Secure testing commits - Jul 2006 - r4376 - data/CVE

Author: jmm-guest
Date: 2006-07-12 16:27:05 +0000 (Wed, 12 Jul 2006)
New Revision: 4376

Modified:
   data/CVE/list
Log:
add a few no-dsa entries for minor issues or non-issues
remove kernel-source-2.4.27 marked a unfixed, they''re all
managed in patch-tracking/ from kernel SVN.


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-07-12 10:53:14 UTC (rev 4375)
+++ data/CVE/list	2006-07-12 16:27:05 UTC (rev 4376)
@@ -961,6 +961,7 @@
 	NOT-FOR-US: not packaged for Debian
 CVE-2006-2997 (Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier,
when ...)
 	- zope-zms <unfixed> (bug #373667; low)
+	[sarge] - zope-zms <no-dsa> (Only exploitable with register_globals)
 CVE-2006-2996 (PHP remote file inclusion vulnerability in inc/design.inc.php in
...)
 	NOT-FOR-US: aePartner
 CVE-2006-2995 (Multiple PHP remote file inclusion vulnerabilities in
WebprojectDB ...)
@@ -2191,6 +2192,7 @@
 	NOT-FOR-US: BEA
 CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute
arbitrary ...)
 	- mp3info <unfixed> (bug #368207; low)
+	[sarge] - mp3info <no-dsa> (Hardly exploitable)
 CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4
and ...)
 	NOT-FOR-US: BEA
 CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote
attackers ...)
@@ -10572,7 +10574,6 @@
 	NOT-FOR-US: Dell hardware issue
 CVE-2005-3660 (Linux kernel 2.4 and 2.6 allows attackers to cause a denial of
service ...)
 	- linux-2.6 <unfixed> (low)
-	- kernel-source-2.4.27 <unfixed> (low)
 	NOTE: Really hard to fix design limitation, no fix to be expected soon
 CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x
before ...)
 	NOT-FOR-US: EMC Legato NetWorker
@@ -13027,7 +13028,7 @@
 	- gajim 0.8.2-1 (bug #325080; low)
 CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file]
 	- zope2.7 2.7.8-1 (bug #313644; bug #313621; low)
-	NOTE: first patch was incorrect
+	[sarge] - zope2.7 <no-dsa>
 CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
 	- wine 0.0.20050830-1 (bug #327261; bug #327262; high)
 CVE-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV)
before ...)
@@ -25008,7 +25009,6 @@
 CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem
(smbfs) in ...)
 	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
-	- kernel-source-2.4.27 <unfixed>
 CVE-2004-0948
 	REJECTED
 CVE-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers
to ...)