Author: micah
Date: 2006-01-05 18:03:22 +0000 (Thu, 05 Jan 2006)
New Revision: 3232
Modified:
data/CVE/list
Log:
Checked some more stable issues for sarge/woody applicability, most
were affected, with one not-affected
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-05 00:37:46 UTC (rev 3231)
+++ data/CVE/list 2006-01-05 18:03:22 UTC (rev 3232)
@@ -4020,6 +4020,7 @@
NOTE: xli couldn''t load the provided test images when I checked?
CVE-2005-3302 (Eval injection vulnerability in bvh_import.py in Blender 2.36
allows ...)
- blender 2.37a-1 (bug #330895; medium)
+ [woody] - blender <not-affected> (Woody''s blender does not
contain the bvh_import.py script)
CVE-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4,
...)
NOT-FOR-US: Microsoft
CVE-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not
record ...)
@@ -4546,6 +4547,7 @@
NOT-FOR-US: VERITAS storage solutions
CVE-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read
...)
- bacula (bug #329271; low)
+ NOTE: Sarge affected, didn''t exist in Woody
CVE-2005-2994 (Unspecified vulnerability in the web client for IBM Rational
...)
NOT-FOR-US: IBM Rational ClearQuest
CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64
UNIX ...)
@@ -6167,6 +6169,7 @@
- kernel-source-2.4.27 <not-affected>
CVE-2005-XXXX [Buffer overflow in Description parsing]
- bidwatcher <removed> (bug #319489; high)
+ NOTE: Sarge and Woody affected
CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and
stops adduser working]
- dbmail <unfixed> (bug #303991; medium)
CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
@@ -7506,8 +7509,10 @@
NOT-FOR-US: MMS Ripper
CVE-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world
...)
- backup-manager 0.5.8-2 (bug #308897; low)
+ NOTE: maybe a duplicate of CVE-2005-1856, author contacted
CVE-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which
allows ...)
- backup-manager 0.5.8-2 (low)
+ NOTE: maybe a duplicate of CVE-2005-1855, author contacted
CVE-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05
allows ...)
NOT-FOR-US: Internet Download Manager
CVE-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information
such as ...)
@@ -7712,6 +7717,7 @@
CVE-2005-2348 [base-config log should not be world readable]
RESERVED
- base-config 2.68 (bug #254068; low)
+ NOTE: Sarge and Woody affected
CVE-2005-2169 (Directory traversal vulnerability in source.php in Quick
& Dirty ...)
NOT-FOR-US: PHPSource Printer
CVE-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote
...)
@@ -9188,9 +9194,11 @@
CVE-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses
a ...)
{DSA-787-1}
- backup-manager 0.5.8-2 (bug #315582; low)
+ NOTE: maybe a duplicate of CVE-2005-2212, author contacted
CVE-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup
files with ...)
{DSA-787-1}
- backup-manager 0.5.8-2 (medium)
+ NOTE: maybe a duplicate of CVE-2005-2211, author contacted
CVE-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to
"missing ...)
{DSA-772-1}
- apt-cacher 0.9.10 (high)