Author: jmm-guest Date: 2006-06-30 18:29:28 +0000 (Fri, 30 Jun 2006) New Revision: 4320 Modified: data/CVE/list Log: no-dsa for squirrelmail older shadow issue not affected in sarge Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-06-30 13:12:22 UTC (rev 4319) +++ data/CVE/list 2006-06-30 18:29:28 UTC (rev 4320) @@ -275,6 +275,7 @@ CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...) NOTE: unreproducable - squirrelmail <not-affected> (bug #375782; low) + [sarge] - squirrelmail <no-dsa> (Operation with registers_globals not supported) CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...) TODO: check CVE-2006-3172 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...) @@ -5040,6 +5041,7 @@ NOT-FOR-US: WeOnlyDo! SFTP CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other versions ...) - shadow 1:4.0.15-10 (low) + [sarge] - shadow <not-affected> (Vulnerable code was introduced later) CVE-2006-1173 (Sendmail before 8.13.7 allows remote attackers to cause a denial of ...) - sendmail 8.13.7-1 (low) CVE-2006-1172 (Stack-based buffer overflow in the createPKCS10 function in ...)