Moritz Muehlenhoff
2005-Dec-25 18:43 UTC
[Secure-testing-commits] r3160 - in data: CVE DSA
Author: jmm-guest
Date: 2005-12-25 18:43:04 +0000 (Sun, 25 Dec 2005)
New Revision: 3160
Modified:
data/CVE/list
data/DSA/list
Log:
Bringing the stable information in shape:
- gopher DSA fix was somehow missing
- one phpmyadmin issue was not-affected
- glibc LD_DEBUG issue is a general non-issue
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-25 11:17:23 UTC (rev 3159)
+++ data/CVE/list 2005-12-25 18:43:04 UTC (rev 3160)
@@ -3288,6 +3288,7 @@
{DSA-880-1}
- phpmyadmin 4:2.6.4-pl3-1 (bug #335306; high)
CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in
phpMyAdmin ...)
+ [sarge] - phpmyadmin <not-affected> (Not affected according to
maintainer; #333433)
- phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high)
CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow
remote ...)
NOT-FOR-US: OpenWBEM
@@ -14177,9 +14178,11 @@
CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First
(OSPF) ...)
NOT-FOR-US: Cisco
CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before
2.3.3.20040420, ...)
- - glibc 2.3.5 (bug #272210; low)
+ - glibc 2.3.5 (bug #272210; unimportant)
NOTE: according to GOTO Masanori this is not a security problem
- NOTE: Not exactly sure, which version fixed it, but we play safe with the
current
+ NOTE: Jakub Jelinek confirms
http://sources.redhat.com/ml/libc-hacker/2004-08/msg00059.html
+ NOTE: Although not a real issue we should play safe with 2.3.5, where the code
+ NOTE: was reorganized
CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default
permissions ...)
NOT-FOR-US: Gentoo specific
CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status
bar ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-12-25 11:17:23 UTC (rev 3159)
+++ data/DSA/list 2005-12-25 18:43:04 UTC (rev 3160)
@@ -446,6 +446,7 @@
[30 Sep 2005] DSA-832-1 gopher - buffer overflows
{CVE-2005-2772}
[woody] - gopher 3.0.3woody4
+ [sarge] - gopher 3.0.7sarge2
NOTE: fixed in testing at time of DSA
[30 Sep 2005] DSA-831-1 mysql-dfsg-4.1 - several
{CVE-2005-2558}