Author: djoume-guest Date: 2004-11-12 04:11:39 -0700 (Fri, 12 Nov 2004) New Revision: 110 Modified: sarge-checks/CVE/list Log: * processed some CVEs. Modified: sarge-checks/CVE/list ==================================================================--- sarge-checks/CVE/list 2004-11-12 07:43:27 UTC (rev 109) +++ sarge-checks/CVE/list 2004-11-12 11:11:39 UTC (rev 110) @@ -336,15 +336,17 @@ CVE-2003-0023 NOTE: I''m not sure if this is fix in rxvt 2.6.4-6.1 NOTE: I''ve mailed maintainers + NOTE: No response from maintainers, I''ve open bug #280873 TODO: check CVE-2003-0022 NOTE: I''m not sure if this is fix in rxvt 2.6.4-6.1 NOTE: I''ve mailed maintainers + NOTE: No response from maintainers, I''ve open bug #280873 TODO: check CVE-2003-0021 - NOTE: I''m not sure if this is fix in eterm 0.9.2-6 - NOTE: I''ve mailed maintainers - TODO: check + - eterm 0.9.2-1 + NOTE: According to upstream changelog and http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2 + NOTE: this is fixed in eterm 0.9.2 CVE-2003-0020 - apache 1.3.29.0.2-4 CVE-2003-0019 @@ -399,83 +401,96 @@ CVE-2002-1538 NOTE: not-for-us (acusend not in Debian) CVE-2002-1537 - TODO: check + - phpbb2 2.0.6c-1 + NOTE: according to http://www.securityfocus.com/archive/1/297419 + NOTE: phpBB versions above 2.0.0 are not vulnerable. CVE-2002-1534 + NOTE: Don''t know if macromedia flash player is still vulnerable + NOTE: see: http://www.securityfocus.com/archive/1/294206 TODO: check CVE-2002-1532 - TODO: check + NOTE: not-for-us (surfcontrol) CVE-2002-1531 - TODO: check + NOTE: not-for-us (surfcontrol) CVE-2002-1530 - TODO: check + NOTE: not-for-us (surfcontrol) CVE-2002-1529 - TODO: check + NOTE: not-for-us (surfcontrol) CVE-2002-1528 - TODO: check + NOTE: not-for-us (mondosearch) CVE-2002-1524 - TODO: check + NOTE: not-for-us (winamp) CVE-2002-1521 - TODO: check + NOTE: not-for-us (webserver 4D) CVE-2002-1520 - TODO: check + NOTE: not-for-us (WatchGuard) CVE-2002-1519 - TODO: check + NOTE: not-for-us (WatchGuard) CVE-2002-1518 - TODO: check + NOTE: not-for-us (IRIX) CVE-2002-1517 - TODO: check + NOTE: not-for-us (IRIX) CVE-2002-1516 - TODO: check + NOTE: not-for-us (IRIX) CVE-2002-1514 - TODO: check + NOTE: not-for-us (interbase) CVE-2002-1513 - TODO: check + NOTE: not-for-us (OpenVMS) CVE-2002-1511 - TODO: check + - vnc 3.3.3r2-21 CVE-2002-1510 - TODO: check + - xfree86 4.1.0-7 CVE-2002-1509 - TODO: check + NOTE: not-for-us (redhat and mandrake only) CVE-2002-1505 - TODO: check + NOTE: not-for-us (WoltLab Burning Board not in Debian) CVE-2002-1502 - TODO: check + NOTE: not-for-us (xbreaky not in Debian) CVE-2002-1501 - TODO: check + NOTE: not-for-us (Enterasys) CVE-2002-1497 - TODO: check + NOTE: not-for-us (Null HTTP Server not in Debian) CVE-2002-1496 - TODO: check + NOTE: not-for-us (Null HTTP Server not in Debian) CVE-2002-1494 - TODO: check + NOTE: not-for-us (Aestiva) CVE-2002-1493 - TODO: check + NOTE: not-for-us (Lycos) CVE-2002-1491 - TODO: check + NOTE: not-for-us (Cisco VPN 5000 Client for MacOS) CVE-2002-1490 - TODO: check + NOTE: not-for-us (NetBSD) CVE-2002-1479 - TODO: check + - cacti 0.6.8-1 CVE-2002-1478 + - cacti 0.6.8a-2 NOTE: covered by DSA-164 CVE-2002-1477 + - cacti 0.6.8a-2 NOTE: covered by DSA-164 CVE-2002-1476 - TODO: check + NOTE: not-for-us (NetBSD) CVE-2002-1472 - TODO: check + - xfree86 4.2.1-1 + NOTE: Accordong to http://www.securityfocus.com/bid/5735/info/ + NOTE: woody is still vulnerable + NOTE: open bug #280872 CVE-2002-1471 - TODO: check + - evolution 1.2.0-1 + NOTE: woody seems to be still vulnerable + NOTE: open bug #280883 CVE-2002-1469 - TODO: check + - scponly 3.8-1 + NOTE: according to http://sublimation.org/scponly/ (scponly home page) + NOTE: only versions of scponly older than scponly-2.4 are affected CVE-2002-1468 - TODO: check + NOTE: not-for-us (AIX) CVE-2002-1463 - TODO: check + NOTE: not-for-us (symantec) CVE-2002-1448 - TODO: check + NOTE: not-for-us (Avaya P330, P130, and M770-ATM Cajun products) CVE-2002-1447 - TODO: check + NOTE: not-for-us (Cisco vpn client for UNIX) CVE-2002-1446 TODO: check CVE-2002-1443