Author: jmm-guest
Date: 2006-09-20 17:53:13 +0000 (Wed, 20 Sep 2006)
New Revision: 4748
Modified:
data/CVE/list
Log:
no-dsa and unimportant issues, bugnums
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-09-20 09:14:23 UTC (rev 4747)
+++ data/CVE/list 2006-09-20 17:53:13 UTC (rev 4748)
@@ -988,13 +988,15 @@
CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact
2.2, ...)
NOT-FOR-US: interact
CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload,
...)
- - xbase-clients 1:7.1.ds-2
- - xtrans 1.0.0-6
- - xorg-server 1:1.0.2-9
- - libx11 2:1.0.0-7
- - xdm 1:1.0.5-1
- - xterm <unfixed>
- [sarge] - xfree86 <unfixed>
+ - xbase-clients 1:7.1.ds-2 (unimportant)
+ - xtrans 1.0.0-6 (unimportant)
+ - xorg-server 1:1.0.2-9 (low)
+ - libx11 2:1.0.0-7 (unimportant)
+ - xdm 1:1.0.5-1 (unimportant)
+ - xterm <unfixed> (unimportant)
+ [sarge] - xfree86 <unfixed> (low)
+ NOTE: The only issue really exploitable is the vtinit issue, all other are
nice
+ NOTE: to have, but not security problems
CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM
object ...)
NOT-FOR-US: Microsoft
CVE-2006-4445 (** DISPUTED ** ...)
@@ -1829,9 +1831,10 @@
- graphicsmagick 1.1.7-7 (medium; bug #383333)
CVE-2006-XXXX [crash in the certificate verification logic]
NOTE: GNUTLS-SA-2006-2
- - gnutls11 <unfixed> (low)
- - gnutls12 1.2.11-3 (low)
- - gnutls13 1.4.2-1 (low)
+ - gnutls11 <unfixed> (unimportant)
+ - gnutls12 1.2.11-3 (unimportant)
+ - gnutls13 1.4.2-1 (unimportant)
+ NOTE: Normal bug, no reliable denial of service potential
CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function
in ...)
NOT-FOR-US: Microsoft
CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows ...)
@@ -2963,7 +2966,7 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3626 (Race condition in Linux kernel 2.6.17.4 and earlier allows local
users ...)
{DSA-1111}
- - linux-2.6 2.6.17-4 (high)
+ - linux-2.6 2.6.17-4 (bug #378324; high)
CVE-2006-XXXX [insufficient form variable escaping]
- webauth 3.5.2-1
CVE-2006-3590 (mso.dll, as used by Microsoft PowerPoint 2000 through 2003,
allows ...)
@@ -7355,7 +7358,7 @@
- slash <unfixed> (medium)
CVE-2006-XXXX [firebird local DoS]
- firebird2 1.5.3.4870-4 (bug #362001)
- [sarge] - firebird <no-dsa> (Minor issue)
+ [sarge] - firebird2 <no-dsa> (Minor issue)
CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7
allows ...)
{DSA-1036-1}
- bsdgames 2.17-7 (bug #360989)
@@ -14263,7 +14266,8 @@
- courier 0.47-12 (bug #211920; medium)
CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root,
allows ...)
{DTSA-27-1}
- - fuse 2.4.1-0.1 (bug #340398; medium)
+ - fuse 2.4.1-0.1 (bug #340398; low)
+ [sarge] - fuse <no-dsa> (Minor local DoS)
CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows
remote ...)
NOT-FOR-US: Antville
CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2
allows ...)
@@ -23536,7 +23540,7 @@
NOT-FOR-US: VHCS
CVE-2005-1127 (Format string vulnerability in the log function in Net::Server
0.87 ...)
{DSA-1122 DSA-1121}
- - libnet-server-perl 0.89-1
+ - libnet-server-perl 0.89-1 (bug #378640)
NOTE: This was already fixed in 0.87-1, although the changelog
doesn''t mention
NOTE: the security implication, which was noticed later. I''ve
verified both fixes
NOTE: are identical