Secure testing commits - Feb 2006 - r3481 - data/CVE

Author: jmm-guest
Date: 2006-02-14 22:42:10 +0000 (Tue, 14 Feb 2006)
New Revision: 3481

Modified:
   data/CVE/list
Log:
new gpg issue
no-dsa for spampd issue
remove slune entry, not a vulnerability
readjust gs-esp, not in binary package


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-02-14 21:14:24 UTC (rev 3480)
+++ data/CVE/list	2006-02-14 22:42:10 UTC (rev 3481)
@@ -379,9 +379,9 @@
 CVE-2006-0514
 	RESERVED
 CVE-2006-0513 (Directory traversal vulnerability in pkmslogout in Tivoli Web
Server ...)
-	TODO: check
+ 	NOT-FOR-US: Tivoli
 CVE-2006-0512 (PADL MigrationTools 46 creates temporary files insecurely, which
...)
-	NOT-FOR-US: PADL MigrationTools
+ 	NOT-FOR-US: PADL MigrationTools
 CVE-2006-0511 (** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does
not ...)
 	NOT-FOR-US: Blackboard Academic Suite
 CVE-2006-0510 (SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5
...)
@@ -574,8 +574,10 @@
 	RESERVED
 CVE-2006-0456
 	RESERVED
-CVE-2006-0455
+CVE-2006-0455 [buggy return codes in gpg''s sig verification code]
 	RESERVED
+	- gnupg <unfixed>
+	[woody] - gnupg <not-affected> (Only gpg 1.4.x are vulnerable)
 CVE-2006-0454 (Linux kernel before 2.6.15.3 down to 2.6.12, while constructing
an ...)
 	- linux-2.6 2.6.15-5
 	[sarge] - kernel-source-2.6.8 <not-affected>
@@ -5657,6 +5659,7 @@
 	- kernel-source-2.4.27 <not-affected>
 CVE-2005-XXXX [Minor DoS vulnerability in msg id parsing of spampd]
 	- spampd 2.30-1 (bug #332259; low)
+	[sarge] - spampd <no-dsa> (Only exploitable to let single messages pass
through)
 CVE-2005-3178 (Buffer overflow in xloadimage 4.1 and earlier, and xli, might
allow ...)
 	{DSA-859-1 DSA-858-1}
 	- xloadimage 4.1-15 (bug #332524; medium)
@@ -6493,8 +6496,6 @@
 CVE-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code
via ...)
 	{DSA-856-1}
 	- py2play 0.1.8-1 (bug #326976; medium)
-	- slune 1.0.10-1 (bug #326976; medium)
-	NOTE: slune had to be adapted to internal py2play changes in order to avoid
breakage
 CVE-2005-2874 (The is_path_absolute function in scheduler/client.c for the
daemon in ...)
 	- cupsys 1.1.23-1 (unknown)
 CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support
in ...)
@@ -7999,7 +8000,8 @@
 	- xfree86 <unfixed> (bug #321447; low)
 	- xorg-x11 <unfixed> (bug #321447; low)
 CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
-	- gs-esp <unfixed> (bug #291452; low)
+	- gs-esp <unfixed> (bug #291452; unimportant)
+	NOTE: Not included in the binary package
 CVE-2005-XXXX [Format string bug in sysklogd''s syslog_tst sources]
 	NOTE: binary not shipped
 	- sysklogd <unfixed> (bug #281448; unimportant)