Secure testing commits - Nov 2005 - r2813 - data/CVE

Author: jmm-guest
Date: 2005-11-21 16:01:37 +0000 (Mon, 21 Nov 2005)
New Revision: 2813

Modified:
   data/CVE/list
Log:
new cscope issue
new unimportant xboard issue
new already fixed samba issue
lots of NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2005-11-21 15:42:08 UTC (rev 2812)
+++ data/CVE/list	2005-11-21 16:01:37 UTC (rev 2813)
@@ -107,44 +107,43 @@
 	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly
be rejected
 CVE-2005-3665
 	RESERVED
-begin claimed by jmm
 CVE-2004-2558 (Unspecified vulnerability in IBM Tivoli SecureWay Policy
Director 3.8, ...)
-	TODO: check
+	NOT-FOR-US: Tivoli
 CVE-2004-2557 (NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a
...)
-	TODO: check
+	NOT-FOR-US: Netgear hardware
 CVE-2004-2556 (NetGear WG602 (aka WG602v1) Wireless Access Point firmware
1.04.0 and ...)
-	TODO: check
+	NOT-FOR-US: Netgear hardware
 CVE-2004-2555 (Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME
uses ...)
-	TODO: check
+	NOT-FOR-US: FoolProof Security
 CVE-2004-2554 (Novell Client Firewall (NCF) 2.0, as based on the Agnitum
Outpost ...)
-	TODO: check
+	NOT-FOR-US: Novell Client Firewall
 CVE-2004-2553 (The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2
allows ...)
-	TODO: check
+	NOT-FOR-US: ignitionServer
 CVE-2004-2552 (Buffer overflow in XBoard 4.2.7 and earlier might allow local
users to ...)
-	TODO: check
+	- xboard <unfixed> (unimportant)
+	TODO: hardly exploitable, should be fixed anyway
 CVE-2004-2551 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1
allow ...)
-	TODO: check
+	NOT-FOR-US: Layton HelpBox
 CVE-2004-2550 (Multiple cross-site scripting (XSS) vulnerabilities in
unspecified ...)
-	TODO: check
+	NOT-FOR-US: SandSurfer
 CVE-2004-2549 (Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and
2225 ...)
-	TODO: check
+	NOT-FOR-US: Nortel hardware
 CVE-2004-2548 (Multiple cross-site scripting (XSS) vulnerabilities in NetWin
(1) ...)
-	TODO: check
+	NOT-FOR-US: SurgeMail
 CVE-2004-2547 (NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote
...)
-	TODO: check
+	NOT-FOR-US: SurgeMail
 CVE-2004-2546 (Multiple memory leaks in Samba before 3.0.6 allow attackers to
cause a ...)
-	TODO: check
+	- samba 3.0.6-1
 CVE-2004-2545 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Sidewinder G2
 CVE-2004-2544 (Admin Console in Secure Computing Corporation Sidewinder G2
6.1.0.01 ...)
-	TODO: check
+	NOT-FOR-US: Sidewinder G2
 CVE-2004-2543 (Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow
remote ...)
-	TODO: check
+	NOT-FOR-US: Sidewinder G2
 CVE-2004-2542 (Multiple SQL injection vulnerabilities in Dynix (formerly known
as ...)
-	TODO: check
+	NOT-FOR-US: Dynix WebPac
 CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows,
...)
-	TODO: check
-end claimed by jmm
+	- cscope <unfixed> (bug filed; medium)
 CVE-2005-XXXX [unsafe file permissions in vpnc]
 	- vpnc <unfixed> (bug #340105; medium)
 CVE-2005-XXXX [Insecure tempfiles in libjpeg]