Author: jmm-guest
Date: 2005-12-04 15:15:27 +0000 (Sun, 04 Dec 2005)
New Revision: 2935
Modified:
data/CVE/list
Log:
more cleanups
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-04 14:55:52 UTC (rev 2934)
+++ data/CVE/list 2005-12-04 15:15:27 UTC (rev 2935)
@@ -10011,9 +10011,9 @@
CVE-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0
through ...)
NOT-FOR-US: Lotus Domino
CVE-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV
and ...)
- NOTE: Generic protocol flaw
+ NOT-FOR-US: Generic protocol flaw
CVE-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do
not ...)
- NOTE: Generic protocol flaw
+ NOT-FOR-US: Generic protocol flaw
CVE-2001-1442 (Buffer overflow in innfeed for ISC InterNetNews (INN) before
2.3.0 ...)
- inn2 2.3.3+20020922-1
- innfeed 0.10.1.7-7
@@ -10058,7 +10058,7 @@
CVE-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent
...)
NOT-FOR-US: Windows
CVE-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a
forwarding ...)
- NOT-FOR-US: Sun''s sendmail
+ - sendmail <not-affected> (Sun-specific)
CVE-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server
Editions ...)
NOT-FOR-US: Windows
CVE-1999-1578 (Buffer overflow in Registration Wizard ActiveX control
(regwizc.dll, ...)
@@ -10102,8 +10102,7 @@
CVE-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote
...)
NOT-FOR-US: Oracle
CVE-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200
...)
- NOTE: According to maintainer posting in debian-release this does only affect
1.190
- NOTE: and not the version in Sarge
+ - webmin 1.200-1
CVE-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file
while ...)
NOT-FOR-US: AIX
CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC)
in MIT ...)
@@ -10226,7 +10225,6 @@
CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through
4.11 ...)
NOT-FOR-US: Free BSD
CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in
...)
- NOTE: Has been removed from Sarge
- libsafe <unfixed> (bug #305070; medium)
CVE-2005-1124 (Unknown vulnerability in the libgss Generic Security Services
Library ...)
NOT-FOR-US: Solaris
@@ -10236,7 +10234,6 @@
NOT-FOR-US: monkeyd
CVE-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for
Oops! ...)
{DSA-726-1}
- NOTE: Not part of Sarge due to FTBFS on ia64 and alpha
- oops <unfixed> (bug #307360; high)
CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail
...)
- ilohamail <unfixed> (bug #304525; medium)
@@ -10264,12 +10261,11 @@
CVE-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows
remote ...)
{DSA-713-1}
- junkbuster <removed> (bug #304793)
- NOTE: checked privoxy, is not vulnerable
+ - privoxy <not-affected>
CVE-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
{DSA-713-1}
- NOTE: only part of Woody, has been removed from Sarge and sid
- NOT-FOR-US: Junkbuster
- NOTE: checked privoxy, is not vulnerable
+ - junkbuster <removed>
+ - privoxy <not-affected>
CVE-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs
for ...)
NOT-FOR-US: McAfee
CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey]
@@ -10357,12 +10353,10 @@
CVE-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local
users to ...)
NOT-FOR-US: Access_user class
CVE-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local
users ...)
- NOTE: the affected binary is not included in pine binary packages
- NOTE: and the maintainer refuses to maintain code that is not
- NOTE: see bug #304547
+ - pine 4.63-1 (unimportant)
+ NOTE: Not shipped in the binary package
CVE-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine
the ...)
- NOTE: we do not seem to be vulnerable; /var/cache/fonts is not
- NOTE: writiable by normal users in Debian, only by root.
+ - tetex-base <not-affected> (/var/cache/fonts is not writable by normal
users in Debian)
CVE-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before
1.1.7 ...)
- rsnapshot 1.2.1-1
CVE-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up
to ...)
@@ -10411,11 +10405,12 @@
CVE-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c
in PHP ...)
- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows
local ...)
- - kernel-source-2.6.11 2.6.11-1
- - kernel-source-2.6.8 2.6.8-16
- NOTE: does not affect 2.4.27 per horms
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ [sarge] - kernel-source-2.6.8 2.6.8-16
+ - kernel-source-2.4.27 <not-affected>
+ TODO: Check, when this was fixed
CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux
Desktop ...)
- NOTE: Debian is not affected; see bug # 310833
+ - netapplet <not-affected> (Not vulerable, see bug #310833)
CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1)
mkdir, ...)
- coreutils <unfixed> (bug #304556; low)
CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option,
allows ...)
@@ -10468,10 +10463,6 @@
CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename
escaping]
NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix
- imms 2.0.3-1
-CVE-2005-XXXX [Multiple non-descript problems in PHP4]
- NOTE: Reported by NGSS and fixed in 4.3.11, but they decided not to reveal the
- NOTE: details before July 12th. The security fixes are accompanied by dozens
of
- NOTE: non-security bugfixes, so it''s not obvious from the diff
either.
CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security
settings]
- smarty 2.6.9-1
CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp
client]
@@ -10540,7 +10531,6 @@
CVE-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when
decompressing a ...)
{DSA-752-1}
- gzip 1.3.5-10
- NOTE: Essentially the same as CVE-2005-0953
CVE-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before
5.0.50 ...)
NOT-FOR-US: IRC Services NickServ
CVE-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server
6.5.1, ...)
@@ -10562,7 +10552,9 @@
CVE-2005-0978 (Directory traversal vulnerability in the Object Push service in
IVT ...)
NOT-FOR-US: IVT BlueSoleil
CVE-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in
Linux ...)
- - kernel-source-2.6.8 2.6.8-16 (bug #303177)
+ TODO: Check 2.4 and when this was fixed upstream
+ [sarge] - kernel-source-2.6.8 2.6.8-16 (bug #303177)
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products
such as ...)
NOT-FOR-US: Apple
CVE-2005-0975 (Integer signedness error in the parse_machfile function in the
mach-o ...)
@@ -10584,7 +10576,7 @@
CVE-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service
...)
- gaim 1:1.2.1-1
CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
- NOTE: Was once part of Debian, but has been removed
+ - openwebmail <removed>
CVE-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier
versions, ...)
- gaim 1:1.2.1-1 (bug #303581)
CVE-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly
...)
@@ -10699,7 +10691,9 @@
NOT-FOR-US: EncapsBB
CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64
architectures with ...)
- kernel-source-2.6.8 2.6.8-16
- NOTE: 2.4 doesn''t seem to be vulnerable
+ - kernel-source-2.4.27 <not-affected>
+ TODO: Check, when this was fixed
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to
...)
NOT-FOR-US: Webmasters-Debutants WD Guestbook
CVE-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG
Dragonfly ...)