: Multipke DuWare products
CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through
4.5.5 and ...)
- drupal 4.5.6-1 (bug #348811; medium)
+ NOTE: Sarge is affected
CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when
running on ...)
- drupal 4.5.6-1 (low)
[sarge] - drupal <not-affected> (Only vulnerable if running PHP 5)
@@ -5378,8 +5381,10 @@
TODO: check xemacs21
CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
+ NOTE: Sarge is affected (package doesn't exist in Woody)
CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
+ NOTE: Sarge is affected (package doesn't exist in Woody)
CVE-2005-XXXX [Insecure pidfile handling in mailleds]
- mailleds 0.93-11.1 (bug #329365; low)
CVE-2005-XXXX [kdebase uses urandom as an entropy source]
@@ -5999,6 +6004,7 @@
CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not
properly ...)
- phpgroupware 0.9.16.009-1 (bug #340094; medium)
- egroupware 1.0.0.009.dfsg-3-4 (bug #340495; medium)
+ NOTE: Sarge and Woody are affected
CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under
(LDU) ...)
NOT-FOR-US: Land Down Under
CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers
to ...)
@@ -7365,6 +7371,7 @@
{DSA-813-1 DTSA-2-1 DTSA-4-1}
- ekg 1:1.5+20050718+1.6rc3-1 (low)
- centericq 4.20.0-9 (bug #323185; medium)
+ NOTE: Sarge ekg is affected (doesn't exist in Woody, and DSA-813-1
takes care of centericq)
CVE-2005-2447
REJECTED
CVE-2005-2446
@@ -7567,10 +7574,15 @@
{DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
- gaim 1:1.4.0-5 (low)
- centericq 4.20.0-9 (bug #323185; low)
+ - ekg 1:1.5+20050712+1.6rc2-1 (low)
+ NOTE: ekg in Sarge is affected (Not in Woody, gaim and centericq had
DSAs)
CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg
before ...)
{DSA-813-1 DTSA-2-1}
- TODO: check gaim and others that embed libgadu in source tree
+ TODO: check gaim (similar to 2005-2370 and 2005-2448)
- centericq 4.20.0-9 (bug #323185; medium)
+ - gaim 1:1.5.0-1 (medium)
+ - ekg 1:1.5+20050712+1.6rc2-1 (medium)
+ NOTE: Sarge ekg and gaim are affected (ekg not in Woody, centericq had
a DSA)
CVE-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external
...)
{DTSA-12-1}
- vim 1:6.3-085+1 (bug #320017; medium)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
