Author: fw
Date: 2005-11-17 14:58:04 +0000 (Thu, 17 Nov 2005)
New Revision: 2775
Modified:
data/CVE/list
Log:
Sort out conflicting version annotations. CVE-2005-0870 was not
completely fixed by phpsysinfo 2.3-3. The OpenSSL versions for
CVE-2004-0079 and CVE-2004-0081 have been corrected based on the
official advisories (note that 0.9.6d-1 is not a typo).
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-17 14:54:01 UTC (rev 2774)
+++ data/CVE/list 2005-11-17 14:58:04 UTC (rev 2775)
@@ -9419,8 +9419,8 @@
NOT-FOR-US: Topic Calendar phpbb2 plugin
CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in
phpSysInfo 2.3, ...)
{DSA-897-1 DSA-724-1}
- TODO: Double-check, according to 2.3-7 changelog only fixed in -7?
- - phpsysinfo 2.3-3
+ NOTE: Fix in phpsysinfo 2.3-3 was apparently incomplete.
+ - phpsysinfo 2.3-7
- egroupware 1.0.0.009.dfsg-3-3
- phpgroupware 0.9.16.008-2
CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive
information ...)
@@ -15541,11 +15541,11 @@
- xfree86 4.3.0-2
CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown
message ...)
{DSA-465}
- - openssl <not-affected> (Not affected per DSA-465)
- - openssl096 0.9.6m-1
+ - openssl 0.9.6d-1
CVE-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k,
and ...)
{DSA-465}
- openssl 0.9.7d-1
+ - openssl096 0.9.6m-1
CVE-2004-0076
REJECTED
CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to
gain ...)
@@ -18906,7 +18906,8 @@
NOT-FOR-US: os x
CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute
arbitrary ...)
{DSA-446}
- - synaesthesia <not-affected> (synaesthesia no longer setuid)
+ TODO: synaesthesia is no longer setuid.
+ TODO: Maintainer has been contacted to get the exact version.
CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote
authenticated ...)
{DSA-447}
- hsftp 1.15-1