thr3ads.net - Secure testing commits - [Secure-testing-commits] r62

If this information is useful, please help other people find it:
Share via:
SALVETTI Djoum??
2004-Nov-02 22:39 UTC
[Secure-testing-commits] r62 - sarge-checks/CVE

Author: djoume-guest
Date: 2004-11-02 15:39:20 -0700 (Tue, 02 Nov 2004)
New Revision: 62

Modified:
   sarge-checks/CVE/list
Log:
processed a block of CVEs
claimed a little bit more CVEs


Modified: sarge-checks/CVE/list
==================================================================---
sarge-checks/CVE/list	2004-11-02 17:47:20 UTC (rev 61)
+++ sarge-checks/CVE/list	2004-11-02 22:39:20 UTC (rev 62)
@@ -172,75 +172,131 @@
 begin claimed by djoume
 
 CVE-2003-1328
+	NOTE: not-for-us (windows)
 CVE-2003-1326
+	NOTE: not-for-us (windows)
 CVE-2003-1022
+	- fsp 2.81.b18-1
+	NOTE: covered by DSA-416
 CVE-2003-0994
+	NOTE: not-for-us (norton)
 CVE-2003-0993
+	- apache 1.3.29.0.2-4
 CVE-2003-0991
+	- mailman 2.1-1
 	NOTE: covered by DSA-436
+	NOTE: don''t know if still vulnerable
+	NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this. 
+	NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable
 CVE-2003-0988
+	- kdepim 3.1.5-1
 CVE-2003-0985
+	NOTE: fixed in 2.4.24-rc1
 	NOTE: covered by DSA-413
 CVE-2003-0969
+	- mpg321 0.2.10.3
 	NOTE: covered by DSA-411
 CVE-2003-0966
+	NOTE: not-for-us (elm)
 CVE-2003-0924
+	- netpbm-free 2:9.25-9
 	NOTE: covered by DSA-426
 CVE-2003-0905
+	NOTE: not-for-us (microsoft)
 CVE-2003-0903
+	NOTE: not-for-us (microsoft)
 CVE-2003-0825
+	NOTE: not-for-us (microsoft)
 CVE-2003-0145
+	- tcpdump 3.7.2-1
 	NOTE: covered by DSA-261
 CVE-2003-0143
+	- qpopper 4.0.4-9
 	NOTE: covered by DSA-259
 CVE-2003-0125
+	NOTE: not-for-us (SOHO Routefinder)
 CVE-2003-0124
+	NOTE: not-for-us (man before 1.51)
 CVE-2003-0123
+	NOTE: not-for-us (lotus notes)
 CVE-2003-0122
+	NOTE: not-for-us (lotus notes)
 CVE-2003-0120
+	- mhc 0.25+20030224-1
 	NOTE: covered by DSA-256
 CVE-2003-0108
+	- tcpdump 3.7.1-1.2
 	NOTE: covered by DSA-255
 CVE-2003-0107
+	- zlib 1.1.4-10	
 CVE-2003-0104
+	NOTE: not-for-us (peopletools)
 CVE-2003-0103
+	NOTE: not-for-us (nokia handset)
 CVE-2003-0102
+	- file 3.40-1.1
 	NOTE: covered by DSA-260
 CVE-2003-0100
+	NOTE: not-for-us (cisco)
 CVE-2003-0097
+	- php4 4.3.2+rc3-1
 CVE-2003-0095
+	NOTE: not-for-us (oracle)
 CVE-2003-0094
+	NOTE: not-for-us (mandrake specific)
 CVE-2003-0093
+	- tcpdump 3.7.1-1
 	NOTE: covered by DSA-261
 CVE-2003-0088
+	NOTE: not-for-us (macosX)
 CVE-2003-0087
+	NOTE: not-for-us (AIX)
 CVE-2003-0081
+	- ethereal 0.9.9-2
 	NOTE: covered by DSA-258
 CVE-2003-0079
+	NOTE: not-for-us (hanterm before 2.0.5)
 CVE-2003-0078
+	- openssl 0.9.7a-1
 	NOTE: covered by DSA-253
 CVE-2003-0077
+	NOTE: not-for-us (hanterm before 2.0.5)
 CVE-2003-0075
+	NOTE: not-for-us (blade encoder not in Debian)
 CVE-2003-0073
+	- mysql 4.0.12-2
 	NOTE: covered by DSA-303
 CVE-2003-0071
+	- xfree86 4.2.1-11
 	NOTE: covered by DSA-380
 CVE-2003-0070
+	- vte 0.11.10-1
 CVE-2003-0069
+	- putty 0.54-1
 CVE-2003-0068
+	- eterm 0.9.2-6
 	NOTE: covered by DSA-496
 CVE-2003-0067
+	NOTE: don''t know if still vulnerable
+	NOTE: I have mailed Göran Weinholt <weinholt@debian.org> about this. 
+	TODO: check
 CVE-2003-0066
+	- rxvt 2.6.4-6.1
+	NOTE: woody version are still vulnerable.
 CVE-2003-0065
+	NOTE: not-for-us (uxterm not in Debian)
 CVE-2003-0064
+	NOTE: not-for-us (dtterm not in Debian)
 CVE-2003-0063
+	- xfree86 4.2.1-11
 	NOTE: covered by DSA-380
 CVE-2003-0062
+	NOTE: not-for-us (NOD32 not in Debian)
 CVE-2003-0059
+	TODO: unchecked
 CVE-2003-0058
+	TODO: unchecked
 
-end claimed by djoume
-
 CVE-2003-0055
 CVE-2003-0054
 CVE-2003-0053
@@ -280,6 +336,9 @@
 CVE-2003-0004
 CVE-2003-0003
 CVE-2003-0002
+
+end claimed by djoume
+
 CVE-2002-1574
 CVE-2002-1560
 CVE-2002-1552
@@ -3259,4 +3318,4 @@
 CVE-1999-0006
 CVE-1999-0005
 CVE-1999-0003
-CVE-1999-0002
+aVE-1999-0002
Secure testing commits - Nov 2004 - r62 - sarge-checks/CVE

[Secure-testing-commits] r62 - sarge-checks/CVE
