Author: jmm-guest
Date: 2006-09-07 17:37:32 +0000 (Thu, 07 Sep 2006)
New Revision: 4696
Modified:
data/CVE/list
Log:
* remove several provisional [sarge] foo unfixed entries overlapping
DSA fixes
* mysql 4.0 not-affected
* base-config has been fixed en passant with the shadow update, marking
it as not-affected, as we don''t have a way to express that in our
system currently
* one thunderbird issue unimportant
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-09-06 22:20:01 UTC (rev 4695)
+++ data/CVE/list 2006-09-07 17:37:32 UTC (rev 4696)
@@ -644,11 +644,9 @@
- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12,
when ...)
- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
- - mysql-dfsg <removed> (low)
- - mysql-dfsg-4.1 <removed> (low)
+ [sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
CVE-2006-4225
REJECTED
- NOT-FOR-US: Virtual War
CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in
Virtual ...)
NOT-FOR-US: Virtual War
CVE-2006-4223 (IBM WebSphere Application Server before 6.0.2.13 allows ...)
@@ -993,9 +991,9 @@
- graphicsmagick 1.1.7-7 (medium; bug #383333)
CVE-2006-XXXX [crash in the certificate verification logic]
NOTE: GNUTLS-SA-2006-2
- - gnutls11 <unfixed> (medium)
- - gnutls12 1.2.11-3 (medium)
- - gnutls13 1.4.2-1 (medium)
+ - gnutls11 <unfixed> (low)
+ - gnutls12 1.2.11-3 (low)
+ - gnutls13 1.4.2-1 (low)
CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function
in ...)
NOT-FOR-US: Microsoft
CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows ...)
@@ -3902,21 +3900,18 @@
NOTE: MFSA-2006-42
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
- thunderbird 1.5.0.4-1 (medium)
- [sarge] - mozilla-thunderbird <unfixed> (medium)
- mozilla 2:1.7.13-0.3 (medium)
- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-41
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
- [sarge] - mozilla-thunderbird <unfixed> (medium)
- mozilla 2:1.7.13-0.3 (medium)
- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2781 (Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4
and ...)
{DSA-1134-1 DSA-1118}
NOTE: MFSA-2006-40
- thunderbird 1.5.0.4-1 (high)
- [sarge] - mozilla-thunderbird <unfixed> (high)
- mozilla 2:1.7.13-0.3 (high)
- xulrunner <unfixed> (high)
CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before
1.5.0.4 ...)
@@ -3924,7 +3919,6 @@
NOTE: MFSA-2006-32
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
- [sarge] - mozilla-thunderbird <unfixed> (high)
- mozilla 2:1.7.13-0.3 (high)
- xulrunner 1.8.0.4-1 (high)
CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote
attackers ...)
@@ -3932,7 +3926,6 @@
NOTE: MFSA-2006-32
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
- [sarge] - mozilla-thunderbird <unfixed> (high)
- mozilla 2:1.7.13-0.3 (high)
- xulrunner <unfixed> (high)
CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird
before ...)
@@ -3940,7 +3933,6 @@
NOTE: MFSA-2006-38
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
- [sarge] - mozilla-thunderbird <unfixed> (high)
- mozilla 2:1.7.13-0.3 (high)
- xulrunner 1.8.0.4-1 (high)
CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and
...)
@@ -3954,7 +3946,6 @@
NOTE: MFSA-2006-37
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
- [sarge] - mozilla-thunderbird <unfixed> (high)
- mozilla 2:1.7.13-0.3 (high)
- xulrunner 1.8.0.4-1 (high)
CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL
...)
@@ -3962,7 +3953,6 @@
NOTE: MFSA-2006-35
- firefox 1.5.dfsg+1.5.0.4-1 (high)
- thunderbird 1.5.0.4-1 (high)
- [sarge] - mozilla-thunderbird <unfixed> (high)
- mozilla 2:1.7.13-0.3 (high)
- xulrunner 1.8.0.4-1 (high)
CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in
QontentOne ...)
@@ -5860,7 +5850,6 @@
NOTE: MFSA-2006-39
- firefox 1.5.dfsg+1.5.0.4-1 (low)
- thunderbird <unfixed> (low)
- [sarge] - mozilla-thunderbird <unfixed> (low)
- mozilla 2:1.7.13-0.3 (low)
- xulrunner <unfixed> (low)
CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to
cause a ...)
@@ -6107,6 +6096,7 @@
NOT-FOR-US: exchange (Duplicate of CVE-2006-0537)
CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2)
base-config ...)
[sarge] - shadow 1:4.0.3-31sarge8
+ [sarge] - base-config <not-affected>
NOTE: The installer is fixed separately, but the postinst of the shadow update
NOTE: corrects permissions of a faulty install
NOTE: seems to be a duplicate of CVE-2006-1376
@@ -7391,6 +7381,7 @@
NOT-FOR-US: EasyMoblog
CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network
install CD ...)
[sarge] - shadow 1:4.0.3-31sarge8
+ [sarge] - base-config <not-affected>
NOTE: The installer is fixed separately, but the postinst of the shadow update
NOTE: corrects permissions of a faulty install
- shadow 1:4.0.14-9 (bug #358210; bug #356939)
@@ -8617,8 +8608,10 @@
CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has
world-readable ...)
NOT-FOR-US: Tivoli
CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-assisted attackers to cause
an ...)
- - thunderbird <unfixed> (bug #370432; low)
- [sarge] - mozilla-thunderbird <unfixed> (bug #370432; low)
+ - thunderbird <unfixed> (bug #370432; unimportant)
+ [sarge] - mozilla-thunderbird <unfixed> (bug #370432; unimportant)
+ NOTE: Denial of service by tricking someone into importing a manipulated LDIF
file
+ NOTE: That''s a bug, but calling it a security problem is very
far-fetched
CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web
Calendar ...)
NOT-FOR-US: MitriDAT Web Calendar
CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password
of ...)