Author: fw
Date: 2006-01-23 16:03:22 +0000 (Mon, 23 Jan 2006)
New Revision: 3350
Modified:
data/CVE/list
Log:
CVE-2004-0175, CVE-2002-0992: adjust urgency
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-01-23 15:55:27 UTC (rev 3349)
+++ data/CVE/list 2006-01-23 16:03:22 UTC (rev 3350)
@@ -19268,10 +19268,11 @@
{DSA-511}
- ethereal 0.10.3-1 (bug #239576)
CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before
3.4p1 ...)
- - openssh <unfixed> (bug #270770)
- NOTE: this bug is old and known; see the bug discussion for further
information.
- NOTE: apparently the security team thinks this is a minor issue; nevertheless,
- NOTE: the bug is still open, so they should close it if it really is
neglectible.
+ {CVE-2000-0992}
+ - openssh <unfixed> (low; bug #270770)
+ NOTE: The directory traversal part has been fixed in OpenSSH 3.9p1.
+ NOTE: The "SUID/SGID across trust boundaries" issue remains, but is
+ NOTE: largely theoretic. This is a rediscovery of CVE-2000-0992.
CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using
...)
- apache 1.3.29.0.2-5
CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of
...)
@@ -26264,7 +26265,9 @@
CVE-2000-0993 (Format string vulnerability in pw_error function in BSD libutil
...)
TODO: check
CVE-2000-0992 (Directory traversal vulnerability in scp in sshd 1.2.xx allows a
...)
- TODO: check
+ {CVE-2004-0175}
+ - openssh <unfixed> (low; bug #270770)
+ NOTE: Rediscoved as CVE-2004-0175, see there.
CVE-2000-0991 (Buffer overflow in Hilgraeve, Inc. HyperTerminal client on
Windows 98, ...)
TODO: check
CVE-2000-0990 (cmd5checkpw 0.21 and earlier allows remote attackers to cause a
denial ...)