Author: stef-guest
Date: 2006-12-02 00:03:20 +0100 (Sat, 02 Dec 2006)
New Revision: 5043
Modified:
data/CVE/list
Log:
remove some more obsolete TODOs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2006-12-01 22:53:26 UTC (rev 5042)
+++ data/CVE/list 2006-12-01 23:03:20 UTC (rev 5043)
@@ -33754,7 +33754,6 @@
NOTE: php4, this bug appears not to have been fixed.
NOTE: submitted to BTS on libapache-mod-php4
NOTE: developer claims there is no problem
- TODO: Which bug is meant here?
CVE-2003-0862
REJECTED
CVE-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library
for PHP ...)
@@ -33762,7 +33761,6 @@
CVE-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and
unknown ...)
- php4 4:4.3.3-1
CVE-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier
allows ...)
- TODO: When was this fixed? oldstable could be affected
NOTE: affects glibc 2.2.4, Debian uses 2.3.2
CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local
users to ...)
{DSA-415}
@@ -33781,8 +33779,7 @@
CVE-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws
0.9.4 ...)
- sylpheed-claws 0.9.8claws-1
CVE-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of
service ...)
- TODO: Check, oldstable might be affected
- NOTE: affects openssl 0.9.6. Testing uses 0.9.7.
+ - openssl096 0.9.6l
CVE-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows
remote ...)
{DSA-410}
- libnids 1.18-1
@@ -33800,15 +33797,12 @@
CVE-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official
versions, ...)
- libapache-mod-gzip <unfixed> (unimportant)
NOTE: Debian doesn''t enable vulnerable debug mode.
- TODO: Check, whether this is fixed already
CVE-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip
1.3.26.1a ...)
- libapache-mod-gzip <unfixed> (unimportant)
NOTE: Debian doesn''t enable vulnerable debug mode.
- TODO: Check, whether this is fixed already
CVE-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip
1.3.26.1a ...)
- libapache-mod-gzip <unfixed> (unimportant)
NOTE: Debian doesn''t enable vulnerable debug mode.
- TODO: Check, whether this is fixed already
CVE-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files
in ...)
NOT-FOR-US: Peoplesoft
CVE-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly
other ...)
@@ -33822,7 +33816,7 @@
CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2
before ...)
NOT-FOR-US: IBM DB2
CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before
0.92 ...)
- TODO: check mplayer
+ NOTE: mplayer fixed before upload
CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to
execute ...)
NOT-FOR-US: CDE
CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows
attackers to ...)
@@ -34165,7 +34159,6 @@
CVE-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier,
with unknown impact, a ...)
{DSA-383 DSA-382}
- openssh 1:3.6.1p2-9
- TODO: openssh-krb5: Screwy changelog does not make sense (bug #264717).
CVE-2003-0681 (A "potential buffer overflow in ruleset
parsing" for Sendmail 8.12.9, ...)
{DSA-384}
- sendmail 8.12.10-1
@@ -34851,8 +34844,7 @@
CVE-2003-0387
RESERVED
CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by
numeric IP ...)
- TODO: Check, when this was fixed
- NOTE: fixed in current openssh, which always does reverse mapping now
+ - openssh 1:3.8p1-1
CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid,
...)
{DSA-310}
- xaos 3.1r-4