Author: jmm-guest Date: 2005-12-25 11:17:23 +0000 (Sun, 25 Dec 2005) New Revision: 3159 Modified: data/CVE/list Log: let''s eliminate false positives and bring the tracker in shape for woody and sarge; I''ve browsed through all Bugzilla issues and most do not affect stable and oldstable Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-25 11:03:06 UTC (rev 3158) +++ data/CVE/list 2005-12-25 11:17:23 UTC (rev 3159) @@ -3834,8 +3834,12 @@ CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option] - findutils 4.2.22-1 (bug #313081) CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...) + [woody] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected) + [sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected) - bugzilla 2.18.4-1 (bug #331206; medium) CVE-2005-3139 (Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...) + [woody] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected) + [sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected) - bugzilla 2.18.4-1 (bug #331206; medium) CVE-2005-2966 (The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and ...) {DSA-847-1} @@ -5961,6 +5965,8 @@ CVE-2005-XXXX [nvi: init.d recover file security bugs] - nvi 1.79-22 (bug #298114; medium) CVE-2005-XXXX [bugzilla: Maintainer''s postinst script use temporary files in an unsafe way] + [woody] - bugzilla <not-affected> (Vulnerable script is not present) + [sarge] - bugzilla <not-affected> (Vulnerable script is not present) - bugzilla 2.18.3-2 (bug #321567; low) CVE-2005-XXXX [Crypto weakness in Tor''s handshaking process] - tor 0.1.0.14-1 (medium) @@ -7165,8 +7171,12 @@ CVE-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...) NOT-FOR-US: Notes CVE-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...) + [woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected) + [sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected) - bugzilla 2.18.3-1 (low) CVE-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...) + [woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected) + [sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected) - bugzilla 2.18.3-1 (low) CVE-2005-2172 RESERVED @@ -9590,6 +9600,8 @@ CVE-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...) NOT-FOR-US: Acrowave AAP-3100AR wireless router CVE-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...) + [woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected) + [sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected) - bugzilla 2.18-7 (bug #308789; medium) CVE-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...) - bugzilla 2.16.7-7sarge1