Author: jmm-guest
Date: 2005-12-20 15:50:55 +0000 (Tue, 20 Dec 2005)
New Revision: 3109
Modified:
data/CVE/list
Log:
more syntax conversions
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-20 13:52:07 UTC (rev 3108)
+++ data/CVE/list 2005-12-20 15:50:55 UTC (rev 3109)
@@ -18813,7 +18813,6 @@
NOTE: fixed in 2.4.21-rc2
CVE-2003-0698
REJECTED
- NOTE: see CVE-2003-0743
CVE-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers
fileset for ...)
NOT-FOR-US: AIX
CVE-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly
close ...)
@@ -19032,10 +19031,8 @@
NOT-FOR-US: Microsoft
CVE-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier
...)
- bugzilla 2.16.3
- NOTE: in 2.17.x : we need at least 2.17.4
CVE-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla
2.16.x ...)
- bugzilla 2.16.3
- NOTE: in 2.17.x : we need at least 2.17.4
CVE-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6
does ...)
NOT-FOR-US: Apple
CVE-2003-0600
@@ -19177,7 +19174,7 @@
- apache 1.3.29
CVE-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote
attackers ...)
{DSA-710-1}
- NOTE: does not affect evolution on debian
+ - evolution <not-affected> (Does not affect evolution on debian)
- gtkhtml 1.0.4-6.2
CVE-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows
remote ...)
{DSA-363}
@@ -19219,7 +19216,7 @@
CVE-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory
that ...)
NOT-FOR-US: Microsoft
CVE-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite
arbitrary ...)
- NOTE: appears specific to the knoppix CD
+ - qt-x11-free <not-affected> (appears specific to the knoppix CD)
CVE-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain
...)
NOT-FOR-US: ProductCart
CVE-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5
through 2 ...)
@@ -19290,7 +19287,7 @@
CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz
...)
NOT-FOR-US: snitz forums; not in debian
CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote
attackers ...)
- NOT-FOR-US: xoop; not in debian
+ - xoops <itp> (bug #207640)
CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X
10.2.6, ...)
NOT-FOR-US: Dantz Retrospect
CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges
after ...)
@@ -19346,6 +19343,7 @@
{DSA-357}
- wu-ftpd 2.6.2-12
CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL
pad the ...)
+ - linux-2.6 <not-affected> (Generic C version fixed in 2.6.x)
NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
NOTE: arch specific asm versions:
NOTE: x86 is not affected
@@ -19359,6 +19357,7 @@
RESERVED
CVE-2003-0462 (A race condition in the way env_start and env_end pointers are
...)
{DSA-423 DSA-358}
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the
archive; 2.4.22-pre10)
CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number
of ...)
{DSA-423 DSA-358}
@@ -19366,7 +19365,7 @@
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
- kernel-source-2.4.27 2.4.27-1
CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and
OS/2 ...)
- NOT-FOR-US: apache for win and os/2
+ - apache <not-affected> (Affects only Apache for Windows and OS/2)
CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove
authentication ...)
{DSA-361}
- kdelibs 4:3.1.3-1
@@ -19434,9 +19433,8 @@
{DSA-322}
- typespeed 0.4.4
CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2)
Xpdf 1.01 ...)
- NOTE: various pdf viewers
- NOTE: kpdf does not seem to support hyperlinks; so not vulnerable
- NOTE: gpdf 2.8.0 does not seem to be vulnerable
+ - kdegraphics <not-affected> (kdf does not seem to support hyperlinks;
so not vulnerable)
+ - gpdf <not-affected> (gpdf 2.8.0 does not seem to be vulnerable)
- xpdf 2.02pl1-1
CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow
...)
{DSA-315}
@@ -19475,7 +19473,8 @@
CVE-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router
SMC7004VWBR ...)
NOT-FOR-US: SMC
CVE-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the
size of ...)
- NOTE: only linux 2.0.x
+ - kernel-source-2.4.27 <not-affected> (Affects only Linux 2.0.x)
+ - linux-2.6 <not-affected> (Affects only Linux 2.0.x)
CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows
remote ...)
NOT-FOR-US: Son hServer
CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for
Bandmin 1.4 ...)
@@ -19535,11 +19534,12 @@
CVE-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect
...)
NOT-FOR-US: RSA ACE/Agent
CVE-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and
the ...)
- NOTE: pam is not vulnerable in default confuguration
- NOTE: pam is not vulnerable at all in sarge, according to maintainer
+ [sarge] - pam <not-affected> (pam is not vulnerable at all in sarge,
according to maintainer)
+ TODO: Check Woody and sid
CVE-2003-0387
RESERVED
CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by
numeric IP ...)
+ TODO: Check, when this was fixed
NOTE: fixed in current openssh, which always does reverse mapping now
CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid,
...)
{DSA-310}