Author: stef-guest
Date: 2006-04-29 16:25:08 +0000 (Sat, 29 Apr 2006)
New Revision: 3894
Modified:
data/CVE/list
Log:
bugnums
sysvconfig unaffected due to recent sudo change
exiv2 issue already fixed
some NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-04-29 15:47:53 UTC (rev 3893)
+++ data/CVE/list 2006-04-29 16:25:08 UTC (rev 3894)
@@ -331,7 +331,7 @@
CVE-2006-1866 (Multiple unspecified vulnerabilities in Oracle Database Server
...)
NOT-FOR-US: Oracle
CVE-2006-1865 (Beagle before 0.2.5 can produce certain insecure command lines
to ...)
- - beagle <unfixed> (bug filed; medium)
+ - beagle <unfixed> (bug #365371; medium)
CVE-2006-1864
RESERVED
CVE-2006-1863 [Don''t allow a backslash in a path component]
@@ -3445,7 +3445,7 @@
CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee
WebShield ...)
NOT-FOR-US: McAfee WebShield
CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows
local ...)
- - linux-2.6 <unfixed> (bug filed; low)
+ - linux-2.6 <unfixed> (bug #365375; low)
CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does
not ...)
- linux-2.6 <unfixed>
CVE-2006-0556
@@ -3711,15 +3711,15 @@
CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and
6.16 ...)
TODO: check
CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before
4.6.9, ...)
- TODO: check
+ NOT-FOR-US: Sophos Anti-Virus
CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote
...)
- TODO: check
+ NOT-FOR-US: Internet Explorer 6
CVE-2005-4678 (Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof
the ...)
TODO: check
CVE-2005-4677 (SQL injection vulnerability in additional_images.php (aka the
...)
- TODO: check
+ NOT-FOR-US: osCommerce
CVE-2005-4676 (Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null
...)
- TODO: check
+ - exiv2 0.9
CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to
execute ...)
NOT-FOR-US: VMware
CVE-2006-0467 (Unspecified vulnerability in Pioneers (formerly gnocatan) before
...)
@@ -7150,14 +7150,13 @@
CVE-2006-0016
RESERVED
CVE-2006-0015 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0014 (Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for
Microsoft ...)
NOT-FOR-US: Microsoft
- TODO: check
CVE-2006-0012 (Unspecified vulnerability in Windows Explorer in Microsoft
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2006-0011
RESERVED
CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows
2000 ...)
@@ -7175,7 +7174,7 @@
CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction
with ...)
NOT-FOR-US: Microsoft
CVE-2006-0003 (Unspecified vulnerability in the RDS.Dataspace ActiveX control,
which ...)
- TODO: check
+ NOT-FOR-US: RDS.Dataspace
CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through
2003, ...)
NOT-FOR-US: Microsoft
CVE-2006-0001
@@ -7289,7 +7288,8 @@
CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to
obtain ...)
NOT-FOR-US: Fedora Directory Server
CVE-2005-3629 (initscripts in Red Hat Enterprise Linux 4 does not properly
handle ...)
- TODO: check
+ NOTE: current sudo cleans the environment, so we are not affected
+ - sysvconfig <not-affected> (sudo cleans env anyway)
CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1
DSA-932-1 DSA-931-1 DTSA-28-1}
- kdegraphics 3.5.0-3