Secure testing commits - Nov 2005 - r2722 - data/CVE

Author: neilm
Date: 2005-11-13 17:09:22 +0000 (Sun, 13 Nov 2005)
New Revision: 2722

Modified:
   data/CVE/list
Log:
Did (all but one) 2002 TODO:s


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-11-13 16:00:41 UTC (rev 2721)
+++ data/CVE/list	2005-11-13 17:09:22 UTC (rev 2722)
@@ -19119,9 +19119,7 @@
 	NOTE: according to http://www.securityfocus.com/archive/1/297419
 	NOTE: phpBB versions above 2.0.0 are not vulnerable.
 CVE-2002-1534 (Macromedia Flash Player allows remote attackers to read
arbitrary ...)
-	NOTE: Don''t know if macromedia flash player is still vulnerable
-	NOTE: see: http://www.securityfocus.com/archive/1/294206
-	TODO: check
+	NOTE: only affects flash 6.0 - 6.0.47.0, which is not in Debian
 CVE-2002-1532 (The administrative web interface (STEMWADM) for SurfControl
SuperScout ...)
 	NOT-FOR-US: surfcontrol
 CVE-2002-1531 (The administrative web interface (STEMWADM) for SurfControl
SuperScout ...)
@@ -19632,10 +19630,12 @@
 	{DSA-254}
 CVE-2002-1050 (Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote
...)
 	{DSA-148}
-	TODO: check
+	- hylafax 4.1.2-2.1
+	[woody] - hylafax 4.1.1-1.1
 CVE-2002-1049 (Format string vulnerability in HylaFAX faxgetty before 4.1.3
allows ...)
 	{DSA-148}
-	TODO: check
+	- hylafax 4.1.2-2.1
+	[woody] - hylafax 4.1.1-1.1
 CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard
...)
 	NOT-FOR-US: Watchguard Firebox firmware
 CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL)
before ...)
@@ -19772,7 +19772,8 @@
 	NOT-FOR-US: Cisco
 CVE-2002-0847 (tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote
attackers ...)
 	{DSA-145}
-	TODO: check
+	- tinyproxy 1.4.3-3
+	[woody] - tinyproxy 1.4.3-2woody2
 CVE-2002-0846 (The decoder for Macromedia Shockwave Flash allows remote
attackers to ...)
 	- flashplugin-nonfree 6.0.47
 CVE-2002-0845 (Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0
allows ...)
@@ -19805,10 +19806,12 @@
 	NOT-FOR-US: Windows
 CVE-2002-0818 (wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows
remote ...)
 	{DSA-144}
-	TODO: check
+	- wwwoffle 2.7d-1
+	[woody] - wwwoffle 2.7a-1.2
 CVE-2002-0817 (Format string vulnerability in super for Linux allows local
users to ...)
 	{DSA-139}
-	TODO: check
+	- super 3.18.0-3
+	[woody] - super 3.16.1-1.2 
 CVE-2002-0816 (Buffer overflow in su in Tru64 Unix 5.x allows local users to
gain ...)
 	NOT-FOR-US: HP Tru64
 CVE-2002-0814 (Buffer overflow in VMware Authorization Service for VMware GSX
Server ...)
@@ -19961,9 +19964,11 @@
 	{DSA-160}
 CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache
user to ...)
 	{DSA-137}
-	TODO: check
+	- libmm11 1.1.3-6.1
+	- libmm13 1.3.1-1
 CVE-2002-0653 (Off-by-one buffer overflow in rewrite_command hook for mod_ssl
Apache ...)
-	TODO: check
+	{DSA-135}
+	- libapache-mod-ssl 2.8.9-2
 STOP: this is approximatly the release of woody, so we can stop here
 CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc,
and ...)
 CVE-2002-0650 (The keep-alive mechanism for Microsoft SQL Server 2000 allows
remote ...)