Secure testing commits - Sep 2006 - r4728 - data/CVE

Author: jmm-guest
Date: 2006-09-14 17:46:56 +0000 (Thu, 14 Sep 2006)
New Revision: 4728

Modified:
   data/CVE/list
Log:
two more unimportant issues
older lynx issue needs fixing in sid as well


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-09-14 17:35:10 UTC (rev 4727)
+++ data/CVE/list	2006-09-14 17:46:56 UTC (rev 4728)
@@ -15052,7 +15052,7 @@
 	NOT-FOR-US: Panda Antivirus
 CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV
...)
 	- clamav <unfixed> (unimportant)
-	[sarge] - clamav <no-dsa> (Should rather be fixed in the buggy (fringe)
RAR unpackers)
+	NOTE: Should rather be fixed in the buggy (fringe, proprietary) RAR unpackers
 CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus
...)
 	NOT-FOR-US: Ikarus Antivirus
 CVE-2005-3227 (Multiple interpretation error in unspecified versions of UNA
Antivirus ...)
@@ -15350,7 +15350,7 @@
 	TODO: Check, whether this version really fixes the issue, it''s not
mentioned in the changelog
 CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6
and ...)
 	{DSA-1085-1 DSA-876-1 DSA-874-1}
-	- lynx 2.8.5-2sarge1 (bug #335033; high)
+	- lynx <unfixed> (bug #335033; high)
 	- lynx-cur 2.8.6-16 (bug #334423; high)
 	- lynx-ssl <removed>
 CVE-2005-3118 (Mason before 1.0.0 does not install the init script after the
user ...)
@@ -23341,9 +23341,8 @@
 CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux
Desktop ...)
 	- netapplet <not-affected> (Not vulerable, see bug #310833)
 CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1)
mkdir, ...)
-	- coreutils <unfixed> (bug #304556; low)
-	[sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable)
-	[woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
+	- coreutils <unfixed> (bug #304556; unimportant)
+	NOTE: Minor issue, generic UNIX design issue, see discussion in #304556)
 CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option,
allows ...)
 	NOTE: long fixed in Debian''s cron
 CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS
client, ...)