Author: fw Date: 2005-10-25 13:39:11 +0000 (Tue, 25 Oct 2005) New Revision: 2566 Modified: data/CVE/list Log: Data from nonvulns-sarge.src, revision 1.26 Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-10-25 12:50:21 UTC (rev 2565) +++ data/CVE/list 2005-10-25 13:39:11 UTC (rev 2566) @@ -10595,7 +10595,7 @@ CVE-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...) - pdns 2.9.16-6 CVE-2005-0427 (Webmin before 1.170-r3 includes the encrypted root password in the ...) - - webmin 1.180-1 + NOT-FOR-US: Gentoo specific CVE-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ...) NOT-FOR-US: Solaris CVE-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, ...) @@ -11469,7 +11469,8 @@ CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, ...) NOT-FOR-US: TikiWiki CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain ...) - - phpgroupware 0.9.16.005-1 + - phpgroupware 0.9.16.005-1 (unimportant) + NOTE: path disclosure only, path is known on Debian anyway CVE-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare ...) - phpgroupware 0.9.16.005-1 CVE-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and ...) @@ -11703,7 +11704,7 @@ - libapache-mod-python 2:2.7.10-4 CVE-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...) NOTE: debian does not have stack protection, but it''s fixed anyway since 1.0.9 - - alsa-lib 1.0.9-1 + - alsa-lib 1.0.9-1 (unimportant) CVE-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...) NOT-FOR-US: redhat specific less bug CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...) @@ -11841,8 +11842,10 @@ CVE-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...) NOT-FOR-US: Adobe CVE-2005-0034 (An "incorrect assumption" in the authvalidated validator function in ...) - NOTE: only affects bind9 9.3.0, we have an earlier version - NOTE: fixed in 9.3.1 + - bind9 1:9.3.1 + [woody] - bind9 <not-affected> + [sarge] - bind9 <not-affected> + NOTE: only affects bind9 9.3.0, sarge and woody have an earlier versions CVE-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...) - bind 1:8.4.6-1 CVE-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...)