Author: jmm-guest Date: 2006-10-26 17:03:46 +0000 (Thu, 26 Oct 2006) New Revision: 4886 Modified: data/CVE/list Log: postgres dos unimportant correct linux-2.6 fixed version no-dsa for armagetron issues imagemagick unimportant Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-10-25 18:28:34 UTC (rev 4885) +++ data/CVE/list 2006-10-26 17:03:46 UTC (rev 4886) @@ -1,9 +1,11 @@ CVE-2006-XXXX [diffmon information leakage] - diffmon 20020222-2.2 (bug #382132) CVE-2006-XXXX [postgres DoSs] - - postgresql-7.4 1:7.4.14-1 - - postgresql-8.1 8.1.5-1 - [sarge] - postgresql <unfixed> (low) + - postgresql-7.4 1:7.4.14-1 (unimportant) + - postgresql-8.1 8.1.5-1 (unimportant) + [sarge] - postgresql <unfixed> (unimportant) + NOTE: All crashes can only be triggered by authenticated users, these are not + NOTE: treated as vulnerabilities. CVE-2006-XXXX [serendipity XSS for registered authors] - serendipity 1.0.2-1 (low) CVE-2006-XXXX [drupal XSS and XSRF http://secunia.com/advisories/22486/] @@ -641,7 +643,7 @@ TODO: check again later NOTE: might or might not be a real firefox issue, probably low impact CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel ...) - - linux-2.6 2.6.15 + - linux-2.6 2.6.16 CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...) NOT-FOR-US: TrendMicro OfficeScan CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ...) @@ -4014,9 +4016,11 @@ CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...) - armagetron <unfixed> (bug #379062; low) [sarge] - armagetron <no-dsa> (Minor game DoS) + [etch] - armagetron <no-dsa> (Minor game DoS) CVE-2006-3673 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...) - armagetron <unfixed> (bug #379062; low) [sarge] - armagetron <no-dsa> (Minor game DoS) + [etch] - armagetron <no-dsa> (Minor game DoS) CVE-2006-3672 (KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a ...) - kdelibs 4:3.5.4-1 (bug #378962; low) [sarge] - kdelibs <not-affected> (Doesn''t trigger a crash on Sarge) @@ -27295,8 +27299,9 @@ CVE-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...) NOT-FOR-US: Openconf CVE-2005-0406 (A design flaw in image processing software that modifies JPEG images ...) - TODO: check all softwares that modifies JPEG images in Debian... - - imagemagick <unfixed> (bug #298051; low) + - imagemagick <unfixed> (bug #298051; unimportant) + NOTE: <Maulkin> The EXIF spec says "if your app can''t handle $foo, don''t touch $foo" + NOTE: <Piet> ''convert -strip'' will remove exif data according to http://www.imagemagick.org/pipermail/magick-users/2006-May/017538.html CVE-2005-0405 RESERVED CVE-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...) @@ -27401,7 +27406,7 @@ CVE-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...) - armagetron <unfixed> (bug #296840; low) [sarge] - armagetron <no-dsa> (Remaining vulnerabilities are minor) - NOTE: Woody still affected + [etch] - armagetron <no-dsa> (Remaining vulnerabilities are minor) CVE-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...) - armagetron 0.2.7.0-1 NOTE: Sarge has this version number, but oldstable is affected