Author: fw Date: 2005-10-21 11:56:43 +0000 (Fri, 21 Oct 2005) New Revision: 2530 Modified: data/CVE/list Log: Some bits from bugs-dist. Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-10-21 11:54:16 UTC (rev 2529) +++ data/CVE/list 2005-10-21 11:56:43 UTC (rev 2530) @@ -41,7 +41,9 @@ CVE-2005-XXXX [Filter information disclosure in mantis] - mantis <unfixed> (bug #330682; low) CVE-2005-3258 (The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and ...) - - squid <unfixed> (bug #334882; medium) + - squid <not-affected> (bug #334882; medium) + NOTE: Bug was introduced in a patch to squid-2.5.STABLE10, + NOTE: this patch was never applied to the Debian package. CVE-2005-XXXX [Lots of vulnerabilities in ethereal] - ethereal <unfixed> (bug #334880; medium) CVE-2005-XXXX [libmad: Assertion failed; buffer overflow] @@ -7536,7 +7538,9 @@ CVE-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...) NOT-FOR-US: bBlog CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...) - NOTE: upstream says attack won''t work, see bug 307575 + - courier <unfixed> (bug #307575; medium) + NOTE: Upstream explanation looks wrong, not all code paths perform + NOTE: escaping. CVE-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local users to ...) NOT-FOR-US: Adobe Version Cue CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...)