Author: jmm-guest Date: 2006-08-02 22:22:48 +0000 (Wed, 02 Aug 2006) New Revision: 4492 Modified: data/CVE/list Log: Let''s begin systematic security bug triage for Etch release: ruby safe level priv escalation fixes wordpress non-issue tetex-bin links against poppler mailscanner fixed krb non-issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-08-02 20:02:20 UTC (rev 4491) +++ data/CVE/list 2006-08-02 22:22:48 UTC (rev 4492) @@ -393,7 +393,8 @@ CVE-2006-3695 (Unspecified vulnerability in Trac before 0.9.6 allows remote attackers ...) - trac 0.9.6-1 (medium) CVE-2006-3694 (Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote ...) - - ruby1.8 <unfixed> (bug #378029; low) + - ruby1.8 1.8.4-3 (bug #378029; medium) + - ruby1.9 1.9.0+20060609-1 (medium) CVE-2006-3693 (Rocks Clusters 4.1 and earlier allows local users to gain privileges ...) NOT-FOR-US: Rocks Clusters CVE-2006-3692 (PHP remote file inclusion vulnerability in enduser/listmessenger.php ...) @@ -7278,8 +7279,7 @@ CVE-2006-0734 (Unspecified vulnerability in Valve Software Half-Life CSTRIKE ...) NOT-FOR-US: Half-Life CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...) - - wordpress <unfixed> - NOTE: This may very well be a non-issue + - wordpress <unfixed> (unimportant) CVE-2006-0732 (Directory traversal vulnerability in SAP Business Connector (BC) 4.6 ...) NOT-FOR-US: SAP Business Connector CVE-2006-0731 (Unspecified vulnerability in SAP Business Connector Core Fix 7 and ...) @@ -17031,7 +17031,8 @@ - kdegraphics 4:3.4.2-1 (bug #322458; low) - xpdf 3.00-15 (bug #322462; low) [woody] - tetex-bin <not-affected> (pdftex doesn''t include or use the vulnerable code) - - tetex-bin <unfixed> + - tetex-bin 3.0-12 + NOTE: tetex links to poppler since 3.0-12 TODO: Check, when sid was fixed for this - gpdf 2.10.0-4 (bug #334454; low) NOTE: Cups switched to xpdf-utils @@ -18818,7 +18819,7 @@ CVE-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...) NOT-FOR-US: Gentoo CVE-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...) - - mailscanner <unfixed> (bug #310774; low) + - mailscanner 4.42.9 (bug #310774; low) CVE-2005-1705 (gdb before 6.3 searches the current working directory to load the ...) - gdb 6.3-6 CVE-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...) @@ -23075,10 +23076,10 @@ NOT-FOR-US: Thomson cable modem CVE-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...) TODO: check heimdal, netkit-telnet-ssl - - krb4 <unfixed> (low) + - krb4 <unfixed> (unimportant) [woody] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos) [sarge] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos) - - krb5 <unfixed> (low) + - krb5 <unfixed> (unimportant) [woody] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos) [sarge] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos) - netkit-telnet <not-affected> (netkit-telnet is not affected)