Author: fw
Date: 2005-10-24 14:43:54 +0000 (Mon, 24 Oct 2005)
New Revision: 2555
Modified:
data/CVE/list
Log:
Add a couple of sid versions for packages which were vulnerable in the
past.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-10-24 14:43:04 UTC (rev 2554)
+++ data/CVE/list 2005-10-24 14:43:54 UTC (rev 2555)
@@ -12906,7 +12906,7 @@
- arla 0.36.2-11
CVE-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip
package, as ...)
{DSA-588-1}
- - gzip <not-affected> (recent versions not vulnerable as our version
uses set -C)
+ - gzip 1.3.5-8 (bug #259043; bug #257314; medium)
CVE-2004-0969 (The groffer script in the Groff package 1.18 and later versions,
as ...)
- groff 1.18.1.1-2
CVE-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local
users to ...)
@@ -13678,7 +13678,8 @@
NOT-FOR-US: JRun
CVE-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv
library ...)
{DSA-579-1 DSA-550-1}
- - abiword <not-affected> (According to DSA-759 sid is not affected)
+ - abiword 2.0.8
+ NOTE: fixed version of abiword based on
http://xforce.iss.net/xforce/xfdb/16660
CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for
MIT ...)
{DSA-543-1}
CVE-2004-0643 (Double-free vulnerability in the krb5_rd_cred function for MIT
...)