Author: joeyh
Date: 2006-01-21 21:28:26 +0000 (Sat, 21 Jan 2006)
New Revision: 3337
Modified:
data/CVE/list
Log:
bug maintenance
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-21 21:19:57 UTC (rev 3336)
+++ data/CVE/list 2006-01-21 21:28:26 UTC (rev 3337)
@@ -189,8 +189,8 @@
CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might
allow ...)
NOT-FOR-US: Wehntrust
CVE-2006-0228 (The RBAC functionality in grsecurity before 2.1.8 does not
properly ...)
- - kernel-patch-grsecurity2 <unfixed> (bug filed; medium)
- - kernel-patch-2.4-grsecurity <unfixed> (bug filed; medium)
+ - kernel-patch-grsecurity2 <unfixed> (bug #349246; medium)
+ - kernel-patch-2.4-grsecurity <unfixed> (bug #349247; medium)
CVE-2006-0227 (Multiple unspecified vulnerabilities in lpsched in Sun Solaris
8, 9, ...)
NOT-FOR-US: lpsched in Sun Solaris
CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem
(ieee80211_ioctl.c) ...)
@@ -259,7 +259,7 @@
NOT-FOR-US: XOOPS
CVE-2006-0197 (The XClientMessageEvent struct used in certain components of
X.Org ...)
NOTE: exploitability uncertian
- - xorg-x11 <unfixed> (bug filed; low)
+ - xorg-x11 <unfixed> (bug #349251; low)
CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif)
0.4.4 ...)
NOT-FOR-US: slsnif
CVE-2006-0195
@@ -317,10 +317,10 @@
CVE-2006-XXXX [knowledgetree information disclosure]
- knowledgetree <unfixed> (bug #348306; medium)
CVE-2006-XXXX [php5 response splitting]
- - php5 <unfixed> (bug #347894)
+ - php5 5.1.2-1 (bug #347894)
- php4 <not-affected> (vulnerable code was introduced in PHP5)
CVE-2006-XXXX [php5 mysqli format string issue]
- - php5 <unfixed> (bug #347894)
+ - php5 5.1.2-1 (bug #347894)
- php4 <not-affected> (vulnerable code was introduced in PHP5)
CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes
code in ...)
NOT-FOR-US: Microsoft
@@ -1661,7 +1661,8 @@
CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
...)
- horde3 3.0.9-1 (bug #342942; medium)
CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
Kronolith ...)
- - kronolith 2.0.6-1 (bug #342943; medium)
+ - kronolith2 2.0.6-1 (bug #342943; medium)
+ - kronolith <unfixed> (bug filed; medium)
CVE-2005-4188
RESERVED
CVE-2005-4187
@@ -3006,7 +3007,7 @@
CVE-2005-XXXX [unsafe file permissions in vpnc]
- vpnc <unfixed> (bug #340105; medium)
CVE-2005-XXXX [Insecure tempfiles in libjpeg]
- - libjpeg6b <unfixed> (bug #340079; low)
+ - libjpeg6b 6b-11 (bug #340079; low)
CVE-2006-0017
RESERVED
CVE-2006-0016
@@ -4809,7 +4810,7 @@
CVE-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5
allow ...)
{DSA-836-1 DSA-835-1}
- cfengine <unfixed> (bug #332433; low)
- - cfengine2 <unfixed> (bug #332432; low)
+ - cfengine2 2.1.17-1 (bug #332432; low)
NOTE: maintainer does not think it''s a hole, script is unused/broken
CVE-2005-3136 (Directory traversal vulnerability in Virtools Web Player
3.0.0.100 and ...)
NOT-FOR-US: Virtools Web Player
@@ -4971,8 +4972,7 @@
- kdepim <unfixed> (bug #280287; low)
NOTE: kmail was once part of kdenetwork.
CVE-2002-XXXX [sanitizer bypassal through quoted file names]
- - sanitizer <unfixed> (bug #149799; medium)
- NOTE: maintainer unsure if bug still exists
+ - sanitizer 1.76-1 (bug #149799; medium)
CVE-2005-XXXX [Heap overflow in libosip URI parsing]
- libosip2 2.0.9-1 (bug #308737)
CVE-2005-XXXX [rkhunter: Insecure temporary file]
@@ -8845,7 +8845,7 @@
NOTE: log the developers seem unwilling to fix this, as it only affects a
debug
NOTE: function.
NOTE: fixed in CVS, estimated release of PHP5.1 to fix this issue
- - php4 <unfixed> (bug #336645; low)
+ - php4 <unfixed> (bug filed; low)
- php5 5.1.1-1 (bug #336654; low)
CVE-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant
...)
NOT-FOR-US: AIM