Author: fw Date: 2005-10-30 22:26:27 +0000 (Sun, 30 Oct 2005) New Revision: 2619 Modified: data/CVE/list Log: Investigate a few bug reports. The htdig issue was a dupe, and the corresponding bug report is being closed. Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-10-30 21:41:50 UTC (rev 2618) +++ data/CVE/list 2005-10-30 22:26:27 UTC (rev 2619) @@ -485,7 +485,7 @@ - wget 1.10.2-1 (medium) - curl 7.15.0-1 (bug #333734; medium) CVE-2005-3239 (The OLE2 unpacker in clamd in ClamAV 0.87-1 allows remote attackers to ...) - - clamav <unfixed> (bug #333566) + - clamav <unfixed> (bug #333566; medium) CVE-2005-3181 (Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, ...) - linux-2.6 2.6.12-11 (low) NOTE: Might as well be 2.6.13-2, depending on the next upload @@ -692,8 +692,6 @@ NOTE: This looks quite strange, should be followed up, whether it''s really reproducible CVE-2005-XXXX [tar''s rmt command may have undesired side effects] - tar <unfixed> (bug #290435; low) -CVE-2005-XXXX [Unspecified vulnerability in htdig''s htsearch and qtest] - - htdig <unfixed> (bug #305996; unknown) CVE-2005-XXXX [clamav''s VERSION command does not return the currently loaded version] NOTE: no exploit vector, just bad info - clamav <unfixed> (bug #323803; unimportant) @@ -719,7 +717,8 @@ CVE-2004-XXXX [Insecure temp files in amanda''s chg-manual] - amanda <unfixed> (bug #226139; low) CVE-2004-XXXX [Potential buffer overflow in firebird2] - - firebird2 <unfixed> (bug #264453; unknown) + - firebird2 <unfixed> (bug #264453; low) + NOTE: very likely not exploitable CVE-2004-XXXX [Buffer overflow in wdm''s login] - wdm <unfixed> (bug #276218; low) CVE-2005-XXXX [Unsafe string landling in ldapdiff]