Author: jmm-guest
Date: 2006-09-10 12:37:29 +0000 (Sun, 10 Sep 2006)
New Revision: 4710
Modified:
data/CVE/list
Log:
reviewed ekg/centericq code inclusion
mailleds issue too far fetched to warrant a DSA
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-09-10 07:16:24 UTC (rev 4709)
+++ data/CVE/list 2006-09-10 12:37:29 UTC (rev 4710)
@@ -15403,6 +15403,7 @@
NOTE: Sarge is affected (package doesn''t exist in Woody)
CVE-2005-XXXX [Insecure pidfile handling in mailleds]
- mailleds 0.93-11.1 (bug #329365; low)
+ [sarge] - mailleds <no-dsa> (Hardly exploitable)
CVE-2005-XXXX [kdebase uses urandom as an entropy source]
- kdebase <unfixed> (bug #325369; unimportant)
NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
@@ -17386,7 +17387,9 @@
{DSA-813-1 DTSA-2-1 DTSA-4-1}
- ekg 1:1.5+20050718+1.6rc3-1 (low)
- centericq 4.20.0-9 (bug #323185; medium)
- NOTE: Sarge ekg is affected (doesn''t exist in Woody, and DSA-813-1
takes care of centericq)
+ [sarge] - ekg <not-affected>
+ NOTE: I checked the ekg source from Sarge and all fixes from the centericq DSA
813
+ NOTE: are already included.
CVE-2005-2447
REJECTED
CVE-2005-2446
@@ -17592,10 +17595,8 @@
[woody] - gaim <not-affected> (affected code libgadu not present in
woody)
[sarge] - gaim <not-affected> (old version of libgadu in gaim is not
affected)
- ekg 1:1.5+20050712+1.6rc2-1 (medium)
- NOTE: Sarge ekg affected (ekg not in Woody, centericq had a DSA)
- NOTE: see Revision 1.21.2.2 at
- NOTE:
http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/protocols/gg/Attic/libgg.c?rev=1.29&view=log
- NOTE: and referenced message:
http://sourceforge.net/mailarchive/message.php?msg_id=12399770
+ [sarge] - ekg <not-affected>
+ NOTE: The fixes from centericq for integer overflows are all present in ekg
from stable
CVE-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external
...)
{DTSA-12-1}
- vim 1:6.3-085+1 (bug #320017; medium)