Author: fw
Date: 2005-12-14 09:33:18 +0000 (Wed, 14 Dec 2005)
New Revision: 3034
Modified:
data/CVE/list
Log:
CVE-2005-0148: fix syntax
CVE-2004-1347: xdm has multiple source packages, list them
CVE-2004-1311, CVE-2004-1310, CVE-2004-1309: add mplayer ITP bug number
CVE-2004-1027, CVE-2004-0947: use the arj source package instead of unarj
CVE-2004-1001: the fix was losted from sid as well, correct versions
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-14 09:25:48 UTC (rev 3033)
+++ data/CVE/list 2005-12-14 09:33:18 UTC (rev 3034)
@@ -14261,7 +14261,7 @@
- mozilla-thunderbird 0.7
- mozilla 2:1.7.4
CVE-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses
the ...)
- - mozilla-thunderbird (Affects only Thunderbird on Windows)
+ - mozilla-thunderbird <not-affected> (Affects only Thunderbird on
Windows)
CVE-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to
use a ...)
- mozilla-firefox 1.0
- mozilla 2:1.7.5
@@ -14630,7 +14630,8 @@
CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote
attackers ...)
NOT-FOR-US: Solaris
CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to
cause ...)
- -xdm <not-affected> (xdm on Solaris)
+ - xfree86 <not-affected> (xdm on Solaris)
+ - xorg-x11 <not-affected> (xdm on Solaris)
CVE-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local
users ...)
NOT-FOR-US: Solaris
CVE-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager
(ESM) ...)
@@ -14799,11 +14800,11 @@
CVE-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as
used ...)
NOT-FOR-US: Microsoft
CVE-2004-1311 (Integer overflow in the real_setup_and_get_header function in
real.c ...)
- - mplayer <itp>
+ - mplayer <itp> (bug #113238)
CVE-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c
functionality ...)
- - mplayer <itp>
+ - mplayer <itp> (bug #113238)
CVE-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in
...)
- - mplayer <itp>
+ - mplayer <itp> (bug #113238)
CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for
libtiff ...)
{DSA-617-1}
- tiff 3.6.1-4
@@ -15396,7 +15397,7 @@
[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not
properly ...)
TODO: check back with dilinger about 2.6
- TOOD: previous fix in -9 has regressions
+ TODO: previous fix in -9 has regressions
- kernel-source-2.4.27 2.4.27-10
CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does
not ...)
- linux-2.6 <not-affected> (Fixed before upload into archive)
@@ -15464,7 +15465,7 @@
NOT-FOR-US: AIX
CVE-2004-1027 (Directory traversal vulnerability in the -x (extract) command
line ...)
{DSA-652-1}
- - unarj <not-affected> (sarge''s unarj is from a different code
base, probably not vulnerable)
+ - arj <not-affected> (sarge''s unarj is from a different code
base, probably not vulnerable)
CVE-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14
and ...)
{DSA-628-1 DSA-618-1}
- imlib 1.9.14-17.1 (bug #284925)
@@ -15541,9 +15542,12 @@
- ppp 2.4.2+20040428-3
CVE-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow
4.0.4.1, ...)
{DSA-585-1}
- - shadow 1:4.0.3-30.3
- NOTE: apparently the fix was lost from sarge somehow, see #309587
- [sarge] - shadow 1:4.0.3-31sarge5
+ NOTE: Fixed in shadow 1:4.0.3-30.3 for the first time.
+ NOTE: Apparently, the fix was lost somehow, see #309587.
+ NOTE: It was reapplied to sarge before the release, and to sid in
+ NOTE: version 1:4.0.3-35.
+ - shadow 1:4.0.3-35
+ [sarge] - shadow 1:4.0.3-31sarge5 (bug #309587)
CVE-2004-1000 (lintian 1.23 and earlier removes the working directory even if
it was ...)
{DSA-630-1}
- lintian 1.23.6 (bug #286379; low)
@@ -15693,7 +15697,7 @@
CVE-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers
to ...)
{DSA-652-1}
NOTE: see http://lwn.net/Alerts/110733/
- - unarj <not-affected> (sarge''s unarj is from a different code
base, probably not vulnerable)
+ - arj <not-affected> (sarge''s unarj is from a different code
base, probably not vulnerable)
CVE-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit
...)
- nfs-utils <not-affected> (does not apply per maintainer)
CVE-2004-0945 (The web management interface for Mitel 3300 Integrated
Communications ...)