Author: jmm-guest Date: 2006-06-17 14:37:32 +0000 (Sat, 17 Jun 2006) New Revision: 4258 Modified: data/CVE/list Log: arts not affected, it''s not Debian policy to support arbitrary local permission modifications Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-06-17 08:19:41 UTC (rev 4257) +++ data/CVE/list 2006-06-17 14:37:32 UTC (rev 4258) @@ -300,6 +300,7 @@ RESERVED CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...) - arts 1.5.3-2 (bug #374003; low) + [sarge] - arts <not-affected> (Not setuid root in Debian) NOTE: artswrapper is not suid root by default, but README.Debian describes it CVE-2006-2915 RESERVED @@ -1277,7 +1278,7 @@ NOT-FOR-US: DeluxeBB CVE-2006-2502 (Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) ...) NOT-FOR-US: cyrus-imapd-2.3 not in Debian - NOTE: cyrus-imapd-2.2 is in Debian but not vulnerable to this exploit. + - cyrus-imapd-2.2 <not-affected> (Vulnerable code not present) CVE-2006-2501 (Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 ...) NOT-FOR-US: Sun CVE-2006-2500 (Cross-site scripting (XSS) vulnerability in add_news.asp in ...)