Author: jmm-guest
Date: 2005-06-24 12:16:00 +0000 (Fri, 24 Jun 2005)
New Revision: 1275
Modified:
data/CAN/list
Log:
some severity adjustments as proposed in t-s-t
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-06-24 08:22:44 UTC (rev 1274)
+++ data/CAN/list 2005-06-24 12:16:00 UTC (rev 1275)
@@ -867,7 +867,7 @@
CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast!
Antivirus 4.6 ...)
NOTE: not-for-us (Avast)
CAN-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in
SquirrelMail ...)
- - squirrelmail (unfixed; bug #314374; low)
+ - squirrelmail (unfixed; bug #314374; medium)
CAN-2005-1768
NOTE: reserved
CAN-2005-1767
@@ -1001,7 +1001,7 @@
CAN-2005-XXXX [Unspecified issue in moodle''s admin/delete.php]
- moodle 1.4.4.dfsg.1-3
CAN-2005-XXXX [Minor DoS condition in mutt due to preditable tempfiles]
- - mutt (unfixed; bug #311296; medium)
+ - mutt (unfixed; bug #311296; low)
CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php]
NOTE: viewFile.php has been removed along with other files in -26, so Debian
is
NOTE: no longer affected.
@@ -2900,10 +2900,10 @@
CAN-2005-1268
NOTE: reserved
CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly
handle ...)
- - tcpdump 3.9.0.cvs.20050614-1 (low)
+ - tcpdump 3.9.0.cvs.20050614-1 (medium)
CAN-2005-1266
NOTE: reserved
- - spamassassin (unfixed; bug #314447; low)
+ - spamassassin (unfixed; bug #314447; medium)
CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to
create ...)
- kernel-source-2.6.8 (unfixed; medium)
CAN-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the
wrong ...)
@@ -3364,7 +3364,7 @@
NOTE: Not part of Sarge due to FTBFS on ia64 and alpha
- oops (unfixed; bug #307360)
CAN-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail
...)
- - ilohamail (unfixed; bug #304525; low)
+ - ilohamail (unfixed; bug #304525; medium)
CAN-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt
arbitrary ...)
- sudo (unfixed; bug #283161; low)
CAN-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in
the ...)
@@ -4806,7 +4806,7 @@
- lesstif1-1 1:0.93.94-11.3
- libxpm4 4.3.0.dfsg.1-13
NOTE: openmotif is non-free
- - openmotif 2.2.3-1.1 (low)
+ - openmotif 2.2.3-1.1 (medium)
CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the
...)
NOTE: not-for-us (GFI Languard Network Security Scanner)
CAN-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote
attackers to ...)
@@ -5359,7 +5359,7 @@
NOTE: not-for-us (Tonecast)
CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service
(infinite ...)
NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there
- - lynx (unfixed; bug #296340; medium)
+ - lynx (unfixed; bug #296340; low)
CAN-2004-1616 (Links allows remote attackers to cause a denial of service
(memory ...)
- links 0.99+1.00pre12-1
CAN-2004-1615 (Opera allows remote attackers to cause a denial of service
(invalid ...)
@@ -8140,7 +8140,7 @@
NOTE: but lesstif2 did get fixed for this hole..
- lesstif2 1_0.93.94-11.2
NOTE: openmotif is non-free
- - openmotif 2.2.3-1.1 (low)
+ - openmotif 2.2.3-1.1 (medium)
CAN-2004-0913 (Unknown vulnerability in ecartis 0.x before ...)
{DSA-572-1}
- squid 2.5.6-9