Author: jmm-guest
Date: 2005-11-21 20:41:10 +0000 (Mon, 21 Nov 2005)
New Revision: 2817
Modified:
data/CVE/list
Log:
sylpheed CVEfied + several NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-11-21 20:35:18 UTC (rev 2816)
+++ data/CVE/list 2005-11-21 20:41:10 UTC (rev 2817)
@@ -478,11 +478,11 @@
CVE-2005-3531
RESERVED
CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Antville
CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2
allows ...)
- TODO: check
+ NOT-FOR-US: TikiWiki
CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in
tiki-view_forum_thread.php ...)
- TODO: check
+ NOT-FOR-US: TikiWiki
CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6
allows ...)
- linux-2.6 <unfixed>
NOTE: Pinged Horms and Dannf
@@ -855,11 +855,6 @@
- courier 0.47-12 (bug #211920; medium)
CVE-2005-XXXX [double free() in libungif]
- libungif4 4.1.4-1 (bug #338542; medium)
-CVE-2005-XXXX [Buffer overflows in Sylpheed''s address book import]
- - sylpheed <unfixed> (bug #338434; medium)
- - sylpheed-gtk1 1.0.6-1 (medium)
- - sylpheed-claws <unfixed> (bug #338436; medium)
- - sylpheed-claws-gtk2 (bug #339529; medium)
CVE-2005-XXXX [webcalendar''s password visible to local users through
debconf]
- webcalendar <unfixed> (bug #337624)
CVE-2005-3523 (Format string vulnerability in friendsd2 in GpsDrive allows
remote ...)
@@ -1150,7 +1145,10 @@
{DSA-901-1}
- gnump3d 2.9.8-1
CVE-2005-3354 (Stack-based buffer overflow in the ldif_get_line function in
ldif.c of ...)
- TODO: check
+ - sylpheed <unfixed> (bug #338434; medium)
+ - sylpheed-gtk1 1.0.6-1 (medium)
+ - sylpheed-claws <unfixed> (bug #338436; medium)
+ - sylpheed-claws-gtk2 (bug #339529; medium)
CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before
4.4.1 ...)
- php4 <unfixed> (bug #339577; medium)
TODO: Check php5
@@ -1266,7 +1264,7 @@
CVE-2005-3315 (Multiple SQL injection vulnerabilities in Novell ZENworks Patch
...)
NOT-FOR-US: Novell ZENworks
CVE-2005-3314 (Stack-based buffer overflow in the IMAP deamon in Novell Netmail
3.5.2 ...)
- TODO: check
+ NOT-FOR-US: Novell Netmail
CVE-2005-3313 (The IRC protocol dissector in Ethereal 0.10.13 allows remote
attackers ...)
- ethereal <unfixed> (bug #334880; medium)
TODO: This supposedly fixed after the 13 release, separate bug might be
necessary
@@ -2785,13 +2783,13 @@
CVE-2005-2757
RESERVED
CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-complicit attackers to
...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-complicit
attackers to ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows
user-complicit ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows
user-complicit ...)
- TODO: check
+ NOT-FOR-US: Apple QuickTime
CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier
does ...)
NOT-FOR-US: Mac OS X
CVE-2005-2751 (memberd in Mac OS X 10.4 up to 10.4.2, in certain situations,
does not ...)