Author: jmm-guest
Date: 2006-01-03 12:07:21 +0000 (Tue, 03 Jan 2006)
New Revision: 3213
Modified:
data/CVE/list
Log:
more updates
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-03 00:20:49 UTC (rev 3212)
+++ data/CVE/list 2006-01-03 12:07:21 UTC (rev 3213)
@@ -8696,7 +8696,7 @@
CVE-2002-1716 (The Host() function in the Microsoft spreadsheet component on
...)
NOT-FOR-US: microsoft
CVE-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users
to ...)
- NOTE: "SecurityFocus staff have been unable to reproduce this
vulnerability with OpenSSH version 3.1p1."
+ - openssh <not-affected> ("SecurityFocus staff have been unable to
reproduce this vulnerability with OpenSSH version 3.1p1.")
CVE-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote
attackers to ...)
NOT-FOR-US: microsoft
CVE-2002-1713 (The Standard security setting for Mandrake-Security package
(msec) in ...)
@@ -14403,7 +14403,8 @@
NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
NOTE: cyrus-sasl2 already has patch applied
- NOTE: cyrus-sasl code seems too old for any of the problems to apply
+ TODO: At which version was this patch introduced?
+ - cyrus-sasl <not-affected> (cyrus-sasl code seems too old for any of
the problems to apply)
CVE-2005-0372 (Directory traversal vulnerability in gftp before 2.0.18 for GTK+
...)
{DSA-686-1}
- gftp 2.0.18-1
@@ -14538,7 +14539,7 @@
CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default
permissions ...)
NOT-FOR-US: Gentoo specific
CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status
bar ...)
- NOTE: mozilla 2:1.6-1
+ - mozilla 2:1.6-1
CVE-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows
remote ...)
- mozilla 2:1.7.1-1
CVE-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before
0.7 ...)
@@ -16915,8 +16916,7 @@
CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID
(euid) ...)
- star 1.5a46
CVE-2004-0849 (Integer overflow in the asn_decode_string() function defined in
asn1.c ...)
- NOTE: not vulnerable according to
http://www.debian.org/security/nonvulns-sarge
- TODO: which radius daemon in debian is "GNU Radius" (if any)?
+ NOT-FOR-US: GNU Radius
CVE-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers
to ...)
NOT-FOR-US: microsoft
CVE-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET
allows ...)
@@ -18865,9 +18865,10 @@
CVE-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI
script for ...)
- mailman 2.1.3
CVE-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG
Plugin 1.1 ...)
- NOTE: apparenlty false/bad advisory
+ - squirrelmail 1.4.2 (low)
+ NOTE: Only potentially exploitable withexternel GPG Plugin, see
NOTE: http://www.securityfocus.com/archive/1/348366
- NOTE: possible problemsm before 1.4.2, 1.4.2 ok
+ NOTE: The potential problems have been fixed as of 1.4.2
CVE-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial
of ...)
{DSA-425}
- tcpdump 3.8.1
@@ -19108,11 +19109,8 @@
CVE-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global
read/write/execute ...)
NOT-FOR-US: Apple
CVE-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for
...)
- NOTE: source package only
- NOTE: openslp: slpd.all_init symlink vuln
- NOTE: this file is not used in Debian, so it''s not a problem for us.
- NOTE: source package still distributes the file, however.
- - openslp 1.0.11a-1
+ NOTE: Vulnerable code not shipped in the binary package
+ - openslp 1.0.11a-1 (unimportant)
CVE-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and
earlier ...)
NOT-FOR-US: Deskpro
CVE-2003-0873