Author: djoume-guest Date: 2004-11-14 11:58:49 -0700 (Sun, 14 Nov 2004) New Revision: 118 Modified: sarge-checks/CVE/list Log: * processed my block * claimed some more Modified: sarge-checks/CVE/list ==================================================================--- sarge-checks/CVE/list 2004-11-14 16:01:11 UTC (rev 117) +++ sarge-checks/CVE/list 2004-11-14 18:58:49 UTC (rev 118) @@ -492,97 +492,131 @@ CVE-2002-1447 NOTE: not-for-us (Cisco vpn client for UNIX) CVE-2002-1446 - TODO: check + NOTE: not-for-us (nCipher PKCS#11 library) CVE-2002-1443 - TODO: check + NOTE: not-for-us (Google toolbar) CVE-2002-1438 - TODO: check + NOTE: not-for-us (Perl on Novell) CVE-2002-1437 - TODO: check + NOTE: not-for-us (Perl on Novell) CVE-2002-1436 - TODO: check + NOTE: not-for-us (Perl on Novell) CVE-2002-1435 - TODO: check + NOTE: not-for-us (Achievo not in Debian) CVE-2002-1430 - TODO: check + NOTE: not-for-us (Sympoll not in Debian) CVE-2002-1425 + - mpack 1.5-9 NOTE: covered by DSA-141 CVE-2002-1424 - TODO: check + - mpack 1.5-9 + NOTE: covered by DSA-141 CVE-2002-1420 - TODO: check + NOTE: not-for-us (OpenBSD) CVE-2002-1419 - TODO: check + NOTE: not-for-us (IRIX on Origin) CVE-2002-1418 - TODO: check + NOTE: not-for-us (Novell NetBasic Scripting Server) CVE-2002-1417 - TODO: check + NOTE: not-for-us (Novell NetBasic Scripting Server) CVE-2002-1414 - TODO: check + - qmailadmin 1.0.6-1 CVE-2002-1413 - TODO: check + NOTE: not-for-us (RCONAG6 for Novell Netware SP2) CVE-2002-1412 + - gallery 1.3-3 NOTE: covered by DSA-138 CVE-2002-1407 - TODO: check + NOTE: not-for-us (TinySSL not in Debian) CVE-2002-1405 + - lynx 2.8.4.1b-4 NOTE: covered by DSA-210 CVE-2002-1403 + - dhcpd 1.3.22pl2-2 NOTE: covered by DSA-219 CVE-2002-1396 - TODO: check + - php4 4:4.3.2+rc3-1 + NOTE: according to http://www.securityfocus.com/bid/6488 + NOTE: woody is not vulnerable CVE-2002-1394 + - tomcat4 4.1.9-1 NOTE: covered by DSA-225 CVE-2002-1392 - TODO: check + - mgetty 1.1.30-1 + NOTE: woody version seems to be vulnerable see bug #199351 CVE-2002-1391 - TODO: check + - mgetty 1.1.30-1 + NOTE: woody version seems to be vulnerable see bug #199351 CVE-2002-1390 + - geneweb 4.09-1 NOTE: covered by DSA-223 CVE-2002-1389 + - typespeed 0.4.2-2 NOTE: covered by DSA-217 CVE-2002-1388 + - mhonarc 2.5.14-1 NOTE: covered by DSA-221 CVE-2002-1385 - TODO: check + - openwebmail 1.90-1 CVE-2002-1384 + - xpdf 2.01-2 NOTE: covered by DSA-222 CVE-2002-1382 - TODO: check + - flashplugin-nonfree 6.0.69-1 CVE-2002-1381 + - exim4 4.11-0.0.1 + NOTE: exim 3.x is still vulnerable in woody, sarge and sid see bug #171774 TODO: check CVE-2002-1380 + - kernel-source-2.2.25 NOTE: covered by DSA-336 CVE-2002-1377 + - vim 6.1.263-1 + NOTE: woody seems to be still vulnerable + NOTE: according to bug #178102 a fixed package was uploaded to the security team in January 2003 + NOTE: but no advisory (nor fixed package) have been published yet. + NOTE: I''ve mailed maintainer Luca Filipozzi <lfilipoz@debian.org> about this. TODO: check CVE-2002-1375 + - mysql-dfsg 4.0.7.gamma-1 NOTE: covered by DSA-212 CVE-2002-1374 + - mysql-dfsg 4.0.7.gamma-1 NOTE: covered by DSA-212 CVE-2002-1373 + - mysql-dfsg 4.0.7.gamma-1 NOTE: covered by DSA-212 CVE-2002-1372 + - cupsys 1.1.18-1 NOTE: covered by DSA-232 CVE-2002-1371 + - cupsys 1.1.18-1 NOTE: covered by DSA-232 CVE-2002-1369 + - cupsys 1.1.18-1 NOTE: covered by DSA-232 CVE-2002-1367 + - cupsys 1.1.18-1 NOTE: covered by DSA-232 CVE-2002-1366 + - cupsys 1.1.18-1 NOTE: covered by DSA-232 CVE-2002-1365 + - fetchmail 6.2.0-1 NOTE: covered by DSA-216 CVE-2002-1364 + - traceroute-nanog 6.3.0-1 NOTE: covered by DSA-254 CVE-2002-1363 + - libpng 1.0.12-7 + - libpng3 1.2.5-8 NOTE: covered by DSA-213 CVE-2002-1362 + - micq 0.4.9.4-1 + NOTE: micq not in sarge NOTE: covered by DSA-211 CVE-2002-1361 - -end claimed by djoume - + NOTE: not-for-us (sun) CVE-2002-1350 NOTE: covered by DSA-206 CVE-2002-1349 @@ -707,6 +741,9 @@ NOTE: covered by DSA-172 CVE-2002-1189 TODO: check + +end claimed by djoume + CVE-2002-1188 TODO: check CVE-2002-1187