Author: jmm-guest
Date: 2006-07-16 19:23:13 +0000 (Sun, 16 Jul 2006)
New Revision: 4402
Modified:
data/CVE/list
Log:
marked some more issues as no-dsa
I removed an obscure old kmail issue entirely after some digging
in the KDE upstream bugtracker; this is unreproducible and only
reported for Solaris NFS and minor anyway.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-07-16 17:43:40 UTC (rev 4401)
+++ data/CVE/list 2006-07-16 19:23:13 UTC (rev 4402)
@@ -1215,6 +1215,7 @@
CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux
is ...)
- libjpeg62 <not-affected> (--maxmem is set during configure)
- libjpeg-mmx <unfixed> (bug #373672; low)
+ [sarge] - libjpeg-mmx <no-dsa> (If this poses a threat, the admin can
apply resource limits)
CVE-2006-3004 (Multiple cross-site scripting (XSS) vulnerabilities in Ez
Ringtone ...)
NOT-FOR-US: Ez Ringtone
CVE-2006-3003 (details.php in Easy Ad-Manager allows remote attackers to obtain
the ...)
@@ -7357,6 +7358,7 @@
CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature
...)
{DSA-978-1}
- gnupg 1.4.2.2-1 (bug #353017; bug #353019; bug #354620; medium)
+ [sarge] - gnupg2 <not-affected> (Vulnerable code not activated)
NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html
indicates that
NOTE: *all* versions are affected because gpg --verify is also affected
CVE-2006-0454 (Linux kernel before 2.6.15.3 down to 2.6.12, while constructing
an ...)
@@ -8508,6 +8510,7 @@
CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify
non-detached ...)
{DSA-993-2}
- gnupg 1.4.2.2-1 (bug #356125; medium)
+ [sarge] - gnupg2 <not-affected> (Vulnerable code not activated)
CVE-2006-0048 (Francesco Stablum tcpick 0.2.1 allows remote attackers to cause
a ...)
- tcpick 0.2.1-3 (bug #360571; medium)
CVE-2006-0047 (packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to
cause ...)
@@ -12751,9 +12754,6 @@
NOTE: Fixed in 0.8.5
CVE-2005-XXXX [Insecure temp files in linux-wlan-ng]
- linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low)
-CVE-2004-XXXX [kmail may send out sensitive information when used on NFS homes]
- - kdepim <unfixed> (bug #280287; low)
- NOTE: kmail was once part of kdenetwork.
CVE-2002-XXXX [sanitizer bypassal through quoted file names]
- sanitizer 1.76-1 (bug #149799; medium)
[sarge] - sanitizer <not-affected> (Sarge version already fixed)
@@ -17157,6 +17157,7 @@
NOT-FOR-US: Novell NetMail
CVE-2002-1782 (The default configuration of University of Washington IMAP
daemon ...)
- uw-imap <unfixed> (bug #315499; low)
+ [sarge] - uw-imap <no-dsa> (Documented shortcoming, under admin control)
CVE-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow
remote ...)
NOT-FOR-US: DeleGate
CVE-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that
allows a ...)