Author: jmm-guest Date: 2005-10-21 10:05:38 +0000 (Fri, 21 Oct 2005) New Revision: 2525 Modified: data/CVE/list Log: processed latest block, yiff "issue" CANified, this includes the CVE references Micah requested for the kernel. Now that we have distribution tags we should use them for the kernel as well. Once they''ve been incorporated into a DSA we can move them to DSA/list later on, but as a kernel DSA still does not seem to be coming soon, we should use it like this. Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-10-21 09:18:28 UTC (rev 2524) +++ data/CVE/list 2005-10-21 10:05:38 UTC (rev 2525) @@ -1,22 +1,21 @@ -begin claimed by jmm CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...) - TODO: check + - linux-2.6 2.6.12-2 CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in ...) - TODO: check + - linux-2.6 2.6.13-1 CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 ...) - TODO: check + - linux-2.6 2.6.13-1 CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for ROSE in Linux 2.6 ...) - TODO: check + - linux-2.6 2.6.12-1 CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the ...) - TODO: check + - linux-2.6 2.6.12-1 CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in ...) - TODO: check + - linux-2.6 <not-affected> (Fixed before linux-2.6 was introduced) CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for Symantec ...) - TODO: check + NOT-FOR-US: Symantec Antivirus CVE-2005-3269 (Unspecified "security exposure" in the HTTP Admin interface for Sun ...) - TODO: check + NOT-FOR-US: Sun Java System Directory Server CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and ...) - TODO: check + - yiff-server <unfixed> (bug #334616; low) CVE-2005-3267 RESERVED CVE-2005-3266 @@ -24,18 +23,17 @@ CVE-2005-3265 RESERVED CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog ...) - TODO: check + NOT-FOR-US: Zeroblog CVE-2005-3263 (Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 ...) - TODO: check + NOT-FOR-US: WinRAR CVE-2005-3262 (Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows ...) - TODO: check + NOT-FOR-US: WinRAR CVE-2005-3261 (getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the ...) - TODO: check + NOT-FOR-US: versatileBulletinBoard CVE-2005-3260 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: versatileBulletinBoard CVE-2005-3259 (Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) ...) - TODO: check -end claimed by jmm + NOT-FOR-US: versatileBulletinBoard CVE-2005-XXXX [Insecure caching of user id in mantis] - mantis <unfixed> (bug #330682; unknown) CVE-2005-XXXX [Filter information disclosure in mantis] @@ -47,8 +45,6 @@ CVE-2005-XXXX [libmad: Assertion failed; buffer overflow] - libmad <unfixed> (bug #287519; low) - mad <removed> -CVE-2005-XXXX [yiff-server: runs as root and opens any file a client asks for] - - yiff-server <unfixed> (bug #334616; high) CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...) - enigmail 2:0.93-1 (unknown) CVE-2005-3253