Author: jmm-guest Date: 2006-02-01 10:04:35 +0000 (Wed, 01 Feb 2006) New Revision: 3405 Modified: data/CVE/list Log: checked some issues, they all don''t affect us Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-02-01 09:39:31 UTC (rev 3404) +++ data/CVE/list 2006-02-01 10:04:35 UTC (rev 3405) @@ -147,6 +147,8 @@ NOT-FOR-US: MyBB CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 ...) - tiff <unfixed> (bug #350715) + [sarge] - tiff <not-affected> (Vulnerability was introduced later) + [woody] - tiff <not-affected> (Vulnerability was introduced later) CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document ...) NOT-FOR-US: Note-A-Day Weblog CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote ...) @@ -866,8 +868,8 @@ CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and ...) NOT-FOR-US: OpenBSD CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in ...) - NOTE: This is probably not-affected as it''s Windows-specific - TODO: double-check, if this is really Windows-specific + - php4 <not-affected> (Windows specific) + - php5 <not-affected> (Windows specific) CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...) - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11) - kernel-source-2.4.27 2.4.27-8 @@ -1287,7 +1289,8 @@ CVE-2005-4505 (Unquoted Windows search path vulnerability in McAfee VirusScan ...) NOT-FOR-US: McAfee CVE-2005-4504 (The khtml::RenderTableSection::ensureRows function in KHTMLParser in ...) - TODO: check, whether this affects konqueror + - kdelibs <not-affected> + NOTE: Konqueror from sid doesn''t crash, will test an older version later CVE-2005-4503 (httprint v202, and possibly other versions before v301, allows remote ...) NOT-FOR-US: httprint CVE-2005-4502 (Cross-site scripting (XSS) vulnerability in httprint v202, and ...) @@ -1663,7 +1666,6 @@ NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to fix this vulnerability CVE-2005-4346 (Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier ...) NOT-FOR-US: phpBB Blog - TODO: Double-check please, this doesn''t seem to be included in stock phpbb CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password ...) NOT-FOR-US: ColdFusion MX CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the ...)