jmm-guest at alioth.debian.org
2008-Dec-07 09:36 UTC
[Secure-testing-commits] r10642 - in data: CVE packages
Author: jmm-guest
Date: 2008-12-07 09:36:36 +0000 (Sun, 07 Dec 2008)
New Revision: 10642
Modified:
data/CVE/list
data/packages/removed-packages
Log:
- php-apc itp already in the archive
- convert more closed itps into NFUs
- more removed packages
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-12-07 03:10:32 UTC (rev 10641)
+++ data/CVE/list 2008-12-07 09:36:36 UTC (rev 10642)
@@ -9160,7 +9160,7 @@
{DSA-1543-1 DTSA-119-1}
- vlc 0.8.6.e-1.1 (medium; bug #472635)
CVE-2008-1488 (Stack-based buffer overflow in apc.c in Alternative PHP Cache
(APC) ...)
- - php5-apc <itp> (bug #335404)
+ - php-apc <not-affected> (Fixed before initial upload)
CVE-2008-1487 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA
before ...)
NOT-FOR-US: LinPHA
CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6, when
mysql_use_ft ...)
@@ -23159,7 +23159,7 @@
CVE-2007-2785 (manage-admins.php in eSyndiCat Pro 1.x allows remote attackers
to ...)
NOT-FOR-US: eSyndiCat Pro
CVE-2007-2784 (Unspecified vulnerability in globus-job-manager in Globus
Toolkit ...)
- - globus <itp> (bug #142932)
+ NOT-FOR-US: Globus Toolkit
CVE-2007-2783 (Unspecified vulnerability in Rational Soft Hidden Administrator
1.7 ...)
NOT-FOR-US: Rational Soft Hidden Administrator
CVE-2007-2782 (Packeteer PacketShaper uses fixed increments in TCP initial
sequence ...)
@@ -32232,8 +32232,7 @@
CVE-2006-6082 (Multiple cross-site scripting (XSS) vulnerabilities in
CreaScripts ...)
NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6081 (PHP remote file inclusion vulnerability in
Smarty_Compiler.class.php ...)
- - telaen <itp> (bug #433791)
- TODO: check smarty, moodle, gallery2
+ NOT-FOR-US: Telaen
CVE-2006-6080 (Multiple SQL injection vulnerabilities in categories.asp in
gNews ...)
NOT-FOR-US: gNews
CVE-2006-6079 (Multiple PHP remote file inclusion vulnerabilities in LoudMouth
2.4 ...)
@@ -33671,7 +33670,7 @@
CVE-2006-5438 (PHP remote file inclusion vulnerability in adminfoot.php in
Comdev ...)
NOT-FOR-US: Comdev Web Blogger
CVE-2006-5437 (** DISPUTED ** ...)
- - phpadsnew <itp> (bug #226636)
+ NOT-FOR-US: phpAdsNew
CVE-2006-5436 (PHP remote file inclusion vulnerability in index.php in FreeFAQ
1.0.e ...)
NOT-FOR-US: FreeFAQ
CVE-2006-5435 (** DISPUTED ** ...)
@@ -33741,7 +33740,7 @@
CVE-2006-5403 (Stack-based buffer overflow in an ActiveX control used in
Symantec ...)
NOT-FOR-US: Symantec
CVE-2006-5402 (Multiple PHP remote file inclusion vulnerabilities in PHPmybibli
3.0.1 ...)
- - phpmybibli <itp> (bug #369328)
+ NOT-FOR-US: PHPMyBibli
CVE-2006-5401 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: AROUNDMe
CVE-2006-5400 (PHP remote file inclusion vulnerability in forum/track.php in
...)
@@ -34137,7 +34136,7 @@
CVE-2006-5217 (SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1
allows ...)
NOT-FOR-US: Emek Portal
CVE-2006-5216 (Stack-based buffer overflow in Sergey Lyubka Simple HTTPD
(shttpd) ...)
- - shttpd <itp> (bug #341284)
+ NOT-FOR-US: Simple HTTPD
CVE-2006-5215 (The Xsession script, as used by X Display Manager (xdm) in
NetBSD ...)
- xdm 1:1.0.5-1 (low)
[sarge] - xfree86 <no-dsa> (Minor issue)
@@ -38288,7 +38287,7 @@
CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote
attackers ...)
NOT-FOR-US: VirtuaStore
CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake
3: ...)
- - quake3 <itp> (bug #337937)
+ NOT-FOR-US: Quake 3
CVE-2006-3400 (Stack-based buffer overflow in the CG_ServerCommand function in
Quake ...)
NOT-FOR-US: Soldier of Fortune 2
CVE-2006-3399 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki
...)
@@ -38466,9 +38465,9 @@
CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows
remote ...)
NOT-FOR-US: QuickZip
CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the
Icculus ...)
- - quake3 <itp> (bug #337937)
+ NOT-FOR-US: Quake 3
CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and
the ...)
- - quake3 <itp> (bug #337937)
+ NOT-FOR-US: Quake 3
CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF
...)
NOT-FOR-US: MF Piadas
CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in
...)
@@ -39442,7 +39441,7 @@
CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro
Publish ...)
NOT-FOR-US: PHP Pro Publish
CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of
Quake ...)
- - quake3 <itp> (bug #337937)
+ NOT-FOR-US: Quake 3
CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4
has ...)
NOT-FOR-US: OSADS
CVE-2006-2873 (Cross-site scripting (XSS) vulnerability in hava.asp in Enigma
Haber ...)
@@ -40221,7 +40220,7 @@
CVE-2006-2558 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and
earlier ...)
NOT-FOR-US: IpLogger
CVE-2006-2557 (PHP remote file inclusion vulnerability in extras/poll/poll.php
in ...)
- - newsportal <itp> (bug #149069)
+ NOT-FOR-US: Newsportal
CVE-2006-2556 (Cross-site scripting (XSS) vulnerability in Florian Amrhein
NewsPortal ...)
NOT-FOR-US: newsportal
NOTE: RFP #149069 closed after no activity since too long time
@@ -40945,7 +40944,7 @@
{DSA-1058-1}
- awstats 6.5-2 (bug #365909; bug #365910; medium)
CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60,
(2) ...)
- - quake3 <itp> (bug #337937)
+ NOT-FOR-US: Quake 3
CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when
authentication is ...)
NOT-FOR-US: Simple Poll
CVE-2006-2234 (Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS
beta ...)
@@ -41219,7 +41218,7 @@
CVE-2006-2118 (JMK''s Picture Gallery allows remote attackers to bypass
authentication ...)
NOT-FOR-US: JMK
CVE-2006-2117 (Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows
remote ...)
- - thyme <itp> (bug #361599)
+ NOT-FOR-US: Thyme
CVE-2006-2116 (planetGallery allows remote attackers to gain administrator
privileges ...)
NOT-FOR-US: planetGallery
CVE-2006-2115 (Format string vulnerability in SWS web Server 0.1.7 allows
remote ...)
@@ -41301,7 +41300,7 @@
[sarge] - rsync <not-affected> (xattr patch appeared in 2.6.7)
[woody] - rsync <not-affected> (xattr patch appeared in 2.6.7)
CVE-2006-2082 (Directory traversal vulnerability in Quake 3 engine, as used in
...)
- - quake3 <itp> (bug #337937)
+ NOT-FOR-US: Quake 3
CVE-2006-2081 (Oracle Database Server 10g Release 2 allows local users to
execute ...)
NOT-FOR-US: Oracle
CVE-2006-2080 (SQL injection vulnerability in portfolio_photo_popup.php in
Verosky ...)
@@ -44769,7 +44768,7 @@
NOT-FOR-US: powerd
NOTE: powerd supposedly normally comes with sysvinit, but not in debian
CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows
remote ...)
- - webgui <itp> (bug #139749)
+ NOT-FOR-US: WebGUI
CVE-2006-0679 (SQL injection vulnerability in index.php in the Your_Account
module in ...)
NOT-FOR-US: PHP-Nuke
CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x
before ...)
@@ -45277,7 +45276,7 @@
CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module
in ...)
NOT-FOR-US: sPaiz-Nuke
CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled,
...)
- - pmwiki <itp> (bug #330117)
+ NOT-FOR-US: PmWiki
CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged
actions, ...)
NOT-FOR-US: CRE Loaded
CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows
...)
@@ -45328,7 +45327,7 @@
CVE-2005-4695 (Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote
attackers ...)
NOT-FOR-US: Symantec Brightmail AntiSpam
CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in
Plain ...)
- - webgui <itp> (bug #139749)
+ NOT-FOR-US: WebGUI
CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers
to ...)
- gaim-encryption 3.0~beta5-3 (low; bug #337127)
[sarge] - gaim-encryption <no-dsa> (Minor issue)
@@ -46143,7 +46142,7 @@
CVE-2006-0166 (Symantec Norton SystemWorks and SystemWorks Premier 2005 and
2006 ...)
NOT-FOR-US: Symantec SystemWorks
CVE-2006-0165 (Cross-site scripting (XSS) vulnerability in the DataForm Entries
...)
- - webgui <itp> (bug #139749)
+ NOT-FOR-US: WebGUI
CVE-2006-0164 (phgstats.inc.php in phgstats before 0.5.1, if register_globals
is ...)
NOT-FOR-US: phgstats
CVE-2006-0163 (SQL injection vulnerability in the search module ...)
@@ -48545,7 +48544,7 @@
{DSA-1017-1}
- linux-2.6 2.6.13-1
CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module in
...)
- - pmwiki <itp> (bug #330117)
+ NOT-FOR-US: PmWiki
CVE-2003-XXXX [Insecure tempfile in x-face-el]
- x-face-el 1.3.6.23-1
NOTE: DSA-340
@@ -51524,7 +51523,7 @@
CVE-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta
and ...)
NOT-FOR-US: myBloggie
CVE-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software
WebGUI ...)
- - webgui <itp> (bug #139749)
+ NOT-FOR-US: WebGUI
CVE-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum
5.0.17a ...)
NOT-FOR-US: Phorum
CVE-2005-2835
@@ -52045,15 +52044,15 @@
CVE-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and
earlier ...)
NOT-FOR-US: PHPFreeNews
CVE-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in
phpAdsNew ...)
- - phpadsnew <itp> (bug #226636)
+ NOT-FOR-US: phpAdsNew
CVE-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and
phpPgAds ...)
- - phpadsnew <itp> (bug #226636)
+ NOT-FOR-US: phpAdsNew
CVE-2005-2634 (Buffer overflow in the Log-SCR function in the "Log to
Screen" feature ...)
NOT-FOR-US: WinFTP Server
CVE-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php,
(2) ...)
NOT-FOR-US: PHPTB Topic Board
CVE-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in
...)
- - mediabox404 <itp> (bug #294397)
+ NOT-FOR-US: Mediabox 404
CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and
3.5.0 to ...)
NOT-FOR-US: Cisco
CVE-2005-2630 (Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10,
and ...)
@@ -52077,7 +52076,7 @@
CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote
attackers ...)
NOT-FOR-US: PHPNews
CVE-2004-2473 (wmFrog weather monitor 0.1.6 and other versions before 0.2.0
allows ...)
- - wmfrog <itp> (bug #294352)
+ NOT-FOR-US: wmFrog
CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to
cause a ...)
NOT-FOR-US: Outpost Pro
CVE-2004-2471 (SQL injection vulnerability in the sloth TCL script in
QuoteEngine ...)
@@ -54029,7 +54028,7 @@
{DSA-762-1}
- affix 2.1.2-2 (bug #318327; medium)
CVE-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown
impact ...)
- - jinzora <itp> (bug #289487)
+ NOT-FOR-US: Jinzora
CVE-2005-2248 (Directory traversal vulnerability in DownloadProtect before
1.0.3 ...)
NOT-FOR-US: DownloadProtect
CVE-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have
unknown ...)
@@ -60953,7 +60952,7 @@
{DSA-1678-1 DSA-696-1}
- perl 5.8.4-7
CVE-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows
remote ...)
- NOT-FOR-US: Quake3
+ NOT-FOR-US: Quake 3
CVE-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of
...)
NOT-FOR-US: Solaris
CVE-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a
...)
Modified: data/packages/removed-packages
==================================================================---
data/packages/removed-packages 2008-12-07 03:10:32 UTC (rev 10641)
+++ data/packages/removed-packages 2008-12-07 09:36:36 UTC (rev 10642)
@@ -120,5 +120,26 @@
jsboard
bonobo
base-config
-
-
+affix
+affix-kernel
+alsa-modules-i386
+arla
+bsmtpd
+cdrtools
+cyrus-imapd
+cyrus-sasl2-mit
+fprobe-ng
+gnome-gv
+gnutls11
+hostap-modules-i386
+i2c
+irssi-text
+kernel-image-2.4.27-alpha
+kernel-image-2.4.27-arm
+kernel-image-2.4.27-i386
+kernel-image-2.4.27-ia64
+kernel-image-2.4.27-m68k
+kernel-image-2.4.27-s390
+kernel-image-2.4.27-sparc
+kernel-source-2.4.27
+kernel-source-2.6.8