Author: djoume-guest Date: 2004-11-07 05:56:52 -0700 (Sun, 07 Nov 2004) New Revision: 94 Modified: sarge-checks/CVE/list Log: * Processed my block * Claimed some more Modified: sarge-checks/CVE/list ==================================================================--- sarge-checks/CVE/list 2004-11-06 23:05:02 UTC (rev 93) +++ sarge-checks/CVE/list 2004-11-07 12:56:52 UTC (rev 94) @@ -185,7 +185,6 @@ CVE-2003-0991 - mailman 2.1-1 NOTE: covered by DSA-436 - NOTE: don''t know if still vulnerable NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this. NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable CVE-2003-0988 @@ -279,14 +278,13 @@ - eterm 0.9.2-6 NOTE: covered by DSA-496 CVE-2003-0067 - NOTE: don''t know if still vulnerable NOTE: I have mailed Göran Weinholt <weinholt@debian.org> about this. NOTE: Göran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was NOTE: never vulnerable to the problem described. NOTE: this CVE is bogus. CVE-2003-0066 - rxvt 2.6.4-6.1 - NOTE: woody version are still vulnerable. + NOTE: woody version are still vulnerable (bug #244810). CVE-2003-0065 NOTE: not-for-us (uxterm not in Debian) CVE-2003-0064 @@ -297,67 +295,110 @@ CVE-2003-0062 NOTE: not-for-us (NOD32 not in Debian) CVE-2003-0059 - TODO: unchecked + - krb5 1.2.5-1 CVE-2003-0058 - TODO: unchecked - + - krb5 1.2.5-1 CVE-2003-0055 + NOTE: not-for-us (apple) CVE-2003-0054 + NOTE: not-for-us (apple) CVE-2003-0053 + NOTE: not-for-us (apple) CVE-2003-0052 + NOTE: not-for-us (apple) CVE-2003-0051 + NOTE: not-for-us (apple) CVE-2003-0050 + NOTE: not-for-us (apple) CVE-2003-0045 + NOTE: not-for-us (windows) CVE-2003-0043 + - tomcat 3.3.1a-1 NOTE: covered by DSA-246 CVE-2003-0040 + - courier-ssl 0.40.2-3 NOTE: covered by DSA-247 CVE-2003-0039 + - dhcp3 1.1.2-1 NOTE: covered by DSA-245 CVE-2003-0033 + - snort 2.0.0-1 NOTE: covered by DSA-297 CVE-2003-0032 + - libmcrypt 2.5.5-1 NOTE: covered by DSA-228 CVE-2003-0027 + NOTE: not-for-us (sun) CVE-2003-0024 NOTE: I have mailed Göran Weinholt <weinholt@debian.org> about this. NOTE: Göran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was NOTE: never vulnerable to the problem described. NOTE: this CVE is bogus. CVE-2003-0023 + NOTE: I''m not sure if this is fix in rxvt 2.6.4-6.1 + NOTE: I''ve mailed maintainers + TODO: check CVE-2003-0022 + NOTE: I''m not sure if this is fix in rxvt 2.6.4-6.1 + NOTE: I''ve mailed maintainers + TODO: check CVE-2003-0021 + NOTE: I''m not sure if this is fix in eterm 0.9.2-6 + NOTE: I''ve mailed maintainers + TODO: check CVE-2003-0020 + - apache 1.3.29.0.2-4 CVE-2003-0019 + NOTE: not-for-us (redhat 8.0 only) CVE-2003-0018 + NOTE: fixed after 2.6/2.4.21 kernel NOTE: covered by DSA-358 + NOTE: covered by DSA-423 CVE-2003-0017 + NOTE: not-for-us (apache on windows) CVE-2003-0016 + NOTE: not-for-us (apache on windows) CVE-2003-0015 + - cvs 1.11.2-5.1 NOTE: covered by DSA-233 CVE-2003-0013 + - bugzilla 2.16.2-1 NOTE: covered by DSA-230 CVE-2003-0012 + - bugzilla 2.16.2-1 NOTE: covered by DSA-230 CVE-2003-0009 + NOTE: not-for-us (windows) CVE-2003-0007 + NOTE: not-for-us (windows) CVE-2003-0004 + NOTE: not-for-us (windows) CVE-2003-0003 + NOTE: not-for-us (windows) CVE-2003-0002 - -end claimed by djoume - + NOTE: not-for-us (windows) CVE-2002-1574 + NOTE: fixed after 2.6/2.4.20 kernel CVE-2002-1560 + NOTE: not-for-us (gbook not in Debian) CVE-2002-1552 + NOTE: not-for-us (novell) CVE-2002-1550 + NOTE: not-for-us (AIX) CVE-2002-1549 + NOTE: not-for-us (lhttpd not in Debian) CVE-2002-1548 + NOTE: not-for-us (AIX) CVE-2002-1547 + NOTE: not-for-us (Netscreen) CVE-2002-1543 + NOTE: not-for-us (NetBSD) CVE-2002-1541 + NOTE: not-for-us (BadBlue not in Debian) CVE-2002-1540 + NOTE: not-for-us (norton) CVE-2002-1538 + NOTE: not-for-us (acusend not in Debian) CVE-2002-1537 CVE-2002-1534 CVE-2002-1532 @@ -466,6 +507,9 @@ CVE-2002-1362 NOTE: covered by DSA-211 CVE-2002-1361 + +end claimed by djoume + CVE-2002-1350 NOTE: covered by DSA-206 CVE-2002-1349