Author: jmm-guest Date: 2006-03-30 13:31:25 +0000 (Thu, 30 Mar 2006) New Revision: 3716 Modified: data/CVE/list Log: more checks of Sarge versions Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-03-30 09:28:36 UTC (rev 3715) +++ data/CVE/list 2006-03-30 13:31:25 UTC (rev 3716) @@ -3463,6 +3463,7 @@ [sarge] - bogofilter <not-affected> (Only some 0.96 CVS versions were affected) CVE-2005-4591 (Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, ...) - bogofilter 0.96.3 + [sarge] - bogofilter <not-affected> (Sarge version doesn''t include Unicode) CVE-2005-4590 (Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on ...) NOT-FOR-US: Spb Kiosk Engine CVE-2005-4589 (Spb Kiosk Engine 1.0.0.1 stores the administrator''s passcode in the ...) @@ -7706,6 +7707,8 @@ NOTE: kmail was once part of kdenetwork. CVE-2002-XXXX [sanitizer bypassal through quoted file names] - sanitizer 1.76-1 (bug #149799; medium) + [sarge] - sanitizer <not-affected> (Sarge version already fixed) + NOTE: This was fixed earlier in fact, but it''s unknown when CVE-2005-XXXX [Heap overflow in libosip URI parsing] - libosip2 2.0.9-1 (bug #308737) CVE-2005-XXXX [rkhunter: Insecure temporary file] @@ -11369,7 +11372,8 @@ - libphysfs 1.0.0-5 (bug #318091; medium) - oops <unfixed> (bug #318097; medium) [woody] - rpm <not-affected> (Woody contains zlib 1.1, which is not affected) - - rpm 4.0.4-31.1 (bug #318099; medium) + - rpm 4.0.4-31.1 (bug #318099; unimportant) + NOTE: You need to trust rpms anyway, when installing them - rageircd 2.0.0-3sid1 (bug #309196; medium) - systemimager-ssh <unfixed> (bug #318101; unimportant) [woody] - texmacs <not-affected> (Woody contains zlib 1.1, which is not affected) @@ -14455,6 +14459,7 @@ - syslog-ng 1.6.5-2.1 CVE-2005-XXXX [trackballs: Follows symlinks as gid games] - trackballs 1.1.1-1 (bug #302454; medium) + [sarge] - trackballs <no-dsa> (Hardly exploitable) NOTE: CVE request sent to mitre (who sent this? any response?) NOTE: Trackballs doesn''t run as gid games anymore, high-score files are NOTE: stored in user''s home directories instead.