Secure testing commits - Feb 2006 - r3533 - data/CVE

Author: jmm-guest
Date: 2006-02-23 22:21:17 +0000 (Thu, 23 Feb 2006)
New Revision: 3533

Modified:
   data/CVE/list
Log:
some no-dsa and severity corrections


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-02-23 20:43:58 UTC (rev 3532)
+++ data/CVE/list	2006-02-23 22:21:17 UTC (rev 3533)
@@ -989,9 +989,7 @@
 CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5,
and 7.0 ...)
 	NOT-FOR-US: BEA WebLogic
 CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-complicit
...)
-	- unzip <unfixed> (medium; bug #349794)
-	NOTE: The scope of this issue is currently unclear, medium for now, but might
be
-	NOTE: less severe
+	- unzip <unfixed> (low; bug #349794)
 CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and
5.1 ...)
 	NOT-FOR-US: 123 Flash Chat Server
 CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and
...)
@@ -2002,6 +2000,8 @@
 	- phpbb2 <not-affected> (Fixed through a more complete fix in previous
2.0.13+1-6sarge1 update)
 CVE-2005-XXXX [snort: DoS in verbose mode]
 	- snort 2.3.3-2 (bug #328134; low)
+	[woody] - snort <no-dsa> (Only exploitable in obscure setups not used in
production environments, see #328134)
+	[sarge] - snort <no-dsa> (Only exploitable in obscure setups not used in
production environments, see #328134)
 CVE-2005-4601 (The delegate code in ImageMagick 6.2.4.5-0.3 allows remote
attackers ...)
 	{DSA-957-2}
 	- imagemagick 6:6.2.4.5-0.6 (bug #345238; medium)
@@ -8327,6 +8327,8 @@
 	- metamail 2.7-48 (bug #321473; low)
 CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other
security issues]
 	- xfree86 <unfixed> (bug #321447; low)
+	[woody] - xfree86 <no-dsa> (Hardly exploitable)
+	[sarge] - xfree86 <no-dsa> (Hardly exploitable)
 	- xorg-x11 <unfixed> (bug #321447; low)
 CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
 	- gs-esp <unfixed> (bug #291452; unimportant)
@@ -13950,7 +13952,8 @@
 CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail
...)
 	- ilohamail <unfixed> (bug #304525; medium)
 CVE-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt
arbitrary ...)
-	- sudo <unfixed> (bug #283161; low)
+	- sudo <unfixed> (bug #283161; unimportant)
+	NOTE: That''s a policy violation, but not a security problem
 CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in
the ...)
 	NOT-FOR-US: RSA authentication agent
 CVE-2005-1117 (PHP remote code injection vulnerability in index.php in ...)