Author: jmm-guest
Date: 2005-12-04 17:27:45 +0000 (Sun, 04 Dec 2005)
New Revision: 2936
Modified:
data/CVE/list
Log:
syntax conversions
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-04 15:15:27 UTC (rev 2935)
+++ data/CVE/list 2005-12-04 17:27:45 UTC (rev 2936)
@@ -10816,9 +10816,7 @@
CVE-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4
Koobi ...)
NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- NOTE: the hole was introduced in 0.9.4.3; I suppose that having
- NOTE: this package be orphaned and not get updated for years from 0.9.2
- NOTE: is good for _something_ after all :-P
+ - dcl 1:0.9.4.4-1
CVE-2005-0887 (Code injection vulnerability in Double Choco Latte before
0.9.4.3 ...)
- dcl 1:0.9.4.4-1
CVE-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board
2.0.2 ...)
@@ -10860,14 +10858,13 @@
- egroupware 1.0.0.009.dfsg-3-3
- phpgroupware 0.9.16.008-2
CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive
information ...)
- NOTE: phpsysinfo maintainer does not consider path disclosure to
- NOTE: be a bug. See bug #301118.
+ - phpsysinfo <unfixed> (bug #301118; unimportant)
CVE-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by
(1) ...)
- NOTE: checked tn5250, apparently the only AS/400 emulator in debian
- NOTE: cannot find STRPCO or STRPCCMD in tn5250.
+ - tn5250 <not-affected> (cannot find STRPCO or STRPCCMD in tn5250)
CVE-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to
overwrite ...)
- NOTE: According to Horms from the Debian kernel team 2.6.8 and 2.6.11 are not
- NOTE: affected, 2.4 doesn''t include sysfs anyway, see 306137
+ - kernel-source-2.4.27 <not-affected> (kernel 2.4 doesn''t have
sysfs)
+ - linux-2.6 <not-affected> (Fixed before upload into archive)
+ [sarge] - kernel-source-2.6.8 <not-affected> (Not vulnerable, see
#306137)
CVE-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users
to ...)
- cdrtools 4:2.01+01a01-4
CVE-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to
bypass ...)
@@ -10879,8 +10876,7 @@
CVE-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar
before 1.5 ...)
NOT-FOR-US: Mike Spice My Calendar
CVE-2002-1625 (Macromedia Flash Player 6 does not terminate connections when
the user ...)
- NOTE: fixed in macromedia flash shortly after discovery 3 years ago
- NOTE: did not check the other flash players in debian for this
+ - flashplugin-nonfree 6.0.61.0-1
CVE-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when
...)
NOT-FOR-US: Lotus Domino
CVE-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when
using ...)
@@ -10964,7 +10960,7 @@
CVE-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to
obtain ...)
NOT-FOR-US: GoAhead Web Server
CVE-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11,
when ...)
- NOTE: HAVE_BRAILLE not set in binary build
+ - screen <not-affected> (HAVE_BRAILLE not set in binary build)
CVE-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email
...)
NOT-FOR-US: SurgeMail
CVE-2005-0845 (Directory traversal vulnerability in the Webmail interface in
...)
@@ -10980,7 +10976,8 @@
CVE-2005-0840
REJECTED
CVE-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the
N_MOUSE ...)
- - kernel-source-2.6.8 2.6.8-16
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
+ [sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may
allow ...)
- icecast2 <unfixed> (bug #301368; low)
CVE-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser
and ...)
@@ -11055,9 +11052,8 @@
NOT-FOR-US: Solaris
CVE-2005-0815 (Multiple "range checking flaws" in the ISO9660
filesystem handler in ...)
- kernel-source-2.4.27 2.4.27-10 (bug #300783; medium)
- - linux-2.6 2.6.12-1 (bug #300783; medium)
- - kernel-source-2.6.8 2.6.8-16
- NOTE: Fixed upstream in 2.6.12-rc1
+ - linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.12-rc1)
+ [sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before
2.0.1 ...)
{DSA-717-1}
- lsh-utils 2.0.1-1
@@ -11156,8 +11152,7 @@
- rxvt-unicode 5.3-1
CVE-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier
may ...)
{DSA-698-1}
- NOTE: Seems to be a "fix the fix", correcting a previous DSA.
- NOTE: Mainline mc is apparently not affected.
+ - mc <not-affected> (Sarge-specific regression correcting a previous
DSA)
CVE-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick
before 6.0 ...)
{DSA-702-1}
- imagemagick 5:6.0.0-1
@@ -11178,14 +11173,12 @@
- bzip2 1.0.2-8.1 (bug #321286; medium)
CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise
Linux ...)
- kernel-source-2.4.27 2.4.27-11 (bug #311164)
- - kernel-source-2.6.8 2.6.8-17
- - linux-2.6 2.6.12-1
+ [sarge] - kernel-source-2.6.8 2.6.8-17
+ - linux-2.6 <not-affected> (Fixed before upload in archive)
CVE-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64
...)
- kernel-source-2.4.27 2.4.27-11 (medium)
- - kernel-source-2.6.8 2.6.8-17 (medium)
- - kernel-source-2.6.11 2.6.11-7 (medium)
- - linux-2.6 2.6.12-1 (medium)
- NOTE: Commited to kernel 2.6 git on 2005-05-20, between .12-rc4 and .12-rc5
+ [sarge] - kernel-source-2.6.8 2.6.8-17 (medium)
+ - linux-2.6 <not-affected> (Fixed before upload into archive;
2.6.12-rc5)
CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix
Player ...)
- helix-player 1.0.4-1
CVE-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files
without ...)
@@ -11199,10 +11192,12 @@
REJECTED
CVE-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux
kernel ...)
- kernel-source-2.4.27 2.4.27-10
- - kernel-source-2.6.8 2.6.8-16
+ [sarge] - kernel-source-2.6.8 2.6.8-16
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
CVE-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows
local ...)
- - kernel-source-2.6.8 2.6.8-16
+ [sarge] - kernel-source-2.6.8 2.6.8-16
- kernel-source-2.4.27 2.4.27-10
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
CVE-2003-1131 (PHP remote code injection vulnerability in index.php in ...)
NOT-FOR-US: ActiveCampaign KnowledgeBuilder
CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the
Adobe ...)
@@ -11247,7 +11242,7 @@
CVE-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows
attackers ...)
NOT-FOR-US: Novell iChain
CVE-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS
2.0.9.2 ...)
- NOT-FOR-US: XOOPS
+ - xoops <itp> (bug #207640)
CVE-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
NOT-FOR-US: Sun Java System Application Server
CVE-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0
RC1 ...)
@@ -11262,9 +11257,9 @@
CVE-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to
execute ...)
NOT-FOR-US: Yahoo Messenger
CVE-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux
kernel 2.6 ...)
- NOTE: 2.6 through .11
- NOTE: There is no epoll in 2.4
- - kernel-source-2.6.8 2.6.8-14
+ - kernel-source-2.4.27 <not-affected> (There is no epoll in kernel 2.4)
+ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.1)
+ [sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain
...)
NOT-FOR-US: newsscript
CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
@@ -11350,7 +11345,7 @@
CVE-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix,
when the ...)
NOT-FOR-US: SSH Tectia Server
CVE-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a
...)
- NOTE: does not affect openssh
+ - openssh <not-affected>
CVE-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions
allows ...)
- setiathome 3.04
CVE-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and
RealSystem ...)