Author: jmm-guest
Date: 2006-07-21 15:57:18 +0000 (Fri, 21 Jul 2006)
New Revision: 4441
Modified:
data/CVE/list
Log:
two no-dsa, removed some sarge entries already present in DSA/list
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-07-21 14:31:02 UTC (rev 4440)
+++ data/CVE/list 2006-07-21 15:57:18 UTC (rev 4441)
@@ -147,6 +147,7 @@
NOT-FOR-US: AjaxPortal
CVE-2006-3665 (SquirrelMail 1.4.6 and earlier, with register_globals enabled,
allows ...)
- squirrelmail 2:1.4.7-1 (low)
+ [sarge] - squirrelmail <no-dsa> (Operation with registers_globals not
supported)
CVE-2006-3664 (Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and
10 ...)
NOT-FOR-US: Sun Solaris
CVE-2006-3663 (Finjan Appliance 5100/8100 NG 8.3.5 stores passwords in
plaintext in a ...)
@@ -12513,13 +12514,12 @@
NOT-FOR-US: HP-UX
CVE-2005-XXXX [adduser''s deluser creates backup files with world
readable permissions]
- adduser 3.77 (bug #331720; low)
- NOTE: Woody and Sarge affected
+ [sarge] - adduser <no-dsa> (Very minimal security ramifications,
admin''s reponsibility)
CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
- pavuk 0.9.33-1 (bug #264684; high)
NOTE: second hole mentioned in bug report
CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4
allows ...)
{DSA-934-1}
- [sarge] - pound 1.8.2-1sarge1
- pound 1.9.4-1 (low)
NOTE: see
http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6
before ...)
@@ -12533,8 +12533,6 @@
CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13
and 2.4 ...)
{DSA-922-1}
- linux-2.6 2.6.13-1 (low)
- TODO: Check, whether the 2.4 fix was included in the DSA
- [sarge] - kernel-source-2.4.27 2.4.27-10sarge1 (low)
CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open
Source ...)
{DSA-922-1}
- linux-2.6 2.6.12-1