[Secure-testing-commits] r2775 - data/CVE

Thu, 17 Nov 2005 06:58:44 -0800 

Author: fw
Date: 2005-11-17 14:58:04 +0000 (Thu, 17 Nov 2005)
New Revision: 2775

Modified:
   data/CVE/list
Log:
Sort out conflicting version annotations.  CVE-2005-0870 was not
completely fixed by phpsysinfo 2.3-3.  The OpenSSL versions for
CVE-2004-0079 and CVE-2004-0081 have been corrected based on the
official advisories (note that 0.9.6d-1 is not a typo).


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2005-11-17 14:54:01 UTC (rev 2774)
+++ data/CVE/list       2005-11-17 14:58:04 UTC (rev 2775)
@@ -9419,8 +9419,8 @@
        NOT-FOR-US: Topic Calendar phpbb2 plugin
 CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in 
phpSysInfo 2.3, ...)
        {DSA-897-1 DSA-724-1}
-       TODO: Double-check, according to 2.3-7 changelog only fixed in -7?
-       - phpsysinfo 2.3-3
+       NOTE: Fix in phpsysinfo 2.3-3 was apparently incomplete.
+       - phpsysinfo 2.3-7
        - egroupware 1.0.0.009.dfsg-3-3
        - phpgroupware 0.9.16.008-2
 CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive 
information ...)
@@ -15541,11 +15541,11 @@
        - xfree86 4.3.0-2
 CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown 
message ...)
        {DSA-465}
-       - openssl <not-affected> (Not affected per DSA-465)
-       - openssl096 0.9.6m-1
+       - openssl 0.9.6d-1
 CVE-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, 
and ...)
        {DSA-465}
        - openssl 0.9.7d-1
+       - openssl096 0.9.6m-1
 CVE-2004-0076
        REJECTED
 CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to 
gain ...)
@@ -18906,7 +18906,8 @@
        NOT-FOR-US: os x
 CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute 
arbitrary ...)
        {DSA-446}
-       - synaesthesia <not-affected> (synaesthesia no longer setuid)
+       TODO: synaesthesia is no longer setuid.
+       TODO: Maintainer has been contacted to get the exact version.
 CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote 
authenticated ...)
        {DSA-447}
        - hsftp 1.15-1


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to