Author: micah Date: 2006-01-01 21:28:50 +0000 (Sun, 01 Jan 2006) New Revision: 3197 Modified: data/CVE/list Log: Woody aide is not-affected by CVE-2005-2096 Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-01-01 18:48:22 UTC (rev 3196) +++ data/CVE/list 2006-01-01 21:28:50 UTC (rev 3197) @@ -3588,6 +3588,7 @@ NOT-FOR-US: HP-UX CVE-2005-XXXX [adduser''s deluser creates backup files with world readable permissions] - adduser 3.77 (bug #331720; low) + NOTE: Woody and Sarge affected CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow] - pavuk 0.9.33-1 (bug #264684; high) NOTE: second hole mentioned in bug report @@ -7729,9 +7730,11 @@ NOTE: to search for static zlib signatures in binaries in Debian NOTE: Not all of the listed packages have been checked for actual NOTE: exploitability using this hole. + NOTE: oldstable (woody) had zlib 1.1, which is not affected - dpkg 1.13.11 (bug #317967; medium) - zsync 0.4.0-2 (bug #317968; medium) - dump 0.4b40-1 (bug #317966; medium) + [woody] - aide <not-affected> (Woody contains zlib 1.1, which is not affected) - aide 0.10-6.1.1 (bug #317523; medium) - amd64-libs 1.3 (bug #317970; medium) - ia32-libs <unfixed> (bug #317971; medium)