Author: micah
Date: 2006-01-14 17:00:45 +0000 (Sat, 14 Jan 2006)
New Revision: 3296
Modified:
data/CVE/list
Log:
Certify some more packages as affected in Sarge
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-14 11:55:13 UTC (rev 3295)
+++ data/CVE/list 2006-01-14 17:00:45 UTC (rev 3296)
@@ -137,6 +137,7 @@
NOT-FOR-US: PD9 Software MegaBBS
CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus
...)
- clamav 0.88-1
+ NOTE: Sarge is affected
CVE-2006-0138 (aMSN (aka Alvaro''s Messenger) allows remote attackers
to cause a ...)
NOT-FOR-US: Alvaro''s Messenger
CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic
Softwares ...)
@@ -2924,6 +2925,7 @@
NOT-FOR-US: Advanced Guestbook
CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV)
before ...)
- clamav 0.87.1-1 (medium)
+ NOTE: sarge is affected (not in oldstable)
CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote
attackers to ...)
NOT-FOR-US: Mambo
CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 1.4.4
allows ...)
@@ -4218,6 +4220,7 @@
CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV
...)
- clamav <unfixed> (low)
NOTE: This was already forwarded to sgran; zobel any news yet?
+ NOTE: Sarge affected (not in oldstable)
CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus
...)
NOT-FOR-US: Ikarus Antivirus
CVE-2005-3227 (Multiple interpretation error in unspecified versions of UNA
Antivirus ...)
@@ -6372,6 +6375,7 @@
- gallery 1.3.3
CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
- clamav 0.86.2-1 (low)
+ NOTE: suspect this also affects Sarge, not enough info to know what this is
CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent
3.5.0 ...)
NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x
...)
@@ -6719,9 +6723,11 @@
- fftw3 3.0.1-12 (low; bug #321566)
CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
- clamav-getfiles 0.5-1 (bug #321446; medium)
+ NOTE: Sarge is affected
CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an
incorrect ...)
{DTSA-6-1}
- cgiwrap 3.9-3.1 (bug #316881; low)
+ NOTE: Sarge and Woody affected
CVE-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in
Debian ...)
{DTSA-6-1}
- cgiwrap 3.9-3.1 (bug #316901; low)
@@ -10342,6 +10348,7 @@
NOT-FOR-US: HTTP Commander
CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header
lines]
- clamav 0.85.1-1 (low)
+ NOTE: Suspect Sarge is affected, not enough information to certify
CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
- xfree86 4.3.0.dfsg.1-14 (bug #308783)
- xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion
tree)