Author: fw
Date: 2005-12-06 21:52:44 +0000 (Tue, 06 Dec 2005)
New Revision: 2956
Modified:
data/CVE/list
Log:
CVE-2005-3897: NOT-FOR-US does not allow package annotations.
CVE-2004-2097: fvwm-gnome is a binary package built by fvwm
CVE-2001-1473: Not really NOT-FOR-US:, unfixable protocol issue
CVE-2005-0763: Cannot use <not-affected> due to ordering check
CVE-2003-0039: Record the version Flo''s patch was applied.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2005-12-06 21:40:29 UTC (rev 2955)
+++ data/CVE/list 2005-12-06 21:52:44 UTC (rev 2956)
@@ -354,7 +354,7 @@
REJECTED
CVE-2005-3897 (Apple Safari 2.0.2 allows remote attackers to cause a denial of
...)
NOT-FOR-US: Safari
- - konqueror <not-affected> (doesn''t affect 4:3.4.2-4)
+ NOTE: Not reproducible with konqueror 4:3.4.2-4.
CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service
(CPU ...)
TODO: File a bug against mozilla
CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0
...)
@@ -8019,7 +8019,6 @@
NOT-FOR-US: Banner engine
CVE-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to
overwrite ...)
- fvwm <not-affected> (Used mktemp)
- - fvwm-gnome <not-affected> (Used mktemp)
- x-base-clients <not-affected> (x11perfcomp uses mkdir atomically)
- lvm10 <not-affected> (does not contain lvmcreate_initrd)
CVE-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd
0.6.0 ...)
@@ -10135,7 +10134,7 @@
CVE-2001-1474 (SSH before 2.0 disables host key checking when connecting to the
...)
NOT-FOR-US: Commercial SSH
CVE-2001-1473 (The SSH-1 protocol allows remote servers conduct
man-in-the-middle ...)
- NOR-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the SSH2
protocol
+ NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol.
CVE-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and
1.4.1 ...)
- phpbb2 2.0.6c-1
CVE-2001-1471 (prefs.php in phpBB 1.4.0 and earlier allows remote authenticated
users ...)
@@ -11335,7 +11334,7 @@
- rxvt-unicode 5.3-1
CVE-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier
may ...)
{DSA-698-1}
- - mc <not-affected> (Sarge-specific regression correcting a previous
DSA)
+ NOTE: Sarge-specific regression correcting a previous DSA.
CVE-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick
before 6.0 ...)
{DSA-702-1}
- imagemagick 5:6.0.0-1
@@ -20997,7 +20996,8 @@
- courier-ssl 0.40.2-3
CVE-2003-0039 (ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other
...)
{DSA-245}
- - dhcp3 1.1.2-1
+ - dhcp3 3.0+3.0.1rc11-3
+ NOTE: Version information in DSA is wrong.
CVE-2003-0033 (Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x
before ...)
{DSA-297}
- snort 2.0.0-1