Author: jmm-guest
Date: 2006-08-09 20:29:58 +0000 (Wed, 09 Aug 2006)
New Revision: 4545
Modified:
data/CVE/list
Log:
dnsmasq issue not in sarge
fix libimager-perl version
old ssh issues don''t affect sarge
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-08-09 20:20:42 UTC (rev 4544)
+++ data/CVE/list 2006-08-09 20:29:58 UTC (rev 4545)
@@ -4557,6 +4557,7 @@
NOT-FOR-US: vBulletin
CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of
service ...)
- dnsmasq 2.30-1 (medium)
+ [sarge] - dnsmasq <not-affected> (Vulnerability was introduced in 2.28)
CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in
phpLDAPadmin ...)
{DSA-1057-1}
- phpldapadmin 0.9.8.3-1 (bug #365313; low)
@@ -9587,7 +9588,7 @@
- graphicsmagick 1.1.7-1
CVE-2006-0053 (Unspecified vulnerability in Imager (libimager-perl) before
5.0-1 ...)
{DSA-1028-1}
- - libimager-perl 5.0-1 (bug #359661)
+ - libimager-perl 0.50-1 (bug #359661)
CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and
earlier, ...)
{DSA-1027-1}
- mailman 2.1.6-1 (bug #358892)
@@ -14594,7 +14595,8 @@
- openssh-krb5 <unfixed> (bug #327233; medium)
[sarge] - openssh-krb5 <no-dsa> (Intended bahaviour, see #327233)
CVE-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly
handle ...)
- - openssh 1:4.2p1-1 (bug #326065; medium)
+ - openssh 1:4.2p1-1 (bug #326065; unimportant)
+ NOTE: GSSAPI features not activated in binary builds
CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10
and ...)
{DSA-809-1}
- squid 2.5.10-5 (medium)
@@ -15765,9 +15767,6 @@
NOTE: package (currently in experimental)
CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
- dbmail-pgsql <unfixed> (bug #290833; medium)
-CVE-2005-XXXX [time delay of password check proves account existence to
attackers]
- NOTE: unknown if really a bug; if it is it''s different than the
previous ssh delay bugs
- - ssh <unfixed> (bug #314645; low)
CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote
...)
{DSA-922-1 DTSA-16-1}
NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
@@ -28199,10 +28198,11 @@
- ethereal 0.10.3-1 (bug #239576)
CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before
3.4p1 ...)
{CVE-2000-0992}
- - openssh <unfixed> (low; bug #270770)
+ - openssh 1:3.9p1-1 (low; bug #270770)
NOTE: The directory traversal part has been fixed in OpenSSH 3.9p1.
NOTE: The "SUID/SGID across trust boundaries" issue remains, but is
NOTE: largely theoretic. This is a rediscovery of CVE-2000-0992.
+ NOTE: jmm: 3.9p1 thus marked as fixed version
CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using
...)
- apache 1.3.29.0.2-5
CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of
...)
@@ -35197,7 +35197,7 @@
TODO: check
CVE-2000-0992 (Directory traversal vulnerability in scp in sshd 1.2.xx allows a
...)
{CVE-2004-0175}
- - openssh <unfixed> (low; bug #270770)
+ - openssh 1:3.9p1-1 (low; bug #270770)
NOTE: Rediscoved as CVE-2004-0175, see there.
CVE-2000-0991 (Buffer overflow in Hilgraeve, Inc. HyperTerminal client on
Windows 98, ...)
NOT-FOR-US: Microsoft