Author: jmm-guest
Date: 2006-09-11 22:59:44 +0000 (Mon, 11 Sep 2006)
New Revision: 4720
Modified:
data/CVE/list
Log:
two php adjustments
remove linux-2.6.16, 2.6.17 is now in testing and 2.6.16 will
be replaced in d-i as well.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-09-11 17:40:14 UTC (rev 4719)
+++ data/CVE/list 2006-09-11 22:59:44 UTC (rev 4720)
@@ -434,8 +434,9 @@
{DSA-1164}
- sendmail 8.13.8-1 (bug #385054; medium)
CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the
character set ...)
- - php4 4:4.4.4-1 (low)
- - php5 5.1.4-0.1 (low)
+ - php4 4:4.4.4-1 (unimportant)
+ - php5 5.1.4-0.1 (unimportant)
+ NOTE: Sanitising this is an application''s job
CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and
earlier ...)
NOT-FOR-US: Zend Platform
CVE-2006-4431 (Multiple buffer overflows in the (a) Session Clustering Daemon
and the ...)
@@ -1062,7 +1063,6 @@
TODO: file bug
CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux
kernel ...)
- linux-2.6 2.6.17-7
- - linux-2.6.16 <unfixed>
CVE-2006-4143 (Netgear FVG318 running firmware 1.0.40 allows remote attackers
to ...)
NOT-FOR-US: Netgear
CVE-2006-4142 (SQL injection vulnerability in extra/online.php in Virtual War
(VWar) ...)
@@ -1171,7 +1171,6 @@
RESERVED
CVE-2006-4093 (Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on
...)
- linux-2.6 2.6.17-7
- - linux-2.6.16 <unfixed>
CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a
user''s actions to ...)
NOT-FOR-US: Simpliciti Locked Browser
CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel
...)
@@ -2005,7 +2004,6 @@
- gnupg2 1.9.20-2 (medium)
CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function
in the ...)
- linux-2.6 2.6.17-7
- - linux-2.6.16 <unfixed>
CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows
...)
{DSA-1168-1}
- imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062)
@@ -2253,7 +2251,6 @@
RESERVED
CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic
...)
- linux-2.6 2.6.17-1 (medium)
- - linux-2.6.16 <not-affected> (introduced in 2.6.17-rc4)
CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users
to ...)
NOT-FOR-US: shiela
CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0
...)
@@ -2356,7 +2353,6 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3626 (Race condition in Linux kernel 2.6.17.4 and earlier allows local
users ...)
{DSA-1111}
- - linux-2.6.16 2.6.16-17 (high)
- linux-2.6 2.6.17-4 (high)
CVE-2006-XXXX [insufficient form variable escaping]
- webauth 3.5.2-1
@@ -2607,7 +2603,6 @@
- mysql-dfsg-5.0 5.0.22-1
CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote
...)
- linux-2.6 <unfixed>
- - linux-2.6.16 2.6.16-18
CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers
to ...)
- freetype 2.2.1-1 (bug #379920; medium)
- libxfont 1:1.2.0-2 (medium; bug #383353)
@@ -3753,13 +3748,10 @@
RESERVED
CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel
2.6.x up ...)
- linux-2.6 2.6.17-5 (low)
- - linux-2.6.16 <unfixed> (low)
CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...)
- linux-2.6 2.6.17-5 (low)
- - linux-2.6.16 <unfixed> (low)
CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for
Linux ...)
- linux-2.6 2.6.17-3
- - linux-2.6.16 2.6.16-17
CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat
...)
[sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
CVE-2006-2932 (A regression error in the restore_all code path of the 4/4GB
split ...)
@@ -4513,7 +4505,6 @@
NOT-FOR-US: Symantec
CVE-2006-2629 (Race condition in Linux kernel 2.6.15 to 2.6.17, when running on
SMP ...)
- linux-2.6 <unfixed> (low)
- - linux-2.6.16 <unfixed> (low)
CVE-2006-2628
RESERVED
CVE-2006-2627
@@ -4918,7 +4909,6 @@
[sarge] - gdm <not-affected> (Vulnerable code has only been introduced
with 2.8)
CVE-2006-2451 (The suid_dumpable support in Linux kernel 2.6.13 up to versions
before ...)
- linux-2.6 2.6.17-3 (high)
- - linux-2.6.16 2.6.16-17 (high)
CVE-2006-2450 (auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass
...)
- libvncserver 0.8.2-1 (high; bug #376824)
CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local
users ...)
@@ -6285,16 +6275,13 @@
- linux-2.6 2.6.16-10
CVE-2006-1862 (The virtual memory implementation in Linux kernel 2.6.x allows
local ...)
- linux-2.6 <not-affected> (seems to be RedHat-specific)
- - linux-2.6.16 <not-affected> (seems to be RedHat-specific)
CVE-2006-1861 (Multiple integer overflows in FreeType before 2.2 allow remote
...)
{DSA-1095-1}
- freetype 2.2.1-1
CVE-2006-1860 (lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows
...)
- linux-2.6 2.6.16-14
- - linux-2.6.16 2.6.16-14
CVE-2006-1859 (Memory leak in __setlease in fs/locks.c in Linux kernel before
...)
- linux-2.6 2.6.16-14
- - linux-2.6.16 2.6.16-14
CVE-2006-1858 (SCTP in Linux kernel before 2.6.16.17 allows remote attackers to
cause ...)
{DSA-1103 DSA-1097-1}
- linux-2.6 2.6.16-14
@@ -7690,7 +7677,6 @@
- linux-2.6 2.6.16-15
CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...)
- linux-2.6 <not-affected> (Only affects 2.4 kernels)
- - linux-2.6.16 <not-affected> (Only affects 2.4 kernels)
CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in
...)
NOT-FOR-US: Veritas Backup
CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php)
before 22 ...)
@@ -9504,7 +9490,6 @@
CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows
local ...)
{DSA-1103}
- linux-2.6 2.6.16-1 (bug #365375; low)
- - linux-2.6.16 2.6.16-1 (bug #365375; low)
CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does
not ...)
{DSA-1103}
- linux-2.6 2.6.15-8
@@ -11529,10 +11514,8 @@
NOT-FOR-US: toendaCMS
CVE-2005-4352 (The securelevels implementation in NetBSD 2.1 and earlier, and
Linux ...)
- linux-2.6 <unfixed>
- - linux-2.6.16 <unfixed>
CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier,
OpenBSD up ...)
- linux-2.6 <unfixed>
- - linux-2.6.16 <unfixed>
CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before
A.01.05.12 ...)
NOT-FOR-US: WBEM Services
CVE-2005-4349 (** DISPUTED ** ...)
@@ -13341,7 +13324,6 @@
NOT-FOR-US: Dell hardware issue
CVE-2005-3660 (Linux kernel 2.4 and 2.6 allows attackers to cause a denial of
service ...)
- linux-2.6 <unfixed> (low)
- - linux-2.6.16 <unfixed> (low)
NOTE: Really hard to fix design limitation, no fix to be expected soon
CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x
before ...)
NOT-FOR-US: EMC Legato NetWorker
@@ -14276,7 +14258,7 @@
NOTE: This is a safe mode violation, therefore low impact.
CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x
up to ...)
- php4 4:4.4.2-1 (bug #336645; bug #354680; low)
- - php5 5.1.1-1 (bug #336654; high)
+ - php5 5.1.1-1 (bug #336654; low)
[sarge] - php4 <no-dsa> (Operation with register_globals not supported)
NOTE: http://www.hardened-php.net/advisory_202005.79.html
NOTE: http://www.hardened-php.net/globals-problem
@@ -16264,7 +16246,6 @@
[sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues)
- kernel-source-2.6.8 <unfixed> (bug #332231; low)
- linux-2.6 2.6.18-1 (bug #332381; low)
- - linux-2.6.16 <unfixed> (bug #332381; low)
NOTE: Dave Miller didn''t like the proposed fix and considers a
complete rewrite
NOTE: of ipt_recent the best solution, which seems to occur soon
CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel
before ...)