Author: djoume-guest Date: 2004-11-03 07:21:47 -0700 (Wed, 03 Nov 2004) New Revision: 64 Modified: sarge-checks/CVE/list Log: * update CVE-2003-0067 and CVE-2003-0024 about aterm * I have some doubt about package version that fixed CVE-2003-0070, I''ve mailed maintainers. Modified: sarge-checks/CVE/list ==================================================================--- sarge-checks/CVE/list 2004-11-02 23:35:38 UTC (rev 63) +++ sarge-checks/CVE/list 2004-11-03 14:21:47 UTC (rev 64) @@ -271,6 +271,8 @@ NOTE: covered by DSA-380 CVE-2003-0070 - vte 0.11.10-1 + NOTE: I have mailed maintainer to be 100% sure. + TODO: check CVE-2003-0069 - putty 0.54-1 CVE-2003-0068 @@ -279,7 +281,9 @@ CVE-2003-0067 NOTE: don''t know if still vulnerable NOTE: I have mailed Göran Weinholt <weinholt@debian.org> about this. - TODO: check + NOTE: Göran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was + NOTE: never vulnerable to the problem described. + NOTE: this CVE is bogus. CVE-2003-0066 - rxvt 2.6.4-6.1 NOTE: woody version are still vulnerable. @@ -316,6 +320,10 @@ NOTE: covered by DSA-228 CVE-2003-0027 CVE-2003-0024 + NOTE: I have mailed Göran Weinholt <weinholt@debian.org> about this. + NOTE: Göran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was + NOTE: never vulnerable to the problem described. + NOTE: this CVE is bogus. CVE-2003-0023 CVE-2003-0022 CVE-2003-0021