Author: jmm-guest Date: 2005-12-28 00:32:39 +0000 (Wed, 28 Dec 2005) New Revision: 3170 Modified: data/CVE/list Log: record the fixes of upcoming pound dsa webmin issue is sarge-specific ntop issue is a non-issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2005-12-27 23:17:49 UTC (rev 3169) +++ data/CVE/list 2005-12-28 00:32:39 UTC (rev 3170) @@ -264,7 +264,7 @@ CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ...) - phpbb2 <unfixed> (unimportant) CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when ...) - - phpbb2 <unfixed> (bug filed) + - phpbb2 <unfixed> (bug #344674) CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to ...) NOT-FOR-US: UStore CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow ...) @@ -1324,7 +1324,8 @@ CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual ...) NOT-FOR-US: Virtual Hosting Control System CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin ...) - - webmin <unfixed> (bug #341394; medium) + [sarge] - webmin 1.180-3sarge0 (bug #341394; medium) + NOTE: Later versions not affected, as the use proper format string passing CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...) NOT-FOR-US: BosDates CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with ...) @@ -3051,8 +3052,8 @@ CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...) NOT-FOR-US: nylon CVE-2005-XXXX [ntop format string vulnerability] - - ntop <unfixed> (bug #335996; low) - NOTE: Possibly not exploitable + - ntop <unfixed> (bug #335996; unimportant) + NOTE: Not exploitable CVE-2005-XXXX [Firefox IFRAME DoS] - mozilla-firefox <unfixed> (bug #336171; low) - firefox 1.4.99+1.5rc3.dfsg-2 (bug #336171; low) @@ -3344,6 +3345,7 @@ - pavuk 0.9.33-1 (bug #264684; high) NOTE: second hole mentioned in bug report CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4 allows ...) + [sarge] - pound 1.8.2-1sarge1 - pound 1.9.4-1 (low) NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000 CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...) @@ -10760,6 +10762,7 @@ CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...) - phpmyadmin <not-affected> (Only part of examples that an admin would need to modify anyway) CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...) + [sarge] - pound 1.8.2-1sarge1 - pound 1.8.2-1.1 (bug #307852; bug #311548; medium) CVE-2005-1390 REJECTED