Author: micah Date: 2006-01-15 15:16:06 +0000 (Sun, 15 Jan 2006) New Revision: 3298 Modified: data/CVE/list Log: Some more sarge tracker confirmations Removed duplicate courier entry Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-01-15 12:03:20 UTC (rev 3297) +++ data/CVE/list 2006-01-15 15:16:06 UTC (rev 3298) @@ -3440,8 +3440,6 @@ CVE-2005-XXXX [user logout in drupal has no effect] [sarge] - drupal <not-affected> (bug was introduced after 4.5.3) - drupal 4.5.5-3 (bug #336719; medium) -CVE-2005-XXXX [incorrect use of the PAM framework by courier] - - courier 0.47-12 (bug #211920; medium) CVE-2005-XXXX [double free() in libungif] - libungif4 4.1.4-1 (bug #338542; medium) CVE-2005-XXXX [webcalendar''s password visible to local users through debconf] @@ -4562,8 +4560,10 @@ TODO: Check, whether openldap2.2 is affected as well CVE-2005-XXXX [Insecure bounds checking in mpack''s content parser] - mpack 1.6-1 (bug #216566) -CVE-2005-XXXX [coreutils ignore umask when using -m in mkdir, mkfifo and mknod] +CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod] - coreutils 5.93-1 (bug #306076; low) + [woody] - fileutils <unfixed> (low) + NOTE: Sarge is affected CVE-2005-XXXX [gossip names windows potentially confusing, which might lead to inform. disclosure] - gossip <unfixed> (bug #305419; low) NOTE: This looks quite strange, should be followed up, whether it''s really reproducible @@ -11748,6 +11748,7 @@ CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...) - courier <unfixed> (bug #307575; medium) NOTE: Upstream explanation looks wrong, not all code paths perform escaping. + NOTE: Sarge and Woody are affected CVE-2005-1307 (The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version ...) NOT-FOR-US: Adobe Version Cue CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...) @@ -12488,6 +12489,7 @@ - netapplet <not-affected> (Not vulerable, see bug #310833) CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...) - coreutils <unfixed> (bug #304556; low) + NOTE: Setting up a sarge/oldstable chroot to see if this affects -- micah CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...) NOTE: long fixed in Debian''s cron CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...)