Author: joeyh
Date: 2006-01-21 23:10:25 +0000 (Sat, 21 Jan 2006)
New Revision: 3339
Modified:
data/CVE/list
Log:
checked some old items
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-21 22:25:50 UTC (rev 3338)
+++ data/CVE/list 2006-01-21 23:10:25 UTC (rev 3339)
@@ -3086,9 +3086,9 @@
- kernel-source-2.4.27 <unfixed> (low)
NOTE: Really hard to fix design limitation, no fix to be expected soon
CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x
before ...)
- TODO: check
+ NOT-FOR-US: EMC Legato NetWorker
CVE-2005-3658 (Multiple heap-based buffer overflows in EMC Legato NetWorker
7.1.x ...)
- TODO: check
+ NOT-FOR-US: EMC Legato NetWorker
CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan
Security ...)
NOT-FOR-US: McAfee
CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in
...)
@@ -3097,7 +3097,7 @@
- libapache2-mod-auth-pgsql 2.0.2b1-7
- libapache-mod-auth-pgsql <not-affected> (Does not contain the
vulnerable ap_log_rerror() function)
CVE-2005-3655 (Heap-based buffer overflow in Novell Open Enterprise Server
Remote ...)
- TODO: check
+ NOT-FOR-US: Novell Open Enterprise Server
CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote
attackers to ...)
NOT-FOR-US: Blue Coat WinProxy
CVE-2005-3653
@@ -4675,7 +4675,7 @@
CVE-2005-3188
RESERVED
CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before
6.1a ...)
- TODO: check
+ NOT-FOR-US: WinProxy
CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering
library in ...)
{DSA-913-1 DSA-911-1}
- gtk+2.0 2.6.10-2 (bug #339431; medium)
@@ -5803,7 +5803,7 @@
CVE-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1
allow ...)
NOT-FOR-US: OpenTTD
CVE-2005-2762 (Avaya VPNRemote before 4.2.33 stores credentials in cleartext in
...)
- TODO: check
+ NOT-FOR-US: VPNRemote
CVE-2005-2760
RESERVED
CVE-2005-2759 (** SPLIT ** The jlucaller program in LiveUpdate for Symantec
Norton ...)
@@ -7379,15 +7379,15 @@
CVE-2005-2345
RESERVED
CVE-2005-2344 (The BlackBerry Attachment Service in Research in Motion (RIM)
...)
- TODO: check
+ NOT-FOR-US: Research in Motion
CVE-2005-2343 (Research in Motion (RIM) BlackBerry Handheld web browser for
...)
- TODO: check
+ NOT-FOR-US: Research in Motion
CVE-2005-2342 (Research in Motion (RIM) BlackBerry Router allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Research in Motion
CVE-2005-2341 (Heap-based buffer overflow in Research in Motion (RIM)
BlackBerry ...)
- TODO: check
+ NOT-FOR-US: Research in Motion
CVE-2005-2340 (Heap-based buffer overflow in Apple Quicktime before 7.0.4
allows ...)
- TODO: check
+ NOT-FOR-US: Apple Quicktime
CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version
of ...)
NOT-FOR-US: unicode msearch
CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS
2.0.12 JP ...)
@@ -7827,7 +7827,7 @@
CVE-2002-2050 (Directory traversal vulnerability in processor_web plugin for
ModLogAn ...)
- modlogan 0.7.12-1 (low)
CVE-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6,
when ...)
- TODO: check
+ NOTE: one day upstream webserver compromise
CVE-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers
to ...)
NOT-FOR-US: PFinger
CVE-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier
allows ...)
@@ -7839,7 +7839,7 @@
CVE-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in
x-stat ...)
NOT-FOR-US: x-stat
CVE-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication
patch ...)
- TODO: check
+ NOTE: old patch
CVE-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and
6.1.0 ...)
NOT-FOR-US: QNX
CVE-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS)
6.1.0 ...)
@@ -7895,7 +7895,7 @@
CVE-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary
code ...)
NOT-FOR-US: SAS/Base
CVE-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to
kernel ...)
- TODO: check
+ - user-mode-linux 2.4.17-9 (high)
CVE-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703
allows ...)
NOT-FOR-US: PostNuke
CVE-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages
when a ...)
@@ -9723,7 +9723,7 @@
CVE-2005-1940
RESERVED
CVE-2005-1939 (Directory traversal vulnerability in Ipswitch WhatsUp Small
Business ...)
- TODO: check
+ NOT-FOR-US: Ipswitch WhatsUp
CVE-2005-1938
REJECTED
CVE-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows
remote ...)
@@ -17613,7 +17613,8 @@
CVE-2004-0890
REJECTED
CVE-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that
use ...)
- TODO: check
+ - xpdf 3.00-10 (medium)
+ TODO: check xpdf embedders
CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other
packages ...)
{DSA-599-1 DSA-581-1 DSA-573-1}
- koffice 1:1.3.4-1
@@ -17873,7 +17874,7 @@
- kernel-source-2.6.8 2.6.8-16 (bug #305664)
- kernel-source-2.4.27 2.4.27-10 (bug #305664)
CVE-2004-0789 (Multiple implementations of the DNS protocol, including (1)
Poslib ...)
- TODO: check
+ NOT-FOR-US: DNS impleementations not in Debian
CVE-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf
before ...)
{DSA-549-1 DSA-546-1}
- gtk+2.0 2.4.9-2
@@ -19894,7 +19895,7 @@
CVE-2003-0888
RESERVED
CVE-2003-0887 (ez-ipupdate 3.0.11b7 and earlier creates insecure temporary
cache ...)
- TODO: check
+ NOTE: verified Debian is not explitable; we don''t put the cache in
/tmp
CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and
earlier ...)
{DSA-401}
- hylafax 1:4.1.8-1
@@ -24249,19 +24250,19 @@
{DSA-135}
- libapache-mod-ssl 2.8.9-2
CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc,
and ...)
- TODO: check
+ - glibc 2.2.5-8
CVE-2002-0650 (The keep-alive mechanism for Microsoft SQL Server 2000 allows
remote ...)
- TODO: check
+ NOT-FOR-US: microsoft
CVE-2002-0648 (The legacy <script> data-island capability for XML
in Microsoft ...)
- TODO: check
+ NOT-FOR-US: microsoft
CVE-2002-0647 (Buffer overflow in a legacy ActiveX control used to display
specially ...)
- TODO: check
+ NOT-FOR-US: microsoft
CVE-2002-0642 (The registry key containing the SQL Server service account
information ...)
- TODO: check
+ NOT-FOR-US: microsoft
CVE-2002-0640 (Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow
remote ...)
- TODO: check
+ - openssh 1:3.4 (high)
CVE-2002-0639 (Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows
remote ...)
- TODO: check
+ - openssh 1:3.4 (high)
CVE-2002-0638 (setpwnam.c in the util-linux package, as included in Red Hat
Linux 7.3 ...)
TODO: check
CVE-2002-0631 (Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX
6.5 ...)