Moritz Muehlenhoff
2005-Nov-02 09:26 UTC
[Secure-testing-commits] r2642 - in data: CVE DSA
Author: jmm-guest
Date: 2005-11-02 09:26:18 +0000 (Wed, 02 Nov 2005)
New Revision: 2642
Modified:
data/CVE/list
data/DSA/list
Log:
junkbuster update (a bug has been filed against it claiming it''s
unfixed, sent followup)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-02 09:20:21 UTC (rev 2641)
+++ data/CVE/list 2005-11-02 09:26:18 UTC (rev 2642)
@@ -8549,8 +8549,7 @@
NOT-FOR-US: Sumus web server
CVE-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows
remote ...)
{DSA-713-1}
- NOTE: only part of Woody, has been removed from Sarge and sid
- NOT-FOR-US: Junkbuster
+ - junkbuster <removed>
NOTE: checked privoxy, is not vulnerable
CVE-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
{DSA-713-1}
Modified: data/DSA/list
==================================================================---
data/DSA/list 2005-11-02 09:20:21 UTC (rev 2641)
+++ data/DSA/list 2005-11-02 09:26:18 UTC (rev 2642)
@@ -774,8 +774,7 @@
NOTE: only a bug in the backported fix to stable, testing is ok
[21 Apr 2005] DSA-713-1 junkbuster - several
{CVE-2005-1108 CVE-2005-1109}
- [woody] - junkbuster 2.0.2-0.2woody1
- NOTE: package not in testing/unstable
+ [woody] - junkbuster 2.0.2-0.2woody1 (bug #304793)
[19 Apr 2005] DSA-712-1 geneweb - insecure file operations
{CVE-2005-0391}
[woody] - geneweb 4.06-2woody1