Author: jmm-guest
Date: 2006-05-31 13:56:08 +0000 (Wed, 31 May 2006)
New Revision: 4103
Modified:
data/CVE/list
Log:
no-dsas
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-05-31 13:51:21 UTC (rev 4102)
+++ data/CVE/list 2006-05-31 13:56:08 UTC (rev 4103)
@@ -2449,6 +2449,7 @@
NOT-FOR-US: Hitachi XFIT
CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local
users ...)
- php4 <unfixed> (bug #361856)
+ [sarge] - php4 <no-dsa> (Safe mode violations not supported)
- php5 <unfixed> (bug #361915)
CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS
before ...)
NOT-FOR-US: Exponent CMS
@@ -5178,10 +5179,12 @@
NOTE: see CVE-2005-4684
- firefox <unfixed> (low)
- mozilla <unfixed> (low)
+ [sarge] - mozilla <no-dsa> (Hardly exploitable)
- xulrunner <unfixed> (low)
CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the
DNS ...)
NOTE:
http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/fc5?root=fedora&rev=1.172&view=markup
says "ignore (kdebase) not fixed upstream, low, can''t fix"
- kdebase <unfixed> (low)
+ [sarge] - kdebase <no-dsa> (Hardly exploitable)
CVE-2005-4683 (PADL MigrationTools 46, when a failure occurs, stores contents
of ...)
- migrationtools 46-2.1 (bug #338920; medium)
CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in
AudienceView ...)
@@ -5835,9 +5838,7 @@
CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1
allow ...)
- php5 5.1.2-1
- php4 4:4.4.2-1 (bug #354683)
- NOTE: According to Hardened PHP advisory PHP4 isn''t affected, but
upstream changelog
- NOTE: is a bit ambigious, if might be affected after all
- TODO: Ping maintainers, Hardened PHP or upstream
+ [sarge] - php4 <not-affected> (Not affected per Hardened PHP)
CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0
...)
NOT-FOR-US: Light Weight Calendar
CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow
remote ...)
@@ -9638,12 +9639,14 @@
- openvpn 2.0.5-1 (bug #336751; medium)
CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the
virtual ...)
- php4 4:4.4.2-1 (bug #336645; bug #354681; low)
+ [sarge] - php4 <no-dsa> (Safe mode violations not supported)
- php5 5.1.1-1 (bug #336654; low)
NOTE: According to CVE, this is a safe mode violation,
NOTE: therefore low impact. (According to SuSE, it''s an
NOTE: information leak.)
CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote
attackers to ...)
- php4 4:4.4.2-1 (bug #336645; bug #354678; low)
+ [sarge] - php4 <no-dsa> (Safe mode violations not supported)
- php5 5.1.1-1 (bug #336654; low)
NOTE: This is a safe mode violation, therefore low impact.
CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x
up to ...)
@@ -10358,6 +10361,7 @@
CVE-2005-XXXX [Missing safemode checks in PHP''s _php_image_output
functions]
- php5 5.0.5-2 (low)
- php4 4:4.4.0-3 (low)
+ [sarge] - php4 <no-dsa> (Safe mode violations not supported)
CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and
earlier does ...)
{DSA-1017-1}
- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
@@ -10431,8 +10435,8 @@
NOT-FOR-US: CubeCart
CVE-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows
...)
- blender <unfixed> (bug #332413; low)
+ [sarge] - blender <no-dsa> (Hardly exploitable)
[woody] - blender <not-affected> (Woody''s blender does not
contain blenderplayer)
- NOTE: Sarge affected
CVE-2005-3150 (Format string vulnerability in the Log_Flush function in Weex
2.6.1.5, ...)
{DSA-855-1}
- weex 2.6.1-6sarge1 (bug #332424; medium)