Secure testing commits - Dec 2005 - r3152 - data/CVE

Author: jmm-guest
Date: 2005-12-24 13:42:30 +0000 (Sat, 24 Dec 2005)
New Revision: 3152

Modified:
   data/CVE/list
Log:
new fetchmail issue
bugnums


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-12-24 13:37:46 UTC (rev 3151)
+++ data/CVE/list	2005-12-24 13:42:30 UTC (rev 3152)
@@ -35,7 +35,7 @@
 CVE-2005-4471 (POP3 service in Avaya Modular Messaging Message Storage Server
(MSS) ...)
 	NOT-FOR-US: Avaya Modular Messaging Message Storage Server
 CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in
readfile.c in ...)
-	- blender <unfixed> (bug filed; medium)
+	- blender <unfixed> (bug #344398; medium)
 CVE-2005-4469 (Multiple direct static code injection vulnerabilities in
PHPGedView ...)
 	NOT-FOR-US: PHPGedView
 CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in
...)
@@ -286,7 +286,7 @@
 CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as
implemented in ...)
 	TODO: check
 CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for
...)
-	TODO: check
+	- fetchmail <unfixed> (bug #343836; low)
 CVE-2005-4418 [Default policy in util-vserver prior to 0.30.208 trusted unknown
capabilities]
 	RESERVED
 	- util-vserver 0.30.208-1
@@ -379,7 +379,7 @@
 CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet
BBS 2.0 ...)
 	NOT-FOR-US: SiteNet BBS 
 CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9,
0.9.1, ...)
-	- trac <unfixed> (bug filed)
+	- trac <unfixed> (bug #344006)
 CVE-2005-4304 (index.php in ezDatabase 2.1.2 and earlier allows remote
attackers to ...)
 	NOT-FOR-US: ezDatabase
 CVE-2005-4303 (SQL injection vulnerability in index.php for ezDatabase 2.1.2
and ...)
@@ -1007,7 +1007,7 @@
 	NOT-FOR-US: Jax Calendar
 CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2
...)
 	{DSA-919-1}
-	- curl 7.15.1-1 (bug #342339; medium) 
+	- curl 7.15.1-1 (bug #342339; bug #342696; medium) 
 	[sarge] - curl 7.13.2-2sarge4 (medium)
 	[woody] - curl <not-affected> (Only curl >= 7.11 is vulnerable)
 CVE-2005-XXXX [Buffer overflows in electricsheep]