Author: micah Date: 2006-01-05 20:57:00 +0000 (Thu, 05 Jan 2006) New Revision: 3233 Modified: data/CVE/list Log: More checks for false positives finished Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-01-05 18:03:22 UTC (rev 3232) +++ data/CVE/list 2006-01-05 20:57:00 UTC (rev 3233) @@ -416,6 +416,7 @@ NOT-FOR-US: Avaya Modular Messaging Message Storage Server CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in readfile.c in ...) - blender 2.40-1 (bug #344398; medium) + NOTE: Sarge is vulnerable, Woody has it in non-free (tag no-dsa? or unaffected?) CVE-2005-4469 (Multiple direct static code injection vulnerabilities in PHPGedView ...) NOT-FOR-US: PHPGedView CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in ...) @@ -3720,6 +3721,7 @@ NOTE: Vulnerable code not activated in binary package CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for Jan ...) - bmv 1.2-18 (bug #335497; medium) + NOTE: Sarge and Woody are affected (and the patch applied to fix this in unstable works on both of them, an easy DSA) CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote ...) NOT-FOR-US: HP-UX CVE-2005-XXXX [adduser''s deluser creates backup files with world readable permissions] @@ -4076,6 +4078,7 @@ CVE-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows ...) - blender <unfixed> (bug #332413; low) [woody] - blender <not-affected> (Woody''s blender does not contain blenderplayer) + NOTE: Sarge affected CVE-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...) {DSA-855-1} - weex 2.6.1-6sarge1 (bug #332424; medium)