Author: jmm-guest Date: 2006-01-25 17:46:44 +0000 (Wed, 25 Jan 2006) New Revision: 3367 Modified: data/CVE/list Log: new mydns issue, some house-keeping Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-01-25 13:49:10 UTC (rev 3366) +++ data/CVE/list 2006-01-25 17:46:44 UTC (rev 3367) @@ -51,7 +51,7 @@ CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...) TODO: check CVE-2006-0351 (Unspecified "critical denial-of-service vulnerability" in MyDNS before ...) - TODO: check + - mydns 1.1.0+pre-3 (medium; bug #348826) CVE-2006-0350 (Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote ...) TODO: check CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to ...) @@ -118,7 +118,7 @@ CVE-2006-XXXX [tor discovery of hidden services] - tor <unfixed> (bug #349283) CVE-2006-0353 (unix_random.c in lsh before 2.0.1 leaks file descriptors related to ...) - - lsh-utils 2.0.1cdbs-4 (low) + - lsh-utils 2.0.1cdbs-4 (low; bug #349303) CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...) NOT-FOR-US: Oracle CVE-2006-0321 (fetchmail 6.3.0 and other versions before 6.3.2 allows remote ...) @@ -468,7 +468,7 @@ CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local ...) NOT-FOR-US: Cray UNICOS CVE-2006-0176 (Buffer overflow in certain functions in src/fileio.c and ...) - - xmame <unfixed> (medium) + - xmame <unfixed> (medium; bug #349653) NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf NOTE: question, that makes it very clear that setuid root is only for single-user NOTE: systems and xmame-sdl and xmess aren''t setuid at all @@ -6999,8 +6999,9 @@ - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10) - kernel-source-2.4.27 <not-affected> CVE-2005-XXXX [Buffer overflow in Description parsing] - - bidwatcher <removed> (bug #319489; high) + - bidwatcher <removed> (bug #319489; low) NOTE: Sarge and Woody affected + NOTE: Package is totally broken due to Ebay changes, so risk is low CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working] - dbmail <unfixed> (bug #303991; medium) CVE-2005-XXXX [downloads.ini writable by group users, world-readable]