Author: jmm-guest
Date: 2006-10-03 11:20:04 +0000 (Tue, 03 Oct 2006)
New Revision: 4803
Modified:
data/CVE/list
Log:
I confused one of the openssh issues, fixed
bugnums
two no-dsa for minor issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-10-03 11:12:26 UTC (rev 4802)
+++ data/CVE/list 2006-10-03 11:20:04 UTC (rev 4803)
@@ -449,10 +449,8 @@
CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly
2.6.12 and ...)
- linux-2.6 2.6.14
CVE-2006-4925 (packet.c in ssh in OpenSSH allows remote attackers to cause a
denial ...)
- - openssh <unfixed> (low)
- - openssh-krb5 <unfixed> (low)
- [sarge] - openssh <not-affected>
- [sarge] - openssh-krb5 <not-affected>
+ - openssh <unfixed> (unimportant)
+ NOTE: That''s a non-issue
CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH
protocol, ...)
- openssh 1:4.3p2-4 (low; bug #389995)
- openssh-krb5 <unfixed> (low)
@@ -1739,7 +1737,7 @@
NOT-FOR-US: CGI-Rescue Mail F/W System
CVE-2006-4343 (The get_server_hello function in the SSLv2 client code in
OpenSSL ...)
{DSA-1185-1}
- - openssl 0.9.8c-2
+ - openssl 0.9.8c-2 (bug #389940)
- openssl097 0.9.7k-2
- openssl096 <removed>
CVE-2006-4342
@@ -3139,7 +3137,7 @@
- apache2 2.0.55-4.1 (medium; bug #380182)
CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows
remote ...)
{DSA-1141-1 DSA-1140-1}
- - gnupg 1.4.5-1 (medium)
+ - gnupg 1.4.5-1 (medium; bug #381204)
- gnupg2 1.9.20-2 (medium)
CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function
in the ...)
- linux-2.6 2.6.17-7
@@ -3163,7 +3161,7 @@
- libxfont 1:1.2.2-1
CVE-2006-3738 (Buffer overflow in the SSL_get_shared_ciphers function in
OpenSSL ...)
{DSA-1185-1}
- - openssl 0.9.8c-2
+ - openssl 0.9.8c-2 (bug #389940)
- openssl097 0.9.7k-2
- openssl096 <removed>
CVE-2006-XXXX [htdig: several unspecified security problems]
@@ -4889,7 +4887,7 @@
- mailman 1:2.1.8-3
CVE-2006-2940 (OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier
versions ...)
{DSA-1185-1}
- - openssl 0.9.8c-2
+ - openssl 0.9.8c-2 (bug #389940)
- openssl097 0.9.7k-2
- openssl096 <removed>
CVE-2006-2939
@@ -4898,7 +4896,7 @@
RESERVED
CVE-2006-2937 (OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows
remote ...)
{DSA-1185-1}
- - openssl 0.9.8c-2
+ - openssl 0.9.8c-2 (bug #389940)
- openssl097 0.9.7k-2
- openssl096 <not-affected>
CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel
2.6.x up ...)
@@ -9748,7 +9746,7 @@
- ezpublish3 <itp> (bug #267370)
CVE-2006-1320 (util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to
make a ...)
{DSA-1109}
- - rssh 2.3.0-1.1 (bug #346322; low)
+ - rssh 2.3.0-1.1 (bug #346322; bug #363978; low)
CVE-2006-1321 (Cross-site scripting (XSS) vulnerability in webcheck before
1.9.6 ...)
- webcheck 1.9.6
CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive
...)
@@ -18738,6 +18736,7 @@
- gaim 1:1.4.0-5 (low)
- centericq 4.20.0-9 (bug #323185; low)
- ekg 1:1.5+20050712+1.6rc2-1 (low)
+ [sarge] - ekg <no-dsa> (Minor issue)
NOTE: ekg in Sarge is affected (Not in Woody, gaim and centericq had DSAs)
CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg
before ...)
{DSA-813-1 DTSA-2-1}
@@ -21803,6 +21802,7 @@
NOT-FOR-US: Gentoo
CVE-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related
to ...)
- mailscanner 4.42.9 (bug #310774; low)
+ [sarge] - mailscanner <no-dsa> (Minor issue)
CVE-2005-1705 (gdb before 6.3 searches the current working directory to load
the ...)
- gdb 6.3-6
CVE-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for
gdb ...)