Author: jmm-guest Date: 2006-01-29 20:42:11 +0000 (Sun, 29 Jan 2006) New Revision: 3387 Modified: data/CVE/list Log: elog fixed another no-dsa Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-01-29 20:14:28 UTC (rev 3386) +++ data/CVE/list 2006-01-29 20:42:11 UTC (rev 3387) @@ -1374,7 +1374,7 @@ TODO: check, whether this has ramifications on the kernel''s VLAN implementation TODO: or whether it''s a generic unfixable protocol flaw CVE-2005-4439 (Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to ...) - - elog <unfixed> (bug #349528; high) + - elog 2.6.1+r1642-1 (bug #349528; high) CVE-2005-4438 (Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in ...) NOT-FOR-US: Dec2Rar CVE-2005-4437 (MD5 Neighbor Authentication in Extended Interior Gateway Routing ...) @@ -5182,7 +5182,10 @@ - ldapdiff <not-affected> (The version in Debian doesn''t contain the vulnerable code, see #306878) CVE-2005-XXXX [apt-cache doesn''t differentiate sources which share several properties] - apt <unfixed> (bug #329814; low) - NOTE: Woody and Sarge are affected + - apt <no-dsa> (Unsupported use case) + NOTE: I tend to remove this completely, if you''re using apt sources which include vulnerable + NOTE: versions of Debian packages with higher version numbers you''re screwed anyway, no matter + NOTE: what apt display in this case CVE-2004-XXXX [asciijump: /var/games/asciijump world writable] - asciijump 0.0.6-1.2 (bug #269186) CVE-2004-XXXX [Barrendero spool world-readable]