Author: jmm-guest
Date: 2006-01-22 14:09:57 +0000 (Sun, 22 Jan 2006)
New Revision: 3341
Modified:
data/CVE/list
Log:
rar issue only affected Windows version
some no-dsa entries
libsafe has been removed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-21 23:48:16 UTC (rev 3340)
+++ data/CVE/list 2006-01-22 14:09:57 UTC (rev 3341)
@@ -3763,8 +3763,6 @@
NOT-FOR-US: BEA Weblogic
CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4
allows ...)
- phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium)
-CVE-2005-XXXX [Two unspecified issues in non-free rar]
- - rar <unfixed> (bug #339077; unknown)
CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd ...)
{DSA-896-1}
- linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high)
@@ -5022,7 +5020,7 @@
{DSA-827-1}
- backupninja 0.8-2 (medium)
CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
- - microcode.ctl <unfixed> (bug #282583; low)
+ - microcode.ctl <unfixed> (bug #282583; unimportant)
NOTE: The validity of the microcode is ensure inside the CPU
CVE-2005-XXXX [Unsafe user of snprintf() in icebreaker''s highscore
list]
- icebreaker 1.21-9.1 (bug #297644; low)
@@ -5085,14 +5083,12 @@
CVE-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10
through ...)
NOT-FOR-US: PowerArchiver
CVE-2003-XXXX [libsafe: does not prevent some exploit types]
- TODO: We should push for removal, maintainer already voiced consent during
Sarge prep phase
- - libsafe <unfixed> (bug #173227; medium)
+ - libsafe <removed>
CVE-2003-XXXX [Insecure temp files in lilo]
- lilo 1:22.4-1 (bug #173238; bug #292073; low)
CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]
- distcc 2.18.3-3 (bug #298929; low)
- NOTE: Only affects distcc in a very non-standard setup
- NOTE: Sarge affected
+ [sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard
way not recommended for unstrusted environments)
CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
- phpwiki <unfixed> (bug #282565; medium)
CVE-2005-XXXX [Possibly incorrect virtualisation in php4]
@@ -5419,6 +5415,7 @@
{DSA-861-1}
- uw-imap 7:2002edebian1-12 (medium; bug #332215)
- pine 4.64-1 (medium; bug #348407)
+ [sarge] - pine <no-dsa> (pine is non-free; doesn''t permit
distribution of modified binaries)
CVE-2005-2932
RESERVED
CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server
8.20 ...)
@@ -12647,7 +12644,7 @@
CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through
4.11 ...)
NOT-FOR-US: Free BSD
CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in
...)
- - libsafe <unfixed> (bug #305070; medium)
+ - libsafe <removed>
CVE-2005-1124 (Unknown vulnerability in the libgss Generic Security Services
Library ...)
NOT-FOR-US: Solaris
CVE-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to
cause ...)