Author: fw Date: 2005-10-24 14:18:13 +0000 (Mon, 24 Oct 2005) New Revision: 2552 Modified: data/CVE/list Log: Some work on CVE-2005-XXXX issues (a few CVE assignments will hopefully follow) Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-10-24 12:35:07 UTC (rev 2551) +++ data/CVE/list 2005-10-24 14:18:13 UTC (rev 2552) @@ -56,6 +56,7 @@ NOTE: second hole mentioned in bug report CVE-2005-XXXX [HTTP Request smuggling in pound] - pound 1.9.4-1 + NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000 CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...) - linux-2.6 2.6.12-2 CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in ...) @@ -478,8 +479,6 @@ CVE-2004-XXXX [Minor dialog box origin spoofing vulnerability in Konqueror] - kdebase 4:3.3.1-1 (bug #278002; low) TODO: According to http://secunia.com/secunia_research/2004-10/advisory/ Firefox and Mozilla aff. as well -CVE-2005-XXXX [apt-listchanges does not drop privs, spawned pagers may permit execution of further commands] - NOTE: #318736 is not a valid bug, closed CVE-2003-XXXX [Incomplete reporting of failed logins in login] - login 1:4.0.3-36 (bug #192849) CVE-2004-XXXX [slapd debconfage writes password to world readable file under certain circumstances]